Chapter 3: Building Your Own Container Images with Dockerfiles

Introduction

Welcome back, future container master! In Chapter 2, you got your hands dirty by running pre-built Linux container images on your Mac using Apple’s exciting new container CLI. That was a fantastic first step, proving just how easy it is to get isolated applications up and running. But what if the exact image you need doesn’t exist? What if you want to customize an environment, add your own code, or optimize an existing image?

That’s where this chapter comes in! Today, we’re diving deep into the art of crafting your very own container images. You’ll learn the magic behind Dockerfiles – simple text files that act as recipes for building images. By the end of this chapter, you’ll be able to transform your application code into a portable, reproducible container image that can run consistently anywhere, including your Mac with Apple’s native containerization. Get ready to unleash your creativity and build something truly custom!

Core Concepts: The Blueprint of Your Container

Before we jump into coding, let’s understand the fundamental ideas that make custom image building possible. Think of building a container image like baking a cake from scratch. You need a recipe, ingredients, and a process to put it all together.

What is a Container Image?

Remember from Chapter 1 that a container is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries, and settings. A container image is the static, immutable template from which containers are created.

Imagine a container image as a frozen pizza. It has all the ingredients (code, dependencies), the instructions (how to run), and it’s ready to be “baked” (run as a container) into a hot, delicious application. Once baked, it’s a running container. The image itself doesn’t change, but you can create many containers from the same image.

What is a Dockerfile?

If the container image is the frozen pizza, then the Dockerfile is the detailed recipe you use to create that pizza. It’s a simple text file that contains a series of instructions on how to build a container image. Each instruction creates a layer in the image, making the build process efficient and modular.

Why is this important?

Reproducibility: Anyone with your Dockerfile can build the exact same image.
Version Control: Dockerfiles are code, so you can track changes in Git.
Customization: You define exactly what goes into your image.

Understanding Key Dockerfile Instructions

A Dockerfile uses a specific set of commands, each designed to perform a particular step in the image-building process. Let’s look at some of the most common and crucial ones:

FROM [base_image]: This is always the first instruction (after comments). It specifies the base image your new image will be built upon. Think of it as choosing your starting dough – do you want a plain base, or one pre-made with certain ingredients? Base images can be minimal Linux distributions (like Alpine or Ubuntu) or images pre-configured with runtimes (like Python, Node.js, or Java).
- Why it’s important: It provides the foundation, including the operating system and often a language runtime, so you don’t have to build everything from scratch.
WORKDIR /[path]: Sets the working directory inside the container for any subsequent RUN, CMD, ENTRYPOINT, COPY, or ADD instructions.
- Why it’s important: Keeps your container organized and ensures commands run in the expected location.
COPY [source] [destination]: Copies new files or directories from your build context (your local machine where you run the container build command) into the container’s filesystem at the specified destination.
- Why it’s important: This is how you get your application code and other necessary files into the image.
RUN [command]: Executes any commands in a new layer on top of the current image. This command is typically used to install packages, compile code, or perform any setup tasks during the image build process.
- Why it’s important: This is where you install dependencies (e.g., pip install -r requirements.txt), set up environment variables, or run build scripts.
EXPOSE [port]: Informs Apple’s container CLI (and other container runtimes) that the container listens on the specified network ports at runtime. It’s purely documentation and doesn’t actually publish the port.
- Why it’s important: It tells anyone using your image which ports to expose when running the container.
CMD ["executable", "param1", "param2"]: Provides default commands for an executing container. There can only be one CMD instruction in a Dockerfile. If you specify an ENTRYPOINT, CMD acts as default arguments to the ENTRYPOINT.
- Why it’s important: This is the default command that runs when your container starts, often launching your application.
ENTRYPOINT ["executable", "param1", "param2"]: Configures a container that will run as an executable. It’s often used when you want your image to behave like a specific application.
- Why it’s important: If you define an ENTRYPOINT, the container will always run this command, with CMD providing default arguments that can be overridden.

The Build Context

When you run the container build command, you specify a build context. This is the set of files at a specified path (usually your current directory .) that the container CLI sends to the container daemon. The COPY and ADD instructions in your Dockerfile can only reference files within this build context.

Why does this matter? If you try to COPY a file that’s outside the build context, the build will fail. Always ensure all files needed for your image are within the directory you specify as the build context.

Image Layers: Efficiency in Action

Each instruction in a Dockerfile (like FROM, RUN, COPY) creates a new, read-only layer in the image. These layers are stacked on top of each other. When you make a change to your Dockerfile, only the layers after the change need to be rebuilt, making subsequent builds much faster. This layering also enables efficient storage and distribution, as common layers can be shared between images.

