Dockerfile

The Dockerfile is a script that contains a collection of commands and instructions for building a Docker container image. This cheat sheet provides essential keys and commands to help programmers write efficient Dockerfiles.

Essential keys

FROM

This instruction sets the base image for your Docker container.

FROM ubuntu:20.04

The example above starts the Dockerfile by using the Ubuntu 20.04 image as the base. It’s the first instruction in a Dockerfile.

MAINTAINER

This key sets the author field of the generated images.

MAINTAINER John Doe <johndoe@example.com>

In the modern Docker versions, it’s recommended to use the LABEL instruction for this.

RUN

This key executes commands in a new layer on top of the current image.

RUN apt-get update && apt-get install -y curl

The above command updates the package lists and installs curl.

CMD

Provides defaults for the executing container. Only one CMD is allowed.

CMD ["echo", "Hello, World!"]

If the container is run without specifying a command, it will execute the above echo command.

ENTRYPOINT

Allows you to configure the container to run as an executable.

ENTRYPOINT ["echo"]
CMD ["Hello, World!"]

With this configuration, if you run the container without arguments, it will echo “Hello, World!”.

WORKDIR

This key sets the working directory inside the container.

WORKDIR /app

All the following instructions in the Dockerfile will be run in the /app directory.

USER

This instruction sets the user or UID and optionally the group or GID to use when running the image.

USER developer

The image will be run using the “developer” user.

EXPOSE

Informs Docker that the container will listen on the specified network ports at runtime.

EXPOSE 80

This tells Docker that our container will listen on port 80.

ENV

Sets an environment variable.

ENV MY_NAME John

This sets an environment variable called MY_NAME with the value “John”.

Copying and adding files

ADD

This instruction copies new files, directories, or remote file URLs and adds them to the filesystem of the image.

ADD source /destination

While powerful, it’s often recommended to use COPY unless you need the tar and remote URL handling of ADD.

COPY

This key is similar to ADD, but without the tar and remote URL capabilities.

COPY local-file-path /destination-in-container

COPY is more transparent because it only supports the basic copying of local files into the container.

Volumes

VOLUME

This key creates a mount point for externally mounted volumes or other containers.

VOLUME /data

This will create a mount point at /data which can be mounted by the host or other containers.

Arguments and environment variables

ARG

Defines a variable that users can pass at build-time to the builder.

ARG MY_VAR=default_value

You can pass a value to this during build with the —build-arg flag.

ENV

We already covered ENV under essential keys. It’s important to note that while both ARG and ENV can set environment variables, ARG is only available during the build of a Docker image and not in the container when it runs.

Layer optimization

Minimize the number of layers

Docker images are composed of layers. To make images smaller, you can minimize the number of layers.

RUN apt-get update && apt-get install -y curl && apt-get clean

By combining commands with &&, you create a single layer instead of three.

Grouping commands

By grouping related commands, you can reduce the number of layers and make your Dockerfile more readable.

RUN apt-get update && \
    apt-get install -y curl vim && \
    apt-get clean

The backslashes allow us to break one long command into readable segments.

Cleaning up in the same layer

After installing packages, it’s good to clean up cache to reduce image size.

RUN apt-get update && \
    apt-get install -y curl && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

The cleanup commands ensure that the intermediate cache and package data are not stored in the final image layer.