I was recently looking into a docker problem and wanted to see the actual contents of the image that was having issues. Typically you can grab the Dockerfile that was used to build the image and use docker build to recreate it. I wasn’t able to locate the Dockerfile for this image so I decided to extract the image to a local file system for analysis. This was super easy to do with the docker export command.
To illustrate how this is done lets say you want to extract the contents of the Kubernetes heapster image to the a directory named rootfs. If you run docker export with the container ID (you can get this from docker inspect and docker ps) and pipe that to tar the rootfs directory will be populated with the image contents once the command completes:
$ docker export $(docker ps -a | awk '/heapster/ && !/POD/ {print $1}') | tar -C rootfs -xvf -
.dockerenv
dev/
dev/console
dev/pts/
dev/shm/
etc/
etc/hostname
etc/hosts
etc/mtab
etc/resolv.conf
etc/ssl/
etc/ssl/certs/
etc/ssl/certs/ca-certificates.crt
eventer
heapster
proc/
run/
run/secrets/
sys/
var/
var/run/
var/run/secrets/
var/run/secrets/kubernetes.io/
var/run/secrets/kubernetes.io/serviceaccount/
This has also been super useful for studying how runc works under the covers.