Questions about behavior regarding images

General Discussions
1

After having read this informative blog post, I am left with some more questions about the way Docker treats images.

Firstly, let’s say I’m building an image based on nginx:latest called my-great-site:latest, and I don’t currently have a local copy of nginx. docker build automatically pulls that base image from the Docker Hub, and I can see it in the output of docker image ls:

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
my-great-site       latest              99651da2f649        14 hours ago        133MB
nginx               latest              7e4d58f0e5f3        2 weeks ago         133MB

If an image is just a reference to the layers that compose the image, why do I need to have a copy of the nginx image itself in order to build my-great-site? Shouldn’t Docker be able to build my custom image by pulling only the anonymous layers associated with nginx:latest?

Secondly, if my local copy of nginx:latest is outdated by the latest build on Docker Hub, why does docker pull leave a named but untagged copy of the older nginx image in my local image cache? Specifically, why doesn’t it leave the older copy as a dangling image?

REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
my-great-site       latest              99651da2f649        14 hours ago        133MB
nginx               <none>              01a84233ca90        2 weeks ago         132MB
nginx               latest              7e4d58f0e5f3        2 weeks ago         133MB
2

The first part of the first sentance started so well, but the second part makes me wonder… If you specify an image by its repo:tag then of course the tag and all the image layers will be fetched. Why would you expect that the layers are fetched, but the tag is not?

Ty to declare the base image with the image’s repo digest instead. You can find out the digest with docker image inspect nginx --format {{.RepoDigests}}, which will return something like [nginx@sha256:c628b67d21744fce822d22fdcc0389f6bd763daac23a6b77147d0712ea7102d0]. Then use the value between the square brackets in the from declaration to reference the image by its digest.

Thus, if no other image bases on the layers of that untagged image and no container uses it (or an images based on that image), it will be considered dangling.

1 Like