Docker
Table of Contents
1. Dockerfile: Using build arguments with FROM statement
ARG VERSION=1.0.0
FROM image:${VERSION}
docker build --build-arg="VERSION=1.2.0" .
2. Get the Id of a container image
docker image ls --no-trunc --filter 'reference=REPO:TAG' --format '{{.ID}}'
3. Deleting dangling container images
docker rmi $(docker images -f "dangling=true" -q)
And because I mainly use fish shell:
docker rmi (docker images -f "dangling=true" -q)
4. TODO --format
5. Docker image, repository, etc. nomenclature
I keep getting confused between image tags, image name, image reference, repository, registry and etc. I figured out why.
5.1. Starting with the docker's glossary:
- A registry is a hosted service containing repositories of images which responds to the Registry API.
- A repository is a set of Docker images.
- A repository can be shared by pushing it to a registry server.
- The different images in the repository can be labeled using tags.
- A tag is a label applied to a Docker image in a repository.
- An image is an ordered collection of root filesystem changes and the corresponding execution parameters for use within a container runtime. An image typically contains a union of layered filesystems stacked on top of each other.
Notice that there's no entry in the glossary for name, image name
nor references. But image name is used in docker tag (docker
image tag).
5.2. docker tag gives some clarity
Usage: docker image tag SOURCE_IMAGE[:TAG] TARGET_IMAGE[:TAG] Alias docker tag A full image name has the following format and components: [HOST[:PORT_NUMBER]/]PATH
SOURCE_IMAGE and TARGET_IMAGE are either image names or image
Ids.
HOSTis a standard DNS hostname, without underscoresdocker.iois Docker's public registry.
PATHconsists of slash-separated components.- OCI Distribution Specification supports more than two slash-separated components
- most registries only support two slash-separated components (like Docker's public registry).
- Docker's public registry's
PATHformat is:[NAMESPACE/]REPOSITORY- where
NAMESPACEdefaults tolibrary
- where
5.3. docker pull confuses things even more
docker image pull [OPTIONS] NAME[:TAG|@DIGEST] […] docker image pull debian […] So far, you've pulled images by their name (and "tag").
Technically, those were pulled by their repository, not their
"name".
5.4. Concrete example
| What | Value |
|---|---|
| image name | docker.io/library/alpine:latest |
| registry | docker.io |
| namespace | library |
| repository | alpine |
| tag | latest |
And docker.io/library/alpine:latest is equivalent to
docker.io/alpine:latest because Docker's public registry's default
namespace is library. It is also equivalent to alpine:latest
because the default registry is (usually) docker.io.
A full image name has the following format and components:
[HOST[:PORT_NUMBER]/]PATH[:TAG]
5.5. Notes on AWS ECR aws
- ECR stands for Elastic Container Registry
- There's one registry per region
- =ImageUri=s are image names
- e.g.
ACCOUNT_ID.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]
- e.g.