Image

What is Docker Image?

Docker image is a fundamental element and an important component in Docker. Docker image can be understood as a record created by an individual or organization. If anyone has ever worked with VMs, they can understand that Docker images are similar to a snapshoot. But thanks to Docker technology, Docker images have special storage and management mechanisms to help optimize the system.

So where does the docker image come from? Docker image pulled from Docker registry. In addition, Docker images can also be created by users at different times.

A little more about the Docker registry

Docker registries are services that make repositories accessible to pull commands in Docker. Docker registry is responsible for distributing images between users quickly and extremely conveniently. The Docker organization itself also creates a free public Docker registry called Docker hub. On Docker hub today, there are many images that have been authenticated by large organizations and have been uploaded by users. You can search for the image you need on hub.docker.com

You can also use CLI docker search ubuntu

Docker images are created by organizations or users in two ways:

1. Commit from the original image.

2. Build automatically with Dockerfile.

Operation and storage mechanism of images

Container storage using Union Filesystems (UFS) technology. This is a file system service developed for Linux to allow different file systems to be stacked (also called overlaid) to create an assembly or union of different files thereby creating a file system. single unified representation of the asset. Each change is recorded on a new layer and layered on top, above all other layers before it.

To put it more simply, those who have worked with Photoshop are familiar with the concept of Layers. When we want to lose an animal in a photo, we just need to add a new black layer over the original photo layer. The end user will receive a single merged avatar image that has lost the image of the animal that needs to be deleted in the image. On the manager's side, the change is made entirely on a different layer than the original photo layer.

This is essentially UFS in action, and it's one of the main reasons filesystems are so efficient at storage. Each layer includes only what is new and nothing is copied from a previous layer. There will be many read-only layers arranged below. There is a read/write layer on top that you can use to interact with the filesystem. When you read a file from the union filesystem, this file will be found and read from the highest layer. It will be down to the next layers until found.

You will not be able to make changes to the original image. If you want to commit your changes you must place another layer on top of the union filesystem, which is equivalent to committing and creating a new image. This is called the copy-on-write mechanism.

Command show most recent changes docker container diff ubuntu

Command to view all layers docker history ubuntu

Images are like a stopped container, so images are considered build-timeand containers are considered run-time.

Images and containers

When a container creates and runs from an image, the two structures become dependent on each other and the image cannot be deleted until the last container using it is deleted. Trying to delete an image without stopping or deleting the container will result in an error.

Image size is always small

The purpose of a container is to run an application or a service. This means it only needs the application's code and the dependencies it needs, it doesn't need anything else. So the image always has low capacity because it removes all non-essential parts.

Image does not contain kernel – All containers running on a Docker host share access to that host's kernel.

A good example of how small images can be is that the official Alpine image is about 5.5MB, there are images that can be smaller. A more typical example is the ubuntu 18.04 docker image with a capacity of about 60MB. The images have clearly had most of the unnecessary parts removed.

Some windows images tend to be a lot larger than Linux images due to the way it works. The capacity of the windows image can be up to several gigabytes and pulling will take more time.

Pulling images

Local image storage is usually located /var/lib/docker/imagein Linux and C:\ProgramData\docker\windowsfilterWindows. The following command can be used to check if there are any images stored locally.

root@docker:~# docker images
REPOSITORY                  TAG       IMAGE ID       CREATED        SIZE

The process of getting the image to the docker server is called pulling. So if we want to have a new image of the docker server, we can use it docker pulland test it againdocker images

For example:

root@docker:~# docker pull alpine
Using default tag: latest
latest: Pulling from library/alpine
540db60ca938: Already exists
Digest: sha256:69e70a79f2d41ab5d637de98c1e0b055206ba40a8145e7bddb55ccc04e13cf8f
Status: Downloaded newer image for alpine:latest
docker.io/library/alpine:latest

root@docker:~# docker images
REPOSITORY                  TAG       IMAGE ID       CREATED        SIZE
alpine                      latest    6dbb9cc54074   2 weeks ago    5.61MB

We see that the newly pulled images are already on the docker server.

