One method of creating container images has been covered so far: create a container, modify it to meet the requirements of the application to run in it, and then commit the changes to an image. This option, although straightforward, is only suitable for using or testing very specific changes. It does not follow best software practices, like maintainability, automation of building, and repeatability.
Dockerfiles are another option for creating container images, addressing these limitations. Dockerfiles are easy to share, version control, reuse, and extend.
Dockerfiles also make it easy to extend one image, called a child image, from another image, called a parent image. A child image incorporates everything in the parent image and all changes and additions made to create it.
The following is an example Dockerfile for building a simple Apache web server container:
1 2 3 4 5 6 7 8 9 10 11 |
FROM ubi7/ubi:7.7 LABEL description="This is a custom httpd container image" MAINTAINER John Doe <jdoe@xyz.com> RUN yum install -y httpd EXPOSE 80 ENV LogLevel "info" ADD http://someserver.com/filename.pdf /var/www/html COPY ./src/ /var/www/html/ USER apache ENTRYPOINT ["/usr/sbin/httpd"] CMD ["-D", "FOREGROUND"] |
- The
FROM
instruction declares that the new container image extends ubi7/ubi:7.7 container base image. Dockerfiles can use any other container image as a base image, not only images from operating system distributions. - The
LABEL
is responsible for adding generic metadata to an image. ALABEL
is a simple keyvalue pair. MAINTAINER
indicates the Author field of the generated container image’s metadata. You can use thepodman inspect
command to view image metadata.RUN
executes commands in a new layer on top of the current image. The shell that is used to execute commands is/bin/sh
.EXPOSE
indicates that the container listens on the specified network port at runtime. TheEXPOSE
instruction defines metadata only; it does not make ports accessible from the host. The-p
option in thepodman run
command exposes container ports from the host.ENV
is responsible for defining environment variables that are available in the container. You can declare multiple ENV instructions within the Dockerfile. You can use theenv
command inside the container to view each of the environment variables.ADD
instruction copies files or folders from a local or remote source and adds them to the container’s file system. If used to copy local files, those must be in the working directory.ADD
instruction unpacks local .tar files to the destination image directory.COPY
copies files from the working directory and adds them to the container’s file system. It is not possible to copy a remote file using its URL with this Dockerfile instruction.USER
specifies the username or the UID to use when running the container image for theRUN
,CMD
, andENTRYPOINT
instructions. It is a good practice to define a different user other than root for security reasons.ENTRYPOINT
specifies the default command to execute when the image runs in a container. If omitted, the default ENTRYPOINT is /bin/sh -c.CMD
provides the default arguments for the ENTRYPOINT instruction. If the default ENTRYPOINT applies (/bin/sh -c), then CMD forms an executable command and parameters that run at container start.