一、簡介

Alpine 操作系統是一個面向安全的輕型 Linux 發行版。它不同于通常 Linux 發行版，Alpine 采用了 musl libc 和 busybox 以減小系統的體積和運行時資源消耗，但功能上比 busybox 又完善的多，因此得到開源社區越來越多的青睞。在保持瘦身的同時，Alpine 還提供了自己的包管理工具 apk，可以通過 https://pkgs.alpinelinux.org/packages 網站上查詢包信息，也可以直接通過 apk 命令直接查詢和安裝各種軟件。

Alpine 由非商業組織維護的，支持廣泛場景的 Linux發行版，它特別為資深/重度Linux用戶而優化，關注安全，性能和資源效能。Alpine 鏡像可以適用于更多常用場景，并且是一個優秀的可以適用于生產的基礎系統/環境。

Alpine Docker 鏡像也繼承了 Alpine Linux 發行版的這些優勢。相比于其他 Docker 鏡像，它的容量非常小，僅僅只有 5 MB 左右（對比 Ubuntu 系列鏡像接近 200 MB），且擁有非常友好的包管理機制。官方鏡像來自 docker-alpine 項目。

目前 Docker 官方已開始推薦使用 Alpine 替代之前的 Ubuntu 做為基礎鏡像環境。這樣會帶來多個好處。包括鏡像下載速度加快，鏡像安全性提高，主機之間的切換更方便，占用更少磁盤空間等。

二、APK包管理器

可在包管理中心查看支持的包：https://pkgs.alpinelinux.org/packages

1、apk命令詳解

命令格式

apk 子命令 參數項

全局參數項

-h, --help              Show generic help or applet specific help
-p, --root DIR          Install packages to DIR
-X, --repository REPO   Use packages from REPO
-q, --quiet             Print less information
-v, --verbose           Print more information (can be doubled)
-i, --interactive       Ask confirmation for certain operations
-V, --version           Print program version and exit
-f, --force             Enable selected --force-* (deprecated)
--force-binary-stdout   Continue even if binary data is to be output
--force-broken-world    Continue even if 'world' cannot be satisfied
--force-non-repository  Continue even if packages may be lost on reboot
--force-old-apk         Continue even if packages use unsupported features
--force-overwrite       Overwrite files in other packages
--force-refresh         Do not use cached files (local or from proxy)
-U, --update-cache      Alias for --cache-max-age 1
--progress              Show a progress bar
--progress-fd FD        Write progress to fd
--no-progress           Disable progress bar even for TTYs
--purge                 Delete also modified configuration files (pkg removal) and uninstalled packages from cache (cache clean)
--allow-untrusted       Install packages with untrusted signature or no signature
--wait TIME             Wait for TIME seconds to get an exclusive repository lock before failing
--keys-dir KEYSDIR      Override directory of trusted keys
--repositories-file REPOFILE Override repositories file
--no-network            Do not use network (cache is still used)
--no-cache              Do not use any local cache path
--cache-dir CACHEDIR    Override cache directory
--cache-max-age AGE     Maximum AGE (in minutes) for index in cache before refresh
--arch ARCH             Use architecture with --root
--print-arch            Print default arch and exit

commit參數項

-s, --simulate          Show what would be done without actually doing it
--clean-protected       Do not create .apk-new files in configuration dirs
--overlay-from-stdin    Read list of overlay files from stdin
--no-scripts            Do not execute any scripts
--no-commit-hooks       Skip pre/post hook scripts (but not other scripts)
--initramfs-diskless-boot Enables options for diskless initramfs boot (e.g. skip hooks)

子命令

①安裝與刪除

• add：安裝包

  --initdb                Initialize database
  -u, --upgrade           Prefer to upgrade package
  -l, --latest            Select latest version of package (if it is not pinned), and print error if it cannot be installed due to other
                          dependencies
  -t, --virtual NAME      Instead of adding all the packages to 'world', create a new virtual package with the listed dependencies and add that to 'world'; the actions of the command are easily reverted by deleting the virtual package
  

• del：卸載并刪除包

  -r, --rdepends          Recursively delete all top-level reverse dependencies too
  

②包的元信息管理

• fix：在不改動主要的依賴的情況下進行包的修復或者升級

  -d, --depends           Fix all dependencies too
  -r, --reinstall         Reinstall the package (default)
  -u, --upgrade           Prefer to upgrade package
  -x, --xattr             Fix packages with broken xattrs
  --directory-permissions Reset all directory permissions
  

• update：從遠程倉庫獲取信息更新本地倉庫索引

• upgrade：令升級系統已安裝的所以軟件包（一般包括內核），當然也可指定僅升級部分軟件包（通過-u或–upgrade選擇指定

  -a, --available         Resets versioned world dependencies, and changes to prefer replacing or downgrading packages (instead of holding
                            them) if the currently installed package is no longer available from any repository
  -l, --latest            Select latest version of package (if it is not pinned), and print error if it cannot be installed due to other
                            dependencies
  --no-self-upgrade       Do not do early upgrade of 'apk-tools' package
  --self-upgrade-only     Only do self-upgrade
  

