Table of Contents

Docker - Image

About

This page is about the container image in Docker.

OCI is the standardized container format used by Docker

Identification / Full Qualified Name

name
# or a tagged name
name[:tag]
# or a digest name
name[@sha:]
# or a namespace scoped tagged name
[namespace/]name[:tag]
# or a namespace scoped digest name
[namespace/]name[@sha:]
# or a Full Qualified Name by tag with the registry
[registryHost/]namespace/name[:tag]
# a Full Qualified Name by digest with the registry
[registryHost/]namespace/name[@sha256:]

where:

Tag

See Docker - Tag (Tag, push, and pull your image)

A repository potentially holds multiple variants of an image

In the case of the ubuntu image, there is multiple variants covering Ubuntu 10.04, 12.04, 12.10, 13.04, 13.10 and 14.04. Each variant is identified by a tag and you can refer to a tagged image like so: 

ubuntu:14.04

Digest

In the registry, all images are content addressable, referenced by a digest (currently sha256)

Example of image referencing with digest 

# the format
registry/user/image-name@sha256:digest
# an example
docker.io/user/image-name@sha256:e90fc3a3b363b6d74b2f07392e5cd02f0c782bcd0c3ca84078f5c7722346ec88

A digest is also known as an immutable tags.

It is strongly recommended to use immutable tags in a production environment to ensures the deployment does not change automatically if the same tag is updated with a different image.

To see the digest for images: 

docker images --digests

To pull with a digest 

docker pull NAME@sha256:xxx

Management

Location

Docker stores downloaded images on the Docker host at the Docker Root Dir location 

sudo ls /var/lib/docker/image/aufs

distribution       imagedb            layerdb            repositories.json

List

docker images --filter reference=image-name

docker images

REPOSITORY          TAG                 IMAGE ID            CREATED              SIZE
docker-whale        latest              1351cae1fdfb        About a minute ago   275.1 MB
ubuntu              latest              f753707788c5        7 weeks ago          127.2 MB
hello-world         latest              c54a2cc56cbb        5 months ago         1.848 kB
docker/whalesay     latest              6b362a9f73eb        18 months ago        247 MB
training/webapp     latest              6fae60ef3446        19 months ago        348.8 MB

where

Id

name[:tag]

where:

Name

[user/]name

Build Version

Next to the tag, image may have more labels to set more defiinition on the build.

Example: with inspect and the label build_version 

docker inspect -f '{{ index .Config.Labels "build_version" }}' <image_name>

Base

A base image is a minimal linux image where you start to build more complicated image. See Docker - dockerfile

Example:

Remove

docker rmi -f (name or id)

where:

See also: Docker - Clean (Removing Image and Container)

Visualization

Visualization of the image and their different layer:

(Pre) load

Docker will automatically download any image you use that isn’t already present on the Docker host when you try to run it. If you want to pre-load an image you can download it using the docker pull

Layer

When doing a pull, you can see that each layer of the image has been pulled down 

docker pull centos

Using default tag: latest
latest: Pulling from library/centos
f1b10cd84249: Pull complete
c852f6d61e65: Pull complete
7322fbe74aa5: Pull complete
Digest: sha256:90305c9112250c7e3746425477f1c4ef112b03b4abe78c612e092037bfecc3b7
Status: Downloaded newer image for centos:latest

Create

To create an image, you can 

docker commit containerName imageName

Update

You can update a container created from an image and commit the results to an image.

You can commit the changes made to an image 

docker commit -m "Added json gem" -a "Kate Smith"  0b2616b0e5a8 ouruser/sinatra:v2

where:

Searching

https://hub.docker.com/ 

# docker search searchTerm
docker search oracle

NAME                             DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
wnameless/oracle-xe-11g          Oracle Express 11g R2 on Ubuntu 16.04 LTS       352                  [OK]
oraclelinux                      Oracle Linux is an open-source operating s...   260       [OK]
alexeiled/docker-oracle-xe-11g   This is a working (hopefully) Oracle XE 11...   185                  [OK]
sath89/oracle-12c                Oracle Standard Edition 12c Release 1 with...   78                   [OK]
sath89/oracle-xe-11g             Oracle xe 11g with database files mount su...   76                   [OK]

where:

Run

A container is a running instance of an image that you create with a run command.

See Docker - Containers

Save / Export

docker save [OPTIONS] IMAGE [IMAGE...]

Inspect

To see the property of the image such as the entrypoint, you can use the inspect command

How to see the files (mount)

Docker image are just a file store that you can run.

Example with mkfs where they are transformed as a the ext3 file system format 1) 

#!/usr/bin/env bash

set -euo pipefail

IMG="$1"
DOCKER_IMAGE_SIZE_IN_MB="$2"

# We have to pick a fixed size in advance for the .img file we create, so base it on the size
# of the original Docker image to avoid either wasting space or having the later tar extraction
# step fail with out of disk space errors. The image will be mounted read-only at runtime, so
# does not need free space for app files (separate mounts are used for those). The multiplier
# here is to account for the 5-6% loss of usable space due to ext3 filesystem overhead, as well
# as to ensure a few MB additional free space headroom.
IMG_SIZE_IN_MB=$((DOCKER_IMAGE_SIZE_IN_MB * 107 / 100))

echo "Using file size of ${IMG_SIZE_IN_MB} MB based on Docker image size of ${DOCKER_IMAGE_SIZE_IN_MB} MB"

mkdir -p "$(dirname "$IMG")"

# Create an empty file of the specified size.
# Using `fallocate` instead of `dd` since it's faster, simpler for this use-case, and doesn't
# suffer from `dd`'s non-determinism when attempting to copy an exact number of bytes:
# https://unix.stackexchange.com/a/121888
fallocate --length "${IMG_SIZE_IN_MB}MiB" "${IMG}"

# Format that file as an ext3 filesystem.
# The `-T` argument forces the 'default' config profile to be used, since otherwise if the filesystem size
# is less than 512 MB (as is the case for Heroku-24's run image) the 'small' profile would be used instead.
# The `-m` argument reduces reserved-blocks-percentage from its default of 5% to 1%.
# TODO: Switch to calling `mkfs.ext3` or `mke2fs -t ext3` since the `mkfs` alias is deprecated:
# https://manpages.ubuntu.com/manpages/jammy/en/man8/mkfs.8.html
mkfs -t ext3 -T default -m 1 -v "$IMG"

# Adjust the filesystem parameters for improved performance on runtime instances.
# The `-c` and `-i` arguments disable automatic filesystem checks, which are otherwise run based
# on number of times the image is mounted, or how much time has passed since the last check.
tune2fs -c 0 -i 0 "$IMG"

It is then just a file store format that you can mount 2) 

#!/usr/bin/env bash

set -euo pipefail

IMG="$1"
IMG_MNT="$2"

mkdir -p "$IMG_MNT"
mount -o loop,noatime,nodiratime "$IMG" "$IMG_MNT"

Documentation / Reference

1)
make-filesystem-image
2)
https://github.com/heroku/base-images/blob/main/tools/bin/mount-filesystem-image