0

I am trying to understand the docker images a bit better. Most of the instructions in a dockerfile creates a layer.
So when we have the command:

COPY hom* /mydir/

this creates a layer and according to the doc

The COPY instruction copies new files or directories from <src> and adds them to the filesystem of the container at the path <dest>.

It says in the container and not the image though. Does that mean that the layer itself holds the files and the instruction and when the docker runs the container the layer is essentially an execution at runtime of the command?
I am a bit confused on what constitutes the layer at a lower level

Jim
  • 3,845
  • 3
  • 22
  • 47
  • Is this helps? https://docs.docker.com/build/guide/layers/ – Jean-Baptiste Yunès Jun 21 '23 at 14:50
  • @Jean-BaptisteYunès: No because it does not technically explain what is a layer? Is it concretely a collection of files? What is the difference from a layer created from the instruction from my post and a layer created by `RUN curl -L ...etc`? – Jim Jun 21 '23 at 14:54
  • Won't it? *Each instruction in a Dockerfile roughly translates to an image layer. The following diagram illustrates how a Dockerfile translates into a stack of layers in a container image.* – Jean-Baptiste Yunès Jun 21 '23 at 14:59

2 Answers2

2

Does that mean that the layer itself holds the files

Yes.

and the instruction

Yes, in the form of history. See docker history <image>.

when the docker runs the container the layer is essentially an execution at runtime of the command?

No, the command was executed in the past and resulted in a layer consisting of files. When the image is executed, the layers of files are laid on top of each other, resulting in a file system.

what constitutes the layer at a lower level

Files, files everywhere. This also depends on your used dockerd storage driver and file system. Typically, with OverlayFS, there are just directories in /var/lib/docker/overlay2 with files. When image is started, directories are "laid on top of each other" with OverlayFS resulting in a file system of all files from all folders.

You might also be interested in https://docs.docker.com/storage/storagedriver/select-storage-driver/ in particular https://docs.docker.com/storage/storagedriver/overlayfs-driver/#how-the-overlay2-driver-works .

KamilCuk
  • 120,984
  • 8
  • 59
  • 111
  • So when we say "a layer consisting of files" what does that mean exactly? E.g. we can have a layer from `RUN apt-get -y install curl`. That layer holds the binary for `curl`? Is there any difference between these two layers? Or is a layer always a collection of files? – Jim Jun 21 '23 at 14:52
  • ? It literally means a directory consisting of files. `That layer holds the binary for curl?` Yes, and any other files that `apt-get` modifies - files in /var/log, /usr/lib, any other file. `is a layer always a collection of files? ` There are also metadata associated with the layer, like the command, parent layer id. – KamilCuk Jun 21 '23 at 14:53
  • So a layer is always a collection of files and some API for docker to compose an image? Can there ever be a case that a layer created is something other than files? – Jim Jun 21 '23 at 14:54
  • 3
    Well, there are also directories. What else would there be? There is a saying in Linux that "everything is a file". – KamilCuk Jun 21 '23 at 14:56
  • @Jim a docker image is a static object, so only files... A layer is just a kind of a snapshot of a system at a given moment during the construction. – Jean-Baptiste Yunès Jun 21 '23 at 15:03
  • @KamilCuk: What does the "everything is a file" in linux mean? – Jim Jun 21 '23 at 15:54
  • https://en.wikipedia.org/wiki/Everything_is_a_file That saying is anyway actually unrelated here, and not really relevant anymore as there are more and more syscalls and some network operations are done with syscalls not files. – KamilCuk Jun 21 '23 at 22:15
0

I post this answer to give some more information about the storage drivers that in Docker handle the layers and image creation.

From this link What is the difference between a Docker image and a container? you can understand better the difference between images and containers. Basically an image is a group of layers while a container is an instance of an image.

Docker uses storage drivers to:

  • store image layers
  • store data, both in read-only or writable mode, in the layer of a container
  • control how images and containers are stored and managed on your host.

Every line you write in the Dockerfile creates a layer that will store on the filesystem and will contribute to compose the overall Docker image.

Alez
  • 1,913
  • 3
  • 18
  • 22