Image
Last updated
Last updated
Docker image is a fundamental element and an important component in Docker. Docker image can be understood as a record created by an individual or organization. If anyone has ever worked with VMs, they can understand that Docker images are similar to a snapshoot. But thanks to Docker technology, Docker images have special storage and management mechanisms to help optimize the system.
So where does the docker image come from? Docker image pulled from Docker registry. In addition, Docker images can also be created by users at different times.
Docker registries are services that make repositories accessible to pull commands in Docker. Docker registry is responsible for distributing images between users quickly and extremely conveniently. The Docker organization itself also creates a free public Docker registry called Docker hub. On Docker hub today, there are many images that have been authenticated by large organizations and have been uploaded by users. You can search for the image you need on hub.docker.com
You can also use CLI
docker search ubuntu
Docker images are created by organizations or users in two ways:
Commit from the original image.
Build automatically with Dockerfile.
Container storage using Union Filesystems (UFS) technology. This is a file system service developed for Linux to allow different file systems to be stacked (also called overlaid) to create an assembly or union of different files thereby creating a file system. single unified representation of the asset. Each change is recorded on a new layer and layered on top, above all other layers before it.
To put it more simply, those who have worked with Photoshop are familiar with the concept of Layers. When we want to lose an animal in a photo, we just need to add a new black layer over the original photo layer. The end user will receive a single merged avatar image that has lost the image of the animal that needs to be deleted in the image. On the manager's side, the change is made entirely on a different layer than the original photo layer.
This is essentially UFS in action, and it's one of the main reasons filesystems are so efficient at storage. Each layer includes only what is new and nothing is copied from a previous layer. There will be many read-only layers arranged below. There is a read/write layer on top that you can use to interact with the filesystem. When you read a file from the union filesystem, this file will be found and read from the highest layer. It will be down to the next layers until found.
You will not be able to make changes to the original image. If you want to commit your changes you must place another layer on top of the union filesystem, which is equivalent to committing and creating a new image. This is called the copy-on-write mechanism.
Command show most recent changes
docker container diff ubuntu
Command to view all layers
docker history ubuntu
Images are like a stopped container, so images are considered build-timeand containers are considered run-time.
When a container creates and runs from an image, the two structures become dependent on each other and the image cannot be deleted until the last container using it is deleted. Trying to delete an image without stopping or deleting the container will result in an error.
The purpose of a container is to run an application or a service. This means it only needs the application's code and the dependencies it needs, it doesn't need anything else. So the image always has low capacity because it removes all non-essential parts.
Image does not contain kernel – All containers running on a Docker host share access to that host's kernel.
A good example of how small images can be is that the official Alpine image is about 5.5MB, there are images that can be smaller. A more typical example is the ubuntu 18.04 docker image with a capacity of about 60MB. The images have clearly had most of the unnecessary parts removed.
Some windows images tend to be a lot larger than Linux images due to the way it works. The capacity of the windows image can be up to several gigabytes and pulling will take more time.
Local image storage is usually located /var/lib/docker/imagein Linux and C:\ProgramData\docker\windowsfilterWindows. The following command can be used to check if there are any images stored locally.
The process of getting the image to the docker server is called pulling. So if we want to have a new image of the docker server, we can use it docker pulland test it againdocker images
For example:
We see that the newly pulled images are already on the docker server.
As mentioned in previous sections, images are stored in centralized storage locations called image registries. This makes it easy to share and access. The popular and default used registry is Docker Hub .
Registry contains 1 or more image repositories, image repositories contain 1 or more images. As the following figure shows how the registry stores images.
Docker Hub has two concepts: official repositories and unofficial repositories.
Official repositories are where images are hosted and managed by Docker, Inc. These repositories will be labeled by docker as Docker Official Images.
Uncensored unofficial repositories may not be secure because they are not audited. However, not all unmoderated repositories are bad, it's just that you should be careful before using things from unofficial repositories. It's best to trust images with high downloads or images from famous repos.
Examples of some official repos:
Examples of some unofficial repos:
To pull an image from the official repo, we need to specify the name of the repo and its tag separated by a comma :. If we do not specify the tag, it will understand the default tag as latest.
For example to add an image from the official repository:
or
To add an image from an unofficial repo is the same as the official repo, but we add the name of the Docker Hub user or the name of the organization first.
An image can have many tags, if you want to pull all images in a repository, use the additional option -a.
The command docker searchallows us to search Docker Hub from the CLI. For example to find alpine images on Docker Hub
Column NAME: indicates the name of the image
Column DESCRIPTION: brief description of images
Column OFFICIAL: indicates whether the image is official or unofficial
If you only want to find official images, use the following command to filter:
Layer in images
Images Docker is a series of read-only layers connected together. Each layer includes 1 or more files.
