Nick Joyce popular tutorial explaining how to keep Docker containers size to a minimum. The fewer bytes you have to shunt over the network or store on disk, the better. Keeping the size down generally means it is faster to build and deploy your container.
Each container should contain the application code, language-specific dependencies, OS dependencies and that’s it.
If you have tools like gcc inside a container that is deployed to production, then an attacker with shell access can easily build tools to access other internal systems.
These topics are explained in tutorial:
- Different images for development and production
- Layer caching
- Cached dependencies
- Multistage builds
The tutorial also explains that minimalism is important but too small can be harmful as well. You could build all containers from scratch, but that means you have to deal with low-level OS primitives like shell, cat, find, etc. Nice one!
[Read More]