Docker Image Optimization

Small and secure Docker images enable faster deployment and reduced attack surface.

Base Image Selection

# BAD - Full OS image (800MB+)
FROM ubuntu:22.04

GOOD - Minimal image (5MB)
FROM alpine:3.18
BEST - Distroless (security)
FROM gcr.io/distroless/static-debian12

Multi-stage Build

FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build

FROM node:18-alpine
WORKDIR /app
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
USER appuser
COPY --from=builder --chown=appuser:appgroup /app/dist ./dist
COPY --from=builder --chown=appuser:appgroup /app/node_modules ./node_modules
EXPOSE 3000
CMD ["node", "dist/index.js"]

Security Best Practices

# Non-root user
USER 1000:1000

Read-only filesystem
docker run --read-only --tmpfs /tmp myapp
Security scanning
trivy image myimage:latest

Conclusion

Optimized images can achieve up to 80% size reduction and reduce security risks.