1. Variables in Dockerfiles
Using variables in our Dockerfiles allows us to make them less verbose, safer to change, and easier to update. Let's see how that's done.
2. Variables with the ARG instruction
First, we will look at the ARG instruction. The ARG instruction allows us to set variables inside a Dockerfile and then use that variable throughout the Dockerfile. It is followed by a space then the name of the variable we want to create, an equal sign and the value of the variable.
Later commands can then reference this variable using a dollar sign followed by the variable name.
However, it can only be used in the Dockerfile, the variable won't be accessible after the image is built. In other words, if you define a variable with ARG in a Dockerfile, build an image from that Dockerfile, and then start a container from that image, that variable will not exist inside the container.
3. Use-cases for the ARG instruction
Typical use cases for the ARG instruction are to define a version we need in multiple places throughout the Dockerfile. Like in the first example on the slide, we specify a version of Python called bionic compiled for Ubuntu.
Defining a path to a project or user directory is also helpful as an ARG. This allows us to make any instructions using this path less verbose and makes it more apparent at a glance that all files are going to the same folder.
4. Setting ARG variables at build time
The ARG instruction can also be set in the docker build command, giving us even more flexibility.
At the top of the slide, you see the same example Dockerfiles as on the previous slide.
By using the build dash arg flag when running 'docker build', we can set another value for the project-folder variable, which overrides the original value during that build.
5. Variables with ENV
The second way to define variables in Dockerfiles is by using the ENV instruction.
The syntax is identical to the ARG instruction, but unlike the ARG instruction, variables set with ENV are still accessible after the image is built.
While variables set with ARG are used to change the behavior of Dockerfiles during the build, variables set with ENV are used to change behavior at runtime.
6. Use-cases for the ENV instruction
Typical use cases are setting variables used by applications when they are starting, like database directories or users - or setting an application to production or development mode.
Unlike ARG variables, it is not possible to override ENV variables at build time. However, it is possible to override ENV variables when starting a container from an image.
This can be done using the dash env parameter of the docker run command. For example, in the official postgres image, there are several ENV variables available to configure the container.
7. Secrets in variables are not secure
Both ENV and ARG variables seem convenient for adding passwords or other secrets to a docker image at build or runtime. However, both are not secure to use for secrets.
Anyone can look at variables defined in a Dockerfile after the image is built with the docker history command. This command shows all the steps that were done to build an image.
If, instead, we pass variables at build or start time, they can be found in the bash history of the host or image. The bash history is a list of all shell commands executed by a user.
Keep in mind that if we use secrets to create our image without using more advanced techniques to hide them, they will be shared with anybody we share the image with.
8. Summary
Here is a summary of the new commands and instructions you can refer back to when completing the exercises.
9. Let's practice!
Now that we've seen how we can further customize our images. Let's apply our new knowledge in some exercises.