Master Docker Images: From UnionFS Basics to Real-World Deployments

Docker Image Overview

Docker images are lightweight, executable software packages that bundle an application’s code, runtime libraries, environment variables, and configuration files, providing a complete runtime environment.

UnionFS and Image Layering

Docker images are built on UnionFS, a layered, high‑performance file system that stacks modifications as separate layers. Each layer can be combined into a single virtual file system, enabling inheritance and reuse of common layers.

The image stack starts with bootfs , which contains the bootloader and kernel. After bootfs loads, control passes to the kernel and bootfs is unmounted. Above bootfs sits rootfs , which holds standard Linux directories such as /dev, /proc, /bin, and /etc for various distributions (Ubuntu, CentOS, etc.).

When Docker runs an OS image, it uses Linux’s bootfs and adds the required rootfs. For regular application images, Docker downloads only the needed layers, reusing shared layers when possible.

Image Characteristics

All Docker image layers are read‑only. When a container starts, Docker adds a writable layer on top of the image layers; this writable layer is the container’s own filesystem.

Committing an Image

# Commit a local image
# -a: author, -m: message
# docker commit -a="test" -m="test" <container_id> tomcat01:1.0

Container Data Volumes

Data volumes enable sharing data between containers and the host. A volume mounts a directory from the container onto the host file system.

# Run a container with a volume
docker run -it -v /host/dir:/container/dir /bin/bash

MySQL Example

# Pull MySQL image
docker pull mysql
# Run MySQL with mounted configuration, logs, and data directories
docker run -d -p 3344:3306 \
  -v /home/conf:/etc/mysql/conf.d \
  -v /home/logs:/logs \
  -v /home/data:/var/lib/mysql \
  -e MYSQL_ROOT_PASSWORD=123456 mysql

To fix connection errors, enter the container and adjust MySQL permissions:

# Exec into container
docker exec -it <container_id> /bin/bash
# Inside MySQL
mysql -uroot -p123456
# Grant privileges
GRANT ALL ON *.* TO 'root'@'%';
FLUSH PRIVILEGES;
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '123456';
FLUSH PRIVILEGES;

Named and Anonymous Mounts

-v /container/path            # anonymous mount
-v volume_name:/container/path # named mount
-v /host/path:/container/path # bind mount

Bind Permissions

# Read‑only mount
docker run -d nginx01 -v nginxdemo:/etc/nginx:ro nginx
# Read‑write mount
docker run -d nginx01 -v nginxdemo:/etc/nginx:rw nginx

Data Volume Container Mount

Use --volumes-from to share a volume between multiple containers, e.g., sharing MySQL data.

# Share volume from mysql01
docker run -d --name mysql02 -p 3345:3306 \
  --volumes-from mysql01 -e MYSQL_ROOT_PASSWORD=123456 mysql

Dockerfile Basics

A Dockerfile defines the steps to build a Docker image.

Key Instructions

FROM        # base image
MAINTAINER  # author information
RUN         # commands executed during build
ADD         # add files or archives
COPY        # copy files
WORKDIR     # set working directory
VOLUME      # declare mount point
EXPOSE      # expose ports
ENV         # set environment variables
CMD         # default command (last one wins)
ENTRYPOINT  # entry point command (can be appended)

Building a Custom CentOS Image

vim mycentos
# Write Dockerfile
FROM centos
MAINTAINER MT<[email protected]>
ENV MYPATH /usr/local
WORKDIR $MYPATH
RUN yum -y install vim
EXPOSE 80
CMD /bin/bash

Build and view history:

docker build -f mycentos -t mycentosdemodo:1.0 .
docker history <image_id>

Creating a Tomcat Image

# Dockerfile for Tomcat on CentOS
FROM centos
MAINTAINER fortuneteller<[email protected]>
COPY README.txt /usr/local/README.txt
ADD jdk-8u251-linux-x64.tar.gz /usr/local
ADD apache-tomcat-9.0.35.tar.gz /usr/local
RUN yum -y install vim
ENV MYPATH /usr/local
WORKDIR $MYPATH
ENV JAVA_HOME /usr/local/jdk1.8.0_251
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.35
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/bin
EXPOSE 8080
CMD ["/usr/local/apache-tomcat-9.0.35/bin/catalina.sh","run"]

Build, run, and test the container, mounting host directories for web content and logs.

Uploading a Local Image to Alibaba Cloud

Log in to Alibaba Cloud Container Registry.

Create a namespace.

Create a repository.

Set a fixed password.

Obtain the push command.

Execute the push command to upload.

Pull the image using the provided command.

Docker Summary

(Illustrative diagram omitted for brevity.)

Deploying a SpringBoot Application with Docker

FROM java:8
COPY *.jar /app.jar
EXPOSE 8080
ENTRYPOINT ["java","-jar","/app.jar"]
CMD ["--server.port=8080"]

Build the image, list images, and run the container mapping host port 3344 to container port 8080.

docker build -t ideatest .
docker images
docker run -d -p 3344:8080 ideatest

Access the application via http:// :3344 in a browser.