One nice advantage of using Docker is that you can go to Docker’s website and look at the different images that are available. There are images for operating systems, applications, and software.
But what if you can’t find an image that you need? Well, then you can build your own images using Dockerfiles. When you install Docker, the Docker engine includes tools that the IT department can use to create Dockerfiles. Dockerfiles are just text files that are manually created, and they are compiled and turned into an image file.
If your organization decides that they want to build their own Dockerfiles, then they will get some benefits while doing just that. Some of the advantages of building your own Dockerfiles are as follows:
■ You can store images as code.
■ You can re-c reate images rapidly that can then be used for maintenance and upgrade cycles.
■ You can customize your Dockerfiles to reflect your organization’s needs.
The Docker installation includes components that you can use to create your own Dockerfiles. These two Docker components are the Docker engine and the compiler (docker build command).
If you have ever built INI files or even a host file, then you understand how building a file can work. As with many programming codes or INI files, you can use the pound sign (#) to show comments in the file. This is very useful.
Many years ago, before I got into networking, I was a programmer. One thing that most programmers hate is when you look at someone else’s coding and you have no idea what they were doing. When a coder takes the time to put in comments so that anyone can follow
them and work on the code, it makes following that coder a thousand times easier. This is what the comments in the Dockerfile do. Use the pound sign (#) for making comments and state exactly why each line is included so that someone following you understands what the code is doing, or if someone is trying to learn what you do.
Let’s take a look at an example of a Dockerfile:
# Sample Dockerfile for WillPanek # We will be using Windows Server Core as our base image.
FROM microsoft/windowsservercore # Uses dism.exe to install the DNS role.
RUN dism.exe /online /enable-f eature /all /featurename: : DNS- Server-F ull- Role /NoRestart
# Sets a command or process that will run each time a container is run from the new image. CMD [ “cmd” ]
Let’s break down some of the different sections that you can configure. Table 12.4 shows some of the configuration settings that you can use.
TABLE 12.4 Dockerfile commands
Add This setting will copy new files, directories or remote file URLs from a source (<src>) location to the filesystem of the image destination <dest>.
CMD This setting specifies the default commands that will be executed when deploying the container image.
Copy This setting will copy new files or directories from a source (<src>) location to the filesystem of the image destination <dest>.
Escape This setting is used to escape characters in a line and to escape a newline. Nor-
mally the Escape command is followed by the character that will represent a new line. For example: escape=\. This means that when a \ (backslash) is in the file, it will represent a new line.
ENV This setting allows you to add an environmental variable.
Expose This setting tells Docker that the container is listening on the specified network ports during runtime.
From This setting shows the location of the container image that will be used during the image creation process.
Label This setting adds metadata to an image.
Onbuild This setting allows you to set a trigger that gets executed when the image is used as the base for another build.
CommandDescription
Run | This setting specifies what commands are to be run in the Dockerfile process. These commands can include software installation and file, directory, and environment creation. |
User | This setting allows you to set up a user’s account that will be used during the runtime. |
Volume | This setting allows you to create a mount point and externally mounted volumes from host systems or other containers. |
Workdir | This setting allows you to set the working directory that will be used during the runtime. |
Understanding Hyper- V Containers
So far in this chapter we have discussed Windows containers, but now we are going to look at Hyper- V containers. As I stated earlier, Windows containers share the system’s kernel between all containers and the host. Hyper- V containers are different because each Hyper-V container uses its own instance of the Windows kernel. Since Hyper- V containers use their own instance of the Windows kernel, you can use different versions of Windows between the host system and the image version.
Also, the Windows host system needs to have the Microsoft Hyper-V role installed. Windows Server 2022 and Windows 10/11 Professional and Enterprise (Anniversary Editions) both allow you to create containers in Hyper- V.
The one nice feature is that both container types, Windows containers and Hyper-V containers, are created, managed, and function the exact same way. The only difference is that the Hyper-V containers have better isolation from the kernel.
When you are working with Hyper- V containers in Docker, the settings are identical to managing Windows Server containers. The one difference that you want to include in the Hyper-V container is using the – – isolation=hyperv parameter. The following is an example of the docker command with the Hyper- V parameters: docker run – it – – isolation=hyperv microsoft/nanoserver cmd
Managing Container Networking
A feature included with building containers is the ability to access the servers and data within the container the same way you would on a normal network server or Hyper-V server. Once you have installed Docker, there will be two networks that are created automatically. You can see these networks by typing docker network ls in PowerShell (see Figure 12.13) or at an elevated command prompt.
FIGURE 12.13 Docker network
If you would like to get even more details about a specific network (see Figure 12.14), after you run the docker network ls command, grab the Network ID number. Then type the following PowerShell command followed by the Network ID number (my Network ID is 3cb894810795):
Docker network inspect 3cb894810795
FIGURE 12.14 More Docker network details
One nice thing about working with networks within containers is that these two networks are always available to you even when you choose only one to be part of your container. You can specify which network you want your container to run on by using the — Network flag.
When you create a container, the host network adds the container onto the host’s network stack. There are very few reasons you would even need to manage or manipulate the container’s network. The only network that you may need to work with is the bridge network. The Docker default bridge is created as soon as you install the Docker engine. It creates your bridge network, and its name is bridge.