Let’s talk about Dockerfile

Docker provides a way to build an image by reading a set of instructions. Dockerfile is the file containing such instructions which is read by docker build command to generate an image.

$docker build <context>

The command, docker build, is passed with either of two context, PATH or URL. 
Path is the location in local filesystem whereas URL is git repo location. 
This makes the docker build pass the content of whole context to docker daemon recursively.

$docker build -f /path/to/Dockerfile /project
$docker build -t newproject .

Each line of instruction inside Dockerfile is executed independently and if required separate image is generated for each command simultaneously until the final image is created
Docker excludes files and dirs listed in .dockerignore file while sending the context.
Inside the Dockerfile

Instructions inside dockerfile are usually entered in following format:

# Comment
Common Instructions


Every dockerfile must begin with a FROM instruction which defines the parent image with which the subsequent image is to be built. However, it may be preceded by parser directive, comment and/or global scope ARGs

FROM [–platform=<platform>] <image>[:<tag>] [AS <name>]

–platform flag can be used to specify platform of an image
Specifying image name helps inf future reference of image built in the stage
E.g. FROM –platform=linux/amd64 Ubuntu:18.04 AS newimage


RUN instruction is used to execute command and commit the results on top of current image as a result it can be used in next set of instructions.

RUN <command>
This will execute the command using shell which which by default is /bin/sh -c on Linux or cmd /S /C on Windows
e.g. RUN echo Hello!

RUN [“executable”, “param1”, “param2”]
To use other than shell to run commands, this format is used
e.g. RUN [“D:\script.bat”, “arg”]


This instruction is use to define defaults for an executing container as a result there can be only one of it. Multiple declaration of CMD in a dockerfile will automatically use the last CMD as default.

CMD [“executable”,”param1″,”param2″]
This is the exec form for running CMD.
e.g. CMD [“/bin/ls”, “-l”]

CMD [“param1″,”param2”]
This is used to pass arguments to ENTRYPOINT.

CMD command param1 param2
This form is used to execute command in a shell.
e.g. CMD echo “Hello World!”


Defining ENTRYPOINT allows to configure a container to run a command on start of container similar to CMD but the major difference is arguments passed while running container is appended to ENTRYPOINT command while the CMD command is completely replaced by them.
i.e. For $docker run <image> arg1 , arg1 will be appended on ENTRYPOINT whereas it will replace CMD.

ENTRYPOINT [“executable”, “param1”, “param2”]
This is termed exec form and is parsed as JSON array. It can use CMD to set extra parameters which can be changed by user while running a container.
ENTRYPOINT [“/bin/ls”, “-l”]
CMD [“-a”]

ENTRYPOINT command param1 param2
This is termed as shell form and executes the command using shell. To ensure proper exit, command should be preceded by exec.
e.g. ENTRYPOINT exec ls -l


The EXPOSE instruction defines a port that the container listens on. By default, it assumes tcp port unless defined specifically.
e.g. EXPOSE 80/tcp or EXPOSE 1234/udp

The ports defined by EXPOSE are not published by default. User has to manually define ports using -p flag during docker run or explicitly publish all exposed ports using -P. So, this is more like a documentation for maintainers.


As the name suggests, this instruction sets environment variable which remains persistent during container creation.

ENV <key> <value>
ENV <key>=<value>

e.g. ENV name Fname Lname
ENV name=Fname\ Lname address=”Home Town”


This instruction copies files and dirs from given source in context to the image. The source can be local filesystem or remote url as well.

ADD <src> <dest>
e.g. ADD testdir /project
ADD https://example.com/repo /project

For linux containers, ADD supports [–chown=<user>:<group>] parameter for hadnling user and group administration


Copy does the same job as ADD but does not supports URL copying.


VOLUME instruction creates mount point in the image with the name defined in parameter which can be referred by other containers.

VOLUME [“/data”]
e.g. VOLUME /newvol


This instruction sets working directory which is used by other instructions. A container created using the image will start in the location defined in WORKDIR.

WORKDIR /path/to/workdir


USER instruction helps to define user and optionally group which will be used to run commands during image creation.

USER <user>[:<group>] or
e.g. USER foo

For more details on the Dockerfile, visit the docker documentation

Leave a Reply

Your email address will not be published. Required fields are marked *