Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it good practice to commit docker container frequently?

I'm using WebSphere Liberty inside. As WebSphere Liberty requires frequent xml editing, which is impossible with Dockerfile commands. I have to docker-commit the container from time to time, for others to make use of my images.

The command is like:

docker commit -m "updated sa1" -a "Song" $id company/wlp:v0.1

Colleges are doing similar things to the image, they continue to docker commit the container several times every day.

One day we're going to deploy the image on production.

Q1: Is the practice of frequent docker-committing advised?

Q2: Does it leave any potential problem behind?

Q3: Does it create an extra layer? I read the docker-commit document, which didn't mention if it creates another layer, I assume it means no.

like image 336
Song Avatar asked Aug 09 '18 08:08

Song


People also ask

Do I have to rebuild the Docker container every time?

In Conclusion. You don't need to rebuild your Docker image in development for each tiny code change. If you mount your code into your dev container, you don't have to build a new image on every code change and iterate faster. It's a great feeling when you make changes and see the results right away!

Why we use Docker commit?

It can be useful to commit a container's file changes or settings into a new image. This allows you to debug a container by running an interactive shell, or to export a working dataset to another server. Generally, it is better to use Dockerfiles to manage your images in a documented and maintainable way.

Which of the following is a recommended practice for building Docker images?

Most docker images use a base image of some sort by specifying the FROM command in the Dockerfile. As a best practice, we should always pull images from trusted sources. Docker images are no different from any other software applications.


1 Answers

I wouldn't use docker commit,

It seems like a really good idea but you can't reproduce the image at will like you can with a Dockerfile and you can't change the base image once this is done either, so makes it very hard to commit say for example a security patch to the underlying os base image.

If you go the full Dockerfile approach you can re-run docker build and you'll get the same image again. And you are able to change the base image.

So my rule of thumb is if you are creating a temporary tool and you don't care about reuse or reproducing the image at will then commit is convenient to use.

As I understand Docker every container image has two parts this is a group of read-only layers making up the bulk of the image and then a small layer which is writeable where any changes are committed.

When you run commit docker goes ahead and creates a new image this is the base image plus changes you made (the image created is a distinct image), it copies up the code to the thin writable layer. So a new read-only layer is not created it merely stores the deltas you make into the thin writeable layer.

Don't just take my word for it, take Redhats advice

For clarity that article in step 5 says:

5) Don’t create images from running containers – In other terms, don’t use “docker commit” to create an image. This method to create an image is not reproducible and should be completely avoided. Always use a Dockerfile or any other S2I (source-to-image) approach that is totally reproducible, and you can track changes to the Dockerfile if you store it in a source control repository (git).

like image 185
krystan honour Avatar answered Oct 19 '22 13:10

krystan honour