Summary of Dockerfiles.

External links:

• https://takacsmark.com/dockerfile-tutorial-by-example-dockerfile-best-practices-2018/
• https://docs.docker.com/engine/reference/builder/
• https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/

• podman also reads a Containerfile (also CPP-processed Containerfile.in)
• default context is current directory (“.”)
• rm ~/.config/containers/libpod.conf
• .dockerignore file (podman variant?)

• Applicability of Containerfile? Also “.in” suffix for podman?
• COPY versus ADD?
• Does every new FROM directive start a new “build stage”?
• What is the scope of an ENV versus ARG directive?
• Can a context be a local tarball? Others?
• How to use --cache-from?
• relevance of .dockerignore with podman/buildah?
• Can we display context?

Needs:

• Dockerfile/Containerfile
• context

$ docker build .
$ docker build dir/
$ docker build -f /path/to/Dockerfile .
$ docker build -t automatron .
$ docker build -t automatron https://github.com/madflojo/automatron.git
$ docker build -t automatron http://example.com/automatron.tar.gz

• a context is processed recursively (keep it minimal)
• each instruction is run independently, creating a new layer

• escape
• syntax (BuildKit only)

• You can safely exclude Dockerfile and .dockerignore; they're sent, anyway.
• Uses Go's filepath.Match rules
• Also **/*.go, and exceptions using !
• last match takes precedence

• only instruction that can precede FROM instructions
• used only by subsequent FROM instructions

• Dockerfile must start with a FROM instruction (after possible ARG directives)
• sets a base image, initializes a new build stage
• can occur multiple times in a Dockerfile, perhaps to make one build stage dependent on another

$ docker inspect

Two forms:

ENV <key> <value>
ENV <key1>=<value1> <key2>=<value2> ...

Set on command line:

$ docker run --env <key>=<value> ...

Two forms:

• shell (prefixed with /bin/sh -c)
• exec

Each RUN commits a new image, used in the next step.

To set environment for a single command:

RUN <key>=<value> <command>

• .dockerignore file, see here

COPY is preferred, except for URLs and tarballs, etc, or if you're redirecting from STDIN where there is no build context; the Dockerfile at the root of the archive will be used as the build context.

• can be only one in any Dockerfile (last takes precedence)

Types:

• exec form (preferred)
• shell form
• default parms to ENTRYPOINT

• exec form (preferred)
• shell form

• does not actually publish ports, just advertises them
• TCP if protocol is not specified
• use docker run -p/-P to actually expose ports