Image registries

As mentioned in previous sections, images are stored in centralized storage locations called image registries. This makes it easy to share and access. The popular and default used registry is Docker Hub .

Registry contains 1 or more image repositories, image repositories contain 1 or more images. As the following figure shows how the registry stores images.

Official and unofficial repos

Docker Hub has two concepts: official repositories and unofficial repositories.

Official repositories are where images are hosted and managed by Docker, Inc. These repositories will be labeled by docker as Docker Official Images.

Uncensored unofficial repositories may not be secure because they are not audited. However, not all unmoderated repositories are bad, it's just that you should be careful before using things from unofficial repositories. It's best to trust images with high downloads or images from famous repos.

Examples of some official repos:

nginx: https://hub.docker.com/_/nginx/
busybox: https://hub.docker.com/_/busybox/
redis: https://hub.docker.com/_/redis/
mongo: https://hub.docker.com/_/mongo/

Examples of some unofficial repos:

nigelpoulton/tu-demo — https://hub.docker.com/r/nigelpoulton/tu-demo/
nigelpoulton/pluralsight-docker-ci — https://hub.docker.com/r/nigelpoulton/pluralsight-docker-ci/

Name and tag in images

To pull an image from the official repo, we need to specify the name of the repo and its tag separated by a comma :. If we do not specify the tag, it will understand the default tag as latest.

docker image pull <repository>:<tag>

For example to add an image from the official repository:

root@docker:~# docker image pull redis
Using default tag: latest
latest: Pulling from library/redis
f7ec5a41d630: Already exists
a36224ca8bbd: Pull complete
7630ad34dcb2: Pull complete
c6d2a5632e6c: Pull complete
f1957981f3c1: Pull complete
42642d666cff: Pull complete
Digest: sha256:e10f55f92478715698a2cef97c2bbdc48df2a05081edd884938903aa60df6396
Status: Downloaded newer image for redis:latest
docker.io/library/redis:latest

or

root@docker:~# docker pull httpd:2.4
2.4: Pulling from library/httpd
f7ec5a41d630: Already exists
d1589b6d8645: Pull complete
83d3755a8d28: Pull complete
f8459b08e404: Pull complete
30fabbf5a067: Pull complete
Digest: sha256:a6e472ad921c93d9fc2cbe2ff07560b9a526c145c4e10faff3aeb28c48cce585
Status: Downloaded newer image for httpd:2.4
docker.io/library/httpd:2.4

To add an image from an unofficial repo is the same as the official repo, but we add the name of the Docker Hub user or the name of the organization first.

docker image pull nigelpoulton/tu-demo:v2

Image uses multiple tags

An image can have many tags, if you want to pull all images in a repository, use the additional option -a.

