How to update Docker image to maintain your containers secure
2017-07-01 08:54
405 查看
In a Docker infrastructure, the Docker containers are created using images. Containers are instances that are created when the image files are executed. These images can be of web servers, mail servers, applications, and so on.
Docker images are stored in locations knows as repository or registry. There are two types of repository – public registry (Docker hub maintained by Docker) and private repository (maintained by Docker users).
Many often, businesses require to customize these Docker images to suit their specific purposes. Here, we’ll discuss how to update Docker images for your containers.
Container images are usually updated during these scenarios:
To obtain the latest version of a software or application release
To add or modify features in the existing software
To patch and protect software or service from security vulnerabilities
To customize existing images for specific requirements
In all these situations, the existing container images have to be updated and used in the Docker containers. This process is usually referred to as ‘building’ Docker images.
Images can be built in two ways – 1. By manually executing the steps such as downloading, customizing and committing the images. 2. Using a Docker file.
We’ll see both the methods here:
When you manually build an image through the interactive command-line session, the first step is to get the required image from the repository it is stored in – either the DockerHub or private repository.
The images in the Docker hub are maintained by Docker and they would update it periodically. But maintaining the images in the private repository is the responsibility of each business owner.
Once you have identified the required image in the repository, using ‘docker
search‘ command, you can download it from the Docker repository using ‘docker
pull‘ command:
With these downloaded images, Docker containers can be created. The list of images in your Docker host can be identified using ‘docker
images’ command.
List Docker images
Maintaining and updating the images in the local repository is a crucial aspect, as there are chances these images get prone to security vulnerabilities or hacks otherwise.
Once the image is downloaded into the host machine, the next step to update a particular Docker image is to create a container using it.
Then the required modifications can be done in the container and that image can be copied over. Here are the steps to do that:
First of all, create the container using the Docker image you want to modify. The command for this is:
Access the new container and make the updates or modifications needed in it. It could be actions such as applying security patches, modifying the application code, recompiling the service with new modules, and so on.
After making the modifications and updates, exit the container.
Once the container is updated, commit the changes made in this container to a Docker image using ‘docker
commit‘.
This new image would now be listed in the Docker host and it can be used to create new containers.
The updated Docker image can be added to the Docker repository using ‘docker
push’. Obsolete images can be removed from the repository to avoid from being used anymore.
[ Running a Docker infrastructure doesn’t have to be hard,
or costly. Get world class Docker
management services at affordable pricing. ]
To simplify these docker image update steps, there is another way using ‘docker
build’ command. It builds a container with the help of a Dockerfile.
A Dockerfile contains a set of instructions that can be used to update the container image. For instance, to configure PHP in a container, a sample file is:
Customer Dockerfile to create containers
The
installs all the necessary packages from Ubuntu repository, and the
copies the contents of ‘/tmp/mageshop01/html/’ to ‘/var/www/html’ folder of
the server instance.
You can do further customization on the PHP and Apache configuration files using more
in the Dockerfile. Once the Dockerfile is updated, use the command to build the new image using this file:
Using the given Docker file, the ‘docker build’ command will create a container with the updated image. The new image name can be set using the ‘-t’ option. This image can be ‘pushed’ to the repository for future use.
We’ve been able to prevent server incidents by up to 15% by using our proactive server checks (click
here to see how we improve web hosting support).
[ Use
your time to build your business. We’ll take care of your customers. Hire
Our Docker Support Specialists at affordable pricing. ]
Today we saw how to update containers with the modified or new docker images. Setting tags on these images helps to identify them easily for future use.
Care has to be exercised in maintaining the images in the Docker repository updated and secure. Any custom configuration done should be preserved well, with version control.
Whenever a vulnerability is reported, immediate patching of the image has to be done. At Bobcares, our 24/7 security team manages these images up-to-date.
原文地址: https://bobcares.com/blog/update-docker-image
Docker images are stored in locations knows as repository or registry. There are two types of repository – public registry (Docker hub maintained by Docker) and private repository (maintained by Docker users).
Many often, businesses require to customize these Docker images to suit their specific purposes. Here, we’ll discuss how to update Docker images for your containers.
When to update Docker images?
Container images are usually updated during these scenarios:To obtain the latest version of a software or application release
To add or modify features in the existing software
To patch and protect software or service from security vulnerabilities
To customize existing images for specific requirements
In all these situations, the existing container images have to be updated and used in the Docker containers. This process is usually referred to as ‘building’ Docker images.
Images can be built in two ways – 1. By manually executing the steps such as downloading, customizing and committing the images. 2. Using a Docker file.
