SlideShare a Scribd company logo

DockerCon EU 2018 - Dockerfile Best Practices

T
Tibor Vass

This document provides best practices for writing Dockerfiles. It begins with a refresher on images, Dockerfile build processes, and areas for improvement. Examples are then given of improving a sample Dockerfile by reducing layers, reusing official images, using multi-stage builds to reduce image sizes, and adding build caching and reproducibility. Benchmarks show the improved Dockerfile builds faster and produces smaller images. New Dockerfile features in Docker 18.09 like context mounts and application caching are also briefly discussed.

Technology
1 of 72
Download to read offline
Tibor Vass Docker, Inc. Dockerfile Best Practices Sebastiaan van Stijn Docker, Inc. @tiborvass @thaJeztah
Dockerfile A blueprint to build Docker images Popular: 1+ million Dockerfiles on GitHub
https://docs.docker.com/engine/reference/builder/
Use latest Docker, enable BuildKit today! Docker client: export DOCKER_BUILDKIT=1 Docker daemon config: { "features": {"buildkit": true} } Windows support coming soon
Quick refresher
image: template to instantiate running containers. References list of filesystem layers layer: a list of changes to a rootfs copy-on-write filesystem: allows smaller disk usage Quick refresher on Images
Quick refresher on Build Parse Dockerfile and get build steps to perform build caching: no need to perform build steps where files or RUN line have not changed, reuse cached layers build context: local files that can be copied to the image
Improving Dockerfiles
- Consistency/Repeatability - (Incremental) build time - Image size - Maintainability Areas of improvements
-rw-r--r-- 1 656 Dec 4 12:20 Dockerfile drwxr-xr-x 2 6.1M Dec 4 09:44 docs/ -rw-r--r-- 1 1.7K Dec 3 09:48 pom.xml -rw-r--r-- 1 1.0K Dec 4 10:12 README.md drwxr-xr-x 4 44K Dec 3 09:48 src/ drwxr-xr-x 2 17M Dec 4 09:50 target/ Basic Java Spring Hello world web app Example project
FROM debian COPY . /app RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh emacs CMD ["java", "-jar", "/app/target/app.jar"] Let’s improve this Dockerfile
Let’s improve this Dockerfile FROM debian COPY . /app RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh emacs vim CMD ["java", "-jar", "/app/target/app.jar"]
Order matters for caching FROM debian COPY . /app RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim COPY . /app CMD ["java", "-jar", "/app/target/app.jar"]
Order matters for caching FROM debian RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim COPY . /app CMD ["java", "-jar", "/app/target/app.jar"]
More specific COPY to limit cache bust FROM debian RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim COPY . /app COPY target/app.jar /app CMD ["java", "-jar", "/app/target/app.jar"]
More specific COPY to limit cache bust FROM debian RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"] Pro Tip! Use COPY, not ADD for local files
More specific COPY to limit cache bust FROM debian RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Identify cacheable "units" FROM debian RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Line buddies: apt-get update & install FROM debian RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim RUN apt-get update && apt-get -y install openjdk-8-jdk ssh vim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Line buddies: apt-get update & install FROM debian RUN apt-get update && apt-get -y install openjdk-8-jdk ssh vim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Remove unnecessary dependencies FROM debian RUN apt-get update && apt-get -y install openjdk-8-jdk ssh vim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Remove unnecessary dependencies FROM debian RUN apt-get update && apt-get -y install openjdk-8-jdk COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Use --no-install-recommends FROM debian RUN apt-get update && apt-get -y install --no-install-recommends openjdk-8-jdk COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Remove package manager cache FROM debian RUN apt-get update && apt-get -y install --no-install-recommends openjdk-8-jdk && rm -rf /var/lib/apt/lists/* COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Remove package manager cache FROM debian RUN apt-get update && apt-get -y install --no-install-recommends openjdk-8-jdk && rm -rf /var/lib/apt/lists/* COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Reuse official images when possible FROM debian RUN apt-get update && apt-get -y install --no-install-recommends openjdk-8-jdk && rm -rf /var/lib/apt/lists/* FROM openjdk COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Reuse official images when possible - Reduce time spent on maintenance (frequently updated with fixes) - Reduce size (shared layers between images) - Pre-configured for container use - Built by smart people - Bonus: scanned for vulnerabilities on Docker Hub
Reuse official images when possible FROM openjdk COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Use more specific tags FROM openjdk:latest FROM openjdk:8 COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Use more specific tags FROM openjdk:8 COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Use more specific tags Read the image's documentation on Docker Hub https://hub.docker.com/_/openjdk
Use more specific tags FROM openjdk:8-jre COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Use more specific tags FROM openjdk:8-jre COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Look for minimal flavors FROM openjdk:8-jre-slim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Look for minimal flavors FROM openjdk:8-jre-slim FROM openjdk:8-jre-alpine COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Look for minimal flavors REPOSITORY TAG SIZE openjdk 8 624MB openjdk 8-jre 443MB openjdk 8-jre-slim 204MB openjdk 8-jre-alpine 83MB
Look for minimal flavors FROM openjdk:8-jre-alpine COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Look for reproducibility FROM openjdk:8-jre-alpine COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
Build from source in a consistent environment - Build environment is described in the Dockerfile - Correct versions of build tools installed - Prevent inconsistencies between environments - There may be system dependencies - The "source of truth" is the source code not the build artifact
Build from source in a consistent environment FROM openjdk:8-jre-alpine FROM maven:3.6-jdk-8-alpine COPY app.jar /app COPY pom.xml /app/ COPY src /app/src RUN cd /app && mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