In fact, when we pull an image, we will see the layers of that image:
Each line will end with Pull completea representation of a layer that has been pulled.
Another way to view an image's layers is to use docker image inspect:
Docker is used storage driverto take responsibility for stacking layers and presenting them as a unified whole. Examples of storagedrivers include: AUFS, overlay2, devicemapper, btrfsand zfs.
Share layers between images
Images can share layers with each other, which leads to space and performance efficiency. When pulling an image, the layer status is announced meaning Already existsthat layer already exists and the image will use that layer without needing to pull a new layer.
Docker images can support multiple architectures, meaning an image can contain multiple variants for different architectures and sometimes for different operating systems.
When running an image that supports multi-architecture, docker will automatically choose an image variant that matches the operating system and architecture of the machine. Most images offer a variety of architectures.
This means that an image such as golang can have images for linux on x64, or different versions on ARM and more. This means that when you are on any platform or architecture and pull an image, docker will pull the exact image suitable for that platform or architecture.
To do this, the Registry API supports two structures:
manifest lists
manifests
The picture above shows that when we pull an image, we will rely on the CPU architecture of the docker server to choose the appropriate version. We don't need to specify whether we need a linux x64 or windows x64 version, just run the commands as usual and docker itself will process it to get an image that matches the architectural platform on which the docker server is running.
When we no longer need images on our docker, we can use them docker image rmto delete images. When deleting an image, all its layers will be deleted. However, if a layer of an image is shared with many other images, that layer will not be deleted until all images referencing it are deleted.
To delete all images, use the following command:
To create a new image save the new changes to that container.
Docker commit alpine aline:v1.0
Use the key combination Ctrl P then Ctrl Q to exit the bash container while still keeping the container running.
List images
docker images
Basically when you make a commit without any additional options after it. The system will create a new image without the name and tag of that image. Therefore, it is necessary to perform additional docker tag commands.
docker tag 5aa951fd5198 alpine:v1.0
Normally you should add the name and tag for the image in the commit command. Here is an example to further explain the image creation process.
For images that do not exist on the local machine. You can use the docker pull command to download versions of images to your computer in advance for use in cases where you need to travel without internet.
docker pull nginx
You can share personal images by uploading your images to Docker hub after you build an image.
docker push daihv/hello_dockerfile:v1.0
This section will have a clearer example in section 3.2. Build image from Dockerfile
With junk images you don't need, you can delete them.
docker rmi demo:v1.0
You can delete all images with the following command (consider before doing)
docker system prune -a
Allows you to backup one or more images into a file that can be stored or sent. Often used to bring images to customers.
docker save -o backup.tar.gz alpine:v1.0 busybox:latest
Allows you to restore previously backed up images.
docker load -i backup.tar.gz
Dockerfile is a text file containing instructions for building an image. The Docker image builder executes the Dockerfile from top to bottom, and instructions can configure or change anything about the image. Dockerfiles are the most common way to describe how to build images. Dockerfile can be understood as a shell script. which contains command lines, running the steps to create an image.
In Dockerfile syntax it always starts with the FROM keyword.
FROM alpine:latest EXPOSE 8080 RUN ip add LABEL version="1.0" USER daihv ADD ./ebook1.txt /tmp WORKDIR /home/daihv/app ENV APP_HOME=/wildfly COPY ./ebook2.txt /tmp VOLUME /var/log ENTRYPOINT ["ls","-a"] CMD echo "oke oke"
In there:
FROM specifies which original image to execute from.
EXPOSE specifies the listening port.
RUN executes any command.
LABEL adds a descriptive label.
USER specifies the executing user.
ADD copies files from the host into the container which can also be a URL
WORKDIR indicates the default working directory.
ENV sets environment variables if any.
COPY is similar to ADD but cannot be used against URLs
VOLUME indicates the storage directory on the host.
ENTRYPOINT like CMD is used to run when creating a container, but ENTRYPOINT cannot be overwritten from the command line when starting a container.
CMD executes the default command when we initialize the container from the image, this default command can be overridden from the command line when initializing the container.
Step 1: Create a file named dockerfile
touch dockerfile
Step 2: Write the steps to deploy an image
nano dockerfile
Step 3: Execute build
docker build -t new_alpine:v1.0 -f dockerfile .
The command uses the * -t * flag to give the image a new name. And use the -f flag to specify the build file in case there are many dockefiles in a directory.
Step 4: Upload new image to Docker hub You need to have a Docker Hub account and create a repository first.
Re-tag the built images to match the repository on Docker hub.
docker tag new_alpine:v1.0 daihv/demo:v1.0
Login to your Docker hub account
docker login --username=daihv
Upload to repository
docker push daihv/demo:v1.0
Check back on Docker hub
