Finished Section 3. Building Docker Images

This commit is contained in:
Jason Zhu 2020-11-29 16:34:15 +11:00
parent 07bc28b276
commit 0e86fdd4d3
2 changed files with 37 additions and 0 deletions

View File

@ -194,3 +194,32 @@ USER 1000
## Multi-project Docker files
> It was actually very common to have one Dockerfile to use for development (which contained everything needed to build your application), and a slimmed-down one to use for production, which only contained your application and exactly what was needed to run it. This has been referred to as the “builder pattern”. Maintaining two Dockerfiles is not ideal.
> With multi-stage builds, you use multiple FROM statements in your Dockerfile. Each FROM instruction can use a different base, and each of them begins a new stage of the build. You can selectively copy artifacts from one stage to another, leaving behind everything you dont want in the final image.
```dockerfile
FROM ubuntu:16.04 as builder
RUN apt-get -y update
RUN apt-get -y install curl
RUN curl https://google.com | wc -c > google-size
FROM alpine
COPY --from=builder /google-size /google-size
ENTRYPOINT echo google is this big; cat google-size
```
## Avoid golden images
Golden images: legacy of previous developer that nobody dare to modify
### Preventing the Golden Image Problem
* Include installers in the project. If any dependencies needed for building the image, check it in image
* Have a canonical (权威) build system that builds everything from scratch.
* From a base image
* Build until final stage
* Tag builds with git has of the code that built it
* Use small base images, e.g. Alpine
* Build images you share publicly from Dockerfiles, always
* Don't leave password in layers.

View File

@ -0,0 +1,8 @@
FROM ubuntu:16.04 as builder
RUN apt-get -y update
RUN apt-get -y install curl
RUN curl https://google.com | wc -c > google-size
FROM alpine
COPY --from=builder /google-size /google-size
ENTRYPOINT echo google is this big; cat google-size