Build from source in a consistent environment FROM maven:3.6-jdk-8-alpine COPY pom.xml /app/ COPY src /app/src RUN cd /app && mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
Build from source in a consistent environment FROM maven:3.6-jdk-8-alpine WORKDIR /app COPY pom.xml /app/. COPY src /app./src RUN cd /app && mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
Build from source in a consistent environment FROM maven:3.6-jdk-8-alpine WORKDIR /app COPY pom.xml . COPY src ./src RUN mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
Cache dependencies FROM maven:3.6-jdk-8-alpine WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
Cache dependencies FROM maven:3.6-jdk-8-alpine WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
Identify build dependencies FROM maven:3.6-jdk-8-alpine WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
Multi-stage builds to remove build deps FROM maven:3.6-jdk-8-alpine WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package
FROM maven:3.6-jdk-8-alpine AS builder WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package CMD ["java", "-jar", "/app/app.jar"] FROM openjdk:8-jre-alpine COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] Multi-stage builds to remove build deps
FROM maven:3.6-jdk-8-alpine AS builder WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package FROM openjdk:8-jre-alpine COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] Multi-stage builds to remove build deps
- Moby: 16 stages https://github.com/moby/moby/blob/master/Dockerfil e - BuildKit: 44 stages https://github.com/moby/buildkit/blob/master/hack/d ockerfiles/test.buildkit.Dockerfile Projects with many stages
- Separate build from runtime environment (shrinking image size) - Slight variations on images - DRY (Don’t Repeat Yourself) - Build/dev/test/lint environments - Concurrent stages - Platform-specific stages Multi-stage usecases
FROM maven:3.6-jdk-8-alpine AS builder ... FROM openjdk:8-jre-jessie AS release-jessie COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] FROM openjdk:8-jre-alpine AS release-alpine COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] docker build --target X
FROM maven:3.6-jdk-8-alpine AS builder ... FROM openjdk:8-jre-jessie AS release-jessie COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] FROM openjdk:8-jre-alpine AS release-alpine COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] docker build --target X
FROM maven:3.6-jdk-8-alpine AS builder ... FROM openjdk:8-jre-jessie AS release-jessie COPY --from=builder /app/app.jar / CMD ["java", "-jar", "/app.jar"] FROM openjdk:8-jre-alpine AS release-alpine COPY --from=builder /app/app.jar / CMD ["java", "-jar", "/app.jar"] docker build --target X
ARG flavor=alpine FROM maven:3.6-jdk-8-alpine AS builder ... FROM openjdk:8-jre-$flavor AS release COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] Global ARG: docker build --build-arg K=V
FROM maven:3.6-jdk-8-alpine AS builder ... FROM openjdk:8-jre-alpine AS lint RUN wget https://github.com/checkstyle/checkstyle/releases/download/checkstyle-8.15/checkstyle-8.15-all.jar COPY checks.xml . COPY src /src RUN java -jar checkstyle-8.15-all.jar -c checks.xml /src Various environments: build, dev, test, lint, ...
FROM maven:3.6-jdk-8-alpine AS builder ... FROM openjdk:8-jre-alpine AS release COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] FROM builder AS dev RUN apk add --no-cache strace ENTRYPOINT ["ash"] Various environments: build, dev, test, lint, ...
FROM maven:3.6-jdk-8-alpine AS builder ... RUN mvn -e -B package -DskipTests FROM builder AS unit-test RUN mvn -e -B test FROM release AS integration-test RUN apk add --no-cache curl RUN ./test/run.sh Various environments: build, dev, test, lint, ...
FROM maven:3.6-jdk-8-alpine AS builder ... FROM tiborvass/whalesay AS assets RUN whalesay "¡Hola DockerCon!" > /out/assets.html FROM openjdk:8-jre-alpine AS release COPY --from=builder /app/app.jar / COPY --from=assets /out /assets CMD ["java", "-jar", "/app.jar"] Multi-stage: build concurrently
Benchmarks Based on github.com/moby/moby Dockerfile, master branch. Smaller is better. Time for full build from empty state 2.0x faster
Benchmarks Based on github.com/moby/moby Dockerfile, master branch. Smaller is better. Repeated build with matching cache 7.2x faster
Benchmarks Based on github.com/moby/moby Dockerfile, master branch. Smaller is better. Repeated build with new source code 2.5x faster
Some new Dockerfile features in v18.09
“Supercharged Docker Build with BuildKit” BlackBelt session Wednesday 12pm - What’s new - New Dockerfile features (RUN --mount, secrets, ssh, syntax customization)
# syntax = docker/dockerfile:1.0-experimental # syntax=docker/dockerfile:1.0-experimental FROM maven:3.6-jdk-8-alpine AS builder WORKDIR /app COPY . /app RUN mvn -e -B package FROM openjdk:8-jre-alpine COPY --from=builder /app/app.jar / CMD ["java", "-jar", "/app.jar"]
Context mounts (v18.09 only) # syntax=docker/dockerfile:1.0-experimental FROM maven:3.6-jdk-8-alpine AS builder WORKDIR /app COPY . /app RUN --mount=target=. mvn -e -B package -DoutputDirectory=/ FROM openjdk:8-jre-alpine COPY --from=builder /app/app.jar / CMD ["java", "-jar", "/app.jar"]
Context mounts (v18.09 only) # syntax=docker/dockerfile:1.0-experimental FROM maven:3.6-jdk-8-alpine AS builder WORKDIR /app RUN --mount=target=. mvn -e -B package -DoutputDirectory=/ FROM openjdk:8-jre-alpine COPY --from=builder /app.jar / CMD ["java", "-jar", "/app.jar"]
Application cache (v18.09 only) # syntax=docker/dockerfile:1.0-experimental FROM maven:3.6-jdk-8-alpine AS builder WORKDIR /app RUN --mount=target=. --mount=type=cache,target=/root/.m2 && mvn package -DoutputDirectory=/ FROM openjdk:8-jre-alpine COPY --from=builder /app.jar / CMD ["java", "/app.jar"]
We went from: - inconsistent build/dev/test environments - bloated image - slow build and incremental build times (cache busts) To: - consistent build/dev/test environments - minimal image - very fast build and incremental build times Improvements recap
Read more on blog posts https://medium.com/@tonistiigi/advance d-multi-stage-build-patterns-6f741b852f ae https://medium.com/@tonistiigi/build-secrets-a nd-ssh-forwarding-in-docker-18-09-ae8161d06 6
• Multi-stage, multi-stage, multi-stage • Enable BuildKit • Supercharged Docker Build with BuildKit in BlackBelt session on Wednesday at 12pm Thank you!
Take A Breakout Survey Access your session and/or workshop surveys for the conference at any time by tapping the Sessions link on the navigation menu or block on the home screen. Find the session/workshop you attended and tap on it to view the session details. On this page, you will find a link to the survey.

