Exploring Containers: Creating a Dockerfile
Docker is the most popular containerization platform. A Docker container runs software isolated from all other containers on a Docker engine, and each has its own filesystem and networking. Docker images encapsulate all the software, including dependencies that are needed to launch a Docker container.
A Docker image is a set of layers that interact with each other. Each layer encapsulates a single command or instruction in a Dockerfile, which needs to be implemented to build a Docker image. The layers are stacked and share the files and directories from underlying layers.
Each of an image’s layers is read-only. When a container is created from an image, a layer is added on top that is writable. Multiple containers may be run using the same image, and each new container shares the image’s layers.
Let’s look at what goes into creating a Dockerfile, which could be used to build a runnable Docker image.
Creating an image
The first command or instruction in a Dockerfile specifies which image is used as the base image, using the FROM command. When an image is built from another image, it doesn’t create all the layers from the base image again; it shares the layers with the base image.
An image doesn’t have to be built from another. It may be built by specifying the FROM scratch command. This gives a mostly empty container as a base state for creating new images.
Copying files and directories
The COPY command is used to copy files and directories to a destination directory in the container created from an image. The ADD command is similar, with the additional feature to copy from a remote file URL.
Running an image
When an image is run, a container is created. The CMD instruction specifies what command to run within a new container.
The CMD instruction has a shell form and an exec form. The exec form includes the executable or application to run, along with the parameters for the application. For service-based images, such as an image to run an Apache2 httpd service, the exec form should be used. The shell form is for all other uses.
The ENTRYPOINT instruction also configures the command to run in a new container and also has exec and shell forms. The difference is that ENTRYPOINT must specify an executable, while CMD could specify some parameters supplied to the ENTRYPOINT.
The RUN instruction is also used to run a command or an executable and also has exec and shell forms. It is often confused as an alternative to CMD and ENTRYPOINT, but RUN is not run in a new container. It’s used to build the Docker image and commit the result, implying that the result is saved in the image as a layer.
Setting the working directory
The working directory may be set with the WORKDIR instruction. It may be a relative path or an absolute path. Multiple WORKDIR instructions may be specified in a single Dockerfile, and if a relative path is provided, it is relative to the directory path of the preceding WORKDIR instruction.
All COPY, ADD, RUN, CMD and ENTRYPOINT instructions that follow a WORKDIR instruction make use of the working directory path that is applied before the instructions.