Dockerfile

scratch images

• scratch images in docker will not have anything no shell
• These images can be used for running statically compiled languages (C,C++, Go, Rust) applications which donot require any shell
• finding issues will be difficult but the application will not have any attack surface.

Dockerfile reference

• ENV: This instruction will set environmental variables which can be used in container.
  • Consider the following dockerfile
    Dockerfile
FROM alpine
ENV APP_DIR="/apps"
CMD ["sleep", "1d"]
  • Lets build an image called as env:test
  • Lets create a container with name test1 and then print environmental variables printenv
    
  • Now lets create a new container test2 with a different APPS_DIR value
    
• Generally most of the configuration values (Database details, Backend service names or ips) to the applications running in containers is passed as Environmetal variable

Lets build a docker image for spring petclinic

• Dockerfile is generally written in the same repo as code.
• copying the exact file into Docker Image

FROM eclipse-temurin:17
LABEL project="learning" 
LABEL author="khaja"
ARG USERNAME=spc
RUN useradd -m -d /apps -s /bin/bash ${USERNAME}
USER ${USERNAME}
COPY --chown=${USERNAME}:${USERNAME}  target/spring-petclinic-3.4.0-SNAPSHOT.jar /apps/spring-petclinic-3.4.0-SNAPSHOT.jar
WORKDIR /apps
EXPOSE 8080
# CMD Executes when the container is started
CMD [ "java", "-jar", "spring-petclinic-3.4.0-SNAPSHOT.jar" ]

• COPY instruction above copies specific jar into image
• Refer Here for the changes
• In the above case we are using the jar file which is built and present in target folder.
• While copying files into docker image we can stop copying unncessary files using .dockerignore Refer Here
• If we want to build the java package and docker image as part of docker image we use Multi staged docker files. Refer Here for the changes done

Lets build a docker image for python fast api

• Python instructions
  • In your system create a virtual environment and activate (not necessary in docker image)
    
  • install dependencies pip install -r requirements.txt
  • Now Start the application using uvicorn main:app --host 0.0.0.0
  • This starts the application and is exposed on port 8000
  • to access docs http://<ip>:8000/docs
    
• Refer Here for the changes done Refer Here for repo.

Docker image w.r.t layers

• Docker Image is collection of layers
• article 1
• article 2
• Each Docker container when it is created has a disk which is union of one writable layer and other read only layers
• Any changes done by container will be in writable layer.
• Writable layer is alive as long as contianer is. So container deletion leads to deletion of writable layer which leads to data loss.
• Solution: Docker volumes