Recommended

DCSF19 Dockerfile Best Practices
DCSF19 Dockerfile Best PracticesDCSF19 Dockerfile Best Practices
DCSF19 Dockerfile Best Practices
Docker, Inc.
 
DCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best PracticesDCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best Practices
Docker, Inc.
 
DCSF19 Tips and Tricks of the Docker Captains
DCSF19 Tips and Tricks of the Docker Captains DCSF19 Tips and Tricks of the Docker Captains
DCSF19 Tips and Tricks of the Docker Captains
Docker, Inc.
 
Cloud Foundry Summit 2015: 10 common errors when pushing apps to cloud foundry
Cloud Foundry Summit 2015: 10 common errors when pushing apps to cloud foundryCloud Foundry Summit 2015: 10 common errors when pushing apps to cloud foundry
Cloud Foundry Summit 2015: 10 common errors when pushing apps to cloud foundry
Jack-Junjie Cai
 
Streamline your development environment with docker
Streamline your development environment with dockerStreamline your development environment with docker
Streamline your development environment with docker
Giacomo Bagnoli
 
Docker for (Java) Developers
Docker for (Java) DevelopersDocker for (Java) Developers
Docker for (Java) Developers
Rafael Benevides
 
Deployment Tactics
Deployment TacticsDeployment Tactics
Deployment Tactics
Ian Barber
 
今すぐ始めるCloud Foundry #hackt #hackt_k
今すぐ始めるCloud Foundry #hackt #hackt_k今すぐ始めるCloud Foundry #hackt #hackt_k
今すぐ始めるCloud Foundry #hackt #hackt_k
Toshiaki Maki
 

Recommended

DCSF19 Dockerfile Best Practices
DCSF19 Dockerfile Best PracticesDCSF19 Dockerfile Best Practices
DCSF19 Dockerfile Best Practices
Docker, Inc.
 
DCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best PracticesDCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best Practices
Docker, Inc.
 
DCSF19 Tips and Tricks of the Docker Captains
DCSF19 Tips and Tricks of the Docker Captains DCSF19 Tips and Tricks of the Docker Captains
DCSF19 Tips and Tricks of the Docker Captains
Docker, Inc.
 
Cloud Foundry Summit 2015: 10 common errors when pushing apps to cloud foundry
Cloud Foundry Summit 2015: 10 common errors when pushing apps to cloud foundryCloud Foundry Summit 2015: 10 common errors when pushing apps to cloud foundry
Cloud Foundry Summit 2015: 10 common errors when pushing apps to cloud foundry
Jack-Junjie Cai
 
Streamline your development environment with docker
Streamline your development environment with dockerStreamline your development environment with docker
Streamline your development environment with docker
Giacomo Bagnoli
 
Docker for (Java) Developers
Docker for (Java) DevelopersDocker for (Java) Developers
Docker for (Java) Developers
Rafael Benevides
 
Deployment Tactics
Deployment TacticsDeployment Tactics
Deployment Tactics
Ian Barber
 
今すぐ始めるCloud Foundry #hackt #hackt_k
今すぐ始めるCloud Foundry #hackt #hackt_k今すぐ始めるCloud Foundry #hackt #hackt_k
今すぐ始めるCloud Foundry #hackt #hackt_k
Toshiaki Maki
 
