docker
- Choose base image
docker init- Edit created files by previous step
docker builddocker run
docker initGenerates templates to use docker for several use-cases in an interactive way.
Before using a docker image it has to be pulled from the docker hub. E.g.:
docker image pull mcr.microsoft.com/powershell
# or with specified tag:
docker image pull mcr.microsoft.com/powershell:latest$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mcr.microsoft.com/powershell latest 3914ce801a11 6 weeks ago 296MB
$ docker image inspect 3914ce801a11
# displays a long JSON with all the information about the imageShows something like:
- Architecture
- OS type/flavour
- Size
- Tags
- Users
- ...
docker run -it mcr.microsoft.com/powershell
# or (with own image):
# Runs the image and opens a bash; useful to manually execute a failing step (comment this out in your Dockerfile beforehand):
docker run -it myImage /bin/bashdocker run -it --user root myImage /bin/bash
# or for Windows Server Core:
docker exec --user ContainerAdministrator -it myImage cmd
# or for WindowsNanoServer
docker exec --user ContainerUser -it myImage cmddocker build --tag someTag .
# or to show the full output (will create a lot of output in your terminal):
docker build --progress=plain .- Use
--no-cacheto start a clean build
Dockerfile reference guide: https://docs.docker.com/engine/reference/builder/
# Base image (use fqdn or create an alias to shorten fqdn)
# Only use one frome except when you want to use multiple build stages
#
# If reproducability is important, consider using a versioned tag (e.g., alpine:3.17.2, ...)
FROM mcr.microsoft.com/powershell:latest as base
# Create a non-privileged user that the app will run under
# See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
ARG UID=10001
RUN adduser \
--disabled-password \
--gecos "" \
--home "/nonexistent" \
--shell "/sbin/nologin" \
--no-create-home \
--uid "${UID}" \
appuser
# Add env variable to disable interactive dialogues (for dpkg tools like apt)
# OPTIONAL: Use, if you get interactive prompts during `apt-get install` etc.
ARG DEBIAN_FRONTEND=noninteractive
# Download dependencies as a separate step to take advantage of Docker's caching.
# Leverage a cache mount to /root/.cache/pip to speed up subsequent builds.
# Leverage a bind mount to requirements.txt to avoid having to copy them into into this layer.
# Append `:ro` to the file path to mount as read-only
#
# For MacOS the mode must be inserted to set the permissions properly: https://github.com/moby/buildkit/issues/1463#issuecomment-620892736
RUN --mount=type=cache,target=/root/.cache/pip \
--mount=type=bind,source=requirements.txt,target=requirements.txt \
apt-get update && apt-get install -y \
python3 \
python3-pip \
calibre \
ghostscript && \
python3 -m pip install -r requirements.txt
# Switch to the non-privileged user to run the application (all subsequent commands cannot be executed as root)
USER appuser
# Copy data to image (if a directory does not exist it will be created)
COPY my_script.py /app/
# COPY and set file owner
COPY --chown=appuser utils/helper_script.ps1 /app/utils/
# Set working directory; will create the directory if not existing
WORKDIR app/Books
# What the container should run when it is started.
ENTRYPOINT [ "python3", "my_script.py", "someArg" ]-
ARGonly visible during build time of the image -
ENVvisible during build of the image and run of the application (within the container)
Once a layer changes, all downstream layers have to be recreated as well. Make sure you choose your layers wisely to reduce build-time.
docker image history --no-trunc myImage- Separate build-time dependencies
- Reduce overall image size (by mainly excluding intermedidate steps)
Each FROM in the Dockerfile introduces a new stage. Only the final stage constitues the resulting image.
Use image name in COPY command:
FROM ubuntu:latest AS buildStage1
# do something
RUN yarn run build
FROM nginx:alpine
COPY --from=buildStage1 /app/build /opt/myappvim .dockerignoreLike .gitignore; omit files that you want to exclude from your docker image (e.g. temporary folders should be omitted but you still want to add a COPY . . or so to your Dockerfile).
When you try running something in a container (in this case it was a PowerShell/pwsh script):
An error has occurred that was not properly handled. Additional information is shown below. The PowerShell process will exit.
Unhandled exception. System.NullReferenceException: Object reference not set to an instance of an object.
at lambda_method7(Closure)
qemu: uncaught target signal 6 (Aborted) - core dumped
Aborted
This can happen if you run a container on a Mac with the Apple silicon (M1).
Install softwareupdate --install-rosetta and rebuild the container.
-
View processes (
-a= all):sudo docker ps -a -
Run docker container deamonised (docker container would run in the background completely detached from your current shell):
sudo docker run -d <image_name> - Run image with a different
ENTRYPOINTcommand in interactive mode with/bin/bash:sudo docker run --entrypoint /bin/bash -i -t <image_name>- When there is no
ENTRYPOINTdefined in theDockerfileit will only accept arguments in interactive mode; if this is the case and you want to start with an interactive shell you must pass the--entrypointargument
- When there is no
- Run image in interactive mode with
/bin/bashmounting the host directory/opt/123/to the container directory/opt/456/:sudo docker run -i -t -v /opt/123/:/opt/456/ <image_name> /bin/bash- Append
:roto the file path to mount as read-only
- Append
-
Set environment variables:
...-e FOO=foo -e BAR=bar...
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License *.
Code (snippets) are licensed under a MIT License *.
* Unless stated otherwise