“RUN”指令在Dockerfile中的实际工作原理是什么

huangapple go评论63阅读模式
英文:

How does the "RUN" instruction actually work in a Dockerfile

问题

关于Docker中的"RUN"指令,它的工作原理如下:

"RUN"指令会在当前镜像的基础上创建一个新的层,并在新层中执行指定的命令。执行结果将被提交,形成一个新的镜像,然后这个新的镜像将用于Dockerfile中的下一步操作。

Docker并不直接在主机操作系统上运行这些命令。它在容器内部执行这些命令,而不会影响主机操作系统。容器是一种隔离的环境,具有自己的文件系统、进程空间等,与主机操作系统分开。

当你运行docker image build命令时,Docker会创建一个新的容器,以基础镜像为基础,然后逐步执行Dockerfile中的指令。在执行"RUN"指令时,Docker会在容器内部启动一个新的临时进程,然后在该进程中运行指定的命令,例如npm installpdm install。这些命令在容器内部执行,与主机操作系统无关。

需要注意的是,每个"RUN"指令都会创建一个新的容器层,这个层包含了该指令执行后的文件系统状态。这意味着每个"RUN"指令都会对容器进行修改,并将修改后的容器状态保存为一个新的镜像层。这样,Docker可以在构建镜像过程中逐步构建出最终的镜像。

总之,Docker的"RUN"指令在容器内部执行命令,而不会影响主机操作系统,这有助于实现容器的隔离和可移植性。这也是Docker能够创建轻量、可重复部署的容器化应用的关键机制之一。

英文:

Context: I'm new to Docker and trying to understand some basics as well as things under the hood if possible.

When learning the concepts of Dockerfile, I notice that to install any dependency and bundle it with the application, people generally use the "RUN" instruction.

For example, to install js libraries

RUN npm install

python libraries

RUN pdm install

etc.

We will build an image using the command docker image build.... Once we type this command, docker will do lots of things including installing any necessary dependencies as specified

So the question is: how does the RUN instruction actually works? To my understanding, a Docker image is essentially a self-contained filesystem snapshot. When we build a new image, we first pull up a base image and base on top of its filesystem. Apparently, docker needs to run npm install and pdm install command to download all extra dependencies. But how does docker run this command?

Notice at this point, we are just building an image and haven't created any container yet. So if docker is trying to run any instruction, is it just running those instructions in the same way as we run an instruction on the host OS? For example, docker will access what we can access under the $PATH.

On the host OS, I haven't installed any npm or pdm program, so docker apparently uses these programs it "secretly" installs somewhere in a location that I don't know

I check Docker's reference on the RUN instruction: https://docs.docker.com/engine/reference/builder/
but the information it gives is very vague on how does things actually work under the hood

> The RUN instruction will execute any commands in a new layer on top of the current image and commit the results. The resulting committed image will be used for the next step in the Dockerfile.

Does docker directly run these command on the host OS? Then how could it separate the installation from the normal installation on the host OS? Or if it is doing things in some other ways?

答案1

得分: 2

The RUN statement executes commands in a container running the current image layer with the result becoming the next layer.

Consider these two scenarios...

  1. Dockerfile

    FROM alpine:3
    RUN apk add vim
    
  2. docker run

    % docker run -it --rm alpine:3
    / # apk add vim
    

Both do exactly the same thing but the first commits the change to the next image layer. The second is ephemeral only.

英文:

The RUN statement executes commands in a container running the current image layer with the result becoming the next layer.

Consider these two scenarios...

  1. Dockerfile

    FROM alpine:3
    RUN apk add vim
    
  2. docker run

    % docker run -it --rm alpine:3
    / # apk add vim
    

Both do exactly the same thing but the first commits the change to the next image layer. The second is ephemeral only.

huangapple
  • 本文由 发表于 2023年6月19日 08:20:15
  • 转载请务必保留本文链接:https://go.coder-hub.com/76502979.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定