Docker container file structure and best practices with examples

Docker is a robust containerization platform that enables developers to package applications and dependencies into portable units known as containers. These containers can be quickly deployed and run continuously in a variety of scenarios. The Dockerfile, a script that contains the instructions for producing an image, is an essential component in the creation of a Docker container. In this comprehensive article, we will go over the Dockerfile format, and best practices, and present specific examples to help you master the art of creating Docker container files.

What is a Dockerfile?

A Dockerfile is a text file that contains a set of instructions for building a Docker image. An image is a small, standalone, executable package that contains everything required to run a piece of software, including the code, runtime, libraries, and system utilities. Dockerfiles are the blueprints for producing Docker images, making them an important part of the Docker ecosystem.

The Basics of Dockerfile Structure

A Dockerfile usually has a straightforward structure:

# Comment
INSTRUCTION arguments

• Comments are signified by a # at the start of a line.
• INSTRUCTION is one of several Dockerfile instructions.
• Arguments are particular to the INSTRUCTION and specify how it should be executed.

The sequencing of instructions in a Dockerfile is critical since Docker creates images step by step. Each command generates a new layer in the image. This means that if you modify something in the next instruction, Docker will rebuild all layers from that point forward.

Dockerfile Instructions

Let’s look at some of the most widely used Dockerfile instructions and understand their purpose:

FROM

The FROM directive specifies the base image from which your Docker image will be created. It is the starting point for your Dockerfile.

Example:

FROM ubuntu:20.04

For this example, we’re starting with the official Ubuntu 20.04 image.

RUN

The RUN instruction runs instructions within the container throughout the build process. You can use it to install software, configure settings, and complete other operations.

Example:

RUN apt-get update && apt-get install -y python3

This instruction refreshes the package repository and installs Python 3.

COPY and ADD

The COPY and ADD commands copy files from your local workstation to the image.

Example:

COPY app.py /app/

This step moves the app.py file from your local directory to the image’s /app/ directory.

WORKDIR

The WORKDIR instruction configures the working directory for all subsequent instructions. It is identical to using the cd command.

Example:

WORKDIR /app

This changes the working directory to /app, therefore, all subsequent instructions will be executed relative to this directory.

EXPOSE

The EXPOSE directive tells Docker that the container will listen on the specified network ports during runtime. It does not really publish the ports; you must use -p or -P when starting the container.

Example:

EXPOSE 8080

This indicates that the container will listen at port 8080.

ENV

The ENV instruction configures environment variables within the picture. You can use these variables to control how programs behave within the container.

Example:

ENV DB_HOST=mydb
ENV DB_PORT=5432

These environment variables are accessible within the container and can be used to configure applications.

CMD and ENTRYPOINT

The CMD and ENTRYPOINT instructions specify the command that will be performed when the container is started. There is only one CMD, yet additional CMD instructions will be overridden. The ENTRYPOINT instruction, on the other hand, generates a command that may be specified and then extended with arguments while the container is operating.

Example:

CMD ["python", "app.py"]

This command will be performed when the container starts.

VOLUME

The VOLUME instruction adds a mount point to the image for external storage volumes. This is widely used to store data.

Example:

VOLUME /data

This instruction sets up the image to accept a volume mounted at /data.

Dockerfile Best Practices

Creating efficient Dockerfiles is critical for keeping your containers as lightweight and performant as possible. Below are some suggested practices to consider:

Keep Images Small

Smaller images are quicker to distribute and deploy. Remove superfluous files and utilize reduced base images whenever possible.

Use .dockerignore

A .dockerignore file, like .gitignore for Git, helps to prevent extraneous files and folders from being copied into the image. This minimizes the image size and build time.

Layer Caching

Docker caches the results of each instruction in a layer. To maximize layer reuse, include regularly changing instructions near the bottom of your Dockerfile.

Avoid Installing Unnecessary Packages

Install only the packages and dependencies that your application requires to execute. Removing superfluous packages decreases image size and security hazards.

Use Multi-Stage Builds

Multi-stage builds allow you to create dependencies in one picture and then replicate them into a smaller final image, resulting in a significant reduction in size.

Leverage Official Images

Whenever possible, use official photos as base images. They are well-maintained, have smaller attack surfaces, and receive regular security updates.

Advanced Techniques

ARG Instruction

The ARG instruction defines build-time variables that can be used in the Dockerfile. They are set at build-time using the --build-arg flag with docker build.

The ARG instruction specifies build-time variables that can be utilized in the Docker file. They are set at build time with the --build-arg parameter in docker build.

Example:

ARG MY_VERSION=latest
FROM my-image:${MY_VERSION}

You can override MY_VERSION during the build process.

HEALTHCHECK

The HEALTHCHECK instruction offers a command for checking the health of a container. This is important for checking that a container is functioning properly and can be combined with orchestration technologies such as Docker Compose or Kubernetes.

Example:

HEALTHCHECK --interval=30s --timeout=10s \
  CMD curl -f http://localhost/ || exit 1

Every 30 seconds, this example checks to see if the container successfully retrieves a URL.

User and Group Management

When running a container, it’s best to employ a non-root user. The USER command can be used to create a user and group in the Dockerfile.

Example:

RUN groupadd -r mygroup && useradd -r -g mygroup myuser
USER myuser

This mitigates the security vulnerabilities associated with executing containers as the root user.

Dockerfile Examples

Now that we’ve covered the fundamentals and best practices, let’s look at some practical Dockerfile samples.

Example: 1 Simple Node.js Application

Here’s a Dockerfile for a simple Node.js app:

# Use an official Node.js runtime as a parent image
FROM node:14

# Set the working directory in the container
WORKDIR /usr/src/app

# Copy package.json and package-lock.json to the working directory
COPY package*.json ./

# Install application dependencies
RUN npm install

# Copy the rest of the application source code
COPY . .

# Expose port 3000
EXPOSE 3000

# Define the command to run your application
CMD ["npm", "start"]

Example 2: Python Flask Web App

For a Python Flask web application, you can use the following Dockerfile:

# Use an official Python runtime as a parent image
FROM python:3.9

# Set the working directory in the container
WORKDIR /app

# Copy requirements.txt to the working directory
COPY requirements.txt ./

# Install application dependencies
RUN pip install --no-cache-dir -r requirements.txt

# Copy the rest of the application source code
COPY . .

# Expose port 5000
EXPOSE 5000

# Define the command to run your application
CMD ["python", "app.py"]

Example: 3 Java Spring Boot Application

For a Java Spring Boot application, you can write a Dockerfile like this:

# Use an official OpenJDK runtime as a parent image
FROM openjdk:11-jre-slim

# Set the working directory in the container
WORKDIR /app

# Copy the JAR file into the container
COPY target/myapp.jar ./

# Expose port 8080
EXPOSE 8080

# Define the command to run your Spring Boot application
CMD ["java", "-jar", "myapp.jar"]

These examples demonstrate how to use various Dockerfile instructions in different scenarios.

Conclusion

Dockerfiles are necessary for producing reproducible and consistent container images. Understanding the structure and best practices of Dockerfiles allows you to quickly develop images that are smaller, more secure, and easier to manage.

In this article, we addressed the fundamentals of Dockerfile structure, described widely used instructions, discussed best practices for Dockerfile generation, and demonstrated some advanced techniques. In addition, we included real-world Dockerfile examples for several programming languages and frameworks.

Mastering Dockerfile creation is an essential skill for DevOps and software development professionals. You may increase the overall efficiency of your containerized operations by adhering to best practices and experimenting with various instructions and strategies.

FAQ