Decoding Dockerfile

4 min readApr 4, 2022

The first step towards containerization is building a container image.

The most basic thing required to run your application as a docker container is an image. Creating an image is a process to package your application along with its runtime. A Dockerfile is a text document that contains all the commands a user could run on the command line to assemble an image. Using docker build users can create an automated build that executes several command-line instructions in succession. In order to do this efficiently, you must master the art of writing Dockerfiles. Most of the Dockerfiles contain the following instructions.

FROM
WORKDIR
COPY /ADD
RUN
ENV
EXPOSE
CMD
ENTRYPOINT

Sample Dockerfile.

Building Sample Dockerfile.

FROM:

FROM takes input in particular format which is like this registry/ns/repo:tag (if tag is not mentioned then it’s considered as latest), it’s referred as base image. Image build process will build new image on top of it. Every command which we run on this base image create new layer on it.

In above-mentioned sample Dockerfile base image is python:2.7-alpine, since the tag is not mentioned so build process will search for python:2.7-alpine:latest from docker registry ( by default dockerhub)

WORKDIR:

WORKDIR defines a directory inside the build container(interim container launched using image provided in FROM as input ) from where all other commands run mentioned in Dockerfile.
When you exec to a newly launched container then by default you will be in directory defined as WORKDIR during building image of that container.

COPY and ADD:

COPY copies files from source directory (relative to build context) to the destination directory (relative to WORKDIR )on build container (interim container).

So now the question is what is build context is a directory and/or all the files in the directory used at time of running build command(docker build .)

ADD does two more things in addition to what COPY does.
1. It supports remote source(files on http endpooint, jenkins,artifacts server ).
2. it copy files and can extract archive files ( as tar or zip)

RUN:

RUN is used during the image build process. Generally, it’s used for installing required packages on the intermediate container. but it’s not limited to it, It is also used for compiling/building application inside image, publishing application , running test etc.

It’s recommended to combine multiple instructions in a single RUN command instead of using multiple RUN commands with each RUN command with a single instruction.

ENV:

It’s used to define environment variables. There are two ways to define these variables var1 = value or var2 : value, Environment variables are defined in build process and when they are defined they can be used in subsequesnt steps.

I build an image in above example image name is dockersk402/sampleapp:v1. I ran a container using docker run -idt dockersk402/sampleapp:v1 from this image.

I can fetch the value of the environment variables that I set in Dockerfile.

Environment variables can be provided at build time as well as on run time.

EXPOSE:

It defines which port your application will run on inside a container. Later on these ports can be used for port mapping which happens on run time.

Note- if you are using -P (Caps P) option while launching container the by default container port mapping with host port happens and host port number will start from 32768. And if you are using -p (small p) then you can use port number of your choice if that port is available.

CMD:

CMD instruction in a docker file defines what command to launch a container with. CMD instructions are not used during the build process. Once your image is built and when you run a container from that image using run command that time these CMD instructions come into action and run the specified command mentioned in CMD instructions. ( command, process or application, etc)
Only one CMD instruction is honoured and that the most recent(last one in the list ).