We’ll see both the methods here:
Get images for Docker from the repository
When you manually build an image through the interactive command-line session, the first step is to get the required image from the repository it is stored in – either the DockerHub or private repository.The images in the Docker hub are maintained by Docker and they would update it periodically. But maintaining the images in the private repository is the responsibility of each business owner.
Once you have identified the required image in the repository, using ‘docker
search‘ command, you can download it from the Docker repository using ‘docker
pull‘ command:
docker pull ubuntu
With these downloaded images, Docker containers can be created. The list of images in your Docker host can be identified using ‘docker
images’ command.
List Docker images
Maintaining and updating the images in the local repository is a crucial aspect, as there are chances these images get prone to security vulnerabilities or hacks otherwise.
Update the docker image
Once the image is downloaded into the host machine, the next step to update a particular Docker image is to create a container using it.Then the required modifications can be done in the container and that image can be copied over. Here are the steps to do that:
1. Create a new container
First of all, create the container using the Docker image you want to modify. The command for this is:docker run -t -i ubuntu /bin/bash
2. Make the required changes
Access the new container and make the updates or modifications needed in it. It could be actions such as applying security patches, modifying the application code, recompiling the service with new modules, and so on.
3. Exit the container
After making the modifications and updates, exit the container.
4. Commit the changes
Once the container is updated, commit the changes made in this container to a Docker image using ‘dockercommit‘.
docker commit -m "changes made" [container-id] ubuntu:v2
This new image would now be listed in the Docker host and it can be used to create new containers.
5. Push the new image to the repository
The updated Docker image can be added to the Docker repository using ‘dockerpush’. Obsolete images can be removed from the repository to avoid from being used anymore.
[ Running a Docker infrastructure doesn’t have to be hard,
or costly. Get world class Docker
management services at affordable pricing. ]
Update Docker images using Dockerfile
To simplify these docker image update steps, there is another way using ‘dockerbuild’ command. It builds a container with the help of a Dockerfile.
A Dockerfile contains a set of instructions that can be used to update the container image. For instance, to configure PHP in a container, a sample file is:
Customer Dockerfile to create containers
The
FROMdirective says what the base image should be. The
RUNcommand
installs all the necessary packages from Ubuntu repository, and the
ADDcommand
copies the contents of ‘/tmp/mageshop01/html/’ to ‘/var/www/html’ folder of
the server instance.
You can do further customization on the PHP and Apache configuration files using more
RUNcommands
in the Dockerfile. Once the Dockerfile is updated, use the command to build the new image using this file:
docker build -t ubuntu:v2 'path-to-docker-file'
Using the given Docker file, the ‘docker build’ command will create a container with the updated image. The new image name can be set using the ‘-t’ option. This image can be ‘pushed’ to the repository for future use.
We’ve been able to prevent server incidents by up to 15% by using our proactive server checks (click
here to see how we improve web hosting support).
[ Use
your time to build your business. We’ll take care of your customers. Hire
Our Docker Support Specialists at affordable pricing. ]
In short..
Today we saw how to update containers with the modified or new docker images. Setting tags on these images helps to identify them easily for future use.Care has to be exercised in maintaining the images in the Docker repository updated and secure. Any custom configuration done should be preserved well, with version control.
Whenever a vulnerability is reported, immediate patching of the image has to be done. At Bobcares, our 24/7 security team manages these images up-to-date.
原文地址: https://bobcares.com/blog/update-docker-image
相关文章推荐
- How to upgrade docker container after its image changed
- Docker - How to Connect to a MySQL Running Container Using MySQL Command Line Client
- (转)How to Update Your Apps for the 4-Inch iPhone 5 Display
- How to deal with "Could not find component on update server. Contact VMware Support or your system administrator." in Vmware.
- How to uninstall/update/ your python in Linux
- on IRC, how to use secure connection(SSL) and get a cloak/vhost to hide your IP
- (全英文)How to install and run a simple Asp.Net 5 Application in a Docker Container
- How to list all tags of a docker image
- How Tomcat Works, A Guide to Developing Your Own Java Servlet Container
- How to Update Your App for iOS 7
- (OK) NS-3—LXC-(Docker)—MANET——HOWTO Use Linux Containers to set up virtual networks
- How to make your assembly more secure from referencing by unauthorized bits
- How to Get Code into a Docker Container
- [英语阅读]How to Maintain Your Love Relationship
- Howto Setup yum repositories to update or install package from ISO CDROM Image
- Howto Setup yum repositories to update or install package from ISO CDROM Image
- How to Interactively Create a Docker Container
- How to Secure Your Smart Contracts: 6 Solidity Vulnerabilities and how to avoid them (Part 1)
- How to configure locales to Unicode in a Docker Ubuntu 14.04 container?
- How to delete old image when update ImageField?