Docker在豆瓣的实践 刘天伟-20160709
Docker在豆瓣的实践 刘天伟-20160709Docker在豆瓣的实践 刘天伟-20160709
Docker在豆瓣的实践 刘天伟-20160709
Tianwei Liu
 
Creating docker custom image
Creating docker custom imageCreating docker custom image
Creating docker custom image
t lc
 
Learning Maven by Example
Learning Maven by ExampleLearning Maven by Example
Learning Maven by Example
Hsi-Kai Wang
 
DCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on KubernetesDCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on Kubernetes
Docker, Inc.
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
Ben Hall
 
Docker Container As A Service - JAX 2016
Docker Container As A Service - JAX 2016Docker Container As A Service - JAX 2016
Docker Container As A Service - JAX 2016
Patrick Chanezon
 
Maven Introduction
Maven IntroductionMaven Introduction
Maven Introduction
Sandeep Chawla
 
Demystifying Maven
Demystifying MavenDemystifying Maven
Demystifying Maven
Mike Desjardins
 
Maven 3.0 at Øredev
Maven 3.0 at ØredevMaven 3.0 at Øredev
Maven 3.0 at Øredev
Matthew McCullough
 
Using Docker in the Real World
Using Docker in the Real WorldUsing Docker in the Real World
Using Docker in the Real World
Tim Haak
 
Securing Containers, One Patch at a Time - Michael Crosby, Docker
Securing Containers, One Patch at a Time - Michael Crosby, DockerSecuring Containers, One Patch at a Time - Michael Crosby, Docker
Securing Containers, One Patch at a Time - Michael Crosby, Docker
Docker, Inc.
 
Continuous delivery with docker
Continuous delivery with dockerContinuous delivery with docker
Continuous delivery with docker
Johan Janssen
 
DNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostDNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance Boost
Christoph Adler
 
Java Builds with Maven and Ant
Java Builds with Maven and AntJava Builds with Maven and Ant
Java Builds with Maven and Ant
David Noble
 
Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)
Ben Hall
 
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Docker, Inc.
 
Development Tools - Maven
Development Tools - MavenDevelopment Tools - Maven
Development Tools - Maven
Bert Koorengevel
 
Using Maven 2
Using Maven 2Using Maven 2
Using Maven 2
andyhot
 
Docker for developers on mac and windows
Docker for developers on mac and windowsDocker for developers on mac and windows
Docker for developers on mac and windows
Docker, Inc.
 
Optimizing Spring Boot apps for Docker
Optimizing Spring Boot apps for DockerOptimizing Spring Boot apps for Docker
Optimizing Spring Boot apps for Docker
Graham Charters
 
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
Puppet
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configuration
lutter
 

More Related Content

What's hot

Docker在豆瓣的实践 刘天伟-20160709
Docker在豆瓣的实践 刘天伟-20160709Docker在豆瓣的实践 刘天伟-20160709
Docker在豆瓣的实践 刘天伟-20160709
Tianwei Liu
 
Creating docker custom image
Creating docker custom imageCreating docker custom image
Creating docker custom image
t lc
 
Learning Maven by Example
Learning Maven by ExampleLearning Maven by Example
Learning Maven by Example
Hsi-Kai Wang
 
DCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on KubernetesDCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on Kubernetes
Docker, Inc.
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
Ben Hall
 
Docker Container As A Service - JAX 2016
Docker Container As A Service - JAX 2016Docker Container As A Service - JAX 2016
Docker Container As A Service - JAX 2016
Patrick Chanezon
 
Maven Introduction
Maven IntroductionMaven Introduction
Maven Introduction
Sandeep Chawla
 
Demystifying Maven
Demystifying MavenDemystifying Maven
Demystifying Maven
Mike Desjardins
 
Maven 3.0 at Øredev
Maven 3.0 at ØredevMaven 3.0 at Øredev
Maven 3.0 at Øredev
Matthew McCullough
 
Using Docker in the Real World
Using Docker in the Real WorldUsing Docker in the Real World
Using Docker in the Real World
Tim Haak
 
Securing Containers, One Patch at a Time - Michael Crosby, Docker
Securing Containers, One Patch at a Time - Michael Crosby, DockerSecuring Containers, One Patch at a Time - Michael Crosby, Docker
Securing Containers, One Patch at a Time - Michael Crosby, Docker
Docker, Inc.
 
Continuous delivery with docker
Continuous delivery with dockerContinuous delivery with docker
Continuous delivery with docker
Johan Janssen
 
DNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostDNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance Boost
Christoph Adler
 
Java Builds with Maven and Ant
Java Builds with Maven and AntJava Builds with Maven and Ant
Java Builds with Maven and Ant
David Noble
 
Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)
Ben Hall
 
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Docker, Inc.
 
