One method of creating container images has been covered so far: create a container, modify it to meet the requirements of the application to run in it, and then commit the changes to an image. This option, although straightforward, is only suitable for using or testing very specific changes. It does not follow best software practices, like maintainability, automation of building, and repeatability.
Dockerfiles are another option for creating container images, addressing these limitations. Dockerfiles are easy to share, version control, reuse, and extend.
Dockerfiles also make it easy to extend one image, called a child image, from another image, called a parent image. A child image incorporates everything in the parent image and all changes and additions made to create it.
The following is an example Dockerfile for building a simple Apache web server container:
|
1 2 3 4 5 6 7 8 9 10 11 |
FROM ubi7/ubi:7.7 LABEL description="This is a custom httpd container image" MAINTAINER John Doe <jdoe@xyz.com> RUN yum install -y httpd EXPOSE 80 ENV LogLevel "info" ADD http://someserver.com/filename.pdf /var/www/html COPY ./src/ /var/www/html/ USER apache ENTRYPOINT ["/usr/sbin/httpd"] CMD ["-D", "FOREGROUND"] |
- The
FROMinstruction declares that the new container image extends ubi7/ubi:7.7 container base image. Dockerfiles can use any other container image as a base image, not only images from operating system distributions. - The
LABELis responsible for adding generic metadata to an image. ALABELis a simple keyvalue pair. MAINTAINERindicates the Author field of the generated container image’s metadata. You can use thepodman inspectcommand to view image metadata.RUNexecutes commands in a new layer on top of the current image. The shell that is used to execute commands is/bin/sh.EXPOSEindicates that the container listens on the specified network port at runtime. TheEXPOSEinstruction defines metadata only; it does not make ports accessible from the host. The-poption in thepodman runcommand exposes container ports from the host.ENVis responsible for defining environment variables that are available in the container. You can declare multiple ENV instructions within the Dockerfile. You can use theenvcommand inside the container to view each of the environment variables.ADDinstruction copies files or folders from a local or remote source and adds them to the container’s file system. If used to copy local files, those must be in the working directory.ADDinstruction unpacks local .tar files to the destination image directory.COPYcopies files from the working directory and adds them to the container’s file system. It is not possible to copy a remote file using its URL with this Dockerfile instruction.USERspecifies the username or the UID to use when running the container image for theRUN,CMD, andENTRYPOINTinstructions. It is a good practice to define a different user other than root for security reasons.ENTRYPOINTspecifies the default command to execute when the image runs in a container. If omitted, the default ENTRYPOINT is /bin/sh -c.CMDprovides the default arguments for the ENTRYPOINT instruction. If the default ENTRYPOINT applies (/bin/sh -c), then CMD forms an executable command and parameters that run at container start.