Dockerfile - Intro, understanding and Best practices

What is the Dockerfile?

Dockerfiles are instructions. They contains all of the commands used to build an image.
  • Docker images consist of read-only layers.
  • Each represents a Dockerfile instruction.
  • Layers are stacked. (layered architecture)
  • Each layer is a result of the changes from the previous layer.
  • Images are built using the docker image build command.

Dockerfile Layers

Dockerfile: 

FROM ubuntu:15.04  
COPY . /app  
RUN make /app  
CMD python /app/app.py 
 
  • FROM creates a layer from the ubuntu:15.04 Docker image.
  • COPY adds files from your Docker client’s current directory.
  • RUN builds your application with make.
  • CMD specifies what command to run within the container.



Best Practices =>

General guidelines:
  • Keep containers as ephemeral as possible.
  • Follow Principle 6 of the 12 Factor App. (https://12factor.net/)
  • Avoid including unnecessary files.
  • Use .dockerignore.
  • Use multi-stage builds.
  • Don’t install unnecessary packages.
  • Decouple applications.
  • Minimize the number of layers.
  • Sort multi-line arguments.
  • Leverage build cache.


Lets check the instruction manual for Dockerfile :=>

FROM: Initializes a new build stage and sets the Base Image

RUN: Will execute any commands in a new layer

CMD: Provides a default for an executing container. There can only be one CMD instruction in a Dockerfile

LABEL: Adds metadata to an image

EXPOSE: Informs Docker that the container listens on the specified network ports at runtime

ENV: Sets the environment variable <key> to the value <value>

ADD: Copies new files, directories or remote file URLs from <src> and adds them to the filesystem of the image at the path <dest>.

COPY: Copies new files or directories from <src> and adds them to the filesystem of the container at the path <dest>.

ENTRYPOINT: Allows for configuring a container that will run as an executable

VOLUME: Creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers

USER: Sets the user name (or UID) and optionally the user group (or GID) to use when running the image and for any RUN, CMD, and ENTRYPOINT instructions that follow it in the Dockerfile

WORKDIR: Sets the working directory for any RUN, CMD, ENTRYPOINT, COPY, and ADD instructions that follow it in the Dockerfile

ARG: Defines a variable that users can pass at build-time to the builder with the docker build command, using the --build-arg <varname>=<value> flag

ONBUILD: Adds a trigger instruction to the image that will be executed at a later time, when the image is used as the base for another build

HEALTHCHECK: Tells Docker how to test a container to check that it is still working

SHELL: Allows the default shell used for the shell form of commands to be overridden

-
Labels: , , , , , , , , , ,

3 comments:

Subscribe to: Post Comments (Atom)

MS Defenders

 Microsoft Defender offers a wide range of security solutions, similar to the ones we've discussed (Defender for Containers, Defender fo...

  • Define Budget & Configure Cost center quotas - Azure
    There are several types of quotas that are applicable to subscriptions, including resource quotas and spending quotas. We can easily see al...
  • Azure VM Disk Caching
    Azure VM Disk types : there are 3 types of disk used with Azure VM's OS Disk - azure automatically attaches a vhd for the OS when...
  • Terraform - random_id
    This is a great resource type which you can utilize for the resources names which require unique name or strings for .e.g Storage account o...