Open in app

Sign in

Write

Sign in

DockerFile

MrDevSecOps
7 min readOct 1, 2021
  • Dockerfile is a simple text file that consists of instructions to build Docker images.
  • These commands/instructions are executed successively to perform actions on the base image to create a new docker image.
  • It will help you create custom Docker images.
  • Each instruction present in the docker file represents a layer of the docker image.

Mentioned below is the syntax of a Dockerfile

FROM

  • It is used for the base image of a Docker image in your Dockerfile using the FROM command.
  • If you want to start with a Linux base image, can use ubuntu.
# The base image
FROM ubuntu:latest

MAINTAINER

The Dockerfile MAINTAINER the command is simply used to tell who is maintaining this Dockerfile. Here is an example:

MAINTAINER   Bikram <admin@gmail.com>

WORKDIR

  • The WORKDIR instruction specifies what the working directory should be inside the Docker image.
  • The working directory will be in effect for all commands following the WORKDIR instruction. Here is an example:
WORKDIR    /app

COPY

  • The Dockerfile COPY command copies one or more files from the Docker host into the Docker image.
  • The COPY command can copy both a file or a directory from the Docker host to the Docker image.
  • Here is a Dockerfile COPY example:
COPY    /myapp/target/myapp.jar    /app/myapp.jar

This example copies a single file from the Docker host at /myapp/target/myapp.jar to the Docker image at /myapp/myapp.jar .

The first argument is the Docker host path (where to copy from) and the second argument is the Docker image path (where to copy to).

You can also copy a directory from the Docker host to the Docker image. Here is an example:

COPY    /myapp/config/prod    /myapp/config

This example copies the directory /myapp/config/prod from the Docker host to the /myapp/config directory in the Docker image.

You can also copy multiple files into a single directory in the Docker image using the COPY command. Here is an example:

COPY    /myapp/config/prod/conf1.cfg   /myapp/config/prod/conf2.cfg   /myapp/config/

This example copies the two files /myapp/config/prod/conf1.cfg and /myapp/conig/prod/conf2.cfg into the Docker image directory /myapp/config/

Note: Destination directory has to end with a / (slash) for this to work.

ADD

The Dockerfile ADD instruction works in the same way as the COPY instruction with a few minor differences:

  • The ADD instruction can copy and extract TAR files from the Docker host to the Docker image.
  • The ADD instruction can download files via HTTP and copy them into the Docker image.

Here are a few Dockerfile ADD examples:

ADD    myapp.tar    /myapp/

This example will extract the given TAR file from the Docker host into the /myapp/ the directory inside the Docker image.

Here is another example:

ADD    http://examplesite.com/myapp.jar    /myapp/

ENV

  • The Dockerfile ENV command can set an environment variable inside the Docker image.
  • This environment variable is available for the application that is started inside the Docker image with the CMD command.
  • Here are a few Dockerfile ENV examples:
ENV    MY_VAR   123

This example sets the environment variable MY_VAR to the value 123 .

RUN

  • The Dockerfile RUN command can execute command-line executables within the Docker image.
  • The RUN command is executed during the build time of the Docker image, so RUN commands are only executed once.
  • The RUN command can be used to install applications within the Docker image or other command-line activities.
  • Here are a few Dockerfile ENV examples:
RUN apt-get install git -y

ARG

  • The Dockerfile ARG instruction lets you define an argument that can be passed to Docker when you build the Docker image from the Dockerfile. Here is an example:
ARG tcpPort

When you run the Docker command to build the Dockerfile containing the above ARG instruction, you can pass an argument to the tcpPort an argument like this:

docker build --build-arg tcpPort=8080 .

Notice the --build-arg followed by the tcpPort=8080 . This part sets the tcpPort argument value to 8080.

You can define multiple build arguments using multiple ARG instructions. Here is an example:

ARG tcpPort
ARG useTls

When building the Docker image you must provide values for all of the build arguments. You do so by repeating the --build-arg sections for each argument you want to set. Here is an example:

docker build --build-arg tcpPort=8080 --build-arg useTls=true .

You can set a default value for an ARG so that it becomes optional to provide a value for it when building the Docker image. If the argument is not given a value, it will be given its default value. Here is an example:

ARG tcpPort=8080
ARG useTls=true

If neither the tcpPort nor the useTls the argument is set when building the Docker image for the Dockerfile containing the above ARG instructions, their argument values will be set to 8080 and true .

Arguments declared by ARG are typically referenced elsewhere in your Dockerfile. You reference an ARG an argument like this:

ARG tcpPort=8080
ARG useTls=trueCMD start-my-server.sh -port ${tcpPort} -tls ${useTls}

Notice the two references ${tcpPort} and ${useTls}.

