Docker image layers vernacular – referencing layer order

How do I properly convey a layer is “later” than another layer.

Consider the following Dockerfile:

  • How to set the container name used for --link option with Docker
  • Update max_map_count for ElasticSearch docker container Mac host
  • Docker how to start container with defined nameservers in /etc/resolv.conf
  • Kubernetes - How to run kubectl commands inside a container?
  • docker run can't find application
  • Can't connect in php to db in postgres-docker-container
  • FROM ubuntu:15.10
    COPY . /app
    RUN make /app
    CMD python /app/app.py
    

    This Dockerfile contains four commands, each of which creates a layer.

    How do I describe the RUN layer is later than the COPY layer? Context being, later layers that install patches may mitigate vulnerabilities that are introduced in earlier layers.

    In Code

    In code, the CMD layer is the bottom layer. Hence, in code, the lower a layer is, the later it is.

    Docker overview docs

    There is only a reference to a “final” layer.

    About images, containers, and storage drivers | Docker Documentation,

    Docker references layers that supersede other layers in the following ways:

    • last
    • on top
    • before

    Docker image shows later images as “higher”

    Docker image shows later images as "higher"

  • Multiple instance application in docker
  • Testing containerized microservice with external dependency
  • How to manage Docker private registry
  • oh-my-zsh installation returns non zero code
  • Docker failing to add remote file with 'too many redirects'
  • Enable broadcasts between docker containers
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.