docker image pull -a mongo

root@docker:~# docker image ls | grep "mongo"
mongo                  4.2.6               3f3daf863757        10 months ago       388MB
mongo                  3-stretch           27d820d7098b        23 months ago       373MB
mongo                  3-jessie            b9406b8a16ec        2 years ago         368MB
mongo                  2                   1999482cb0a5        4 years ago         391MB
mongo                  2.6                 1999482cb0a5        4 years ago         391MB
mongo                  2.6.12              1999482cb0a5        4 years ago         391MB
mongo                  2.4                 2affaf1f84e0        4 years ago         342MB
mongo                  2.4.14              2affaf1f84e0        4 years ago         342MB
mongo                  2.2                 8558fe135d54        4 years ago         237MB
mongo                  2.2.7               8558fe135d54        4 years ago         237MB
mongo                  2.6.11              f36fb0070896        5 years ago         391MB
mongo                  2.6.10              54fb6f9984dd        5 years ago         393MB
mongo                  2.6.9               0eb5bcb2f408        5 years ago         392MB
mongo                  2.4.13              1bc8a1a8ad40        5 years ago         344MB
mongo                  2.6.8               f287f6ca320f        5 years ago         393MB
mongo                  2.6.7               0fa5e3f671a7        6 years ago         392MB
mongo                  2.4.12              ae5e97f89258        6 years ago         345MB
mongo                  2.8                 4af37f2deb97        6 years ago         225MB
mongo                  2.8.0               4af37f2deb97        6 years ago         225MB
mongo                  2.8.0-rc5           4af37f2deb97        6 years ago         225MB
mongo                  2.8.0-rc4           c732b27ee3d6        6 years ago         224MB
mongo                  2.6.6               7632cab977f9        6 years ago         392MB
mongo                  2.8.0-rc3           84a5935d697f        6 years ago         224MB
mongo                  2.8.0-rc0           afb23b2838b9        6 years ago         224MB
mongo                  2.6.5               6e2f39336075        6 years ago         392MB
mongo                  2.7                 1bc6f44f84be        6 years ago         217MB
mongo                  2.7.8               1bc6f44f84be        6 years ago         217MB
mongo                  2.7.7               e29d06d58a5e        6 years ago         237MB
mongo                  2.4.11              be2b25bde5f5        6 years ago         345MB
mongo                  2.6.4               d90d629f1e23        6 years ago         391MB
mongo                  2.7.6               18400f87db91        6 years ago         381MB
mongo                  2.4.10              9ee0bcea2cbf        6 years ago         345MB
mongo                  2.7.5               5f79484e67e9        6 years ago         379MB
mongo                  2.6.1               f4eb787e7fd8        6 years ago         748MB

Search for images from Docker Hub

The command docker searchallows us to search Docker Hub from the CLI. For example to find alpine images on Docker Hub

root@docker:~# docker search alpine
NAME                                   DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
alpine                                 A minimal Docker image based on Alpine Linux…   7380      [OK]
mhart/alpine-node                      Minimal Node.js built on Alpine Linux           483
anapsix/alpine-java                    Oracle Java 8 (and 7) with GLIBC 2.28 over A…   469                  [OK]
frolvlad/alpine-glibc                  Alpine Docker image with glibc (~12MB)          259                  [OK]
alpine/git                             A  simple git container running in alpine li…   175                  [OK]
yobasystems/alpine-mariadb             MariaDB running on Alpine Linux [docker] [am…   86                   [OK]
alpine/socat                           Run socat command in alpine container           68                   [OK]
kiasaki/alpine-postgres                PostgreSQL docker image based on Alpine Linux   44                   [OK]
davidcaste/alpine-tomcat               Apache Tomcat 7/8 using Oracle Java 7/8 with…   44                   [OK]
jfloff/alpine-python                   A small, more complete, Python Docker image …   41                   [OK]
byrnedo/alpine-curl                    Alpine linux with curl installed and set as …   34                   [OK]
hermsi/alpine-sshd                     Dockerize your OpenSSH-server with rsync and…   33                   [OK]
zenika/alpine-chrome                   Chrome running in headless mode in a tiny Al…   33                   [OK]
hermsi/alpine-fpm-php                  FPM-PHP 7.0 to 8.0, shipped along with tons …   25                   [OK]
etopian/alpine-php-wordpress           Alpine WordPress Nginx PHP-FPM WP-CLI           24                   [OK]
bashell/alpine-bash                    Alpine Linux with /bin/bash as a default she…   18                   [OK]
davidcaste/alpine-java-unlimited-jce   Oracle Java 8 (and 7) with GLIBC 2.21 over A…   13                   [OK]
roribio16/alpine-sqs                   Dockerized ElasticMQ server + web UI over Al…   12                   [OK]
spotify/alpine                         Alpine image with `bash` and `curl`.            11                   [OK]
cfmanteiga/alpine-bash-curl-jq         Docker Alpine image with Bash, curl and jq p…   6                    [OK]
hermsi/alpine-varnish                  Dockerize Varnish upon a lightweight alpine-…   3                    [OK]
ellerbrock/alpine-mysql-client         MySQL Client based on Alpine Linux              1                    [OK]
dwdraju/alpine-curl-jq                 Alpine Docker Image with curl, jq, bash         1                    [OK]
goodguykoi/alpine-curl-internal        simple alpine image with curl installed no C…   1                    [OK]
bushrangers/alpine-caddy               Alpine Linux Docker Container running Caddys…   1                    [OK]

