Docker

Last updated on
4 min read

Table of Contents

Dockerfile Instructions

  • FROM: Specifies the base image for subsequent instructions. This sets the foundation for the container environment.
  • COPY/ADD: Both instructions copy files from the host machine into the container’s filesystem.
    • COPY is the preferred method for copying files and directories.
    • ADD offers additional functionality. It can extract local tar archives and fetch files from remote URLs. However, these extras can introduce unpredictability, so Docker recommends using COPY unless ADD’s features are explicitly required.
  • WORKDIR: Sets the working directory for all subsequent RUN, CMD, ENTRYPOINT, COPY, and ADD instructions. If the directory does not exist, it will be created automatically.
  • RUN: Executes shell commands during the image build process. Common uses include installing OS packages, downloading binaries, or configuring the environment. Each RUN command creates a new image layer, so combining related commands with && can help reduce the final image size.
  • CMD / ENTRYPOINT: Both provide default commands to be executed when a Docker image is run as a container.
    • CMD: This instruction specifies the default command to run when a container is started from the Docker image. If no command is specified during the container startup, this default is used. CMD can be overridden by supplying command-line arguments to docker run command.
    • ENTRYPOINT: This instruction sets the default executable for the container. Any arguments supplied to the docker run command are appended to the ENTRYPOINT command.
  • ENV: Sets environment variables that will be available during the build process and at runtime. Useful for configuration, paths, or credentials.
  • EXPOSE: Documents the network ports the container listens on at runtime. This doesn’t publish the ports but serves as metadata.
  • VOLUME: Creates a mount point with the specified path and marks it as holding externally mounted volumes. This is used for persistent or shared data.
  • USER: Specifies the username or UID the container should use when running. This helps enhance security by avoiding root execution inside the container.
  • ARG: These variables are only available during the Docker image build process. They are used to pass values to the Dockerfile instructions during the docker build command. Defines variables that users can pass at build time.
  • LABEL: Adds metadata to an image in key-value pairs. Useful for versioning, authorship, and automation.
  • HEALTHCHECK: Defines a command that Docker runs to determine if the container is still healthy. Useful for ensuring service availability.

Docker Image Layers

  • Docker images are built in layers, where each instruction in a Dockerfile (e.g., FROM, COPY, RUN) creates a new layer on top of the previous one. These layers are stacked together to form the final image.
  • Layer Caching: Docker uses a cache for layers to speed up builds. If a layer and all previous layers haven’t changed, Docker reuses the cached version. This makes builds faster and more efficient.
  • Best Practices:
    • Minimize the number of layers: Combine related commands using && and a single RUN instruction to reduce the number of layers and overall image size.
    • Order matters: Place less frequently changing instructions (e.g., apt-get install, pip install) near the top of the Dockerfile to take advantage of caching. Place frequently changing files (like source code) toward the bottom.
    • Avoid unnecessary files: Use .dockerignore to exclude files and directories from being copied into image layers, which helps reduce build context size and avoid bloated images.
  • Layer Reuse: Since layers are content-addressed (identified by a hash of their contents), Docker can share identical layers across multiple images, saving disk space and speeding up pulls and pushes.

Mounts

  • In docker, mounts are used to attach storage (like files or directories) from the host system or other sources onto containers.

Volume Mounts

  • Volumes are managed by Docker and stored in a part of the host filesystem managed by Docker (/var/lib/docker/volumes/) on Linux
  • Usage - docker run -v myvolume:/app/data imagename
  • Can be easily backed up and moved

Bind Mounts

  • Bind mounts, mount a file or directory from the host filesystem into the container.
  • Usage - docker run -v /host/path:/container/path imagename
  • Not managed by Docker.
  • Changes to files on the host are immediately reflected in the container and vice versa.
  • Can be shared across multiple containers.

tmpfs Mounts

  • tmpfs mounts store data in the host systems memory. The data is never written to disk and is lost when the container stops.
  • Usage - docker run --tmpfs /app/tmp imagename
  • Ideal for storing temporary or sensitive data.

To be updated

  • CLI commands for Docker