Docker Basic Tutorial: Detailed Explanation of Dockerfile Syntax

Preface

Dockerfile is a script interpreted by the Docker program. Dockerfile consists of instructions one by one, and each instruction corresponds to a command under Linux. The Docker program translates these Dockerfile instructions into real Linux commands. Dockerfile has its own writing format and supported commands. The Docker program resolves the dependencies between these commands, similar to Makefile. The Docker program will read the Dockerfile and generate a customized image according to the instructions. Compared with black boxes like images, obvious scripts like Dockerfile are more easily accepted by users, as they clearly show how the image is generated. With Dockerfile, when we need to customize our own additional requirements, we only need to add or modify instructions on Dockerfile and regenerate the image, saving the trouble of typing commands.

The commands used in the Dockerfile are

FROM

FROM specifies a base image. Generally, a usable Dockerfile must have FROM as the first instruction. As for the image, it can be any reasonable existing image mirror.

FROM must be the first non-comment instruction in a Dockerfile.

FROM can appear multiple times in a Dockerfile to facilitate the creation of mixed images.

If no tag is specified, latest will be used as the base image version to use.

MAINTAINER

Here is the information for specifying the image maker

RUN

The RUN command will execute any legal command in the current image and submit the execution result. After the command is executed and submitted, the next instruction in the Dockerfile will be automatically executed.

Hierarchical RUN instructions and generated commits are in line with the core concept of Docker. It allows custom builds of image images at any point, just like version control.

The RUN instruction cache is not automatically invalidated when the next command is executed. For example, the cache of RUN apt-get dist-upgrade -y may be used for the next command. The --no-cache flag can be used to force the cache to be disabled.

ENV

The ENV instruction can be used to set environment variables for the Docker container.

The environment variables set by ENV can be viewed using the docker inspect command. You can also use docker run --env <key>=<value> to modify environment variables.

USER

USER is used to switch the running owner identity. Docker uses root by default, but if it is not necessary, it is recommended to switch to another user. After all, root has too much authority and there are security risks in using it.

WORKDIR

WORKDIR is used to switch the working directory. The default working directory of Docker is /. Only RUN can execute the cd command to switch directories, and it only works on the current RUN, which means that each RUN is performed independently. If you want other instructions to be executed in a specified directory, you have to rely on WORKDIR. The directory changes made by the WORKDIR action are persistent, so you don't need to use WORKDIR before each command.

COPY

COPY copies files from path <src> to path <dest> inside the container.

<src>

It must be a file or directory in the source folder, or a remote URL.

is an absolute path in the target container.

All new files and folders are created with UID and GID. In fact if <src> is a remote file URL, the target file's permissions will be 600.

ADD

ADD copies files from path <src> to path <dest> inside the container.

<src> must be a file or directory in the source folder, or a remote URL. <dest> is an absolute path in the destination container.

All new files and folders will have UIDs and GIDs created. In fact if <src> is a remote file URL, the target file's permissions will be 600.

VOLUME

Create a mount point that can be mounted from the local host or other containers, generally used to store databases and data that needs to be maintained.

EXPOSE

The EXPOSE instruction specifies that the specified port should be forwarded when Docker allows it.

CMD

There can be only one CMD instruction in a Dockerfile. If you specify multiple CMD commands, the last one takes effect.

The main function of the CMD instruction is to provide a default execution container. These defaults can include the executable, or they can omit the executable.

When you use the shell or exec format, CMD

This command will be executed automatically.

ONBUILD

The function of ONBUILD is to delay the execution of the instruction until the next Dockerfile that uses FROM is executed when the image is built. The delay is limited to once.

The usage scenario of ONBUILD is to obtain the latest source code (with RUN) and limit the system framework when building an image.

ARG

ARG is a new command added in Docker version 1.9.

The variables defined by ARG are only valid when the image is created. After the creation is completed, the variables become invalid and disappear.

LABEL

Define an image tag Owner and assign it a value equal to the value of the variable Name. (LABEL Owner=$Name )

ENTRYPOINT

It specifies the command or file to be executed when the Docker image is run as an instance (that is, a Docker container).

Notice:

Both CMD and ENTRYPOINT can be used to specify the program to start running, and both commands have two different syntaxes:

CMD ls -l

or

CMD ["ls",''-l"]

For the first syntax, Docker will automatically add "/bin/sh –c" to the command, which may lead to unexpected behavior. To avoid this behavior, we recommend that all CMD and ENTRYPOINT should use the second syntax.

If you use both, make sure you understand their meanings. Generally speaking, the only time you need to use both is when ENTRYPOINT specifies the binary to be run, and CMD gives the default parameters for the run.

• Combine commands as much as possible

Each command in a Dockerfile creates a new layer, and there is a limit to the maximum number of layers a container can have. Therefore, merging logically coherent commands as much as possible can reduce the number of layers. Methods for merging commands can include merging multiple commands that can be merged (EXPOSE, ENV, VOLUME, COPY).

Each command in a Dockerfile creates a new layer, and there is a limit to the maximum number of layers a container can have. Therefore, merging logically coherent commands as much as possible can reduce the number of layers, which can also speed up compilation.

Combine multiple commands that can be combined (RUN, EXPOSE, ENV, VOLUME, COPY), for example:

EXOISE 80
EXOISE 8080
CMD cd /tmp
CMD ls

==>

EXOISE 80 8080
CMD cd /tmp && ls

The ADD command and the COPY command have largely the same functionality. However, the COPY semantics are more direct, so we recommend using the COPY command whenever possible. The only exception is that the ADD command has its own decompression function. If you need to copy and decompress a file into the image, you can use the ADD command. Otherwise, we recommend using the COPY command.

ADD 1.1.1.100:1234/jdk-8u74-linux-x64.tar.gz /usr/local/

• Use of USER

By default, all Docker applications will run under the root user of the container, but this will cause some potential security risks. Containers running in the production environment are best run under non-privileged users using the USER command.

Summarize

The above is the full content of this article. I hope that the content of this article will have certain reference learning value for your study or work. Thank you for your support of 123WORDPRESS.COM.