• Column NAME: indicates the name of the image

• Column DESCRIPTION: brief description of images

• Column OFFICIAL: indicates whether the image is official or unofficial

If you only want to find official images, use the following command to filter:

docker search alpine --filter "is-official=true"

Images and layers

Layer in images

Images Docker is a series of read-only layers connected together. Each layer includes 1 or more files.

In fact, when we pull an image, we will see the layers of that image:

root@docker:~# docker image pull ubuntu:latest
latest: Pulling from library/ubuntu
952132ac251a: Pull complete
82659f8f1b76: Pull complete
c19118ca682d: Pull complete
8296858250fe: Pull complete
24e0251a0e2c: Pull complete
Digest: sha256:f4691c96e6bbaa99d...28ae95a60369c506dd6e6f6ab
Status: Downloaded newer image for ubuntu:latest
docker.io/ubuntu:latest

Each line will end with Pull completea representation of a layer that has been pulled.

Another way to view an image's layers is to use docker image inspect:

root@docker:~# docker inspect ubuntu:latest
[
    {
        "Id": "sha256:bd3d4369ae.......fa2645f5699037d7d8c6b415a10",
        "RepoTags": [
            "ubuntu:latest"
            
        <Snip>

        "RootFS": {
            "Type": "layers",
            "Layers": [
                "sha256:c8a75145fc...894129005e461a43875a094b93412",
                "sha256:c6f2b330b6...7214ed6aac305dd03f70b95cdc610",
                "sha256:055757a193...3a9565d78962c7f368d5ac5984998",
                "sha256:4837348061...12695f548406ea77feb5074e195e3",
                "sha256:0cad5e07ba...4bae4cfc66b376265e16c32a0aae9"
            ]
        }
    }
]

Docker is used storage driverto take responsibility for stacking layers and presenting them as a unified whole. Examples of storagedrivers include: AUFS, overlay2, devicemapper, btrfsand zfs.

Share layers between images

Images can share layers with each other, which leads to space and performance efficiency. When pulling an image, the layer status is announced meaning Already existsthat layer already exists and the image will use that layer without needing to pull a new layer.

Multi-architecture images

Docker images can support multiple architectures, meaning an image can contain multiple variants for different architectures and sometimes for different operating systems.

When running an image that supports multi-architecture, docker will automatically choose an image variant that matches the operating system and architecture of the machine. Most images offer a variety of architectures.

This means that an image such as golang can have images for linux on x64, or different versions on ARM and more. This means that when you are on any platform or architecture and pull an image, docker will pull the exact image suitable for that platform or architecture.

To do this, the Registry API supports two structures:

• manifest lists

• manifests

The picture above shows that when we pull an image, we will rely on the CPU architecture of the docker server to choose the appropriate version. We don't need to specify whether we need a linux x64 or windows x64 version, just run the commands as usual and docker itself will process it to get an image that matches the architectural platform on which the docker server is running.

Delete images

When we no longer need images on our docker, we can use them docker image rmto delete images. When deleting an image, all its layers will be deleted. However, if a layer of an image is shared with many other images, that layer will not be deleted until all images referencing it are deleted.

