One method of creating container images has been covered so far: create a container, modify it to meet the requirements of the application to run in it, and then commit the changes to an image. This option, although straightforward, is only suitable for using or testing very specific changes. It does not follow best software practices, like maintainability, automation of building, and repeatability.
Dockerfiles are another option for creating container images, addressing these limitations. Dockerfiles are easy to share, version control, reuse, and extend.
Dockerfiles also make it easy to extend one image, called a child image, from another image, called a parent image. A child image incorporates everything in the parent image and all changes and additions made to create it.
The following is an example Dockerfile for building a simple Apache web server container:
LABEL description="This is a custom httpd container image"
MAINTAINER John Doe <email@example.com>
RUN yum install -y httpd
ENV LogLevel "info"
ADD http://someserver.com/filename.pdf /var/www/html
COPY ./src/ /var/www/html/
CMD ["-D", "FOREGROUND"]
FROMinstruction declares that the new container image extends ubi7/ubi:7.7 container base image. Dockerfiles can use any other container image as a base image, not only images from operating system distributions.
LABELis responsible for adding generic metadata to an image. A
LABELis a simple keyvalue pair.
MAINTAINERindicates the Author field of the generated container image’s metadata. You can use the
podman inspectcommand to view image metadata.
RUNexecutes commands in a new layer on top of the current image. The shell that is used to execute commands is
EXPOSEindicates that the container listens on the specified network port at runtime. The
EXPOSEinstruction defines metadata only; it does not make ports accessible from the host. The
-poption in the
podman runcommand exposes container ports from the host.
ENVis responsible for defining environment variables that are available in the container. You can declare multiple ENV instructions within the Dockerfile. You can use the
envcommand inside the container to view each of the environment variables.
ADDinstruction copies files or folders from a local or remote source and adds them to the container’s file system. If used to copy local files, those must be in the working directory.
ADDinstruction unpacks local .tar files to the destination image directory.
COPYcopies files from the working directory and adds them to the container’s file system. It is not possible to copy a remote file using its URL with this Dockerfile instruction.
USERspecifies the username or the UID to use when running the container image for the
ENTRYPOINTinstructions. It is a good practice to define a different user other than root for security reasons.
ENTRYPOINTspecifies the default command to execute when the image runs in a container. If omitted, the default ENTRYPOINT is /bin/sh -c.
CMDprovides the default arguments for the ENTRYPOINT instruction. If the default ENTRYPOINT applies (/bin/sh -c), then CMD forms an executable command and parameters that run at container start.