-
Build 100kB Docker Images from Scratch
📓 The Gist
You may think your 100mB Alpine images are small–but how about 100kB? Smaller images ship more quickly, and contain fewer attack vectors. Moreover, by optimizing images, you discover and isolate exactly what is needed for your app to run.
Let’s Optimize.
There are two key characteristics of scratch-based docker images:
- The Dockerfile has two build stages:
- a builder–which contains all of the build dependencies including source, libraries and tools and..
- a final image, containing the binary and any run-time dependencies (config files, certificates and dynamically linked libraries)
- The final image is
FROM scratch– the empty docker image
With this approach, your run-time image will contain exactly what is needed for your app to run – no additional config files, daemons or libraries that could be misconfigured or exploited.
Tony Metzidis
Software Developer