In this post, we will be discussing docker image creation, management and before jumping into this article if you do not yet install Docker? then, I also recommend you to go through my previous post where I've discussed how to install
Docker-CE or
Docker EE. I would like to expose most of the things related to Docker Images.
Assuming that now you have everything ready! that means Docker engine up and running.
What is all about Docker Image?
According to docker docs --
An image is an executable package that includes everything needed to run an application -- the code, runtime, libraries, environment variables and configuration files.
The runtime of a docker image is called a Docker container.
In simple words, an Image is nothing but a stopped container! Let me put my understanding into a picture first and then we explore all these possible syntax and examples.
|
Docker Image Life cycle |
Let us talk about the docker image that was built with multiple layers.
Docker Images are Layered structure
The docker images in the layered structure make simple, very flexible and easy to built. Docker images are made up of multiple read-only layers(images). New images will be created from the existing set of images. Hundreds or thousands of containers can be spin up as per the need, they are typically based on the same image. When an image is instantiated into a container, a top writable layer is created where an application will be going to run and which will be deleted when the container removed. Docker accomplishes this by using storage drivers. Each storage driver manages the writeable layers and handles the implementation differently, but all storage drivers use the stackable image layer and the copy-on-write(CoW) strategy.
The docker image build will start on top of bootfs filesystem. Layer 0 which we call it as a base image that contains the root filesystem (rootfs). On top of Layer-0 are the read-only layers (1 .. n-1) which may contain the desired new configuration changes on the base image. Perhaps you may have a layer to install the application. Upon some more changes related to the application may be required that could be another layer. This forms layer cake which docker union file system to create docker image. If these configuration changes overlap each other (conflicts) the change on the top layer overrides.
Each image layer will be associated with unique UUIDs.
|
Docker Image stacked layers in Image and a container |
Docker images are read-only, But how do we change inside the Image?
- We don't really need to do changes in an image that is already existing, instead -
- We create a container from that image and then
- Do the required changes on top of it in the container layer and when we satisfied with those changes then, transform into a new layer in the image stack that is using 'docker save' container as image.
What are the differences between Docker image vs docker container?
|
Differences between Docker Image vs Container |
Docker Images - CLI
Docker search command
All the docker search commands will be refer to the Docker public repository content only. Simple search you could do for Jenkins Docker image like :
docker search jenkins
To get top 5 jenkins images out of search list use --limit optoin
docker search jenkins --limit 5
To filter out only the Official images, use the flag value as 'true'. This images will be called "Official" because they were scanned for vulnerabilities check inside the Image done by Docker Inc. This could be helpful when you selecting the Image for your project ensuring they are safe by selecting this option.
docker search jenkins --limit 5 --filter "is-official=true"
Note: There could be multiple images as Official for the same software image.
|
Docker search for Jenkins Image with limit official options |
docker search nginx --filter "is-official=true"
In a contrary we can also use the flag value as 'false'. when we prepare similar kind of image and searching for it.
docker search nginx --filter "is-official=false"
The default limit is 25 lines default there will be hunders of Public Images but will show only top 25 lines which are sorted with the "stars" count high.
docker search nginx --filter "is-official=false" --limit 10
You should aware of all the help options that are associated with 'docker image'
Manage images
Commands:
build Build an image from a Dockerfile
history Show the history of an image
import Import the contents from a tarball to create a filesystem image
inspect Display detailed information on one or more images
load Load an image from a tar archive or STDIN
ls List images
prune Remove unused images
pull Pull an image or a repository from a registry
push Push an image or a repository to a registry
rm Remove one or more images
save Save one or more images to a tar archive (streamed to STDOUT by default)
tag Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
Run 'docker image COMMAND --help' for more information on a command.
Remove Image
docker image rm --help
Usage: docker image rm [OPTIONS] IMAGE [IMAGE...]
Remove one or more images
Aliases:
rm, rmi, remove
Options:
-f, --force Force removal of the image
--no-prune Do not delete untagged parents
Examples:
docker rmi flask:1.0
docker image rm top-img -f
docker image remove sri-flask:1.0 -f
Image Inspect
To get multiple images information in one go you can use this.
$ docker image inspect --help
Usage: docker image inspect [OPTIONS] IMAGE [IMAGE...]
