docker

June 20, 2024
in Dockerfile, builder process, docker
2 min read

How to build small container

Using distroless/minimal base images (minimal,alpine, slim version)
Multistage build. Onle necessary files in image.
Minimizing the number of layers
Understanding caching
Using Dockerignore
Keeping application data elsewhere

Distroles images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution. Most common applications have a distroless image availablie to download Alternatively, start with Alpine, minimal, or slim version of application images

Multistage build. Builder pattern

Most compiled languages requires lots libraries during build which can be huge. Use multi stage build to build with one container and create new application container with compiled application only.

# Stage 1: Build the Go binary
FROM golang:1.18-alpine AS builder
WORKDIR /app
# Copy the Go Modules manifests
COPY go.mod ./
# Download Go modules
RUN go mod download
# Copy the source code
COPY . .
# Build the Go binary
RUN go build -o myapp
# Stage 2: Create the final image
FROM alpine:latest
WORKDIR /app
# Install certificates to ensure the application can make HTTPS requests
RUN apk --no-cache add ca-certificates
# Copy the binary from the builder stage
COPY --from=builder /app/myapp .
# Command to run the binary
CMD ["./myapp"]

Minimize the Number of Layers

Docker images work in the following way – each RUN, COPY, FROM Dockerfile instructions add a new layer & each layer adds to the build execution time & increases the storage requirements of the image. Reduce number of layers by combining instructions

FROM ubuntu:latest
RUN apt-get update -y && \
    apt-get upgrade -y &&

Understanding Caching

As Docker uses layered filesystem, each instruction creates a layer. Due to which, Docker caches the layer and can reuse it if it hasn’t changed.

Due to this concept, it’s recommended to add the lines which are used for installing dependencies & packages earlier inside the Dockerfile – before the COPY commands.

The reason behind this is that docker would be able to cache the image with the required dependencies, and this cache can then be used in the following builds when the code gets modified.

Use .dockerignore

Only necessary files must be copied to image, use .dockerignore to skip unwanted files

Keep Application Data Elsewhere

If application require data, ideally this can be in a shared volume or mounted as volume than include in the image.

Tools

SlimToolkit is a tool that helps to optimize Docker images by removing unnecessary layers and files.
Dive A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image.
Docker Squash --squash Once the image is built, this flag squashes the new layers into a new image with a single new layer.

June 20, 2024
in Dockerfile, docker desktop, docker
1 min read

Dockerfile reference

Commands	Descreption
COPY	Copy files in to the image
Volume	Creates a Mountpoint as defined
ENTRYPOINT	The executable that runs when container is run. It accepts input parameters, or takes from CMD
CMD	Command to execute at start, will ignore input parameters. If ENTRYPOINT is defined CMD arguments are passed as arguments. Only 1 command allowed, only last one will take effect.
EXPOSE	Defines ports to be published.
ENV	Variables to be defined in the container.
RUN	A command to be run in a new layer of Image being build
FROM	Define base image from which image is built. This is first instruction.
WORKDIR	Working Directory of container

Difference between CMD and ENTRYPOINT

Both Entry point and CMD execute instructions at start of container, however behaviour differ. CMD : When only CMD is specified, it executes command and will ignore any parameters passed. ENTRYPOINT: Defines command to execute at start, then inputs are passed as arguments. If CMD also specified, ENTRYPOINT will treat CMD as arguments than commands.

Use of CMD is preferred unless there is requirement to accept arguments for container run.

June 20, 2024
in podman, container, docker desktop, docker
2 min read

Podman

Build container without Docker (Mac/Linux/Windows)

alt text

Podman is an opensource tool to manage all your container needs without requiring Docker or Docker desktop. It has same command sets as Docker and it does not require Daemon.

- Opensource
- Fast and light
- Secure : Rootless container allow to contain privileges
- Compatible : Supports OCI compliant containers including Docker

Install Podman

brew install podman
# On Mac, each Podman machine is backed by a virtual machine
# After installing, you need to create and start your first Podman machine
podman machine init
podman machine start
podman info

Simple Flask app

from flask import Flask
app = Flask(__name__)
@app.route('/')
def hello():
    return "My flask container"
if __name__ == '__main__':
    app.run()

Prepare Docker file

You can use most Docker commands with podman.

FROM python:3.10-slim
WORKDIR /app
COPY . /app
RUN pip install --trusted-host pypi.python.org Flask
EXPOSE 5000
CMD ["flask", "run", "--host=0.0.0.0"]

Build and run pod

# Build image from FLask App
podman build -t myflask:latest .
# Check your images
podman images
# Run your container
pod podman run localhost/myflask:latest -p 5000:5000
# Verify the site
curl http://localhost:5000/
# Check running containers
podman ps (-a to list all including stopped)

Command references

Commands	Descreption
podman ps -a	List all containers including stopped
podman run -p 5000:5000 -d	Run container in Daemon mode and portforward
podman image tag newtag:version	Create new Tag for image
podman image prune -a	Delete al the images
podman inspect	Inspect a container image
podman container rm -f $(podman container list -aq)	Remove all pods including stopped
podman image rm -f $(podman image ls -q)	Remove all images from the system