Development Tools - Maven
Development Tools - MavenDevelopment Tools - Maven
Development Tools - Maven
Bert Koorengevel
 
Using Maven 2
Using Maven 2Using Maven 2
Using Maven 2
andyhot
 

What's hot (18)

Docker在豆瓣的实践 刘天伟-20160709
Docker在豆瓣的实践 刘天伟-20160709Docker在豆瓣的实践 刘天伟-20160709
Docker在豆瓣的实践 刘天伟-20160709
 
Creating docker custom image
Creating docker custom imageCreating docker custom image
Creating docker custom image
 
Learning Maven by Example
Learning Maven by ExampleLearning Maven by Example
Learning Maven by Example
 
DCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on KubernetesDCSF 19 Deploying Rootless buildkit on Kubernetes
DCSF 19 Deploying Rootless buildkit on Kubernetes
 
Real World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and ProductionReal World Experience of Running Docker in Development and Production
Real World Experience of Running Docker in Development and Production
 
Docker Container As A Service - JAX 2016
Docker Container As A Service - JAX 2016Docker Container As A Service - JAX 2016
Docker Container As A Service - JAX 2016
 
Maven Introduction
Maven IntroductionMaven Introduction
Maven Introduction
 
Demystifying Maven
Demystifying MavenDemystifying Maven
Demystifying Maven
 
Maven 3.0 at Øredev
Maven 3.0 at ØredevMaven 3.0 at Øredev
Maven 3.0 at Øredev
 
Using Docker in the Real World
Using Docker in the Real WorldUsing Docker in the Real World
Using Docker in the Real World
 
Securing Containers, One Patch at a Time - Michael Crosby, Docker
Securing Containers, One Patch at a Time - Michael Crosby, DockerSecuring Containers, One Patch at a Time - Michael Crosby, Docker
Securing Containers, One Patch at a Time - Michael Crosby, Docker
 
Continuous delivery with docker
Continuous delivery with dockerContinuous delivery with docker
Continuous delivery with docker
 
DNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance BoostDNUG Webcast: IBM Notes V10 Performance Boost
DNUG Webcast: IBM Notes V10 Performance Boost
 
Java Builds with Maven and Ant
Java Builds with Maven and AntJava Builds with Maven and Ant
Java Builds with Maven and Ant
 
Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)
 
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...
 
Development Tools - Maven
Development Tools - MavenDevelopment Tools - Maven
Development Tools - Maven
 
Using Maven 2
Using Maven 2Using Maven 2
Using Maven 2
 

Similar to DockerCon EU 2018 - Dockerfile Best Practices

Docker for developers on mac and windows
Docker for developers on mac and windowsDocker for developers on mac and windows
Docker for developers on mac and windows
Docker, Inc.
 
Optimizing Spring Boot apps for Docker
Optimizing Spring Boot apps for DockerOptimizing Spring Boot apps for Docker
Optimizing Spring Boot apps for Docker
Graham Charters
 
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
Puppet
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configuration
lutter
 
Docker
DockerDocker
Docker
Vitaly Tsaplin
 
Pluralsight Webinar: Simplify Your Project Builds with Docker
Pluralsight Webinar: Simplify Your Project Builds with DockerPluralsight Webinar: Simplify Your Project Builds with Docker
Pluralsight Webinar: Simplify Your Project Builds with Docker
Elton Stoneman
 
Docker best practices
Docker best practicesDocker best practices
Docker best practices
Philipp Koch
 
Gdg cloud taipei ddt meetup #53 buildpack
Gdg cloud taipei ddt meetup #53 buildpackGdg cloud taipei ddt meetup #53 buildpack
Gdg cloud taipei ddt meetup #53 buildpack
KAI CHU CHUNG
 
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth Rushgrove
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth RushgroveThe Dockerfile Explosion and the Need for Higher Level Tools by Gareth Rushgrove
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth Rushgrove
Docker, Inc.
 
Docker for Ruby Developers
Docker for Ruby DevelopersDocker for Ruby Developers
Docker for Ruby Developers
Aptible
 
Vagrant or docker for java dev environment
Vagrant or docker for java dev environmentVagrant or docker for java dev environment
Vagrant or docker for java dev environment
Orest Ivasiv
 
Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부
Hyun-Mook Choi
 
Deployment Automation with Docker
Deployment Automation with DockerDeployment Automation with Docker
Deployment Automation with Docker
Egor Pushkin
 
Into to Docker (Central PA Java User Group - 8/14/2017)
Into to Docker (Central PA Java User Group - 8/14/2017)Into to Docker (Central PA Java User Group - 8/14/2017)
Into to Docker (Central PA Java User Group - 8/14/2017)
Mike Melusky
 
Environment
EnvironmentEnvironment
Environment
Masters Academy
 
Deep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKDeep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UK
José Paumard
 
Tips pour sécuriser ses conteneurs docker/podman
Tips pour sécuriser ses conteneurs docker/podmanTips pour sécuriser ses conteneurs docker/podman
Tips pour sécuriser ses conteneurs docker/podman
Thierry Gayet
 
Infrastructure = code - 1 year later
Infrastructure = code - 1 year laterInfrastructure = code - 1 year later
Infrastructure = code - 1 year later
Christian Ortner
 
Docker for developers z java
Docker for developers z javaDocker for developers z java
Docker for developers z java
andrzejsydor
 
Instrumentación de entrega continua con Gitlab
Instrumentación de entrega continua con GitlabInstrumentación de entrega continua con Gitlab
Instrumentación de entrega continua con Gitlab
Software Guru
 

Similar to DockerCon EU 2018 - Dockerfile Best Practices (20)

Docker for developers on mac and windows
Docker for developers on mac and windowsDocker for developers on mac and windows
Docker for developers on mac and windows
 
Optimizing Spring Boot apps for Docker
Optimizing Spring Boot apps for DockerOptimizing Spring Boot apps for Docker
Optimizing Spring Boot apps for Docker
 
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
PuppetConf 2016: The Challenges with Container Configuration – David Lutterko...
 
