Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- FROM golang:1.11-alpine AS build
- WORKDIR /src/
- COPY main.go go.* /src/
- RUN CGO_ENABLED=0 go build -o /bin/demo
- FROM scratch
- COPY --from=build /bin/demo /bin/demo ENTRYPOINT ["/bin/demo"]
- # p.53 of 344
- # The exact details of how this works don’t matter for now, but it uses a fairly standard build process for Go containers called multi-stage builds.
- # The first stage starts from an official golang container image, which is just an operating system (in this case Alpine Linux) with the Go language environment installed.
- # It runs the go build command to compile the main.go file we saw earlier.
- # The result of this is an executable binary file named demo. The second stage takes a completely empty container image (called a scratch image, as in from scratch)
- # and copies the demo binary into it.
- # Minimal Container Images
- # Why the second build stage? Well, the Go language environment, and the rest of Alpine Linux, is really only needed in order to build the program.
- # To run the pro‐ gram, all it takes is the demo binary, so the Dockerfile creates a new scratch container to put it in. The resulting image is very small (about 6 MiB)—and
- # that’s the image that can be deployed in production.
- # Without the second stage, you would have ended up with a container image about 350 MiB in size, 98% of which is unnecessary and will never be executed.
- # The smaller the container image, the faster it can be uploaded and downloaded, and the faster it will be to start up.
- # Minimal containers also have a reduced attack surface for security issues. The fewer programs there are in your container, the fewer potential vulnerabilities.
- # Because Go is a compiled language that can produce self-contained executables, it’s ideal for writing minimal (scratch) containers.
- # By comparison, the official Ruby con‐ tainer image is 1.5 GiB; about 250 times bigger than our Go image, and that’s before you’ve added your Ruby program!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement