Usage: FROM <image>FROM <image>:<tag>FROM <image>@<digest>
Information: FROM must be the first non-comment instruction in the Dockerfile.FROM can appear multiple times within a single Dockerfile in order to create multiple images. Simply make a note of the last image ID output by the commit before each new FROM command.- The
tag or digest values are optional. If you omit either of them, the builder assumes a latest by default. The builder returns an error if it cannot match the tag value.
Reference-Best Practices |
Usage: The MAINTAINER instruction allows you to set the Author field of the generated images. |
Usage: RUN <command> (shell form, the command is run in a shell, which by default is /bin/sh -c on Linux or cmd /S /C on Windows)RUN ['<executable>', '<param1>', '<param2>'] (exec form)
Information: - The exec form makes it possible to avoid shell string munging, and to
RUN commands using a base image that does not contain the specified shell executable. - The default shell for the shell form can be changed using the
SHELL command. - Normal shell processing does not occur when using the exec form. For example,
RUN ['echo', '$HOME'] will not do variable substitution on $HOME.
Reference-Best Practices |
Usage: CMD ['<executable>','<param1>','<param2>'] (exec form, this is the preferred form)CMD ['<param1>','<param2>'] (as default parameters to ENTRYPOINT)CMD <command> <param1> <param2> (shell form)
Information: - The main purpose of a
CMD is to provide defaults for an executing container. These defaults can include an executable, or they can omit the executable, in which case you must specify an ENTRYPOINT instruction as well. - There can only be one
CMD instruction in a Dockerfile. If you list more than one CMD then only the last CMD will take effect. - If
CMD is used to provide default arguments for the ENTRYPOINT instruction, both the CMD and ENTRYPOINT instructions should be specified with the JSON array format. - If the user specifies arguments to
docker run then they will override the default specified in CMD. - Normal shell processing does not occur when using the exec form. For example,
CMD ['echo', '$HOME'] will not do variable substitution on $HOME.
Reference-Best Practices |
Usage: LABEL <key>=<value> [<key>=<value> ...]
Information: - The
LABEL instruction adds metadata to an image. - To include spaces within a
LABEL value, use quotes and backslashes as you would in command-line parsing. - Labels are additive including
LABELs in FROM images. - If Docker encounters a label/key that already exists, the new value overrides any previous labels with identical keys.
- To view an image’s labels, use the
docker inspect command. They will be under the 'Labels' JSON attribute.
Reference-Best Practices |
Usage: EXPOSE <port> [<port> ...]
Information: - Informs Docker that the container listens on the specified network port(s) at runtime.
EXPOSE does not make the ports of the container accessible to the host.
Reference-Best Practices |
Usage: ENV <key> <value>ENV <key>=<value> [<key>=<value> ...]
Information: - The
ENV instruction sets the environment variable <key> to the value <value>. - The value will be in the environment of all “descendant” Dockerfile commands and can be replaced inline as well.
- The environment variables set using
ENV will persist when a container is run from the resulting image. - The first form will set a single variable to a value with the entire string after the first space being treated as the
<value> - including characters such as spaces and quotes.
Reference-Best Practices |
Usage: ADD <src> [<src> ...] <dest>ADD ['<src>', ... '<dest>'] (this form is required for paths containing whitespace)
Information: - Copies new files, directories, or remote file URLs from
<src> and adds them to the filesystem of the image at the path <dest>. <src> may contain wildcards and matching will be done using Go’s filepath.Match rules.- If
<src> is a file or directory, then they must be relative to the source directory that is being built (the context of the build). <dest> is an absolute path, or a path relative to WORKDIR.- If
<dest> doesn’t exist, it is created along with all missing directories in its path.
Reference-Best Practices |
Usage: COPY <src> [<src> ...] <dest>COPY ['<src>', ... '<dest>'] (this form is required for paths containing whitespace)
Information: - Copies new files or directories from
<src> and adds them to the filesystem of the image at the path <dest>. <src> may contain wildcards and matching will be done using Go’s filepath.Match rules.<src> must be relative to the source directory that is being built (the context of the build).<dest> is an absolute path, or a path relative to WORKDIR.- If
<dest> doesn’t exist, it is created along with all missing directories in its path.
Reference-Best Practices |
Usage: ENTRYPOINT ['<executable>', '<param1>', '<param2>'] (exec form, preferred)ENTRYPOINT <command> <param1> <param2> (shell form)
Information: - Allows you to configure a container that will run as an executable.
