How to update docker container image but keep the generated files by container app

Question

What is the best practices for the updating container for the following scenario;

I have images that build on my web app project, and I am puplishing new images based on updated source code, once in a month.

Buy my web app generates files or updates some file in time after running in container. For example, app is creating new xml files under user folder for each web user. Another example is upload files by users.

I want to keep these files after running new updated image without lose.

/bin/
    /first.dll
    /second.dll
/other-soruces/
    /some.cs
    /other.cs
/user/
    /user-1.xml
    /user-2.xml
/uploads/
    /images
        /image-1.jpg
/web.config

Should I use the volume feature of Docker ? Is there any another strategy ?

Answer 1

Short answer, yes, you do want a volume for these directories. More specifically, two volumes: /user and /uploads.

---

This gets into a fundamental practice of image and container design that is best done by dividing your application into three parts:

1. The application code, binaries, libraries, and other runtime dependencies.
2. The persistent data that the application access and creates.
3. The configuration that modifies how the application runs, particularly in different environments with the same code.

Each of these parts should go in a different place in docker.

The first part, the code and binaries, goes in your image. This is what you ship to run your container on different nodes in docker, and what you store in a registry for later reuse.

The second part, your persistent data, gets stored in a volume. There are two main types of volumes to pick from: a named volume and a host volume (aka bind mount). A named volume has a particular feature that improves portability, it will be initialized to the contents of your image at the volume location when the volume is created for the first time. This initialization includes directory and file permissions and ownership, and can be used to seed your volume with an initial state. The host volume (bind mount) is just a directory mount from the docker host into the container, and you get exactly what was on the host, including the uid/gid of the files/directories, along with no initialization procedure. The host volume is very easy to access for developers, but lacks portability if you move into a multi-node swarm cluster, and suffers from uid/gid on the host mapping to different users inside the container since usernames inside the container can be different for the same id's. Any files you write inside the container that are not written to a volume should be considered disposable and will be lost when you recreate the container to update to a new image. And any directories you define as a volume should be considered owned by that volume and will not receive updates from the image when you replace the container.

The last piece, configuration, is often overlooked but equally important. This is anything injected into the application at startup to tell it where to connect for external data, config files that alter it's behavior, and anything that needs to be separated to allow the same image to be reusable in different environments. This is how you get portability from development to production with the same image, and how you get reusability of publicly provided images. The configuration is injected with environment variables, command line parameters, bind mounts of a config file (when you run on a single node), and configs + secrets which are essentially the same bind mount of a config file that is now stored in docker's swarm rather than locally on a single host. In your situation, the /web.config looks suspiciously like a config file that you'll want to move out of the image and inject as a bind mount or swarm config.

To put these all together, you will want a compose file that defines your image, the volumes to use, and any configs or environment variables to set.