root@docker:~# docker image rm httpd:2.4
Untagged: httpd:2.4
Untagged: httpd@sha256:a6e472ad921c93d9fc2cbe2ff07560b9a526c145c4e10faff3aeb28c48cce585
Deleted: sha256:0b932df43057fbcc4276ae50fc0efe2f446d1955066d5774e764ef1f77638511
Deleted: sha256:2a455380a6b6556b6c74970d3ed6ed7cdf129faf017b0df678cf90c661df7971
Deleted: sha256:cb1255155eeaa614a1c12714454886e6581b78bc5942d1edf1910f67b9b81ea2
Deleted: sha256:6e35a2713ae7c4b470f2e3e245c3f0f7808911d4086ecd32e1dc9b53c184a94a
Deleted: sha256:902d020d1a22522b22d02e2787652b9f4b306d619d742216eeee0af2d800cde2

To delete all images, use the following command:

docker image rm $(docker image ls -q) -f

Commit from the original image

Create new image

To create a new image save the new changes to that container. Docker commit alpine aline:v1.0

Use the key combination Ctrl P then Ctrl Q to exit the bash container while still keeping the container running.

Manage local images

List images docker images

Tag image

Basically when you make a commit without any additional options after it. The system will create a new image without the name and tag of that image. Therefore, it is necessary to perform additional docker tag commands. docker tag 5aa951fd5198 alpine:v1.0 Normally you should add the name and tag for the image in the commit command. Here is an example to further explain the image creation process.

Download image

For images that do not exist on the local machine. You can use the docker pull command to download versions of images to your computer in advance for use in cases where you need to travel without internet. docker pull nginx

Upload local images to Docker Hub

You can share personal images by uploading your images to Docker hub after you build an image. docker push daihv/hello_dockerfile:v1.0 This section will have a clearer example in section 3.2. Build image from Dockerfile

Delete images

With junk images you don't need, you can delete them. docker rmi demo:v1.0

You can delete all images with the following command (consider before doing) docker system prune -a

Export and Import images

Export images

Allows you to backup one or more images into a file that can be stored or sent. Often used to bring images to customers. docker save -o backup.tar.gz alpine:v1.0 busybox:latest

Import images

Allows you to restore previously backed up images. docker load -i backup.tar.gz

Build automatically with Dockerfile

What is Dockerfile?

Dockerfile is a text file containing instructions for building an image. The Docker image builder executes the Dockerfile from top to bottom, and instructions can configure or change anything about the image. Dockerfiles are the most common way to describe how to build images. Dockerfile can be understood as a shell script. which contains command lines, running the steps to create an image.

Build image from Dockerfile

In Dockerfile syntax it always starts with the FROM keyword.

FROM alpine:latest EXPOSE 8080 RUN ip add LABEL version="1.0" USER daihv ADD ./ebook1.txt /tmp WORKDIR /home/daihv/app ENV APP_HOME=/wildfly COPY ./ebook2.txt /tmp VOLUME /var/log ENTRYPOINT ["ls","-a"] CMD echo "oke oke"

In there:

• FROM specifies which original image to execute from.

• EXPOSE specifies the listening port.

• RUN executes any command.

• LABEL adds a descriptive label.

• USER specifies the executing user.

• ADD copies files from the host into the container which can also be a URL

• WORKDIR indicates the default working directory.

• ENV sets environment variables if any.

• COPY is similar to ADD but cannot be used against URLs

• VOLUME indicates the storage directory on the host.

• ENTRYPOINT like CMD is used to run when creating a container, but ENTRYPOINT cannot be overwritten from the command line when starting a container.

• CMD executes the default command when we initialize the container from the image, this default command can be overridden from the command line when initializing the container.

Step 1: Create a file named dockerfile touch dockerfile

Step 2: Write the steps to deploy an image nano dockerfile

Step 3: Execute build

docker build -t new_alpine:v1.0 -f dockerfile . The command uses the * -t * flag to give the image a new name. And use the -f flag to specify the build file in case there are many dockefiles in a directory.

Step 4: Upload new image to Docker hub You need to have a Docker Hub account and create a repository first.

Re-tag the built images to match the repository on Docker hub. docker tag new_alpine:v1.0 daihv/demo:v1.0

Login to your Docker hub account docker login --username=daihv

Upload to repository docker push daihv/demo:v1.0

Check back on Docker hub