Image
What is Docker Image?
Docker image is a fundamental element and an important component in Docker. Docker image can be understood as a record created by an individual or organization. If anyone has ever worked with VMs, they can understand that Docker images are similar to a snapshoot. But thanks to Docker technology, Docker images have special storage and management mechanisms to help optimize the system.
So where does the docker image come from? Docker image pulled from Docker registry. In addition, Docker images can also be created by users at different times.
A little more about the Docker registry
Docker registries are services that make repositories accessible to pull commands in Docker. Docker registry is responsible for distributing images between users quickly and extremely conveniently. The Docker organization itself also creates a free public Docker registry called Docker hub. On Docker hub today, there are many images that have been authenticated by large organizations and have been uploaded by users. You can search for the image you need on hub.docker.com
You can also use CLI
docker search ubuntu
Docker images are created by organizations or users in two ways:
Commit from the original image.
Build automatically with Dockerfile.
Operation and storage mechanism of images
Container storage using Union Filesystems (UFS) technology. This is a file system service developed for Linux to allow different file systems to be stacked (also called overlaid) to create an assembly or union of different files thereby creating a file system. single unified representation of the asset. Each change is recorded on a new layer and layered on top, above all other layers before it.
To put it more simply, those who have worked with Photoshop are familiar with the concept of Layers. When we want to lose an animal in a photo, we just need to add a new black layer over the original photo layer. The end user will receive a single merged avatar image that has lost the image of the animal that needs to be deleted in the image. On the manager's side, the change is made entirely on a different layer than the original photo layer.
This is essentially UFS in action, and it's one of the main reasons filesystems are so efficient at storage. Each layer includes only what is new and nothing is copied from a previous layer. There will be many read-only layers arranged below. There is a read/write layer on top that you can use to interact with the filesystem. When you read a file from the union filesystem, this file will be found and read from the highest layer. It will be down to the next layers until found.
You will not be able to make changes to the original image. If you want to commit your changes you must place another layer on top of the union filesystem, which is equivalent to committing and creating a new image. This is called the copy-on-write mechanism.
Command show most recent changes
docker container diff ubuntu
Command to view all layers
docker history ubuntu
Images are like a stopped container, so images are considered build-timeand containers are considered run-time.
Images and containers
When a container creates and runs from an image, the two structures become dependent on each other and the image cannot be deleted until the last container using it is deleted. Trying to delete an image without stopping or deleting the container will result in an error.
Image size is always small
The purpose of a container is to run an application or a service. This means it only needs the application's code and the dependencies it needs, it doesn't need anything else. So the image always has low capacity because it removes all non-essential parts.
Image does not contain kernel – All containers running on a Docker host share access to that host's kernel.
A good example of how small images can be is that the official Alpine image is about 5.5MB, there are images that can be smaller. A more typical example is the ubuntu 18.04 docker image with a capacity of about 60MB. The images have clearly had most of the unnecessary parts removed.
Some windows images tend to be a lot larger than Linux images due to the way it works. The capacity of the windows image can be up to several gigabytes and pulling will take more time.
Pulling images
Local image storage is usually located /var/lib/docker/imagein Linux and C:\ProgramData\docker\windowsfilterWindows. The following command can be used to check if there are any images stored locally.
root@docker:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZEThe process of getting the image to the docker server is called pulling. So if we want to have a new image of the docker server, we can use it docker pulland test it againdocker images
For example:
root@docker:~# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
540db60ca938: Already exists
Digest: sha256:69e70a79f2d41ab5d637de98c1e0b055206ba40a8145e7bddb55ccc04e13cf8f
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latestroot@docker:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
alpine latest 6dbb9cc54074 2 weeks ago 5.61MBWe see that the newly pulled images are already on the docker server.
Image registries
As mentioned in previous sections, images are stored in centralized storage locations called image registries. This makes it easy to share and access. The popular and default used registry is Docker Hub .
Registry contains 1 or more image repositories, image repositories contain 1 or more images. As the following figure shows how the registry stores images.
Official and unofficial repos
Docker Hub has two concepts: official repositories and unofficial repositories.
Official repositories are where images are hosted and managed by Docker, Inc. These repositories will be labeled by docker as Docker Official Images.
Uncensored unofficial repositories may not be secure because they are not audited. However, not all unmoderated repositories are bad, it's just that you should be careful before using things from unofficial repositories. It's best to trust images with high downloads or images from famous repos.