Let’s visualize this process:

flowchart TD A[Dockerfile] --> B[Build Context - Your Project Files] B --> C{container build command} C --> D1[Layer 1: FROM base image] D1 --> D2[Layer 2: WORKDIR and COPY files] D2 --> D3[Layer 3: RUN install dependencies] D3 --> D4[Layer 4: EXPOSE and CMD] D4 --> E[Final Container Image]

Step-by-Step Implementation: Building a Python Flask Web Server

Enough theory! Let’s build a real-world example: a simple Python Flask web server. This will give you hands-on experience with creating an application, writing a Dockerfile, building an image, and running it.

Prerequisites

You have Apple’s container CLI installed and working (as covered in Chapter 2).
A basic understanding of Python is helpful, but not strictly required to follow along.

Step 1: Create Your Project Directory

First, let’s create a dedicated folder for our project. Open your Terminal application on your Mac.

mkdir my-flask-app
cd my-flask-app

Now you’re inside your new project folder. This will be our build context.

Step 2: Create the Python Flask Application (`app.py`)

We’ll create a very simple Flask application that serves a “Hello, Container!” message.

Inside your my-flask-app directory, create a file named app.py:

# app.py
from flask import Flask

app = Flask(__name__)

@app.route('/')
def hello():
    return "Hello, Apple Container! This is my custom image!"

if __name__ == '__main__':
    app.run(host='0.0.0.0', port=5000)

Explanation of app.py:

from flask import Flask: This line imports the Flask class, which is the core of our web framework.
app = Flask(__name__): We create an instance of the Flask application. __name__ refers to the current module.
@app.route('/'): This is a “decorator” that tells Flask which URL should trigger our hello function. In this case, it’s the root URL (/).
def hello():: This function returns a simple string, which will be displayed in the web browser.
if __name__ == '__main__':: This standard Python construct ensures that app.run() only executes when the script is run directly (not when imported as a module).
app.run(host='0.0.0.0', port=5000): This starts the Flask development server.
- host='0.0.0.0' makes the server accessible from any IP address, which is crucial for containers where the host often needs to connect to the container’s internal IP.
- port=5000 specifies that our application will listen for incoming connections on port 5000 inside the container.

Step 3: Define Application Dependencies (`requirements.txt`)

Our Flask application relies on the Flask library. We need to tell our container image to install this dependency. We do this using a requirements.txt file.

Inside your my-flask-app directory, create a file named requirements.txt:

# requirements.txt
Flask==3.0.3

Explanation of requirements.txt:

This file lists all the Python packages our application needs, along with their specific versions. Using Flask==3.0.3 ensures that our build is reproducible by pinning the version. As of 2026-02-25, Flask 3.0.3 is the latest stable release.

Step 4: Create Your Dockerfile

Now for the main event! This is where we write the instructions to build our image.

Inside your my-flask-app directory, create a file named Dockerfile (note: no file extension, just Dockerfile):

# Dockerfile

# Step 1: Choose a base image
# We'll use an official Python image. 'python:3.12-slim-bookworm' provides Python 3.12
# on a Debian Bookworm base, which is lightweight and secure.
FROM python:3.12-slim-bookworm

# Step 2: Set the working directory inside the container
# All subsequent commands will run relative to this directory.
WORKDIR /app

# Step 3: Copy the requirements file into the container
# We copy this first to leverage Docker's layer caching. If requirements.txt doesn't change,
# this layer and the next (RUN pip install) won't need to be rebuilt.
COPY requirements.txt .

# Step 4: Install Python dependencies
# The '--no-cache-dir' flag reduces image size by not storing package caches.
# The '-r' flag tells pip to install packages listed in requirements.txt.
RUN pip install --no-cache-dir -r requirements.txt

# Step 5: Copy the application code into the container
# Now that dependencies are installed, copy the actual application files.
COPY app.py .