- Command line arguments to
docker run <image> will be appended after all elements in an exec form ENTRYPOINT and will override all elements specified using CMD. - The shell form prevents any
CMD or run command line arguments from being used, but the ENTRYPOINT will start via the shell. This means the executable will not be PID 1 nor will it receive UNIX signals. Prepend exec to get around this drawback. - Only the last
ENTRYPOINT instruction in the Dockerfile will have an effect.
Reference-Best Practices |
Usage: VOLUME ['<path>', ...]VOLUME <path> [<path> ...]
Creates a mount point with the specified name and marks it as holding externally mounted volumes from native host or other containers. Reference-Best Practices |
Usage: The USER instruction sets the user name or UID to use when running the image and for any RUN, CMD and ENTRYPOINT instructions that follow it in the Dockerfile. Reference-Best Practices |
Usage: WORKDIR </path/to/workdir>
Information: - Sets the working directory for any
RUN, CMD, ENTRYPOINT, COPY, and ADD instructions that follow it. - It can be used multiple times in the one Dockerfile. If a relative path is provided, it will be relative to the path of the previous
WORKDIR instruction.
Reference-Best Practices |
Usage: ARG <name>[=<default value>]
Information: - Defines a variable that users can pass at build-time to the builder with the
docker build command using the --build-arg <varname>=<value> flag. - Multiple variables may be defined by specifying
ARG multiple times. - It is not recommended to use build-time variables for passing secrets like github keys, user credentials, etc. Build-time variable values are visible to any user of the image with the docker history command.
- Environment variables defined using the
ENV instruction always override an ARG instruction of the same name. - Docker has a set of predefined
ARG variables that you can use without a corresponding ARG instruction in the Dockerfile.HTTP_PROXY and http_proxyHTTPS_PROXY and https_proxyFTP_PROXY and ftp_proxyNO_PROXY and no_proxy
|
Usage: ONBUILD <Dockerfile INSTRUCTION>
Information: - Adds to the image a trigger instruction to be executed at a later time, when the image is used as the base for another build. The trigger will be executed in the context of the downstream build, as if it had been inserted immediately after the
FROM instruction in the downstream Dockerfile. - Any build instruction can be registered as a trigger.
- Triggers are inherited by the 'child' build only. In other words, they are not inherited by 'grand-children' builds.
- The
ONBUILD instruction may not trigger FROM, MAINTAINER, or ONBUILD instructions.
Reference-Best Practices |
Usage: The STOPSIGNAL instruction sets the system call signal that will be sent to the container to exit. This signal can be a valid unsigned number that matches a position in the kernel’s syscall table, for instance 9, or a signal name in the format SIGNAME, for instance SIGKILL. |
Usage: HEALTHCHECK [<options>] CMD <command> (check container health by running a command inside the container)HEALTHCHECK NONE (disable any healthcheck inherited from the base image)
Information: - Tells Docker how to test a container to check that it is still working
- Whenever a health check passes, it becomes
healthy. After a certain number of consecutive failures, it becomes unhealthy. - The
<options> that can appear are...--interval=<duration> (default: 30s)--timeout=<duration> (default: 30s)--retries=<number> (default: 3)
- The health check will first run
interval seconds after the container is started, and then again interval seconds after each previous check completes. If a single run of the check takes longer than timeout seconds then the check is considered to have failed. It takes retries consecutive failures of the health check for the container to be considered unhealthy. - There can only be one
HEALTHCHECK instruction in a Dockerfile. If you list more than one then only the last HEALTHCHECK will take effect. <command> can be either a shell command or an exec JSON array.- The command's exit status indicates the health status of the container.
0: success - the container is healthy and ready for use1: unhealthy - the container is not working correctly2: reserved - do not use this exit code
- The first 4096 bytes of stdout and stderr from the
<command> are stored and can be queried with docker inspect. - When the health status of a container changes, a
health_status event is generated with the new status.
|
Usage: SHELL ['<executable>', '<param1>', '<param2>']
Information: - Allows the default shell used for the shell form of commands to be overridden.
- Each
SHELL instruction overrides all previous SHELL instructions, and affects all subsequent instructions. - Allows an alternate shell be used such as
zsh, csh, tcsh, powershell, and others.
|