Examples of some official repos:
nginx: https://hub.docker.com/_/nginx/
busybox: https://hub.docker.com/_/busybox/
redis: https://hub.docker.com/_/redis/
mongo: https://hub.docker.com/_/mongo/Examples of some unofficial repos:
nigelpoulton/tu-demo — https://hub.docker.com/r/nigelpoulton/tu-demo/
nigelpoulton/pluralsight-docker-ci — https://hub.docker.com/r/nigelpoulton/pluralsight-docker-ci/Name and tag in images
To pull an image from the official repo, we need to specify the name of the repo and its tag separated by a comma :. If we do not specify the tag, it will understand the default tag as latest.
docker image pull <repository>:<tag>For example to add an image from the official repository:
root@docker:~# docker image pull redis
Using default tag: latest
latest: Pulling from library/redis
f7ec5a41d630: Already exists
a36224ca8bbd: Pull complete
7630ad34dcb2: Pull complete
c6d2a5632e6c: Pull complete
f1957981f3c1: Pull complete
42642d666cff: Pull complete
Digest: sha256:e10f55f92478715698a2cef97c2bbdc48df2a05081edd884938903aa60df6396
Status: Downloaded newer image for redis:latest
docker.io/library/redis:latestor
root@docker:~# docker pull httpd:2.4
2.4: Pulling from library/httpd
f7ec5a41d630: Already exists
d1589b6d8645: Pull complete
83d3755a8d28: Pull complete
f8459b08e404: Pull complete
30fabbf5a067: Pull complete
Digest: sha256:a6e472ad921c93d9fc2cbe2ff07560b9a526c145c4e10faff3aeb28c48cce585
Status: Downloaded newer image for httpd:2.4
docker.io/library/httpd:2.4To add an image from an unofficial repo is the same as the official repo, but we add the name of the Docker Hub user or the name of the organization first.
docker image pull nigelpoulton/tu-demo:v2Image uses multiple tags
An image can have many tags, if you want to pull all images in a repository, use the additional option -a.
docker image pull -a mongoroot@docker:~# docker image ls | grep "mongo"
mongo 4.2.6 3f3daf863757 10 months ago 388MB
mongo 3-stretch 27d820d7098b 23 months ago 373MB
mongo 3-jessie b9406b8a16ec 2 years ago 368MB
mongo 2 1999482cb0a5 4 years ago 391MB
mongo 2.6 1999482cb0a5 4 years ago 391MB
mongo 2.6.12 1999482cb0a5 4 years ago 391MB
mongo 2.4 2affaf1f84e0 4 years ago 342MB
mongo 2.4.14 2affaf1f84e0 4 years ago 342MB
mongo 2.2 8558fe135d54 4 years ago 237MB
mongo 2.2.7 8558fe135d54 4 years ago 237MB
mongo 2.6.11 f36fb0070896 5 years ago 391MB
mongo 2.6.10 54fb6f9984dd 5 years ago 393MB
mongo 2.6.9 0eb5bcb2f408 5 years ago 392MB
mongo 2.4.13 1bc8a1a8ad40 5 years ago 344MB
mongo 2.6.8 f287f6ca320f 5 years ago 393MB
mongo 2.6.7 0fa5e3f671a7 6 years ago 392MB
mongo 2.4.12 ae5e97f89258 6 years ago 345MB
mongo 2.8 4af37f2deb97 6 years ago 225MB
mongo 2.8.0 4af37f2deb97 6 years ago 225MB
mongo 2.8.0-rc5 4af37f2deb97 6 years ago 225MB
mongo 2.8.0-rc4 c732b27ee3d6 6 years ago 224MB
mongo 2.6.6 7632cab977f9 6 years ago 392MB
mongo 2.8.0-rc3 84a5935d697f 6 years ago 224MB
mongo 2.8.0-rc0 afb23b2838b9 6 years ago 224MB
mongo 2.6.5 6e2f39336075 6 years ago 392MB
mongo 2.7 1bc6f44f84be 6 years ago 217MB
mongo 2.7.8 1bc6f44f84be 6 years ago 217MB
mongo 2.7.7 e29d06d58a5e 6 years ago 237MB
mongo 2.4.11 be2b25bde5f5 6 years ago 345MB
mongo 2.6.4 d90d629f1e23 6 years ago 391MB
mongo 2.7.6 18400f87db91 6 years ago 381MB
mongo 2.4.10 9ee0bcea2cbf 6 years ago 345MB
mongo 2.7.5 5f79484e67e9 6 years ago 379MB
mongo 2.6.1 f4eb787e7fd8 6 years ago 748MBSearch for images from Docker Hub
The command docker searchallows us to search Docker Hub from the CLI. For example to find alpine images on Docker Hub
root@docker:~# docker search alpine
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
alpine A minimal Docker image based on Alpine Linux… 7380 [OK]
mhart/alpine-node Minimal Node.js built on Alpine Linux 483
anapsix/alpine-java Oracle Java 8 (and 7) with GLIBC 2.28 over A… 469 [OK]
frolvlad/alpine-glibc Alpine Docker image with glibc (~12MB) 259 [OK]
alpine/git A simple git container running in alpine li… 175 [OK]
yobasystems/alpine-mariadb MariaDB running on Alpine Linux [docker] [am… 86 [OK]
