Docker Images

A container is basically a running Image.

An Image is a bunch of layers with a Manifest (saying how the Image should run).

As Images are Read Only, a Read Write layer is created per container.

Images in detail

delete

docker rmi <image id>

Potential errors:

Error response from daemon: conflict: unable to delete <image id> (must be forced) – image is referenced in multiple repositories

You’ll need to untag them all individually. E.g.

docker images | grep <image id>

then

docker rmi <repo>:<tag>

https://docs.docker.com/engine/reference/commandline/rmi/#examples

 

Error response from daemon: conflict: unable to delete ae6b78bedf88 (must be forced) – image is being used by stopped container b6e81decac41

docker rmi -f <image id>

 

 

list

docker images

or

docker image ls

Note: you can optionally use a Repo name to just list those repos. E.g.

docker images alpine

or filter with a wildcard (using Zsh you’ll need to use quotes):

docker images 'alp*

 

 

pull

docker image pull redis

pull does an API request to a registry.

Step 1: get manifest

Step 2: pull layers

First, it looks for a Fat Manifest (aka Manifest List) and then, in turn, gets the Image Manifest. We then get a list of Layers which we pull.

Note: digest is a hash containing the Image ID which we can see with:

docker image ls --digests

Note, even though docker system info reports the Docker Root Dir as /var/lib/docker on the Mac, the images are actually stored in the xhyve virtual machine.

https://forums.docker.com/t/var-lib-docker-does-not-exist-on-host/18314/2

docker history

Say you’ve pulled something with docker image pull redis, you can see the commands that built the image using:

docker history redis

E.g.

For more info see: docker image inspect

and delete with docker image rm redis

Registries

On-premises Registry – e.g. Docker Trusted Registry (part of Docker’s commercial offering).

Note: official registry is docker.io. So, docker pull redis is short hand for:

docker pull docker.io/redis/latest

The image is actually called latest. The repo is called redis and the registry is docker.io.

Note: uncompressed layers use a content hash, Registry uses distribution hash (‘cos the layer gets compressed before being uploaded) and the layers on the file system use a random ID.

 Best Practices

  1. use official images (e.g. alpine)
  2. use specific versions of a docker image (rather than latest)

 

Leave a Reply

Your email address will not be published. Required fields are marked *