This is an old revision of the document!
Overview
Summary of Dockerfiles.
External links:
Notes
- podmanalso reads a- Containerfile(also CPP-processed- Containerfile.in)
- default context is current directory (“.”)
- rm ~/.config/containers/libpod.conf
- .dockerignorefile (podman variant?)
Q
- COPY versus ADD?
- Does every new FROM directive start a new “build stage”?
- What is the scope of an ENV versus ARG directive?
- Can a context be a local tarball? Others?
- How to use--cache-from?
Usage
Needs:
- Dockerfile/Containerfile
- context
$ docker build . $ docker build dir/ $ docker build -f /path/to/Dockerfile . $ docker build -t automatron . $ docker build -t automatron https://github.com/madflojo/automatron.git $ docker build -t automatron http://example.com/automatron.tar.gz
General concepts
Context
- a context is processed recursively (keep it minimal)
- each instruction is run independently, creating a new layer
Parser directives
- escape
- syntax (BuildKit only)
.dockerignore
You can safely exclude Dockerfile and .dockerignore; they're sent, anyway.
Dockerfile directives
ARG
- only instruction that can precede FROM instructions
- used only by subsequent FROM instructions
FROM
- Dockerfile must start with aFROMinstruction (after possibleARGdirectives)
- sets a base image, initializes a new build stage
- can occur multiple times in a Dockerfile, perhaps to make one build stage dependent on another
LABEL
$ docker inspect
ENV
Two forms:
ENV <key> <value> ENV <key1>=<value1> <key2>=<value2> ...
Set on command line:
$ docker run --env <key>=<value> ...
RUN
Two forms:
- shell (prefixed with/bin/sh -c)
- exec
Each RUN commits a new image, used in the next step.
To set environment for a single command:
RUN <key>=<value> <command>
COPY (preferred unless you need ADD extensions)
- .dockerignorefile, see here
ADD
COPY is preferred, except for URLs and tarballs, etc, or if you're redirecting from STDIN where there is no build context; the Dockerfile at the root of the archive will be used as the build context.
CMD
- can be only one in any Dockerfile (last takes precedence)
Types:
- exec form (preferred)
- shell form
- default parms to ENTRYPOINT
ENTRYPOINT
- exec form (preferred)
- shell form
WORKDIR
USER
VOLUME
EXPOSE
- does not actually publish ports, just advertises them
- TCP if protocol is not specified
- usedocker run -p/-Pto actually expose ports