Understanding Docker Images, Layers, Volumes, and Dockerfile Usage

Docker Image Overview

Docker images are lightweight, executable software packages that bundle the runtime environment, code, libraries, environment variables, and configuration files needed to run an application.

Docker Image Loading Principle

UnionFS (Union File System) is a layered, lightweight, high‑performance file system that allows multiple file system layers to be stacked and presented as a single virtual file system. Docker images are built on UnionFS, enabling inheritance and reuse of lower layers.

Docker images consist of several layers:

bootfs : the bottom layer containing the bootloader and kernel; it is loaded first and then handed over to the kernel.

rootfs : sits above bootfs and contains standard Linux directories such as /dev , /proc , /bin , /etc , representing the actual OS distribution (e.g., Ubuntu, CentOS).

When a container starts, Docker adds a writable layer on top of the read‑only image layers.

Docker Image Characteristics

All image layers are read‑only; a new writable layer is created for the container at runtime.

Commit Image

# Submit local image
# -a: author, -m: message, containerID imageName:tag
docker commit -a="test" -m="test" containerid tomcat01:1.0

Docker Container Volumes

What Is a Container Volume?

Volumes enable data sharing between containers and synchronization of container‑generated data to the host.

Volume Commands

# Run a container with a volume
docker run -it -v host_dir:container_dir /bin/bash

Mounting MySQL to the Host

# 1. Pull MySQL image
docker pull mysql
# 2. Run with mounted directories and set root password
docker run -d -p 3344:3306 -v /home/conf:/etc/mysql/conf.d -v /home/logs:/logs -v /home/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=123456 mysql

If remote connection fails, adjust permissions inside the container:

# Enter container
docker exec -it
/bin/bash
# Access MySQL
mysql -uroot -p123456
# Grant privileges
GRANT ALL ON *.* TO 'root'@'%';
FLUSH PRIVILEGES;
# Update authentication method
ALTER USER 'root'@'localhost' IDENTIFIED BY 'password' PASSWORD EXPIRE NEVER;
ALTER USER 'root'@'%' IDENTIFIED WITH mysql_native_password BY '123456';
FLUSH PRIVILEGES;

Named and Anonymous Mounts

-v /container/path               # anonymous mount
-v volume_name:/container/path   # named mount
-v host_path:/container/path    # bind mount (data stored under /var/lib/docker/volumes/... when no host path is given)

Bind Permissions

# Change read/write mode with -v
ro   # read‑only
rw   # read‑write
docker run -d nginx01 -v nginxdemo:/etc/nginx:ro nginx
docker run -d nginx01 -v nginxdemo:/etc/nginx:rw nginx

Data Volume Container

Purpose: share data among multiple containers (e.g., multiple MySQL instances).

# Use --volumes-from to mount a data‑volume container
docker run -d --name mysql02 -p 3345:3306 --volumes-from mysql01 -e MYSQL_ROOT_PASSWORD=123456 mysql

Dockerfile

A Dockerfile is a script that defines how to build a Docker image.

Dockerfile Instructions

FROM        # base image
MAINTAINER  # author name and email
RUN         # commands to execute during build
ADD         # add files from local context
WORKDIR     # set working directory
VOLUME      # declare mount points
EXPOSE      # expose ports
CMD         # default command (last one wins, can be overridden)
ENTRYPOINT  # command that can be appended to
COPY        # copy files (similar to ADD)
ENV         # set environment variables

Creating a Custom CentOS Image

vim mycentos
# Dockerfile content
FROM centos
MAINTAINER MT<[email protected]>
ENV MYPATH /usr/local
WORKDIR $MYPATH
RUN yum -y install vim
EXPOSE 80
CMD /bin/bash

# Build the image
docker build -f mycentos -t mycentosdemodo:1.0 .
# View history
docker history

Building a Tomcat Image

FROM centos
MAINTAINER fortuneteller<[email protected]>
COPY README.txt /usr/local/README.txt
ADD jdk-8u251-linux-x64.tar.gz /usr/local
ADD apache-tomcat-9.0.35.tar.gz /usr/local
RUN yum -y install vim
ENV MYPATH /usr/local
WORKDIR $MYPATH
ENV JAVA_HOME /usr/local/jdk1.8.0_251
ENV CATALINA_HOME /usr/local/apache-tomcat-9.0.35
ENV PATH $PATH:$JAVA_HOME/bin:$CATALINA_HOME/lib:$CATALINA_HOME/bin
EXPOSE 8080
CMD ["/usr/local/apache-tomcat-9.0.35/bin/catalina.sh", "run"]

# Build the image
docker build -t mytomcat .
# Run the container
docker run -d -p 3344:8080 --name mttomcat \
  -v /home/fortuneteller/tomcat/test:/usr/local/apache-tomcat-9.0.35/webapps/test \
  -v /home/fortuneteller/tomcat/logs:/usr/local/apache-tomcat-9.0.35/logs mytomcat

After starting, place a WEB-INF directory and mt.jsp under /home/fortuneteller/tomcat/test , and add a web.xml file inside WEB-INF to complete the web application.

Uploading a Local Image to Alibaba Cloud

Log in to Alibaba Cloud Container Registry.

Create a namespace.

Create a repository.

Set a fixed password.

View the push command.

Execute the push command to upload the image.

Pull the image using the provided command.

Docker Summary

(Image summarizing Docker concepts – omitted for brevity.)

Deploying a SpringBoot Project with Docker

Build the JAR with Maven.

Create a Dockerfile.

FROM java:8
COPY *.jar /app.jar
CMD ["--server.port=8080"]
EXPOSE 8080
ENTRYPOINT ["java", "-jar", "app.jar"]

Upload Dockerfile and JAR to the Linux server.

Build the image. docker build -t ideatest .

List images to get the image ID. docker images

Run the container. docker run -d -p 3344:8080 ideatest

Test access via http:// :3344 .