alpine/socat Run socat command in alpine container 68 [OK]
kiasaki/alpine-postgres PostgreSQL docker image based on Alpine Linux 44 [OK]
davidcaste/alpine-tomcat Apache Tomcat 7/8 using Oracle Java 7/8 with… 44 [OK]
jfloff/alpine-python A small, more complete, Python Docker image … 41 [OK]
byrnedo/alpine-curl Alpine linux with curl installed and set as … 34 [OK]
hermsi/alpine-sshd Dockerize your OpenSSH-server with rsync and… 33 [OK]
zenika/alpine-chrome Chrome running in headless mode in a tiny Al… 33 [OK]
hermsi/alpine-fpm-php FPM-PHP 7.0 to 8.0, shipped along with tons … 25 [OK]
etopian/alpine-php-wordpress Alpine WordPress Nginx PHP-FPM WP-CLI 24 [OK]
bashell/alpine-bash Alpine Linux with /bin/bash as a default she… 18 [OK]
davidcaste/alpine-java-unlimited-jce Oracle Java 8 (and 7) with GLIBC 2.21 over A… 13 [OK]
roribio16/alpine-sqs Dockerized ElasticMQ server + web UI over Al… 12 [OK]
spotify/alpine Alpine image with `bash` and `curl`. 11 [OK]
cfmanteiga/alpine-bash-curl-jq Docker Alpine image with Bash, curl and jq p… 6 [OK]
hermsi/alpine-varnish Dockerize Varnish upon a lightweight alpine-… 3 [OK]
ellerbrock/alpine-mysql-client MySQL Client based on Alpine Linux 1 [OK]
dwdraju/alpine-curl-jq Alpine Docker Image with curl, jq, bash 1 [OK]
goodguykoi/alpine-curl-internal simple alpine image with curl installed no C… 1 [OK]
bushrangers/alpine-caddy Alpine Linux Docker Container running Caddys… 1 [OK]Column
NAME: indicates the name of the imageColumn
DESCRIPTION: brief description of imagesColumn
OFFICIAL: indicates whether the image is official or unofficial
If you only want to find official images, use the following command to filter:
docker search alpine --filter "is-official=true"Images and layers
Layer in images
Images Docker is a series of read-only layers connected together. Each layer includes 1 or more files.
In fact, when we pull an image, we will see the layers of that image:
root@docker:~# docker image pull ubuntu:latest
latest: Pulling from library/ubuntu
952132ac251a: Pull complete
82659f8f1b76: Pull complete
c19118ca682d: Pull complete
8296858250fe: Pull complete
24e0251a0e2c: Pull complete
Digest: sha256:f4691c96e6bbaa99d...28ae95a60369c506dd6e6f6ab
Status: Downloaded newer image for ubuntu:latest
docker.io/ubuntu:latestEach line will end with Pull completea representation of a layer that has been pulled.
Another way to view an image's layers is to use docker image inspect:
root@docker:~# docker inspect ubuntu:latest
[
{
"Id": "sha256:bd3d4369ae.......fa2645f5699037d7d8c6b415a10",
"RepoTags": [
"ubuntu:latest"
<Snip>
"RootFS": {
"Type": "layers",
"Layers": [
"sha256:c8a75145fc...894129005e461a43875a094b93412",
"sha256:c6f2b330b6...7214ed6aac305dd03f70b95cdc610",
"sha256:055757a193...3a9565d78962c7f368d5ac5984998",
"sha256:4837348061...12695f548406ea77feb5074e195e3",
"sha256:0cad5e07ba...4bae4cfc66b376265e16c32a0aae9"
]
}
}
]Docker is used storage driverto take responsibility for stacking layers and presenting them as a unified whole. Examples of storagedrivers include: AUFS, overlay2, devicemapper, btrfsand zfs.
Share layers between images
Images can share layers with each other, which leads to space and performance efficiency. When pulling an image, the layer status is announced meaning Already existsthat layer already exists and the image will use that layer without needing to pull a new layer.
Multi-architecture images
Docker images can support multiple architectures, meaning an image can contain multiple variants for different architectures and sometimes for different operating systems.
When running an image that supports multi-architecture, docker will automatically choose an image variant that matches the operating system and architecture of the machine. Most images offer a variety of architectures.
This means that an image such as golang can have images for linux on x64, or different versions on ARM and more. This means that when you are on any platform or architecture and pull an image, docker will pull the exact image suitable for that platform or architecture.
