User Tools

Site Tools


dockerfiles

Overview

Notes

  • podman also reads a Containerfile (also CPP-processed Containerfile.in)
  • default context is current directory (“.”)
  • rm ~/.config/containers/libpod.conf
  • .dockerignore file (podman variant?)

Q

  • Applicability of Containerfile? Also “.in” suffix for podman?
  • COPY versus ADD?
  • Does every new FROM directive start a new “build stage”?
  • What is the scope of an ENV versus ARG directive?
  • Can a context be a local tarball? Others?
  • How to use --cache-from?
  • relevance of .dockerignore with podman/buildah?
  • Can we display context?

Usage

Needs:

  • Dockerfile/Containerfile
  • context
$ docker build .
$ docker build dir/
$ docker build -f /path/to/Dockerfile .
$ docker build -t automatron .
$ docker build -t automatron https://github.com/madflojo/automatron.git
$ docker build -t automatron http://example.com/automatron.tar.gz

General concepts

Context

  • a context is processed recursively (keep it minimal)
  • each instruction is run independently, creating a new layer

Parser directives

  • escape
  • syntax (BuildKit only)

.dockerignore (in root dir of context)

  • You can safely exclude Dockerfile and .dockerignore; they're sent, anyway.
  • Uses Go's filepath.Match rules
  • Also **/*.go, and exceptions using !
  • last match takes precedence

Dockerfile directives

ARG

  • only instruction that can precede FROM instructions
  • used only by subsequent FROM instructions

FROM

  • Dockerfile must start with a FROM instruction (after possible ARG directives)
  • sets a base image, initializes a new build stage
  • can occur multiple times in a Dockerfile, perhaps to make one build stage dependent on another

LABEL

$ docker inspect

ENV

Two forms:

ENV <key> <value>
ENV <key1>=<value1> <key2>=<value2> ...

Set on command line:

$ docker run --env <key>=<value> ...

RUN

Two forms:

  • shell (prefixed with /bin/sh -c)
  • exec

Each RUN commits a new image, used in the next step.

To set environment for a single command:

RUN <key>=<value> <command>

COPY (preferred unless you need ADD extensions)

  • .dockerignore file, see here

ADD

COPY is preferred, except for URLs and tarballs, etc, or if you're redirecting from STDIN where there is no build context; the Dockerfile at the root of the archive will be used as the build context.

CMD

  • can be only one in any Dockerfile (last takes precedence)

Types:

  • exec form (preferred)
  • shell form
  • default parms to ENTRYPOINT

ENTRYPOINT

  • exec form (preferred)
  • shell form

WORKDIR

USER

VOLUME

EXPOSE

  • does not actually publish ports, just advertises them
  • TCP if protocol is not specified
  • use docker run -p/-P to actually expose ports

HEALTHCHECK

dockerfiles.txt · Last modified: 2020/01/03 11:58 by rpjday