Challenges of container configuration
Challenges of container configurationChallenges of container configuration
Challenges of container configuration
 
Docker
DockerDocker
Docker
 
Pluralsight Webinar: Simplify Your Project Builds with Docker
Pluralsight Webinar: Simplify Your Project Builds with DockerPluralsight Webinar: Simplify Your Project Builds with Docker
Pluralsight Webinar: Simplify Your Project Builds with Docker
 
Docker best practices
Docker best practicesDocker best practices
Docker best practices
 
Gdg cloud taipei ddt meetup #53 buildpack
Gdg cloud taipei ddt meetup #53 buildpackGdg cloud taipei ddt meetup #53 buildpack
Gdg cloud taipei ddt meetup #53 buildpack
 
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth Rushgrove
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth RushgroveThe Dockerfile Explosion and the Need for Higher Level Tools by Gareth Rushgrove
The Dockerfile Explosion and the Need for Higher Level Tools by Gareth Rushgrove
 
Docker for Ruby Developers
Docker for Ruby DevelopersDocker for Ruby Developers
Docker for Ruby Developers
 
Vagrant or docker for java dev environment
Vagrant or docker for java dev environmentVagrant or docker for java dev environment
Vagrant or docker for java dev environment
 
Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부Fargate 를 이용한 ECS with VPC 1부
Fargate 를 이용한 ECS with VPC 1부
 
Deployment Automation with Docker
Deployment Automation with DockerDeployment Automation with Docker
Deployment Automation with Docker
 
Into to Docker (Central PA Java User Group - 8/14/2017)
Into to Docker (Central PA Java User Group - 8/14/2017)Into to Docker (Central PA Java User Group - 8/14/2017)
Into to Docker (Central PA Java User Group - 8/14/2017)
 
Environment
EnvironmentEnvironment
Environment
 
Deep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UKDeep Dive Java 17 Devoxx UK
Deep Dive Java 17 Devoxx UK
 
Tips pour sécuriser ses conteneurs docker/podman
Tips pour sécuriser ses conteneurs docker/podmanTips pour sécuriser ses conteneurs docker/podman
Tips pour sécuriser ses conteneurs docker/podman
 
Infrastructure = code - 1 year later
Infrastructure = code - 1 year laterInfrastructure = code - 1 year later
Infrastructure = code - 1 year later
 
Docker for developers z java
Docker for developers z javaDocker for developers z java
Docker for developers z java
 
Instrumentación de entrega continua con Gitlab
Instrumentación de entrega continua con GitlabInstrumentación de entrega continua con Gitlab
Instrumentación de entrega continua con Gitlab
 

Recently uploaded

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 

Recently uploaded (20)

Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 

DockerCon EU 2018 - Dockerfile Best Practices

  • 1. Tibor Vass Docker, Inc. Dockerfile Best Practices Sebastiaan van Stijn Docker, Inc. @tiborvass @thaJeztah
  • 2. Dockerfile A blueprint to build Docker images Popular: 1+ million Dockerfiles on GitHub
  • 4. Use latest Docker, enable BuildKit today! Docker client: export DOCKER_BUILDKIT=1 Docker daemon config: { "features": {"buildkit": true} } Windows support coming soon
  • 6. image: template to instantiate running containers. References list of filesystem layers layer: a list of changes to a rootfs copy-on-write filesystem: allows smaller disk usage Quick refresher on Images
  • 7. Quick refresher on Build Parse Dockerfile and get build steps to perform build caching: no need to perform build steps where files or RUN line have not changed, reuse cached layers build context: local files that can be copied to the image
  • 9. - Consistency/Repeatability - (Incremental) build time - Image size - Maintainability Areas of improvements
  • 10. -rw-r--r-- 1 656 Dec 4 12:20 Dockerfile drwxr-xr-x 2 6.1M Dec 4 09:44 docs/ -rw-r--r-- 1 1.7K Dec 3 09:48 pom.xml -rw-r--r-- 1 1.0K Dec 4 10:12 README.md drwxr-xr-x 4 44K Dec 3 09:48 src/ drwxr-xr-x 2 17M Dec 4 09:50 target/ Basic Java Spring Hello world web app Example project
  • 11. FROM debian COPY . /app RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh emacs CMD ["java", "-jar", "/app/target/app.jar"] Let’s improve this Dockerfile
  • 12. Let’s improve this Dockerfile FROM debian COPY . /app RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh emacs vim CMD ["java", "-jar", "/app/target/app.jar"]
  • 13. Order matters for caching FROM debian COPY . /app RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim COPY . /app CMD ["java", "-jar", "/app/target/app.jar"]
  • 14. Order matters for caching FROM debian RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim COPY . /app CMD ["java", "-jar", "/app/target/app.jar"]
  • 15. More specific COPY to limit cache bust FROM debian RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim COPY . /app COPY target/app.jar /app CMD ["java", "-jar", "/app/target/app.jar"]
  • 16. More specific COPY to limit cache bust FROM debian RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"] Pro Tip! Use COPY, not ADD for local files
  • 17. More specific COPY to limit cache bust FROM debian RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 18. Identify cacheable "units" FROM debian RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 19. Line buddies: apt-get update & install FROM debian RUN apt-get update RUN apt-get -y install openjdk-8-jdk ssh vim RUN apt-get update && apt-get -y install openjdk-8-jdk ssh vim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 20. Line buddies: apt-get update & install FROM debian RUN apt-get update && apt-get -y install openjdk-8-jdk ssh vim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 21. Remove unnecessary dependencies FROM debian RUN apt-get update && apt-get -y install openjdk-8-jdk ssh vim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 22. Remove unnecessary dependencies FROM debian RUN apt-get update && apt-get -y install openjdk-8-jdk COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 23. Use --no-install-recommends FROM debian RUN apt-get update && apt-get -y install --no-install-recommends openjdk-8-jdk COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 24. Remove package manager cache FROM debian RUN apt-get update && apt-get -y install --no-install-recommends openjdk-8-jdk && rm -rf /var/lib/apt/lists/* COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 25. Remove package manager cache FROM debian RUN apt-get update && apt-get -y install --no-install-recommends openjdk-8-jdk && rm -rf /var/lib/apt/lists/* COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 26. Reuse official images when possible FROM debian RUN apt-get update && apt-get -y install --no-install-recommends openjdk-8-jdk && rm -rf /var/lib/apt/lists/* FROM openjdk COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 27. Reuse official images when possible - Reduce time spent on maintenance (frequently updated with fixes) - Reduce size (shared layers between images) - Pre-configured for container use - Built by smart people - Bonus: scanned for vulnerabilities on Docker Hub
  • 28. Reuse official images when possible FROM openjdk COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 29. Use more specific tags FROM openjdk:latest FROM openjdk:8 COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 30. Use more specific tags FROM openjdk:8 COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 31. Use more specific tags Read the image's documentation on Docker Hub https://hub.docker.com/_/openjdk
  • 32. Use more specific tags FROM openjdk:8-jre COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 33. Use more specific tags FROM openjdk:8-jre COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 34. Look for minimal flavors FROM openjdk:8-jre-slim COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 35. Look for minimal flavors FROM openjdk:8-jre-slim FROM openjdk:8-jre-alpine COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 36. Look for minimal flavors REPOSITORY TAG SIZE openjdk 8 624MB openjdk 8-jre 443MB openjdk 8-jre-slim 204MB openjdk 8-jre-alpine 83MB
  • 37. Look for minimal flavors FROM openjdk:8-jre-alpine COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 38. Look for reproducibility FROM openjdk:8-jre-alpine COPY target/app.jar /app CMD ["java", "-jar", "/app/app.jar"]
  • 39. Build from source in a consistent environment - Build environment is described in the Dockerfile - Correct versions of build tools installed - Prevent inconsistencies between environments - There may be system dependencies - The "source of truth" is the source code not the build artifact
  • 40. Build from source in a consistent environment FROM openjdk:8-jre-alpine FROM maven:3.6-jdk-8-alpine COPY app.jar /app COPY pom.xml /app/ COPY src /app/src RUN cd /app && mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
  • 41. Build from source in a consistent environment FROM maven:3.6-jdk-8-alpine COPY pom.xml /app/ COPY src /app/src RUN cd /app && mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
  • 42. Build from source in a consistent environment FROM maven:3.6-jdk-8-alpine WORKDIR /app COPY pom.xml /app/. COPY src /app./src RUN cd /app && mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
