All workloads on Kubernetes run as containers created from container images. With containers, the deployment of applications becomes fast, reliable, and repeatable. It is up to the developer to know how to define, build, and modify container images meant to run on a Kubernetes cluster.
In addition to the ability to easily run applications within containers, most container runtimes like Docker or Podman include build tools that allow developers to create images. Container images are immutable files containing metadata and (usually) a filesystem that encapsulates all of the code, libraries, and other dependencies needed to run an application.
To create container images, one must start by defining a series of instructions in a text file commonly referred to as a Dockerfile. Dockerfiles allow developers to:
- Define a “base” image that provides the appropriate environment to build or run an application
- Run arbitrary commands during the build process to prepare the image’s included filesystem to run an application
- Define environment variables to be consumed by the containerized application
- Inject additional metadata into the image to inform users of used ports or authorship
- Define binaries that will be run when a container is first created
A simple Dockerfile typically looks like this:
FROM debian:10 RUN apt update & apt install -y vim CMD while true; do which vim; sleep 2; done
After defining the instructions to create a container image, the image must be built. Tools like Docker and Podman (through buildah) usually have an accompanying “build” instruction that parses a Dockerfile, executes its steps in order, and produces a tagged image.
$ docker build -t debian-vim:latest . Sending build context to Docker daemon 2.048kB Step 1/3 : FROM debian:10 10: Pulling from library/debian b281ebec60d2: Pull complete Digest: sha256:1b236b48c1ef66fa08535a5153266f4959bf58f948db3e68f7d678b651d8e33a Status: Downloaded newer image for debian:10 ---> 76e02db62235 Step 2/3 : RUN apt update && apt install -y vim ---> Running in f0c2f64f0c0c ... Removing intermediate container f0c2f64f0c0c ---> 3d4fab39fd72 Step 3/3 : CMD while true; do which vim; sleep 2; done ---> Running in 8e624b5991b2 Removing intermediate container 8e624b5991b2 ---> 479bf18f5ca2 Successfully built 479bf18f5ca2 Successfully tagged debian-vim:latest
Each “build” invocation results in a single tagged image that can the be:
- Pushed to a repository referred to in the tag like DockerHub or a locally hosted solution with a “push” command
- Have its contents to a tarball using a command like “save”
- Create containers to run applications with a “create” or “run” command
The commands available to you for building, pushing, or even saving images will vary depending on your choice of container runtime tool. The “help” outputs and man pages of such tools typically display such commands:
$ docker image build -h Flag shorthand -h has been deprecated, please use --help Usage: docker image build [OPTIONS] PATH | URL | - Build an image from a Dockerfile Options: --add-host list Add a custom host-to-IP mapping (host:ip) --build-arg list Set build-time variables --cache-from strings Images to consider as cache sources ...
Learn more about how Kubernetes CLI commands map to a tool like Docker here.