Skip to content

Dockerfile

How to build small container

  • Using distroless/minimal base images (minimal,alpine, slim version)
  • Multistage build. Onle necessary files in image.
  • Minimizing the number of layers
  • Understanding caching
  • Using Dockerignore
  • Keeping application data elsewhere

Distroless / Alpine image

Distroles images contain only your application and its runtime dependencies. They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution. Most common applications have a distroless image availablie to download Alternatively, start with Alpine, minimal, or slim version of application images

Multistage build. Builder pattern

Most compiled languages requires lots libraries during build which can be huge. Use multi stage build to build with one container and create new application container with compiled application only. 

# Stage 1: Build the Go binary
FROM golang:1.18-alpine AS builder
WORKDIR /app
# Copy the Go Modules manifests
COPY go.mod ./
# Download Go modules
RUN go mod download
# Copy the source code
COPY . .
# Build the Go binary
RUN go build -o myapp
# Stage 2: Create the final image
FROM alpine:latest
WORKDIR /app
# Install certificates to ensure the application can make HTTPS requests
RUN apk --no-cache add ca-certificates
# Copy the binary from the builder stage
COPY --from=builder /app/myapp .
# Command to run the binary
CMD ["./myapp"]

Minimize the Number of Layers

Docker images work in the following way – each RUN, COPY, FROM Dockerfile instructions add a new layer & each layer adds to the build execution time & increases the storage requirements of the image. Reduce number of layers by combining instructions 

FROM ubuntu:latest
RUN apt-get update -y && \
    apt-get upgrade -y &&

Understanding Caching

As Docker uses layered filesystem, each instruction creates a layer. Due to which, Docker caches the layer and can reuse it if it hasn’t changed.

Due to this concept, it’s recommended to add the lines which are used for installing dependencies & packages earlier inside the Dockerfile – before the COPY commands.

The reason behind this is that docker would be able to cache the image with the required dependencies, and this cache can then be used in the following builds when the code gets modified.

Use .dockerignore

Only necessary files must be copied to image, use .dockerignore to skip unwanted files

Keep Application Data Elsewhere

If application require data, ideally this can be in a shared volume or mounted as volume than include in the image.

Tools

  • SlimToolkit is a tool that helps to optimize Docker images by removing unnecessary layers and files.
  • Dive A tool for exploring a docker image, layer contents, and discovering ways to shrink the size of your Docker/OCI image.
  • Docker Squash --squash Once the image is built, this flag squashes the new layers into a new image with a single new layer.

Dockerfile reference

Commands Descreption
COPY Copy files in to the image
Volume Creates a Mountpoint as defined
ENTRYPOINT The executable that runs when container is run. It accepts input parameters, or takes from CMD
CMD Command to execute at start, will ignore input parameters. If ENTRYPOINT is defined CMD arguments are passed as arguments. Only 1 command allowed, only last one will take effect.
EXPOSE Defines ports to be published.
ENV Variables to be defined in the container.
RUN A command to be run in a new layer of Image being build
FROM Define base image from which image is built. This is first instruction.
WORKDIR Working Directory of container

Difference between CMD and ENTRYPOINT

Both Entry point and CMD execute instructions at start of container, however behaviour differ. CMD : When only CMD is specified, it executes command and will ignore any parameters passed. ENTRYPOINT: Defines command to execute at start, then inputs are passed as arguments. If CMD also specified, ENTRYPOINT will treat CMD as arguments than commands.

Use of CMD is preferred unless there is requirement to accept arguments for container run.