IT 3300 : Virtualization

Docker 2

The Dockerfile reviewed

The dockerfile provides instructions as to how to build and run an image.

Dockerfile (From)

This sets the base image for the build process.

    FROM <image>[:<tag>]

The tag is optional. If you don't specify then latest is assumed.

Example:

    FROM ubuntu:14.04

Dockerfile (Maintainer)

It identifies who is the manager for this image.

    MAINTAINER Dr. Joe <joe@gmail.com>

Dockerfile (Copy)

Copies from the docker host to the filesystem of the new image.

    COPY <src> ... <dst>

Multiple src files can be specified.

    COPY html /var/www/html

Dockerfile (ADD)

Similar to COPY but can handle remote URLs (like wget) and also tarred files:

    ADD <src> ... <dst>

Multiple src files can be specified

Dockerfile (ENV)

This can set an environment variable. An environment variable can be accessed anywhere in the system (by a script or app).

    ENV <key> <value> 

    ENV APACHE_LOG_DIR /var/log/apache

Dockerfile (USER)

Run the container as this user.

    USER <UID>[:<GID>]

If a service can run without privileges, use USER to change to a non-root user.

Dockerfile (Workdir)

Kind of like a cd. Changes current working directory to that which is specified.

Dockerfile (Volume)

The VOLUME instruction creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers. A LOT of information about volumes can be found here.

    VOLUME <mountpoint>

Dockerfile (Expose)

The EXPOSE instruction informs Docker that the container listens on the specified network ports at runtime. You can specify whether the port listens on TCP or UDP, and the default is TCP if the protocol is not specified. To actually publish the port when running the container, use the -p or -P flag on docker run.

Dockerfile (Expose)

    EXPOSE <port> [<port>/<protocol>...]

    EXPOSE 8080

This will expose 8080 tcp port.

Dockerfile (RUN)

    RUN <command> (or)
    RUN ["executable", "param1", "param2"]

The first command is a shell command always executed at build.
The second does not automatically invoke shell /bin/sh -c.

Dockerfile (RUN)

    RUN apt-get update && \
       apt-get install -y apache2 && \
       apt-get clean

It is nice to put the run command all in one line because each time you invoke the RUN command a new layer is created. See layers with docker history foo (assuming foo is an image). Could add to image size. More about layers.

Dockerfile (CMD)

RUN executes at build time, CMD executes when the container is launched.

    CMD ["executable","param1","param2"] (exec form) (or)
    CMD command param1 param2 (shell form)

Shell form:

    FROM ubuntu
    CMD echo "This is a test." | wc -

Dockerfile (CMD)

If you want to run your <command> without a shell then you must express the command as a JSON array and give the full path to the executable. This array form is the preferred format of CMD. Any additional parameters must be individually expressed as strings in the array:

    FROM ubuntu
    CMD ["/usr/bin/wc","--help"]

Dockerfile (CMD)

Syntactically, you can add more than one CMD instruction in Dockerfile. However, the build system would ignore all the CMD instructions except for the last one. In other words, in the case of multiple CMD instructions, only the last CMD instruction would be effective.

Dockerfile (ENTRYPOINT)

The best use for ENTRYPOINT is to set the image’s main command, allowing that image to be run as though it was that command (and then use CMD as the default flags).

Example

Here