📦 Docker 🐳

Multistage + distroless go brrrrr

Pablo COVES

Human Talks :: 2023-05-09

Virtualization VS Containerization

Virtualization

Containerization

Docker

  • ⚠️ Daemon with root privileges
  • 🏗️ Build to create an image
  • 🏃 Run to play wit it
  • 📌 Push to share with the world

Dockerfile

FROM $image:$version

COPY $host $container

RUN $commands

ENTRYPOINT $program
CMD $arguments

Base image

FROM rust:latest

COPY . /demo
WORKDIR /demo

RUN cargo build --release

ENTRYPOINT ["/demo/target/release/demo"]

1.4GB

Multistage

FROM rust:latest as build
COPY . /demo
WORKDIR /demo
RUN cargo build --release

FROM debian:bookworm-slim

COPY --from=build /demo/target/release/demo /usr/local/bin/demo

ENTRYPOINT ["/usr/local/bin/demo"]

75MB

Distroless

FROM rust:latest as build
COPY . /demo
WORKDIR /demo
RUN cargo build --release

FROM gcr.io/distroless/cc

COPY --from=build /demo/target/release/demo ./demo

ENTRYPOINT ["./demo"]

23.1MB

Scratch

FROM rust:latest as build
COPY . /demo
WORKDIR /demo

RUN rustup target add x86_64-unknown-linux-musl
RUN cargo install --target x86_64-unknown-linux-musl --path .

FROM scratch
COPY --from=build /usr/local/cargo/bin/demo ./demo
ENTRYPOINT ["./demo"]

412kB

Conclusion

  • Smaller assets (and by a lot!)
  • Better security (and by a lot!)
  • No silver bullet

Questions ?

https://pcoves.gitlab.io/human-talks_docker