Dockerfile cheat-sheet
.dockerignore file: its like
.gitignorefile. This helps to avoid unnecessarily sending large or sensitive files and directories to the daemon and potentially adding them to images usingADDorCOPY.# comment */temp* */*/temp* temp?
FROM: A valid Dockerfile must start with a
FROMinstruction sets the Base Image for subsequent instructionFROM <image> [AS <name>]Or
FROM <image>[:<tag>] [AS <name>]Or
FROM <image>[@<digest>] [AS <name>]
RUN:
RUN has 2 forms:
(shell form, the command is run in a shell, which by default is /bin/sh -c on Linux or cmd /S /C on Windows)
RUN <command> RUN /bin/bash -c 'source $HOME/.bashrc; \ echo $HOME' RUN /bin/bash -c 'source $HOME/.bashrc; echo $HOME'Exec form
RUN ["executable", "param1", "param2"]
CMD: The
CMDinstruction has three forms:CMD ["executable","param1","param2"](exec form, this is the preferred form)CMD ["param1","param2"](as default parameters to ENTRYPOINT)CMD command param1 param2(shell form)Note: Unlike the shell form, the exec form does not invoke a command shell. This means that normal shell processing does not happen. For example,
CMD [ "echo", "$HOME" ]will not do variable substitution on$HOME. If you want shell processing then either use the shell form or execute a shell directly, for example:CMD [ "sh", "-c", "echo $HOME" ]. When using the exec form and executing a shell directly, as in the case for the shell form, it is the shell that is doing the environment variable expansion, notdocker.
LABEL:
LABEL <key>=<value> <key>=<value> <key>=<value> ...The LABEL instruction adds metadata to an image.
LABEL "com.example.vendor"="ACME Incorporated" LABEL com.example.label-with-value="foo" LABEL version="1.0" LABEL description="This text illustrates \ that label-values can span multiple lines."To view an image’s labels, use the docker inspect command.
"Labels": { "com.example.vendor": "ACME Incorporated" "com.example.label-with-value": "foo", "version": "1.0", "description": "This text illustrates that label-values can span multiple lines.", "multi.label1": "value1", "multi.label2": "value2", "other": "value3" },
EXPOSE
EXPOSE <port> [<port>/<protocol>...]The
EXPOSEinstruction informs Docker that the container listens on the specified network ports at runtime. You can specify whether the port listens onTCPorUDP, and the default isTCPif the protocol is not specified.To expose on both TCP and UDP, include two lines: EXPOSE 80/tcp EXPOSE 80/udpusing
docker networkyou can make communication from onecontainerto another without exposing any port.
ENV
ENV <key> <value> ENV <key>=<value> ...The
ENVinstruction sets the environment variable<key>to the value<value>. This value will be in the environment for all subsequent instructions in the build stage and can be replaced inline in many as well.# Example ENV myName John Doe ENV myDog Rex The Dog ENV myCat fluffy
ADD: ADD has two forms:
ADD [--chown=<user>:<group>] <src>... <dest>ADD [--chown=<user>:<group>] ["<src>",... "<dest>"](this form is required for paths containing whitespace)Note: The
--chownfeature is only supported onDockerfilesused to build Linux containers, and will not work on Windows containers. Since user and group ownership concepts do not translate betweenLinuxandWindows, the use of/etc/passwdand/etc/groupfor translating user and group names to IDs restricts this feature to only be viable for Linux OS-based containers. ```
COPY has two forms:
COPY [--chown=<user>:<group>] <src>... <dest> COPY [--chown=<user>:<group>] ["<src>",... "<dest>"] (this form is required for paths containing whitespace)Example:-
COPY hom* /mydir/ # adds all files starting with "hom" COPY hom?.txt /mydir/ # ? is replaced with any single character, e.g., "home.txt"
ENTRYPOINT ENTRYPOINT has two forms:
ENTRYPOINT ["executable", "param1", "param2"](exec form, preferred)ENTRYPOINT command param1 param2(shell form)FROM ubuntu ENTRYPOINT ["top", "-b"] CMD ["-c"]
WORKDIR
WORKDIR /path/to/workdirWORKDIR /a WORKDIR b WORKDIR c RUN pwdThe output of the final pwd command in this Dockerfile would be
/a/b/c.