Customizing Docker Images

One of the primary goals of Docker is to make it as easy to try out and deploy technical infrastructure as it is to pull an item off of a store shelf. But how are these containers built in the first place? A Docker image is built from a Dockerfile, a kind of container source code. The Dockerfile describes how to build and configure a single container.

In this tutorial, we'll:

• Introduce Dockerfiles and see how Docker uses them to build container images
• Outline the general structure of a Dockerfile
• Describe how to build a new image from a Dockerfile

Creating a custom image only requires a Dockerfile with a FROM directive, but since this only renames the image, how do we actually change it? When building a custom image, we often need to add files. Whether they are config files, scripts, compressed archives, or even application binaries, Docker makes it easy to add a file to an image with just one directive.

In this tutorial, we'll:

• Describe how to position files relative to your Dockerfile
• Use the COPY directive to add local files
• Download remote files using the ADD directive

The COPY and ADD directives make it easy to add configuration files or download archives to a container image. While we could install applications into a container using only those directives, it would be difficult and complex. Making matters worse, Docker provides no INSTALL directive. Instead, Docker provides a more general mechanism.

In this tutorial, we'll:

• Introduce the RUN directive and how to run commands during a docker build
• Use package managers to install applications
• Describe best practices for installing software in images

Installation is only one part of setting up a custom Docker image. With few exceptions, we'll want to configure the application to better suit our use case. Docker does not provide a standardized way for applications to be configured. Instead, we rely on the same techniques as we would when configuring the application on a bare-metal server.

In this tutorial, we'll:

• Extract default configuration files from a Docker image
• Give strategies for adding configuration files to the image
• Outline the complexities of using configuration commands in a Dockerfile

The goal of Docker containers is to let you select pieces of technical infrastructure as if you were pulling items off of a shelf. Toward that end, each container image can be configured with a default application to invoke when started with a docker run or as part of a container set with docker-compose up.

In this tutorial, we'll:

• Describe the difference between the build-time and runtime environment of a container
• Use the CMD directive to specify a default command to execute
• Introduce the ENTRYPOINT directive and set a default shell in which to run your CMD

The ENTRYPOINT directive allows us to specify a default shell to use in our custom image, but it can do more than that. Often, we will want to dynamically configure a container on startup by passing it environment variables or using Docker Secrets. By replacing the ENTRYPOINT with a custom script, we can perform this dynamic configuration prior to executing the default application.

In this tutorial, we'll:

• Introduce custom entrypoint scripts
• Describe several strategies for performing dynamic configuration in a container

Often you'll find an image on Docker Hub that almost fits your requirements. For Drupal developers, often the off-the-shelf containers for PHP just aren't enough. Drupal often requires additional PHP extensions such as mbstring or gd. We may also want to use a slightly different configuration, or bake-in a utility like Drush or Drupal Console. Fortunately, Docker makes modifying existing containers easy in a Dockerfile.

In this tutorial, we'll:

• List the reasons why you might modify an existing image
• Describe the general process by which an existing image is modified

When writing containers for a local development environment, security is often a lesser concern. This is fine as long as we never intend to put the containers we create in a production environment.

When we do want to make production-ready containers, however, our priorities change. While Docker tries to be secure by default, it can't protect us from badly configured or vulnerable applications. For that, we need to design our images to be more secure.

In this tutorial, we'll:

• Outline the best practices for writing secure container images
• Introduce the USER directive
• Set file ownership using COPY and ADD
• Use the RUN directive to set file permissions