These refer to the declared ARG arguments named tcpPort and useTls .

docker build --build-arg tcpPort=8080

EXPOSE

  • The Dockerfile EXPOSE instruction opens up network ports in the Docker container to the outside world.
  • For instance, if your Docker container runs a web server, that web server will probably need port 80 open for any client to be able to connect to it.
  • Here is an example of opening a network port using the EXPOSE command:
EXPOSE   8080
  • You can also set which protocol is allowed to communicate on the opened port.
  • For instance, UDP or TCP. Here is an example of setting the allowed protocol also:
EXPOSE   8080/tcp 9999/udp

If no protocol is set (after the / ), then the protocol is assumed to be TCP.

VOLUME

  • The Dockerfile VOLUME instruction creates a directory inside the Docker image which you can later mount a volume (directory) to from the Docker host.
  • In other words, you can create a directory inside the docker image.
  • e.g. /data which can later be mounted to a directory.
  • e.g. /container-data/container1 in the Docker host.
  • The mounting is done when the container is started up.
  • Here is an example of defining a volume (mountable directory) in a Dockerfile using the VOLUME instruction:
VOLUME   /data

CMD

  • The CMD command specifies the command line command to execute when a Docker container is started up which is based on the Docker image built from this Dockerfile.
  • Here are a few Dockerfile CMD examples:
CMD echo Docker container started.

This example just prints the text Docker container started when the Docker container is started.

The next CMD example runs a Java application:

CMD java -cp /myapp/myapp.jar com.jenkov.myapp.MainClass arg1 arg2 arg3

ENTRYPOINT

  • The Dockerfile ENTRYPOINT instruction provides an entry point for Docker containers started from this Docker image.
  • An entry point is an application or command that is executed when the Docker container is started up.
ENTRYPOINT java -cp /apps/myapp/myapp.jar com.jenkov.myapp.Main

This example will execute the Java application, main class com.jenkov.myapp.Main when the Docker container is started up, and when the application shuts down, so does the Docker container.

HEALTHCHECK

  • The Dockerfile HEALTHCHECK instruction can execute a health check command line command at regular intervals, to monitor the health of the application running inside the Docker container.
  • If the command line command returns a value of 0 when exiting, Docker considers the application and container to be healthy.
  • If the command line command returns a value of 1, Docker considers the application and container to be unhealthy.
  • Here is a Dockerfile HEALTHCHECK example:
HEALTHCHECK java -cp /apps/myapp/healthcheck.jar com.jenkov.myapp.HealthCheck https://localhost/healthcheck

This example configures the Java application com.jenkov.myapp.HealthCheck as the healthcheck command. You can use whatever healthcheck command that makes sense to you here.

Health Check Interval (default: 30s)

  • By default, Docker executes the HEALTHCHECK command every 30 seconds.
  • However, you can set a custom health check interval if you prefer a different interval longer than the default 30 seconds.
  • You specify the health check interval using the --interval argument to the HEALTHCHECK instruction. Here is an example that sets the HEALTHCHECK interval to 60 seconds instead:
HEALTHCHECK --interval=60s java -cp /apps/myapp/healthcheck.jar com.jenkov.myapp.HealthCheck https://localhost/healthcheck

Health Check Start Period (default: 0s)

  • By default, Docker will start checking the health of the Docker container immediately.
  • However, sometimes an application might take some time to start up, so it may not make sense to health check it until after a certain time period has elapsed.
  • This gives the application the chance to startup before Docker starts health checking it.
  • You can set the health check start period using the --start-period argument to the HEALTHCHECK instruction.
  • Here is an example setting the health check start period to 5 minutes, giving the container and application 300 seconds (5 minutes) to start up before Docker starts checking its health:
HEALTHCHECK --start-period=300s java -cp /apps/myapp/healthcheck.jar com.jenkov.myapp.HealthCheck https://localhost/healthcheck

Health Check Timeout (default: 30s)

  • It is possible for a health check to time out.
  • If the HEALTCHECK command takes more than a given time limit to finish, Docker will consider the health check timed out.
  • You can set the timeout limit using the --timeout argument to the HEALTHCHECK command.
  • Here is an example of setting the health check timeout time limit to 5 seconds:
HEALTHCHECK --timeout=5s java -cp /apps/myapp/healthcheck.jar com.jenkov.myapp.HealthCheck https://localhost/healthcheck

Note: If the health check times out, Docker considers the container to be unhealthy too.

Health Check Retries (default: 3)

  • If the HEALTHCHECK fails, either because the HEALTCHECK command returns 1, or if it times out.
  • Docker will retry the HEALTHCHECK command 3 times to see if the Docker container returns to a healthy state, before considering the Docker container unhealthy.
  • You can override the default 3 retries using the --retries argument to the HEALTHCHECK instruction. Here is an example of setting the number of health check retries to 5:
Dockerfiles
Docker Image
Docker
Docker Basic
Docker Certification

--

--

MrDevSecOps

Written by MrDevSecOps

268 Followers

Integrating security into the software development lifecycle.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams