Tag Archives: how to pull docker image

Beginners guide to Docker Image

Learn the basics of the Docker image. Beginners guide explaining What is Docker image, what are different types of Docker images, and how to pull/push docker image?

Learn basics of Docker Image

In this article, we will be discussing the Docker image mainly. We will touch base all the below points :

  1. What is the Docker image?
  2. Difference between Docker image and Docker container
  3. What is the official Docker image
  4. Public and private Docker image
  5. How to download/upload pull/push Docker image from/to Docker hub

What is Docker image?

The official definition of Docker image is – ” Docker images are the basis of containers. An Image is an ordered collection of root filesystem changes and the corresponding execution parameters for use within a container runtime. An image typically contains a union of layered filesystems stacked on top of each other. An image does not have state and it never changes.

Read all docker or containerization related articles here from KernelTalk’s archives.

Lets cut this definition for our understanding. The first sentence means containers are launched using images. The second one tells it has binaries, dependencies & parameters to run a container (i.e. application). Third denotes image changes are layered and it never changes actual image file which means the image is the read-only file.

In the virtualization world’s concept Image can be visualized as a template from which you can launch as many containers as you want. In short, Image is an application binary along with its dependencies and metadata which tells how this image should be run in the container.

The image is named with the syntax:software_name:version_tag if the tag is not specified then latest is considered as default tag.

Difference between Docker image and Docker container

Let me summarize the difference between Docker image and container in tabular format for easy understanding :

Docker Image
Docker container
An ordered collection of root filesystem changes and the corresponding execution parameters for use within a container runtime An active (or inactive if exited) stateful instantiation of an image.
Can be pulled from Docker hub Runs locally on your host OS
Its read only Dynamic
Its a template from which container launches Its running/stopped instance of image
It’s a file It’s a process
Management command : #docker image <..> Management command : #docker container <..>

What is official Docker image?

Docker hub is a repository like Git for Docker images. Any registered user can upload images to it. But, for popular software like Nginx, alpine, Redis, Mongo Docker has a team which creates, test, verify images with standard settings and keep them for public use on Docker hub. The official docker image always has an only software name as its image name. Any other image other than official is named with syntax username/software_name where username is a user who uploaded that image on Docker hub. Also, the official image has official written below it in listing as shown in the below screenshot.

Identify official docker image

You can see apart from the first official image all other images of alpine are named username on the left. Only the official image has only the software name in its name.

Public and private Docker image

You can upload your image to a private or public on Docker hub. Public images are available to download for free for everyone. Private images are access restrictions defined by the uploader. While using the public image you should be very careful to choose which image to pull.

Docker hub has a star grading system for images. The user can star images and the total number of stars earned by the image are shown on the right column in listing (it can be seen in the above screenshot). Also, alongside stars, you can see the number of pulls images witnessed. Image with maximum stars and/or pulls considered a good image.

How to pull or download image from Docker hub?

You don’t need a Docker account to pull the image from the Docker hub. You only need to have an active internet connection on the server and you can use docker image pull to download the image from the Docker hub.

root@kerneltalks # docker image pull alpine
Using default tag: latest
latest: Pulling from library/alpine
Digest: sha256:e1871801d30885a610511c867de0d6baca7ed4e6a2573d506bbec7fd3b03873f
Status: Image is up to date for alpine:latest

Since my local image cache already has alpine image downloaded, pull command verified its SHA. Once it found that the cached image is the same as the one available on Docker hub so it didn’t download image! It saved bandwidth and storage both.

Now, I will pull the alpine image which has java available in it. Also, it’s not in my local image cache.

root@kerneltalks # docker image pull  anapsix/alpine-java
Using default tag: latest
latest: Pulling from anapsix/alpine-java
ff3a5c916c92: Already exists
b2573fe715ab: Pull complete
Digest: sha256:f4271069aa69eeb4cfed50b6a61fb7e4060297511098a3605232dbfe8f85de74
Status: Downloaded newer image for anapsix/alpine-java:latest
root@kerneltalks # docker image pull  anapsix/alpine-java
Using default tag: latest
latest: Pulling from anapsix/alpine-java
ff3a5c916c92: Already exists
b2573fe715ab: Pull complete
Digest: sha256:f4271069aa69eeb4cfed50b6a61fb7e4060297511098a3605232dbfe8f85de74
Status: Downloaded newer image for anapsix/alpine-java:latest

If you observe output above, command pulled only one file with ID b2573fe715ab whereas the other one it says already exists! So here comes the logic of Union layered filesystem.

As explained in the definition image is consists of a layered union filesystem. Since this image is alpine with java, it has the base of alpine image (which I already have in my image cache). And hence only extra java layer on this image is downloaded by pull command. And then together it stored alpine java image in my local cache!

You can even check details of this image on Docker hub and it indeed mentions that its build on top of the base alpine image. Which explains pull behavior and support our above explanation.

How to push or upload image to Docker hub?

To upload the image on Docker hub you will need a Docker account. It’s free to create. Just head to https://hub.docker.com/ and sign up. Once logged in you can create your private repo in which you can upload images and those will be private images. Otherwise, images uploaded will be public.

You need to login to Docker account from server where you have locally built images stored using docker login command.

root@kerneltalks # docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: shrikantlavhate
Password:
WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

Now you can push your image to the public repo or private repo. I created my private repo with the name kerneltalks. So I am pushing the image to Docker hub in my private repo. But before pushing the image to Docker hub you need to properly tag it. To upload the image in the private repo you need to tag it like – username/reponame

root@kerneltalks # docker image tag 3fd9065eaf02 shrikantlavhate/kerneltalks
root@kerneltalks # docker image push shrikantlavhate/kerneltalks
The push refers to repository [docker.io/shrikantlavhate/kerneltalks]
cd7100a72410: Pushed
latest: digest: sha256:8c03bb07a531c53ad7d0f6e7041b64d81f99c6e493cb39abba56d956b40eacbc size: 528

Once the image is tagged properly it can be pushed to Docker hub. Using the tag Docker hub determines it’s a public or private image and accordingly uploads it.

Be noted that your login information is kept in local profiles for the seamless experience. Don’t forget to logout from the Docker account if you are on the shared machine.

root@kerneltalks # cat $HOME/.docker/config.json
{
        "auths": {
                "https://index.docker.io/v1/": {
                        "auth": "c2hyaWthXXXXXXXXXXXkRkdjflcXXXXg1"
                }
        },
        "HttpHeaders": {
                "User-Agent": "Docker-Client/18.05.0-ce (linux)"
        }


You can see config.json file under .docker directory saved login details.  You can logout to wipe out this info from the machine using docker logout.

root@kerneltalks # docker logout
Removing login credentials for https://index.docker.io/v1/
root@kerneltalks # cat $HOME/.docker/config.json
{
        "auths": {},
        "HttpHeaders": {
                "User-Agent": "Docker-Client/18.05.0-ce (linux)"
        }

Once we logged out of Docker account, login details wiped out from the file!