Docker Images

A container is basically a running Image.

An Image is a bunch of layers with a Manifest (saying how the Image should run).

As Images are Read Only, a Read Write layer is created per container.

Images in detail

delete

docker rmi <image id>

Potential errors:

Error response from daemon: conflict: unable to delete <image id> (must be forced) – image is referenced in multiple repositories

You’ll need to untag them all individually. E.g.

docker images | grep <image id>

then

docker rmi <repo>:<tag>

https://docs.docker.com/engine/reference/commandline/rmi/#examples

 

Error response from daemon: conflict: unable to delete ae6b78bedf88 (must be forced) – image is being used by stopped container b6e81decac41

docker rmi -f <image id>

 

 

list

docker images

or

docker image ls

Note: you can optionally use a Repo name to just list those repos. E.g.

docker images alpine

or filter with a wildcard (using Zsh you’ll need to use quotes):

docker images 'alp*

 

 

pull

docker image pull redis

pull does an API request to a registry.

Step 1: get manifest

Step 2: pull layers

First, it looks for a Fat Manifest (aka Manifest List) and then, in turn, gets the Image Manifest. We then get a list of Layers which we pull.

Note: digest is a hash containing the Image ID which we can see with:

docker image ls --digests

Note, even though docker system info reports the Docker Root Dir as /var/lib/docker on the Mac, the images are actually stored in the xhyve virtual machine.

https://forums.docker.com/t/var-lib-docker-does-not-exist-on-host/18314/2

docker history

Say you’ve pulled something with docker image pull redis, you can see the commands that built the image using:

docker history redis

E.g.

 Docker  docker history redis
IMAGE               CREATED             CREATED BY                                      SIZE                COMMENT
4e8db158f18d        3 weeks ago         /bin/sh -c #(nop)  CMD ["redis-server"]         0B
<missing>           3 weeks ago         /bin/sh -c #(nop)  EXPOSE 6379/tcp              0B
<missing>           3 weeks ago         /bin/sh -c #(nop)  ENTRYPOINT ["docker-entry…   0B
<missing>           3 weeks ago         /bin/sh -c #(nop) COPY file:9c29fbe8374a97f9…   344B
<missing>           3 weeks ago         /bin/sh -c #(nop) WORKDIR /data                 0B
<missing>           3 weeks ago         /bin/sh -c #(nop)  VOLUME [/data]               0B
<missing>           3 weeks ago         /bin/sh -c mkdir /data && chown redis:redis …   0B
<missing>           3 weeks ago         /bin/sh -c set -ex;   buildDeps='   wget    …   24.8MB
<missing>           3 weeks ago         /bin/sh -c #(nop)  ENV REDIS_DOWNLOAD_SHA=fc…   0B
<missing>           3 weeks ago         /bin/sh -c #(nop)  ENV REDIS_DOWNLOAD_URL=ht…   0B
<missing>           3 weeks ago         /bin/sh -c #(nop)  ENV REDIS_VERSION=4.0.11     0B
<missing>           6 weeks ago         /bin/sh -c set -ex;   fetchDeps="   ca-certi…   3MB
<missing>           6 weeks ago         /bin/sh -c #(nop)  ENV GOSU_VERSION=1.10        0B
<missing>           6 weeks ago         /bin/sh -c groupadd -r redis && useradd -r -…   329kB
<missing>           6 weeks ago         /bin/sh -c #(nop)  CMD ["bash"]                 0B
<missing>           6 weeks ago         /bin/sh -c #(nop) ADD file:919939fa022472751…   55.3MB

For more info see: docker image inspect

and delete with docker image rm redis

Registries

On-premises Registry – e.g. Docker Trusted Registry (part of Docker’s commercial offering).

Note: official registry is docker.io. So, docker pull redis is short hand for:

docker pull docker.io/redis/latest

The image is actually called latest. The repo is called redis and the registry is docker.io.

Note: uncompressed layers use a content hash, Registry uses distribution hash (‘cos the layer gets compressed before being uploaded) and the layers on the file system use a random ID.

 Best Practices

  1. use official images (e.g. alpine)
  2. use specific versions of a docker image (rather than latest)

 

Leave a Reply

Your email address will not be published. Required fields are marked *