How to Write a Good Dockerfile ?

Introduction

Have you noticed that it takes a long time to build an image when using Docker, and have any doubts as to whether the created container is really good? Now let’s find out how to prevent security attacks and optimize Docker’s image build process.

How to writing good Dockerfiles ???

Use the /.dockerignore

The best way is to put the Dockerfile in an empty directory and add only the application and configuration files needed to build the Docker image. You can also exclude files and directories by adding .dockerignore files to that directory to improve build performance.

Don’t install unnecessary packages

If possible, Docker images should be kept lean. You can reduce portability, build time, less complexity, and smaller container size. For example, in most cases you don’t need to install a text editor in your container. Do not install non-essential applications or services.

Minimize the number of layers

Each command in the Dockerfile adds the appropriate layer to the Docker image. The number of commands and layers should be kept to a minimum as it will ultimately affect build performance and time.

Specify the image version

If you do not specify a tag when using a Docker image, the latest tag will be used automatically. However, latest there is a problem with tags. Basically, latest once you specify the tag, it will be used for the latest image version from Docker’s image repository, but it will be cached locally, so forgetting to update the tag can make a difference. Also, rebuilding the image can cause glitches, as the version of the image can change when you specify the latest tag. It is better to use the latest tag and a specified tag such as image version.

Command concatenation

When you build the image, each command in the Dockerfile adds one layer to the image. Combining the commands reduces the number of layers and reduces the size of the image. A common example of a command combination is the RUN command. Instead of using multiple RUN commands, it is better to combine each command with “&&”.

Wrong way:

RUN apt-get update
RUN apt-get install -y python3-pip
RUN cd ~

Good way:

RUN apt-get update && apt-get install -y python3-pip && cd ~

Use a multi-stage build

Using multistage is the recommended way to deploy your application. This eliminates the need to use build dependencies in running containers. You can build your application with a unique build image with dependencies and move the compiled binaries to another container image to run. A multi-stage build contains only the minimum binaries and dependencies needed for the final image, without the need to build intermediate containers, files, etc.

Explanation:

In the above, the Dockerfile has two separate stages.

  • The first stage is used to build a node application from a Node image.
  • The second stage is build-stage used to copy from the build image to the web server image that ultimately serves the application.

 by the author.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store