Display detailed information on one or more images
Options:
-f, --format string Format the output using the given Go template
Example:
vagrant@dockerhost:~/samples$ docker image inspect python:3
[
{
"Id": "sha256:a6a0779c5fb25f7a075c83815a3803f9fbc5579beb488c86e27e91c48b679951",
"RepoTags": [
"python:3"
],
"RepoDigests": [
"python@sha256:f265c5096aa52bdd478d2a5ed097727f51721fda20686523ab1b3038cc7d6417"
],
"Parent": "",
"Comment": "",
"Created": "2021-05-12T15:27:54.005567496Z",
"Container": "0bf84fa1b959359a29c7fa92d2c9e5fc4159c2e3092efda39e9f070d8c3f0017",
"ContainerConfig": {
"Hostname": "0bf84fa1b959",
"Domainname": "",
"User": "",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": false,
"OpenStdin": false,
"StdinOnce": false,
"Env": [
"PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"LANG=C.UTF-8",
"GPG_KEY=E3FF2839C048B25C084DEBE9B26995E310250568",
"PYTHON_VERSION=3.9.5",
"PYTHON_PIP_VERSION=21.1.1",
"PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/1954f15b3f102ace496a34a013ea76b061535bd2/public/get-pip.py",
"PYTHON_GET_PIP_SHA256=f499d76e0149a673fb8246d88e116db589afbd291739bd84f2cd9a7bca7b6993"
],
"Cmd": [
"/bin/sh",
"-c",
"#(nop) ",
"CMD [\"python3\"]"
],
Image tagging
This is like versioning your docker image build that is used by a dockerfile or another docker image for rename.
$ docker tag --help
Usage: docker tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG]
Create a tag TARGET_IMAGE that refers to SOURCE_IMAGE
Example:
docker tag nginx localhost:5000/nginx
https://docs.docker.com/engine/reference/commandline/image_tag/
Image push
docker image push --help
Usage: docker image push [OPTIONS] NAME[:TAG]
Push an image or a repository to a registry
Options:
--disable-content-trust Skip image signing (default true)
List images
Usage: docker image ls [OPTIONS] [REPOSITORY[:TAG]]
Aliases:
ls, list
Options:
-a, --all Show all images (default hides intermediate images)
--digests Show digests
-f, --filter filter Filter output based on conditions provided
--format string Pretty-print images using a Go template
--no-trunc Don't truncate output
-q, --quiet Only show image IDs
Examples:
1. Filtering dangling images
vagrant@dockerhost:~/samples$ docker image list --filter dangling=true
REPOSITORY TAG IMAGE ID CREATED SIZE
fc54bebe79ee 17 hours ago 57.1MB
2878761c8f4d 34 hours ago 57.1MB
2. List of imaage ids which are dangling using
--quite
option
vagrant@dockerhost:~/samples$ docker image list --quiet --filter dangling=true
fc54bebe79ee
2878761c8f4d
3. Find all latest images
vagrant@dockerhost:~/samples$ docker images --filter=reference='*:latest'
REPOSITORY TAG IMAGE ID CREATED SIZE
namaste_py latest 44ef94c791ae 2 days ago 895MB
cassandra latest 132406477368 11 days ago 402MB
busybox latest c55b0f125dc6 2 weeks ago
Image History
Docker history command will gives you how this Docker image is build with what instructions. We can compare the the dockerfile content of any of the image with the docker image history command output.
$ docker image history --help
Usage: docker image history [OPTIONS] IMAGE
Show the history of an image
Options:
--format string Pretty-print images using a Go template
-H, --human Print sizes and dates in human readable format (default true)
--no-trunc Don't truncate output
-q, --quiet Only show numeric IDs
Example for the docker image history
$ docker image history hello-world
IMAGE CREATED CREATED BY SIZE COMMENT
fce289e99eb9 11 months ago /bin/sh -c #(nop) CMD ["/hello"] 0B
< missing > 11 months ago /bin/sh -c #(nop) COPY file:f77490f70ce51da2… 1.84kB
We can use the history subcommand with
--format option to display only the "CREATED BY" column containing lines.
docker image history hello-world –format {{ .CreatedBy }}
docker image history hello-world –format {{ .CreatedBy }}={{size}}
Example of Tomcat image format with
CreatedBy docker image history tomcat –format {{ .CreatedBy }}
Tomcat docker image history
|
Docker Tomcat image history format with "CreatedBy" |
Check more Docker commands executions :