How to create a container image

Container

Running application.

Container image

Container image

• File system with application, libraries and OS.
• part of the "installation package" for the cloud with exactly one application.

Creating an image

How to modify the application to run on the cloud?

• Separation of application, data, network and configuration.
• We write down the installation procedure.

Application dependency analysis

Each application has its dependencies on lower layers:

• at the library,
• on OS,
• on the processor.

Changing HW, LIB or OS requires changing the application.

The container image consists of layers

• Layers are immutable.
• Layers can be shared between images.
• A new entry means a new layer.
• Layering can be bypassed using mapping.

Example for layers:

1. Basic Ubuntu 22.2 LTS
2. Installing NGINX
3. Changing the work directory
4. Setting the command to run

Example Dockerfile

A Dockerfile is instructions on how to build an image.

FROM dockerfile/ubuntu
RUN \
add-apt-repository -y ppa:nginx/stable && \
apt-get update && \
apt-get install -y nginx && \
rm -rf /var/lib/apt/lists/* && \
echo "\ndaemon off;" >> /etc/nginx/nginx.conf && \
chown -R www-data:www-data /var/lib/nginx
WORKDIR /etc/nginx
CMD ["nginx"] # Define default command.

source

Image name

It has coded in it

• registry name
• name of the image
• tag

Compilation of the image

docker build . -t myregistry.tuke.sk/mynginx:0.1

                  |-----------------|-------|---|
                       registry       image  tag

Image sharing

Dockerhub central repository or custom registry

• Database of layers
• Image database
• Tag database

Possible problems when creating an image

• Dependency on Docker Hub.
• Frequent use of unverified images.
• docker daemon running as 'root' and other security issues.

Starting the container

docker run nginx

on the background

Interactive launch

docker run -it --rm nginx

with console

    +----------+
    | Registry |
    +----------+
        | Pull
        v
    +--------+
    | Image |
    +--------+
        | Run
        v
   +-----------+
   | Container |
   +-----------+

The container runs in a virtual environment

It sees virtual devices

• Processor
• Network
• File system

Virtual network

The container sees "its" network.

Starting with port mapping

docker run -it --rm -p 8000:80 nginx
                         ^ ^
                         | |
                    host    container

Basic network types in Docker

• Host - the container directly uses the host stack
• Bridge - virtual network within the host
• Overlay - virtual network between multiple hosts
• None - no network access

DNS in Docker

• The name of the container is its DNS name
• Therefore, there can be exactly one instance of a container with the same name

Virtual file system

• The container sees its own file system which consists of layers.
• Layering is implemented using a special file system.
• OverlayFS

Starting with network and volume mapping

docker run -p 80:80 -v /var/www:/var/www nginx

Mapping between real and virtual directory.

Layers of the virtual file system

    +------------------+
    | Operating system |
    +------------------+
        | build
   +-------------+
   | Application |-----------+----------------+
   +-------------+           |                |
        | OverlayFS          | Config         | Volume
+-----------------+ +---------------+ +--------------------+
| Temporary files | | Configuration | | Application status |
+-----------------+ +---------------+ +--------------------+

Separation of data from the application

• The application has no state.
• Data can be stored anywhere.

Working with file systems in Docker

• The file system is virtual
• The file system always returns to its original state after a reboot
• container mounts virtual disk space at block level or FS level

What is container status?

a part of the file system that changes and that is essential even after a restart, e.g. database

Directory mapping

We can mount an existing local folder into a new container

Connecting the current directory:

docker run -it --rm -v .:/home/user bash

Docker named volume

• Docker can partially "manage" disk space.
• A special folder under Docker control.

docker volume create myvolume
docker run -it --rm -v myvolume:/myvolume bash

Conclusion - Docker...

• is a virtualization layer between kernel and application.
• allows you to easily run the application in the cloud.
• simplifies installation.
• There are more compatible systems for co-inerization: podman, crio
• Management of multiple Docker containers - Kubernetes, Docker Swarm/Compose.