# Step 6: Inform that the container listens on port 5000
# This is documentation. It doesn't actually publish the port.
EXPOSE 5000

# Step 7: Define the command to run when the container starts
# This uses the "exec form" which is generally preferred.
CMD ["python", "app.py"]

Explanation of Dockerfile (line by line):

FROM python:3.12-slim-bookworm: We start with a base image that already has Python 3.12 installed on a lightweight Debian Bookworm OS. This saves us from installing Python ourselves. Always use specific tags (3.12-slim-bookworm) instead of just latest for reproducibility.
WORKDIR /app: We create and set /app as our working directory inside the future container. All subsequent commands will operate within this directory.
COPY requirements.txt .: This copies our requirements.txt file from our local my-flask-app directory (the build context) to the /app directory inside the image. The . signifies the current working directory (/app). We copy this before app.py so that if app.py changes but requirements.txt doesn’t, the RUN pip install layer can be reused from cache.
RUN pip install --no-cache-dir -r requirements.txt: This command is executed during the image build process. It uses pip (Python’s package installer) to read requirements.txt and install all listed packages (in our case, Flask) into the image. --no-cache-dir is a best practice to keep the image size small by not storing pip’s cache.
COPY app.py .: Now that Flask is installed, we copy our app.py file from our local machine into the /app directory inside the image.
EXPOSE 5000: This instruction documents that the container will listen on port 5000. It doesn’t open the port on your Mac; it’s a declaration for anyone using the image.
CMD ["python", "app.py"]: This specifies the default command that will run when a container is launched from this image. Here, it tells the container to execute our app.py script using the python interpreter.

Step 5: Build Your Container Image

With your app.py, requirements.txt, and Dockerfile all in place within the my-flask-app directory, you’re ready to build your first custom image!

Make sure you are in the my-flask-app directory in your Terminal.

cd my-flask-app

Now, run the build command:

container build -t my-flask-app .

Explanation of the container build command:

container build: This is the command to initiate the image build process using Apple’s container CLI.
-t my-flask-app: The -t (or --tag) flag allows you to give your image a human-readable name and optionally a tag (e.g., my-flask-app:v1.0). If you don’t specify a tag, latest is used by default. We’re naming our image my-flask-app.
.: This specifies the build context. The . means “use the current directory” as the context. The container CLI will look for a Dockerfile in this directory and send all files in this directory to the build daemon.

You’ll see output in your terminal as each step of the Dockerfile is executed. If everything goes well, you should see a message indicating the image was successfully built!

# Example output (may vary slightly)
Sending build context to daemon  XX.XKB
Step 1/7 : FROM python:3.12-slim-bookworm
 ---> sha256:xxxxxxxxxxxx
Step 2/7 : WORKDIR /app
 ---> Using cache
 ---> sha256:xxxxxxxxxxxx
Step 3/7 : COPY requirements.txt .
 ---> Using cache
 ---> sha256:xxxxxxxxxxxx
Step 4/7 : RUN pip install --no-cache-dir -r requirements.txt
 ---> Using cache
 ---> sha256:xxxxxxxxxxxx
Step 5/7 : COPY app.py .
 ---> Using cache
 ---> sha256:xxxxxxxxxxxx
Step 6/7 : EXPOSE 5000
 ---> Using cache
 ---> sha256:xxxxxxxxxxxx
Step 7/7 : CMD ["python", "app.py"]
 ---> Using cache
 ---> sha256:xxxxxxxxxxxx
Successfully built sha256:xxxxxxxxxxxx
Successfully tagged my-flask-app:latest

You can verify your image is present by listing all images:

container images

You should see my-flask-app in the list!

Step 6: Run Your Custom Container

Now that you have your custom my-flask-app image, let’s run it as a container!

container run -p 5000:5000 my-flask-app

Explanation of the container run command:

container run: The command to create and run a container from an image.
-p 5000:5000: This is the crucial port mapping argument.
- The first 5000 is the port on your Mac host machine.
- The second 5000 is the port inside the container that your Flask app is listening on (as defined in app.py and EXPOSE in the Dockerfile).
- This maps your Mac’s port 5000 to the container’s port 5000, allowing you to access the web server from your browser.
my-flask-app: The name of the image we want to run.

Once you run this, you should see output from your Flask application in the terminal, indicating it’s running:

 * Serving Flask app 'app'
 * Debug mode: off
WARNING: This is a development server. Do not use it in a production deployment. Use a production WSGI server instead.
 * Running on http://0.0.0.0:5000
Press CTRL+C to quit

Now, open your web browser and navigate to http://localhost:5000.

You should see the message: “Hello, Apple Container! This is my custom image!”

Congratulations! You’ve successfully built a custom Linux container image and run it natively on your Mac using Apple’s container tools!

Step 7: Stop and Clean Up

To stop the running container, go back to your terminal where the Flask app is running and press Ctrl+C.

The container will stop, but it still exists in a “exited” state, and the image still exists. It’s good practice to clean up resources you’re no longer using.

