Day 7-13 Optimization of Docker Image

Aditya TiwaryAditya Tiwary
2 min read

Optimizing a Dockerfile is crucial for improving build speed, image size, and container performance. Here’s a breakdown of various steps to optimize your Dockerfile:


🧱 1. Use Multi-Stage Builds

Purpose: Reduce final image size by separating build and runtime environments.

Example:

DockerfileCopyEdit# Stage 1: Build
FROM node:18 AS builder
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build

# Stage 2: Production
FROM nginx:alpine
COPY --from=builder /app/dist /usr/share/nginx/html

✅ Only production artifacts go into the final image.


📦 2. Choose the Right Base Image

Smaller is better (Alpine > Debian > Ubuntu):

  • Use Alpine (python:3.11-alpine, node:18-alpine) when possible.

  • Use distroless images for security and minimal size.

DockerfileCopyEditFROM node:18-alpine

📁 3. Minimize Layers

Each RUN, COPY, or ADD creates a new layer. Combine commands where appropriate:

DockerfileCopyEdit# Bad
RUN apt-get update
RUN apt-get install -y curl

# Good
RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*

🧹 4. Clean Up After Installations

Remove temp files, package caches, and build artifacts in the same RUN command:

DockerfileCopyEditRUN apt-get update && \
    apt-get install -y build-essential && \
    make && make install && \
    apt-get purge -y build-essential && \
    apt-get autoremove -y && \
    rm -rf /var/lib/apt/lists/*

📤 5. Use .dockerignore File

Avoid copying unnecessary files like node_modules, .git, logs, tests, etc.

.dockerignore example:

nginxCopyEditnode_modules
.git
*.log
tests/

⏱ 6. Leverage Docker Cache Effectively

Order Dockerfile instructions from least to most likely to change to make best use of cache.

DockerfileCopyEdit# Good caching
COPY package*.json ./
RUN npm install
COPY . .

Changing code frequently? Put that lower in the Dockerfile.


⚙️ 7. Use Specific Versions

Avoid latest tags to ensure consistency and reproducibility:

DockerfileCopyEditFROM python:3.11.5-alpine

📌 8. Pin Dependency Versions

Whether it's apt packages, pip, npm, or others, pin their versions to ensure consistent builds.

DockerfileCopyEditRUN apt-get install -y curl=7.68.0-1ubuntu2.18

🐳 9. Use Labels for Metadata

For clarity and maintainability:

DockerfileCopyEditLABEL maintainer="you@example.com" \
      version="1.0" \
      description="My optimized image"

🔐 10. Security Best Practices

  • Avoid running as root:

      DockerfileCopyEditRUN adduser --disabled-password myuser
      USER myuser
    
  • Use distroless images for minimal attack surface.

  • Regularly scan your image using tools like docker scan, Trivy, or Snyk.


🛠 11. Tools to Audit/Analyze Dockerfile

  • hadolint: Linter for Dockerfiles.

  • dive: Analyze Docker image layers.

  • docker-slim: Minify images.

0
Subscribe to my newsletter

Read articles from Aditya Tiwary directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Aditya Tiwary
Aditya Tiwary