Reputation: 27226
How to manage docker image dependencies (maintainance)
Using docker, you can create images based on other images very nicely. For instance, you can make an image Java-jdk7 (based on the latest Ubuntu LTS), and based on that create images elastic-search and tomcat7 (both of which need java).
So, if I don't tag my images, I end up with the following (extract of docker images):
╔══════════════════════╦════════╦══════════════╗
║ REPOSITORY ║ TAG ║ ID ║
╠══════════════════════╬════════╬══════════════╣
║ ubuntu ║ 12.04 ║ 8dbd9e392a96 ║
║ quintenk/jdk7-oracle ║ latest ║ 8928245086f4 ║
║ quintenk/tomcat7 ║ latest ║ 995cdb2cbfa8 ║
║ quintenk/elastics ║ latest ║ 123abc456ef2 ║
╚══════════════════════╩════════╩══════════════╝
Now for the question. How do/should I maintain this dependency? How do I perform maintainance one 1 image and the dependent images as well?
- If I update my jdk image (
apt-get upgradefor instance), I assume I do not corrupt the dependent images? However, I also assume that the dependency tree is not as you would expect any longer. [UPDATE: I've reproduced this, so see my own answer below] - If 1 is correct, is there some way that I can have the dependent images flag themselves as outdated, and (hopefully) have them rebuild themselves?
Or is the way to go to tag the containers with a version number, and manually rebuild and redistribute all dependencies with increased version number tags? That would mean the Dockerfiles would need to be altered for an update.
UPDATE: I found the following image on the docker site in their presentation. However, I'm not quite sure on the steps of how to do this (especially with dependencies on other images as I described).
Upvotes: 36
Views: 22952
Answers (4)
Reputation: 1
I recently implemented a simple program, CLade, for exactly the same needs as yours.
Take a look around: https://github.com/lesomnus/clade
Your example can be expressed in CLade's port.yaml like this:
name: registry.hub.docker.com/quintenk/tomcat7
images:
- tags: ['latest']
from: registry.hub.docker.com/quintenk/jdk7-oracle:latest
However, you need to run the clade build command manually, but you can list outdated images via the clade outdate command.
I used these commands to automate the build in CI. If interested, see https://github.com/lesomnus/clade/blob/main/.github/workflows/clade-outdated.yaml.
Upvotes: 0
Reputation: 6442
I feel using multi-stage builds can also be helpful in avoiding such pitfalls. It will help you keep single dockerfile per application.
Upvotes: 0
Reputation: 27226
In answer to
If I update my jdk image (apt-get upgrade for instance), I assume I do not corrupt the dependent images? However, I also assume that the dependency tree is not as you would expect any longer.
I've verified this by updating a dependent image, and checking out the dependencies. What you get is indeed a valid state, but the dependent image is not based on the image you'd naively expect any longer:
Upvotes: 7
Reputation: 44150
This is a great use case. Please submit an enhancement request on the Docker issues page.
A simple way for now is to maintain the Dockerfiles and update from there, rebuilding the images when you want to make a deliberate change.
Upvotes: 9
Related Questions
- Docker image versioning and lifecycle management
- How to configure docker specific image dependencies which are managed in a different source code repository
- Best way to update docker image
- Best way to maintain Dependent softwares with versions in docker images?
- How to deal with Docker container dependencies properly?
- Docker "Sharing Dependencies"
- Best practice for dockerfile maintain?
- managing a hierarchy of docker images
- docker: removing file/image dependencies on other docker images
- Maintaining and supporting container base images