Day 7-13 Optimization of Docker Image


Optimizing a Dockerfile is crucial for improving build speed, image size, and container performance. Here’s a breakdown of various steps to optimize your Dockerfile:
🧱 1. Use Multi-Stage Builds
Purpose: Reduce final image size by separating build and runtime environments.
Example:
DockerfileCopyEdit# Stage 1: Build
FROM node:18 AS builder
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build
# Stage 2: Production
FROM nginx:alpine
COPY --from=builder /app/dist /usr/share/nginx/html
✅ Only production artifacts go into the final image.
📦 2. Choose the Right Base Image
Smaller is better (Alpine > Debian > Ubuntu):
Use Alpine (
python:3.11-alpine
,node:18-alpine
) when possible.Use
distroless
images for security and minimal size.
DockerfileCopyEditFROM node:18-alpine
📁 3. Minimize Layers
Each RUN
, COPY
, or ADD
creates a new layer. Combine commands where appropriate:
DockerfileCopyEdit# Bad
RUN apt-get update
RUN apt-get install -y curl
# Good
RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*
🧹 4. Clean Up After Installations
Remove temp files, package caches, and build artifacts in the same RUN
command:
DockerfileCopyEditRUN apt-get update && \
apt-get install -y build-essential && \
make && make install && \
apt-get purge -y build-essential && \
apt-get autoremove -y && \
rm -rf /var/lib/apt/lists/*
📤 5. Use .dockerignore
File
Avoid copying unnecessary files like node_modules
, .git
, logs
, tests
, etc.
.dockerignore
example:
nginxCopyEditnode_modules
.git
*.log
tests/
⏱ 6. Leverage Docker Cache Effectively
Order Dockerfile instructions from least to most likely to change to make best use of cache.
DockerfileCopyEdit# Good caching
COPY package*.json ./
RUN npm install
COPY . .
Changing code frequently? Put that lower in the Dockerfile.
⚙️ 7. Use Specific Versions
Avoid latest
tags to ensure consistency and reproducibility:
DockerfileCopyEditFROM python:3.11.5-alpine
📌 8. Pin Dependency Versions
Whether it's apt packages, pip, npm, or others, pin their versions to ensure consistent builds.
DockerfileCopyEditRUN apt-get install -y curl=7.68.0-1ubuntu2.18
🐳 9. Use Labels for Metadata
For clarity and maintainability:
DockerfileCopyEditLABEL maintainer="you@example.com" \
version="1.0" \
description="My optimized image"
🔐 10. Security Best Practices
Avoid running as root:
DockerfileCopyEditRUN adduser --disabled-password myuser USER myuser
Use
distroless
images for minimal attack surface.Regularly scan your image using tools like
docker scan
, Trivy, or Snyk.
🛠 11. Tools to Audit/Analyze Dockerfile
hadolint
: Linter for Dockerfiles.dive
: Analyze Docker image layers.docker-slim
: Minify images.
Subscribe to my newsletter
Read articles from Aditya Tiwary directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