• cache：對緩存進行操作，比如對缺失的包進行緩存或者對于不需要的包進行緩存刪除

  -u, --upgrade           Prefer to upgrade package
  -l, --latest            Select latest version of package (if it is not pinned), and print error if it cannot be installed due to other
   dependencies
  

③查詢搜索包

• info：列出所有已安裝的軟件包

  -L, --contents          List contents of the PACKAGE
  -e, --installed         Check if PACKAGE is installed
  -W, --who-owns          Print the package owning the specified file
  -R, --depends           List packages that the PACKAGE depends on
  -P, --provides          List virtual packages provided by PACKAGE
  -r, --rdepends          List all packages depending on PACKAGE
  --replaces              List packages whom files PACKAGE might replace
  -i, --install-if        List the PACKAGE's install_if rule
  -I, --rinstall-if       List all packages having install_if referencing PACKAGE
  -w, --webpage           Show URL for more information about PACKAGE
  -s, --size              Show installed size of PACKAGE
  -d, --description       Print description for PACKAGE
  --license               Print license for PACKAGE
  -t, --triggers          Print active triggers of PACKAGE
  -a, --all               Print all information about PACKAGE
  

• list：按照指定條件進行包的列表信息顯示

  -I, --installed         List installed packages only
  -O, --orphaned          List orphaned packages only
  -a, --available         List available packages only
  -u, --upgradable        List upgradable packages only
  -o, --origin            List packages by origin
  -d, --depends           List packages by dependency
  -P, --providers         List packages by provider  
  

• search：查詢相關的包的詳細信息，支持正則

  -a, --all               Show all package versions (instead of latest only)
  -d, --description       Search package descriptions (implies -a)
  -x, --exact             Require exact match (instead of substring match)
  -e                      Synonym for -x (deprecated)
  -o, --origin            Print origin package name instead of the subpackage
  -r, --rdepends          Print reverse dependencies of package
  --has-origin            List packages that have the given origin
  

• dot：生成依賴之間的關聯關系圖（使用箭頭描述）

  --errors                Output only parts of the graph which are considered erroneous: e.g. cycles and missing packages
  --installed             Consider only installed packages
  

• policy：顯示包的倉庫策略信息

④源管理

• stats：顯示倉庫和包的安裝相關的統計信息

• index：使用文件生成倉庫索引文件

  -o, --output FILE       Write the generated index to FILE
  -x, --index INDEX       Read INDEX to speed up new index creation by reusing the information from an old index
  -d, --description TEXT  Embed TEXT as description and version information of the repository index
  --rewrite-arch ARCH     Use ARCH as architecture for all packages
  

• fetch：從全局倉庫下載包到本地目錄

  -L, --link              Create hard links if possible
  -R, --recursive         Fetch the PACKAGE and all its dependencies
  --simulate              Show what would be done without actually doing it
  -s, --stdout            Dump the .apk to stdout (incompatible with -o, -R, --progress)
  -o, --output DIR        Directory to place the PACKAGEs to
  

• verify：驗證包的完整性和簽名信息

• manifest：顯示package各組成部分的checksum

2、操作

①安裝軟件

FROM alpine:3.11.5
RUN sed -i "s/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g" /etc/apk/repositories \
    && apk add --no-cache git

②替換Alpine的軟件源

常見國內Alpine軟件源：

• 阿里云

  FROM alpilne:3.11.5
  RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
  

• 中科大

  FROM alpilne:3.11.5
  RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories
  

③安裝bash

FROM alpine:3.11.5
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
    && apk add --no-cache bash bash-doc bash-completion 

④安裝telnet

FROM alpine:3.11.5
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
    && apk add --no-cache busybox-extras

⑤安裝Docker Client和Make

FROM alpine:3.11.5
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
    && apk add --no-cache docker-cli make

⑥修改用戶的所屬用戶組

FROM alpine:3.11.5
RUN sed -i 's/1001/0/g' /etc/passwd

⑦設置系統語言為“en_US.UTF-8”，以防中文亂碼

FROM alpine:3.11.5
ENV LANG=en_US.UTF-8 \
    LANGUAGE=en_US.UTF-8
    
RUN apk --no-cache add ca-certificates \ 
    && wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub \ 
    && wget -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.29-r0/glibc-2.29-r0.apk \ 
    && wget -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.29-r0/glibc-bin-2.29-r0.apk \
    && wget -q https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.29-r0/glibc-i18n-2.29-r0.apk \
    && apk add glibc-2.29-r0.apk glibc-bin-2.29-r0.apk glibc-i18n-2.29-r0.apk \
    && rm -rf /usr/lib/jvm glibc-2.29-r0.apk glibc-bin-2.29-r0.apk  glibc-i18n-2.29-r0.apk \
    && /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true \
    && echo "export LANG=$LANG" > /etc/profile.d/locale.sh \
    && apk del glibc-i18n

⑧設置時區

FROM alpine:3.11.5
ENV TZ=Asia/Shanghai
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories \
    && apk add --no-cache tzdata \
    && cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
    && echo "Asia/Shanghai" > /etc/timezone

參考

官方網站
Github
Dockerhub