Understanding Docker images¶
Contents
Objectives¶
In this section, we will explain:
What is an image.
What is a layer.
The various image namespaces.
How to search and download images.
Image tags and when to use them.
What is an image ?¶
Image = files + metadata
These files form the root filesystem of our container.
The metadata can indicate a number of things, e.g.:
the author of the image
the command to execute in the container when starting it
environment variables to be set
etc.
Images are made of layers, conceptually stacked on top of each other.
Each layer can add, change, and remove files and/or metadata.
Images can share layers to optimize disk usage, transfer times, and memory use.
Differences between containers and images¶
An image is a read-only filesystem.
A container is an encapsulated set of processes running in a read-write copy of that filesystem.
To optimize container boot time, copy-on-write is used instead of regular copy.
docker run starts a container from a given image.
Let’s give a couple of metaphors to illustrate those concepts.
Object-oriented programming¶
Images are conceptually similar to classes.
Layers are conceptually similar to inheritance.
Containers are conceptually similar to instances.
Wait a minute¶
If an image is read-only, how do we change it?
We don’t.
We create a new container from that image.
Then we make changes to that container.
When we are satisfied with those changes, we transform them into a new layer.
A new image is created by stacking the new layer on top of the old image.
Creating the first images¶
There is a special empty image called scratch. It allows to build from scratch.
The docker import command loads a tarball into Docker.
The imported tarball becomes a standalone image.
That new image has a single layer.
Creating other images¶
docker commit¶
Saves all the changes made to a container into a new layer.
Creates a new image (effectively a copy of the container).
docker build¶
Performs a repeatable build sequence.
This is the preferred method!
We will explain both methods in a moment.
Images namespaces¶
There are three namespaces:
Official images:
e.g. ubuntu, busybox …
User (and organizations) images:
e.g. jpetazzo/clock
Self-hosted images:
e.g. registry.example.com:5000/my-private/image
Let’s explain each of them.
Root namespace¶
The root namespace is for official images. They are put there by Docker Inc., but they are generally authored and maintained by third parties.
Those images include:
Small, “swiss-army-knife” images like busybox.
Distro images to be used as bases for your builds, like ubuntu, fedora…
Ready-to-use components and services, like redis, postgresql…
User namespace¶
The user namespace holds images for Docker Hub users and organizations.
For example:
jpetazzo/clock
The Docker Hub user is:
jpetazzo
The image name is:
clock
Self-Hosted namespace¶
This namespace holds images which are not hosted on Docker Hub, but on third party registries.
They contain the hostname (or IP address), and optionally the port, of the registry server.
For example:
localhost:5000/wordpress
localhost:5000 is the host and port of the registry
wordpress is the name of the image
How do you store and manage images ?¶
Images can be stored:
On your Docker host.
In a Docker registry.
You can use the Docker client to download (pull) or upload (push) images.
To be more accurate: you can use the Docker client to tell a Docker Engine to push and pull images to and from a registry.
Showing current images¶
Let’s look at what images are on our host now.
docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
ch4-message-board-app_web latest 376512737492 21 hours ago 1.04GB
gdevops/django36_ch4 latest b44a8c214cdf 22 hours ago 1.04GB
postgres 10.4 61d053fc271c 4 days ago 236MB
busybox latest 8c811b4aec35 6 days ago 1.15MB
python 3.6 29d2f3226daf 3 weeks ago 911MB
ubuntu latest 452a96d81c30 4 weeks ago 79.6MB
jpetazzo/clock latest 12068b93616f 3 years ago 2.43MB
Searching for images¶
We cannot list all images on a remote registry, but we can search for a specific keyword:
$ docker search marathon
NAME DESCRIPTION STARS OFFICIAL AUTOMATED
mesosphere/marathon A cluster-wide init and control system for s… 106 [OK]
mesoscloud/marathon Marathon 31 [OK]
mesosphere/marathon-lb Script to update haproxy based on marathon s… 22 [OK]
mesosphere/marathon-lb-autoscale Autoscale your apps on Marathon 5 [OK]
thefactory/marathon Tagged images of each Mesos Marathon release 4 [OK]
brndnmtthws/marathon-lb-autoscale Marathon-lb autoscale demo 3 [OK]
mesoscloud/haproxy-marathon [DEPRECATED] Generate HAProxy configuration … 3 [OK]
f5networks/marathon-asp-ctlr Official container repository for F5 Maratho… 3
bobrik/marathon-tcp-haproxy 2 [OK]
tobilg/marathon-slack Listen to Marathon's Event Bus and send sele… 2 [OK]
f5networksdevel/marathon-bigip-ctlr Container repository for development images … 1
tobilg/gitlab-ci-runner-marathon A customized Docker image for running scalab… 1 [OK]
eduser25/pg-marathon-watcher PG Marathon watcher application for Maratho/… 1
vidazoohub/marathon-rabbit-autoscale autoscale marathon tasks based on rabbitmq q… 1 [OK]
gettyimages/marathon_exporter Marathon metrics exporter for Prometheus 0
skytix/marathon-consul Consul service registration daemon that moni… 0
heww/marathon-dns dns for marathon apps 0
jeffdecola/resource-marathon-deploy A Concourse resource type that deploys an AP… 0
ryanmehta/marathon-resource 0
praekeltfoundation/marathon-acme Automatically manage ACME certificates for a… 0 [OK]
ckaznocha/marathon-resource A Concourse resource to deploy applications … 0
quintoandar/drone-marathon Drone plugin to create marathon deployments 0 [OK]
jamiecressey89/marathon-zookeeper Zookeeper image that uses Marathon's API for… 0 [OK]
alenkacz/marathon-rabbitmq-autoscale Autoscaling capabilities for apps running in… 0 [OK]
mrbobbytables/marathon Marathon Mesos Framework container. 0 [OK]
“Stars” indicate the popularity of the image.
“Official” images are those in the root namespace.
“Automated” images are built automatically by the Docker Hub.
(This means that their build recipe is always available.)
Downloading images¶
There are two ways to download images.
Explicitly, with docker pull.
Implicitly, when executing docker run and the image is not found locally.
Pulling an image¶
$ docker pull debian:jessie
jessie: Pulling from library/debian
3d77ce4481b1: Pull complete
Digest: sha256:f29d0c98d94d6b2169c740d498091a9a8545fabfa37f2072b43a4361c10064fc
Status: Downloaded newer image for debian:jessie
In this example, :jessie indicates which exact version of Debian we would like. It is a version tag.
Image and tags¶
Images can have tags.
Tags define image versions or variants.
docker pull ubuntu will refer to ubuntu:latest.
The :latest tag is generally updated often.
When to (not) use tags¶
Don’t specify tags¶
When doing rapid testing and prototyping.
When experimenting.
When you want the latest version.
Do specify tags¶
When recording a procedure into a script.
When going to production.
To ensure that the same version will be used everywhere.
To ensure repeatability later.
Section summary¶
We’ve learned how to:
Understand images and layers.
Understand Docker image namespacing.
Search and download images.