How bad/terrible is this docker image? (Click here to see it.) - eviltoast

Title. Just wondering if I did something bad/terrible with it. Link is @ title. Check the image tag @ its repo to see how it was built. And before someone asks… the Docker lemmy community is really dead so I had to resort to you guys. Sorry, I guess.

And thanks in advance.

  • GustavoM@lemmy.worldOP
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    copying in key elements from the host machine

    Not from the host machine, but from the official nginx image ( nginx:mainline-alpine3.18-slim ). And what it (basically) does is separate the essential commands/files inside a scratch image and gives every command a custom username tag.

    Still, I appreciate your input.

    • lidstah@lemmy.sdf.org
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      1 year ago

      A bit late but you might want to have a look at docker multi-stage build documentation which does exactly what you did (start from a base image then copying stuff from it to your own image), something like that:

      FROM someimage:sometag AS build
      [do stuff]
      FROM minimalimage:someothertag
      COPY --from=build /some/file /some/other/file
      [and so on]
      USER somebody
      CMD ["/path/somecommand"]
      

      Which will simplify building new images against newer “build” image newer tags easier.

      btw, you were quite creative on this one! You also might want to have a look at the distroless image, the goal being to only have the bare minimum to run your application in the image: your executable and its runtime dependencies.

      • GustavoM@lemmy.worldOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Now you’ve confused me a little bit – is there any difference between a scratch and a distroless image? Aren’t they (technically) the same thing?

        That aside, thank you for your input and compliment.

        • lidstah@lemmy.sdf.org
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          You’re welcome! scratch and distroless are indeed basically the same thing, scratch being the ‘official’ docker minimal image while distroless is from google - as I’m more a Kubernetes user (at home and at work) than a Docker user, I tend to think about distroless first :) - my apologies if my comment was a bit confusing on this matter.

          By the way, have fun experimenting with docker (or podman), it’s interesting, widely used both in selfhosting and professional environments, and it’s a great learning experience - and a good way to pass time during these long winter evenings :)

          • GustavoM@lemmy.worldOP
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Oh, I see. Thanks for clarifying. And I’ve got to admit that “dockerizing” everything is a fun process indeed. :P