  • 43. Build from source in a consistent environment FROM maven:3.6-jdk-8-alpine WORKDIR /app COPY pom.xml . COPY src ./src RUN mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
  • 44. Cache dependencies FROM maven:3.6-jdk-8-alpine WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
  • 45. Cache dependencies FROM maven:3.6-jdk-8-alpine WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
  • 46. Identify build dependencies FROM maven:3.6-jdk-8-alpine WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package CMD ["java", "-jar", "/app/app.jar"]
  • 47. Multi-stage builds to remove build deps FROM maven:3.6-jdk-8-alpine WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package
  • 48. FROM maven:3.6-jdk-8-alpine AS builder WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package CMD ["java", "-jar", "/app/app.jar"] FROM openjdk:8-jre-alpine COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] Multi-stage builds to remove build deps
  • 49. FROM maven:3.6-jdk-8-alpine AS builder WORKDIR /app COPY pom.xml . RUN mvn -e -B dependency:resolve COPY src ./src RUN mvn -e -B package FROM openjdk:8-jre-alpine COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] Multi-stage builds to remove build deps
  • 50. - Moby: 16 stages https://github.com/moby/moby/blob/master/Dockerfil e - BuildKit: 44 stages https://github.com/moby/buildkit/blob/master/hack/d ockerfiles/test.buildkit.Dockerfile Projects with many stages
  • 51. - Separate build from runtime environment (shrinking image size) - Slight variations on images - DRY (Don’t Repeat Yourself) - Build/dev/test/lint environments - Concurrent stages - Platform-specific stages Multi-stage usecases
  • 52. FROM maven:3.6-jdk-8-alpine AS builder ... FROM openjdk:8-jre-jessie AS release-jessie COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] FROM openjdk:8-jre-alpine AS release-alpine COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] docker build --target X
  • 53. FROM maven:3.6-jdk-8-alpine AS builder ... FROM openjdk:8-jre-jessie AS release-jessie COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] FROM openjdk:8-jre-alpine AS release-alpine COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] docker build --target X
  • 54. FROM maven:3.6-jdk-8-alpine AS builder ... FROM openjdk:8-jre-jessie AS release-jessie COPY --from=builder /app/app.jar / CMD ["java", "-jar", "/app.jar"] FROM openjdk:8-jre-alpine AS release-alpine COPY --from=builder /app/app.jar / CMD ["java", "-jar", "/app.jar"] docker build --target X
  • 55. ARG flavor=alpine FROM maven:3.6-jdk-8-alpine AS builder ... FROM openjdk:8-jre-$flavor AS release COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] Global ARG: docker build --build-arg K=V
  • 56. FROM maven:3.6-jdk-8-alpine AS builder ... FROM openjdk:8-jre-alpine AS lint RUN wget https://github.com/checkstyle/checkstyle/releases/download/checkstyle-8.15/checkstyle-8.15-all.jar COPY checks.xml . COPY src /src RUN java -jar checkstyle-8.15-all.jar -c checks.xml /src Various environments: build, dev, test, lint, ...
  • 57. FROM maven:3.6-jdk-8-alpine AS builder ... FROM openjdk:8-jre-alpine AS release COPY --from=builder /app/target/app.jar / CMD ["java", "-jar", "/app.jar"] FROM builder AS dev RUN apk add --no-cache strace ENTRYPOINT ["ash"] Various environments: build, dev, test, lint, ...
  • 58. FROM maven:3.6-jdk-8-alpine AS builder ... RUN mvn -e -B package -DskipTests FROM builder AS unit-test RUN mvn -e -B test FROM release AS integration-test RUN apk add --no-cache curl RUN ./test/run.sh Various environments: build, dev, test, lint, ...
  • 59. FROM maven:3.6-jdk-8-alpine AS builder ... FROM tiborvass/whalesay AS assets RUN whalesay "¡Hola DockerCon!" > /out/assets.html FROM openjdk:8-jre-alpine AS release COPY --from=builder /app/app.jar / COPY --from=assets /out /assets CMD ["java", "-jar", "/app.jar"] Multi-stage: build concurrently
  • 60. Benchmarks Based on github.com/moby/moby Dockerfile, master branch. Smaller is better. Time for full build from empty state 2.0x faster
  • 61. Benchmarks Based on github.com/moby/moby Dockerfile, master branch. Smaller is better. Repeated build with matching cache 7.2x faster
  • 62. Benchmarks Based on github.com/moby/moby Dockerfile, master branch. Smaller is better. Repeated build with new source code 2.5x faster
  • 64. “Supercharged Docker Build with BuildKit” BlackBelt session Wednesday 12pm - What’s new - New Dockerfile features (RUN --mount, secrets, ssh, syntax customization)
  • 65. # syntax = docker/dockerfile:1.0-experimental # syntax=docker/dockerfile:1.0-experimental FROM maven:3.6-jdk-8-alpine AS builder WORKDIR /app COPY . /app RUN mvn -e -B package FROM openjdk:8-jre-alpine COPY --from=builder /app/app.jar / CMD ["java", "-jar", "/app.jar"]
  • 66. Context mounts (v18.09 only) # syntax=docker/dockerfile:1.0-experimental FROM maven:3.6-jdk-8-alpine AS builder WORKDIR /app COPY . /app RUN --mount=target=. mvn -e -B package -DoutputDirectory=/ FROM openjdk:8-jre-alpine COPY --from=builder /app/app.jar / CMD ["java", "-jar", "/app.jar"]
  • 67. Context mounts (v18.09 only) # syntax=docker/dockerfile:1.0-experimental FROM maven:3.6-jdk-8-alpine AS builder WORKDIR /app RUN --mount=target=. mvn -e -B package -DoutputDirectory=/ FROM openjdk:8-jre-alpine COPY --from=builder /app.jar / CMD ["java", "-jar", "/app.jar"]
  • 68. Application cache (v18.09 only) # syntax=docker/dockerfile:1.0-experimental FROM maven:3.6-jdk-8-alpine AS builder WORKDIR /app RUN --mount=target=. --mount=type=cache,target=/root/.m2 && mvn package -DoutputDirectory=/ FROM openjdk:8-jre-alpine COPY --from=builder /app.jar / CMD ["java", "/app.jar"]
  • 69. We went from: - inconsistent build/dev/test environments - bloated image - slow build and incremental build times (cache busts) To: - consistent build/dev/test environments - minimal image - very fast build and incremental build times Improvements recap
  • 70. Read more on blog posts https://medium.com/@tonistiigi/advance d-multi-stage-build-patterns-6f741b852f ae https://medium.com/@tonistiigi/build-secrets-a nd-ssh-forwarding-in-docker-18-09-ae8161d06 6
  • 71. • Multi-stage, multi-stage, multi-stage • Enable BuildKit • Supercharged Docker Build with BuildKit in BlackBelt session on Wednesday at 12pm Thank you!
  • 72. Take A Breakout Survey Access your session and/or workshop surveys for the conference at any time by tapping the Sessions link on the navigation menu or block on the home screen. Find the session/workshop you attended and tap on it to view the session details. On this page, you will find a link to the survey.