How to update Docker image to maintain your containers secure

In a Docker infrastructure, the Docker containers are created using images. Containers are instances that are created when the image files are executed. These images can be of web servers, mail servers, applications, and so on.

Docker images are stored in locations knows as repository or registry. There are two types of repository – public registry (Docker hub maintained by Docker) and private repository (maintained by Docker users).

Many often, businesses require to customize these Docker images to suit their specific purposes. Here, we’ll discuss how to update Docker images for your containers.

When to update Docker images?

Container images are usually updated during these scenarios:

1. To obtain the latest version of a software or application release
2. To add or modify features in the existing software
3. To patch and protect software or service from security vulnerabilities
4. To customize existing images for specific requirements

In all these situations, the existing container images have to be updated and used in the Docker containers. This process is usually referred to as ‘building’ Docker images.

Images can be built in two ways – 1. By manually executing the steps such as downloading, customizing and committing the images. 2. Using a Docker file.

We’ll see both the methods here:

Get images for Docker from the repository

When you manually build an image through the interactive command-line session, the first step is to get the required image from the repository it is stored in – either the DockerHub or private repository.

The images in the Docker hub are maintained by Docker and they would update it periodically. But maintaining the images in the private repository is the responsibility of each business owner.

Once you have identified the required image in the repository, using ‘docker search‘ command, you can download it from the Docker repository using ‘docker pull‘ command:

docker pull ubuntu

With these downloaded images, Docker containers can be created. The list of images in your Docker host can be identified using ‘docker images’ command.

 

List Docker images

 

Maintaining and updating the images in the local repository is a crucial aspect, as there are chances these images get prone to security vulnerabilities or hacks otherwise.

Update the docker image

Once the image is downloaded into the host machine, the next step to update a particular Docker image is to create a container using it.

Then the required modifications can be done in the container and that image can be copied over. Here are the steps to do that:

1. Create a new container

First of all, create the container using the Docker image you want to modify. The command for this is:

docker run -t -i ubuntu /bin/bash

2. Make the required changes

Access the new container and make the updates or modifications needed in it. It could be actions such as applying security patches, modifying the application code, recompiling the service with new modules, and so on.

3. Exit the container

After making the modifications and updates, exit the container.

4. Commit the changes

Once the container is updated, commit the changes made in this container to a Docker image using ‘docker commit‘.

docker commit -m "changes made" [container-id] ubuntu:v2

This new image would now be listed in the Docker host and it can be used to create new containers.

5. Push the new image to the repository

The updated Docker image can be added to the Docker repository using ‘docker push’. Obsolete images can be removed from the repository to avoid from being used anymore.

[ Running a Docker infrastructure doesn’t have to be hard, or costly. Get world class Docker management services at affordable pricing. ]

Update Docker images using Dockerfile

To simplify these docker image update steps, there is another way using ‘docker build’ command. It builds a container with the help of a Dockerfile.

A Dockerfile contains a set of instructions that can be used to update the container image. For instance, to configure PHP in a container, a sample file is:

 

Customer Dockerfile to create containers

 

The FROM directive says what the base image should be. The RUN command installs all the necessary packages from Ubuntu repository, and the ADD command copies the contents of ‘/tmp/mageshop01/html/’ to ‘/var/www/html’ folder of the server instance.

You can do further customization on the PHP and Apache configuration files using more RUN commands in the Dockerfile. Once the Dockerfile is updated, use the command to build the new image using this file:

docker build -t ubuntu:v2 'path-to-docker-file'

Using the given Docker file, the ‘docker build’ command will create a container with the updated image. The new image name can be set using the ‘-t’ option. This image can be ‘pushed’ to the repository for future use.

We’ve been able to prevent server incidents by up to 15% by using our proactive server checks (click here to see how we improve web hosting support).

[ Use your time to build your business. We’ll take care of your customers. Hire Our Docker Support Specialists at affordable pricing. ]

In short..

Today we saw how to update containers with the modified or new docker images. Setting tags on these images helps to identify them easily for future use.

Care has to be exercised in maintaining the images in the Docker repository updated and secure. Any custom configuration done should be preserved well, with version control.

Whenever a vulnerability is reported, immediate patching of the image has to be done. At Bobcares, our 24/7 security team manages these images up-to-date.

原文地址：　https://bobcares.com/blog/update-docker-image