The difference between VOLUME and docker -v in Dockerfile

There are obvious differences between volume mounting in Dockerfile and mounting with the docker -v command:

1. VOLUME

The volume mounted on the host machine in Dockerfile using VOLUME is an anonymous volume. On the host machine, it is automatically anonymously mounted to the /var/lib/docker/volumes/ directory. The code is as follows:

FROM frolvlad/alpine-java:jre8-slim
MAINTAINER oas.cloud
COPY nickdir .
VOLUME /usr/local/oas/file/
WORKDIR /usr/local/oas/

The VOLUME /usr/local/oas/file/ above defines the path of the directory in the container. The directory will be created in the container during the container creation process, and the mount directory name on the host is randomly generated.

For example:

/var/lib/docker/volumes/593fda6d7b8296bfca22894b326727c734133eebb11c9bc2c25a73b892157a37

Here on the host machine

/var/lib/docker/volumes/593fda6d7b8296bfca22894b326727c734133eebb11c9bc2c25a73b892157a37

The directory corresponds to the /usr/local/oas/file/ directory in the container

2. docker -v

docker -v can specify the specific directory mounted to the host machine, which is more controllable than the VOLUME mounting method of Dockerfile. The code is as follows:

$ docker run --name tengine-web -d -p 9527:80 -p 9000:9000 \
-v /usr/local/tengine/logs:/var/log/nginx \
-v /usr/local/tengine/conf.d:/etc/nginx/conf.d \
-v /usr/local/tengine/conf/nginx.conf:/etc/nginx/nginx.conf \
-v /usr/local/tengine/html:/usr/share/nginx/html \
-v /usr/local/oas/file:/usr/local/oas/file nginx

The above command can mount the host's /usr/local/tengine/logs and other directories to the container's /var/log/nginx and other corresponding directories. The path before the colon is the host directory (absolute path), and the path after the colon is the path mounted in the image (absolute path).

Supplement: The difference between Docker data volume mounting commands volume (-v) and mount

1. Introduction

Users can create containers with data volumes by using the --volume/-v or --mount options of docker run, but there are some subtle differences between these two options, which are summarized here.

2. Command usage

--volume(-v)

The parameter --volume (or -v for short) can only create a bind mount. Example:

docker run --name $CONTAINER_NAME -it \
-v $PWD/$CONTAINER_NAME/app:/app:rw \
-v $PWD/$CONTAINER_NAME/data:/data:ro \
avocado-cloud:latest /bin/bash

Notes:

Command format:

[[HOST-DIR:]CONTAINER-DIR[:OPTIONS]]]

If HOST-DIR is specified, it must be an absolute path. If the path does not exist, it will be automatically created.

In the example, rw means read-write and ro means read-only.

--mount

The --mount parameter is used to mount volumes by default, but can also be used to create bind mounts and tmpfs. If the type option is not specified, the default is to mount the volume. Volume is a more flexible way to manage data. Volume can be managed through the docker volume command set. Example:

docker run --name $CONTAINER_NAME -it \
--mount type=bind,source=$PWD/$CONTAINER_NAME/app,destination=/app \
--mount source=${CONTAINER_NAME}-data,destination=/data,readonly \
avocado-cloud:latest /bin/bash

Notes:

Mount volume command format:

[type=volume,]source=my-volume,destination=/path/in/container[,...]

Create a bind mount command format:

type=bind,source=/path/on/host,destination=/path/in/container[,...]

If you create a bind mount and specify a source, it must be an absolute path and the path must already exist.

In the example, readonly means read-only

3. Summary of Differences

1. Comparison between creating a bind mount and mounting a volume

*Notes:

Docker cannot simply open the contents of the volume to ordinary users on the host through sudo chown someuser: -R /var/lib/docker/volumes/somevolume. If more permissions are opened, there will be security risks. In this regard, Podman's design is much more ideal. The volume is stored in the $HOME/.local/share/containers/storage/volumes/ path, which provides convenience and ensures security.

The container can be run without root privileges, which is one of the advantages of Podman. It really benefits a lot in actual use.

2. Comparison of using --volume and --mount when creating a bind mount

The above is my personal experience. I hope it can give you a reference. I also hope that you will support 123WORDPRESS.COM. If there are any mistakes or incomplete considerations, please feel free to correct me.