dockerfiles

This is an old revision of the document!

Overview

Summary of Dockerfiles.

External links:

Notes

  • podman also reads a Containerfile (also CPP-processed Containerfile.in)
  • default context is current directory (“.”)
  • rm ~/.config/containers/libpod.conf
  • .dockerignore file (podman variant?)

Q

  • Does every new FROM directive start a new “build stage”?
  • What is the scope of an ENV versus ARG directive?
  • Can a context be a local tarball? Others?
  • How to use --cache-from?

Usage

$ docker build .
$ docker build dir/
$ docker build -f /path/to/Dockerfile .
$ docker build -t automatron .
$ docker build -t automatron https://github.com/madflojo/automatron.git
$ docker build -t automatron http://example.com/automatron.tar.gz

General concepts

Context

  • a context is processed recursively (keep it minimal)
  • each instruction is run independently, creating a new layer

Parser directives

  • escape
  • syntax (BuildKit only)

.dockerignore

You can safely exclude Dockerfile and .dockerignore; they're sent, anyway.

Dockerfile directives

ARG

  • only instruction that can precede FROM instructions
  • used only by subsequent FROM instructions

FROM

  • Dockerfile must start with a FROM instruction
  • sets a base image, initializes a new build stage
  • can occur multiple times in a Dockerfile, perhaps to make one build stage dependent on another

LABEL

$ docker inspect

ENV

Two forms: 

ENV <key> <value>
ENV <key1>=<value1> <key2>=<value2> ...

Set on command line: 

$ docker run --env <key>=<value> ...

RUN

Two forms:

  • shell (prefixed with /bin/sh -c)
  • exec

Each RUN commits a new image, used in the next step.

To set environment for a single command: 

RUN <key>=<value> <command>

COPY

  • .dockerignore file, see here

ADD

COPY is preferred, except for URLs and tarballs, etc, or if you're redirecting from STDIN where there is no build context; the Dockerfile at the root of the archive will be used as the build context.

CMD

  • can be only one in any Dockerfile (last takes precedence)

Types:

  • exec form (preferred)
  • shell form
  • default parms to ENTRYPOINT

ENTRYPOINT

  • exec form (preferred)
  • shell form

WORKDIR

USER

VOLUME

EXPOSE

  • does not actually publish ports, just advertises them
  • TCP if protocol is not specified
  • use docker run -p/-P to actually expose ports
  • dockerfiles.1577618856.txt.gz
  • Last modified: 2019/12/29 11:27
  • by rpjday