In this article, we will see together different ways to reduce your docker images size. Having small images will let you deploy and transfer them fast.

How to select proper images

DockerHub

It’s important to remember that you should choose proper images before starting reducing images. If you select it on DockerHub, please check that as much as possible that at least one of the three following are selected :

They will guarantee a minimum of verification by Docker teams on the authors of the image.

Avoid “latest” !

If you are using From [imagename]:latest, you can run into problems whenever the image changes. It can become a difficult problem to trace. Using specific tags can ensure that you know the exact image being used from the Docker registry.

Choose Alpine or distroless images

One of the best ways to reduce the size of your images is to use Alpine or distrosless images.

Vanilla images can be used for testing, it’s big but provides the same experiences as if you were to have your workstation with Ubuntu installed. Also, you have access to all the binaries available in the operating system.

Alpine images are great if size is your first concern. Small. Simple. Secure. Alpine Linux is a security-oriented, lightweight Linux distribution based on musl libc and busybox.

Finally, distroless images, are closed to alpines but even more secured. Indeed, they have no package manager like apk tools in alpine, apt in ubuntu. In case, attacker want to change a live container installing packages, there’s no chance.

A regular nodejs image has a size of 700MB, alpine and distroless only 70MB !

Data management

If you have a complicated build that goes through multiple directories recursively, all the files and directories are sent to the Docker daemon. It can result in larger images and slower build times. You can use the .dockerignore to exclude unnecessary files and folders that complicate the build process. Dockerfile should install only the bare minimum packages necessary to run the services.

Moreover, storing application data in the container will balloon up your images. For production environments, always use the volume feature to keep the container separate from the data.

Avoid multiple layers

When building an image, pay attention to the layers created by Dockerfiles. Each RUN command creates a new layer. So combining the layers can reduce the image size. If we run the following, it will create two layer :

RUN apt-get -y update


RUN apt-get install -y python

However by combining the commands, it will create a single layer in the final image:

RUN apt-get -y update && apt-get install -y python

So, smart combinations of commands can lead to smaller images !

Keep only what is mandatory !

If you have a complicated build that goes through multiple directories recursively, all the files and directories are sent to the Docker daemon. It can result in larger images and slower build times. Excluding certain files that aren’t necessary for your image can help you reduce the image size. That is where the .dockerignore file comes in.

Dockerfile should install only the bare minimum packages necessary to run the services.

Use Multi-stage build

By using the multi-stage option in Docker, you can use multiple FROM statements to build each phase. Every FROM statement starts with the new base and leave behind everything which you don’t need from the previous FROM statement. How great is that ? 🙂

We can have the same tiny image without much complexity as in builder pattern.

When using multi-stage builds, you are not limited to copying from stages you created earlier in your Dockerfile. You can use the COPY –from instruction to copy from a separate image, either using the local image name, a tag available locally or on a Docker registry, or a tag ID. The Docker client pulls the image if necessary and copies the artifact from there.

The syntax is the following :

FROM alpine:latest as builder
RUN apk --no-cache add build-base

FROM builder as build1
COPY source1.cpp source.cpp
RUN g++ -o /binary source.cpp

FROM builder as build2
COPY source2.cpp source.cpp

RUN g++ -o /binary source.cpp

That’s all folks !

Sources

linuxhint.com

medium.com

www-grottedubarbu-fr.cdn.ampproject.org

docks.docker.com

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *