I am aware of two ways of creating Docker images:
- Build the image using a Dockerfile
- Use
docker commit <container_id>against a running container with changes.
I find changing a Dockerfile each time I need image changes to be awfully inconvenient.Instead I have taken to launching ephemeral containers with docker run, installing packages I need on the fly with sudo, then committing the image.
I didn't realize however there is a footgun involved in this approach, especially if you frequently use and switch up docker run hacks. I launch containers with changing bind mounts, environment variables, differing networks, etc. A lot of that seems to be considered part of the configuration of the container, and is committed in docker commit alongside actual filesystem changes.
For example if you do:
docker run --env FOO=BAR --name container_name ubuntu:focaldocker commit container_name new_imagedocker run -it new_imageecho $FOOYou will see that the env variable FOO is now a part of new_image.
This creates some awfully confusing situations, as I consider arguments to docker run to be as ephemeral as the container it creates. I am only concerned about persisting package installs.
I would like to commit just the actual image, just the filesystem changes.Is there any way to do that?