List running containers (if any):
```
container ps
```
(You might not see anything if you just stopped it).
List all containers (including exited ones) to find your container ID:
```
container ps -a
```
You’ll see your my-flask-app container with a unique CONTAINER ID (e.g., a1b2c3d4e5f6).
Stop the container (if it’s still running, or to ensure it’s fully stopped):
```
container stop <CONTAINER_ID_OR_NAME>
```
Replace <CONTAINER_ID_OR_NAME> with the actual ID or the name (e.g., affectionate_jang which might be auto-assigned if you didn’t specify --name when running).
Remove the container:
```
container rm <CONTAINER_ID_OR_NAME>
```
This deletes the container instance.
Remove the image (optional, if you no longer need it):
```
container rmi my-flask-app
```
This deletes the my-flask-app image from your local storage. Be careful with this, as you’ll need to rebuild it if you want to run it again.

Mini-Challenge: Personalize Your App!

You’ve built and run your first custom image. Now, let’s make it truly yours!

Challenge: Modify the app.py file to display a different, personalized message, and add a new route, /greet, that displays a different greeting. Then, rebuild your image and run a new container to see your changes!

Steps to follow:

Edit app.py in your my-flask-app directory.
Add a new route.
Save the file.
Rebuild the image using container build -t my-flask-app . (the existing image will be overwritten).
Run a new container: container run -p 5000:5000 my-flask-app.
Test both http://localhost:5000 and http://localhost:5000/greet in your browser.

Hint: For the new route, you’ll need another @app.route('/greet') decorator and a new function below it.

What to observe/learn: This challenge reinforces the build-test cycle and shows how quickly you can iterate on your containerized applications. You’ll see how changes in your source code require a rebuild of the image to be reflected in the container.

Common Pitfalls & Troubleshooting

Building images can sometimes throw a curveball. Here are a few common issues and how to tackle them:

“No such file or directory” during COPY or RUN:
- Problem: This often means the file you’re trying to COPY isn’t in your build context, or the path inside the container for a RUN command is incorrect.
- Solution: Double-check that the file exists in the directory where you’re running container build. Ensure your WORKDIR is correctly set and that relative paths in COPY or RUN commands are accurate from the perspective of the container’s working directory.
- Example: If you run container build -t my-app ../another-folder, then . in your Dockerfile refers to ../another-folder, not your current directory. Always build from the directory containing your Dockerfile and source files.
Port Conflicts (“Address already in use”):
- Problem: When you run container run -p 5000:5000, if another process on your Mac (or another container) is already using port 5000, you’ll get this error.
- Solution:
  - Ensure no other containers are running on that port (container ps). Stop them if necessary.
  - Check if any other applications on your Mac are using port 5000 (e.g., lsof -i :5000).
  - Use a different host port in the -p mapping (e.g., container run -p 8000:5000 my-flask-app).
Dependency Installation Failures (RUN pip install etc.):
- Problem: The RUN command fails, often because a package can’t be found, there’s a typo in requirements.txt, or an underlying system dependency is missing.
- Solution:
  - Carefully read the error messages in the build output. They usually point to the exact line in your Dockerfile that failed and why.
  - Verify package names and versions in requirements.txt.
  - If it’s a system dependency, you might need to add another RUN apt-get update && apt-get install -y [package] command before your Python installation, depending on your base image.
Dockerfile Syntax Errors:
- Problem: Simple typos in Dockerfile instructions (e.g., RUN instead of RUN).
- Solution: The container CLI will typically give you a clear error message like “unknown instruction” or “malformed instruction.” Always refer to the official Dockerfile reference (which applies conceptually to Apple’s container tools) for correct syntax.

Summary

You’ve completed a significant milestone today! Here’s what we covered in Chapter 3:

Container Images vs. Dockerfiles: You learned that an image is the static blueprint, and a Dockerfile is the recipe for creating it.
Key Dockerfile Instructions: We explored essential commands like FROM, WORKDIR, COPY, RUN, EXPOSE, and CMD, understanding what each does and why it’s important.
The Build Process: You understood the concept of a build context and how image layers are efficiently created during the build.
Hands-on Image Building: You successfully created a Python Flask web application, wrote a Dockerfile for it, built a custom my-flask-app image using container build, and ran it with container run.
Troubleshooting: You’re now equipped to identify and resolve common issues that might arise during image creation and execution.

You’re no longer just a consumer of containers; you’re a creator! This skill is foundational for developing and deploying modern applications.

What’s Next?

In Chapter 4, we’ll take your container skills to the next level by exploring data persistence and volume management. You’ll learn how to store data outside your containers, ensuring your application data is safe even if containers are stopped, removed, or updated. Get ready to manage your container data like a pro!

References

This page is AI-assisted and reviewed. It references official documentation and recognized resources where relevant.