A Docker image is simply a read-only file that’s used to run code within a Docker container. Think of it as a template that contains all the instructions needed to run the code. All of the code and dependencies are packaged in one file.
The Docker image contains all of the tools, packages, libraries, and source code required to run the software. These instructions can be used to build Docker containers, often containing multiple layers, with each one originating from the previous layer.
Docker images can be deployed on any host, and they are reusable, allowing developers to take images from one project and use them in another, saving them considerable time and effort.
Docker Images vs. Containers
Before we proceed further, it’s important to understand the differences between a Docker image and a container. A container is a self-contained space that lets you run an application.
Docker containers are completely isolated, so they don’t affect the system, and the environment they run in can’t affect the software either. A Docker image, on the other hand, runs the code within a container.
A Docker image can exist outside of a container, but a container will need to execute an image for it to have something to “contain”. Therefore, a container is fully dependent on a Docker image to execute an application.
Think of an image as a template, so while it can exist independently, you can’t execute it. It’s important to mention that a container is just an executed image. As you build a container, it automatically creates another layer on top of the image, letting you modify the container layer (images are read-only).
This also means that with the help of a single image base, you can easily create multiple Docker images. Over time, you’ll have images that contain different layers, with each iteration slightly similar to the previous one.
How to Build Docker Images
Primarily, Dockerfiles are used to build Docker images. Dockerfiles contain the commands you need to build and customize Docker images. Every instruction you execute with Dockerfiles creates an intermediate layer.
To create a Docker image, your first step would be to create a Dockerfile. Docker uses the Dockerfile to build images, so all instructions must be stored there. It’s a simple text file where you can add all the commands needed to create an image.
To write one, you can use the simple Express application generator. Creating a basic Node.js app is a good way to start. Express application generator is a CLI (command-line interface) that lets you create basic app skeletons.
If you’re on Linux, just fire up the Terminal, and install the generator using the following commands:
$ npm install express-generator -g
$ express docker-app
$ npm install
$ npm start
Once installed, head to the root directory (where you saved the application) and create a simple text file. You can name it whatever you want, but let’s go with “Dockerfile”.
Now, to create an image using this file, run the following commands:
# Filename: Dockerfile
FROM node:14-alpine
WORKDIR /usr/src/app
COPY package*.json ./
RUN npm install
COPY . .
$ docker build .
Docker will now build the image. To check whether the image was created, you can run the docker images command.
Once you build a Dockerfile, you don’t need to rebuild an image manually. The table below contains the basic Dockerfile commands you need to build images.
Few Commands Functions
- FROM Specifies the base image.
- RUN Specifies the shell command you want to execute in your image.
- COPY Used to import external files from a specified location.
- ENV Used to define environment variables.
- EXPOSE Defines the port to access your container application.
- LABEL Used to describe your image.
- CMD Used to execute a specific command within a container.
To build Docker images from Dockerfiles, follow these steps:
- Create your Dockerfiles: Here, you need to create a new file and directory for your Docker image.
- Run Docker build to build your Docker image. The
build
command uses instructions from specific files in a directory to build a Docker image. - After creating the Docker image, use the
Docker run
command to create your container.
Alternatively, you can use the interactive method to manually build Docker images from preexisting images. To do this, follow these steps:
- Open a terminal session after installing Docker.
- Use the Docker run command image_name:tag_name to start an interactive shell session with the container specified by the command. But there’s a caveat: Docker will automatically pull the most recent image version if you omit the tag name. If the images aren’t on any local file, Docker will build the container using resources from the Docker hub.
And, if you want to run your Docker image, you can use the following command:
docker run -i -t Dockerfile /bin/bash
You can replace the name with that of your image if you’ve renamed it.
How to Maximize Docker Image Security
The images that you use to build the container obviously play an important role in ensuring the overall safety of the container itself. In case the image is infected, the container will be too.
It’s important to take certain security precautions when using Docker images. Here are some key points to keep in mind.
Only Use Verified and Signed Images
There are numerous third-party image repositories available, but ideally, you should steer clear of them. Instead, always use verified images from the Docker Hub to maintain project integrity.
Furthermore, it’s important that you only use signed images to mitigate your risk. In case someone tampered with the image, you’ll know right away.
Use Minimal Images with No Unnecessary Libraries
Instead of using images that have several layers and contain various components that you won’t need, try to avoid downloading images that install additional system libraries that you won’t require. This can help you reduce your overall exposure.
Define a Privileged User
It’s important that you specify a USER for each Dockerfile. If you don’t, the container will run with root privileges on the host machine. That exposes your container to severe security issues and can lead to hackers eventually hacking into the host machine.
Regularly Check Images for Vulnerabilities
It’s important to note that vulnerabilities might be introduced as you continue to build new layers. While you may have checked the image originally, and verified it, make it a habit to check it regularly to identify issues and fix them at the earliest.
Happy Coding!!!
Thank you for reading! If you found this blog post helpful, please consider sharing it with others who might benefit. Feel free to check out my other blog posts and visit my socials!
Top comments (0)