To do this, the Registry API supports two structures:
manifest lists
manifests
The picture above shows that when we pull an image, we will rely on the CPU architecture of the docker server to choose the appropriate version. We don't need to specify whether we need a linux x64 or windows x64 version, just run the commands as usual and docker itself will process it to get an image that matches the architectural platform on which the docker server is running.
Delete images
When we no longer need images on our docker, we can use them docker image rmto delete images. When deleting an image, all its layers will be deleted. However, if a layer of an image is shared with many other images, that layer will not be deleted until all images referencing it are deleted.
root@docker:~# docker image rm httpd:2.4
Untagged: httpd:2.4
Untagged: httpd@sha256:a6e472ad921c93d9fc2cbe2ff07560b9a526c145c4e10faff3aeb28c48cce585
Deleted: sha256:0b932df43057fbcc4276ae50fc0efe2f446d1955066d5774e764ef1f77638511
Deleted: sha256:2a455380a6b6556b6c74970d3ed6ed7cdf129faf017b0df678cf90c661df7971
Deleted: sha256:cb1255155eeaa614a1c12714454886e6581b78bc5942d1edf1910f67b9b81ea2
Deleted: sha256:6e35a2713ae7c4b470f2e3e245c3f0f7808911d4086ecd32e1dc9b53c184a94a
Deleted: sha256:902d020d1a22522b22d02e2787652b9f4b306d619d742216eeee0af2d800cde2To delete all images, use the following command:
docker image rm $(docker image ls -q) -fCommit from the original image
Create new image
To create a new image save the new changes to that container.
Docker commit alpine aline:v1.0
Use the key combination Ctrl P then Ctrl Q to exit the bash container while still keeping the container running.
Manage local images
List images
docker images
Tag image
Basically when you make a commit without any additional options after it. The system will create a new image without the name and tag of that image. Therefore, it is necessary to perform additional docker tag commands.
docker tag 5aa951fd5198 alpine:v1.0
Normally you should add the name and tag for the image in the commit command. Here is an example to further explain the image creation process.
Download image
For images that do not exist on the local machine. You can use the docker pull command to download versions of images to your computer in advance for use in cases where you need to travel without internet.
docker pull nginx
Upload local images to Docker Hub
You can share personal images by uploading your images to Docker hub after you build an image.
docker push daihv/hello_dockerfile:v1.0
This section will have a clearer example in section 3.2. Build image from Dockerfile
Delete images
With junk images you don't need, you can delete them.
docker rmi demo:v1.0
You can delete all images with the following command (consider before doing)
docker system prune -a
Export and Import images
Export images
Allows you to backup one or more images into a file that can be stored or sent. Often used to bring images to customers.
docker save -o backup.tar.gz alpine:v1.0 busybox:latest
Import images
Allows you to restore previously backed up images.
docker load -i backup.tar.gz
Build automatically with Dockerfile
What is Dockerfile?
Dockerfile is a text file containing instructions for building an image. The Docker image builder executes the Dockerfile from top to bottom, and instructions can configure or change anything about the image. Dockerfiles are the most common way to describe how to build images. Dockerfile can be understood as a shell script. which contains command lines, running the steps to create an image.
Build image from Dockerfile
In Dockerfile syntax it always starts with the FROM keyword.
FROM alpine:latest EXPOSE 8080 RUN ip add LABEL version="1.0" USER daihv ADD ./ebook1.txt /tmp WORKDIR /home/daihv/app ENV APP_HOME=/wildfly COPY ./ebook2.txt /tmp VOLUME /var/log ENTRYPOINT ["ls","-a"] CMD echo "oke oke"
In there:
FROM specifies which original image to execute from.
EXPOSE specifies the listening port.
RUN executes any command.
LABEL adds a descriptive label.
USER specifies the executing user.
ADD copies files from the host into the container which can also be a URL
WORKDIR indicates the default working directory.
ENV sets environment variables if any.
COPY is similar to ADD but cannot be used against URLs
VOLUME indicates the storage directory on the host.
ENTRYPOINT like CMD is used to run when creating a container, but ENTRYPOINT cannot be overwritten from the command line when starting a container.
CMD executes the default command when we initialize the container from the image, this default command can be overridden from the command line when initializing the container.
Step 1: Create a file named dockerfile
touch dockerfile
Step 2: Write the steps to deploy an image
nano dockerfile
Step 3: Execute build
docker build -t new_alpine:v1.0 -f dockerfile .
The command uses the * -t * flag to give the image a new name. And use the -f flag to specify the build file in case there are many dockefiles in a directory.
Step 4: Upload new image to Docker hub You need to have a Docker Hub account and create a repository first.
Re-tag the built images to match the repository on Docker hub.
docker tag new_alpine:v1.0 daihv/demo:v1.0
Login to your Docker hub account
docker login --username=daihv
Upload to repository
docker push daihv/demo:v1.0
Check back on Docker hub
Last updated