Docker Optimization Techniques: Multi Stage build and Distroless image
In the fast-evolving landscape of containerization, optimizing Docker images has become a crucial aspect of efficient software deployment. Two techniques that have gained prominence for their ability to streamline container images are Docker multi-stage builds and the adoption of distroless images. These methodologies not only enhance the performance and security of containerized applications but also contribute to a more resource-efficient and scalable deployment process. In this blog, we’ll explore the advantages of leveraging Docker multi-stage builds and distroless images, uncovering how these practices empower developers to create leaner, more secure, and highly optimized containerized applications.
If you don’t know the docker basics, please refer this article and once when you know the basics then comes on this article.
Multi-Stage build in Docker
Now, here comes Docker’s superhero move — multi-stage builds. It’s like having two rooms — one for building and one for running your app. In the build room, you gather all the tools and ingredients you need — Ubuntu, dependencies, everything. Then, in the runtime room, you strip away the extras and keep only what your app really needs. This way, you get a Docker image that’s not weighed down with unnecessary stuff, making your Python calculator container sleek and ready. It’s like ordering exactly what you want — no extra snacks, just the main deal.
How does Docker multi stage build works ?
I have a Calculator app which is written in go language, Let’s build image of this app using docker single stage build :
Now, you will notice the image size :
It is around 861 MB for a simple calculator which is quite high. Now building the same image using Multistage Build :
Now, checking the size of image :
By utilizing multi-stage builds, we were able to dramatically reduce the Docker image size from 861 MB to a mere 1.83 MB, demonstrating the effectiveness of this approach in creating lean and efficient Docker containers.
Distroless images in Docker :
Distroless images are a type of Docker image that is designed to be as small and secure as possible. They achieve this by removing all unnecessary components from the image, including the package manager, shell, and any other programs that are not strictly required for running the application. This makes them ideal for use in production environments where security and efficiency are paramount. Note that distroless images by default do not contain a shell.
Simple Code Example of Multi Stage Build + Distroless Image using :
# Stage 1: Build the application
FROM python:3.11 AS builder
WORKDIR /app
COPY requirements.txt .
RUN pip install -r requirements.txt
COPY . .
RUN python -m venv /app/venv
RUN /app/venv/bin/python setup.py install
# Stage 2: Create a slim production image
FROM gcr.io/distroless/static-debian11:nonroot
WORKDIR /app
COPY --from=builder /app/venv/bin/python .
COPY --from=builder /app/app .
ENTRYPOINT ["/app/venv/bin/python", "app.py"]If you want to learn about Docker commands used to make Dockerfile, please refer the documentation here.
I hope you grasped the principles of multi-stage builds and the significance of using Distroless images for achieving smaller and more secure containers. Thank you for your attention to this article.