10 best practices to containerize Node.js web applications with Docker

Solid list of tips by the folks over at Snyk: By the time you’re at number 8 your mind may have dwelled, but don’t skip out on that step though! It not only allows you to build smaller images but also prevents you from having unnecessary files (read: security risks) left inside your container. Basically …

`dive` – A tool for exploring a Docker Image, Layer Contents, and discovering ways to shrink the size of your Docker/OCI Image

You can use dive to help you optimize your Docker image layers. Say you have these two layers in your Dockerfile: RUN wget http://xcal1.vodafone.co.uk/10MB.zip -P /tmp RUN rm /tmp/10MB.zip Then you’ll end up with 10MB of wasted space. dive will tell you, so that you can combine these into one optimized layer: RUN wget http://xcal1.vodafone.co.uk/10MB.zip …

How are Docker Layers bundled into Docker Images?

It’s impossible to work with docker containers without docker images. In this post I want to talk about what makes docker images possible: the overlay filesystems. Interesting to know how things work behind the scenes. How are docker images built? A look into the Linux overlay file-systems and the OCI specification →

Speed up your Docker builds in Google Cloud Build with Kaniko Cache

When building Docker images locally it will leverage its build cache: When building an image, Docker steps through the instructions in your Dockerfile, executing each in the order specified. As each instruction is examined, Docker looks for an existing image in its cache that it can reuse, rather than creating a new (duplicate) image. Therefore …

Easily Build and push Docker images with the `build-push-action` GitHub Action

The Docker folks have released their first GitHub Action build-push-action which builds and pushes Docker images and will log in to a Docker registry if required. Building and pushing an image becomes really easy: uses: docker/build-push-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} repository: myorg/myrepository tags: latest Amongst other options you can also …

Going Serverless with Google Cloud Run

Recently I was invited as a speaker to Full Stack Ghent and PHP-WVL. At both events I brought a new talk called “Going Serverless with Google Cloud Run”. Cloud Run is a fully managed compute platform by Google that automatically scales stateless containers. By abstracting away all infrastructure management, us developers can focus on what …

Delete untagged image refs in Google Container Registry, as a service, with gcr-cleaner

GCR Cleaner deletes untagged images in Google Container Registry. This can help reduce costs and keep your container images list in order. GCR Cleaner is designed to be deployed as a Cloud Run service and invoked periodically via Cloud Scheduler. Clever! All commands to install this one are provided. gcr-cleaner →

How to build smaller Docker images

When you’re building a Docker image it’s important to keep the size under control. Having small images means ensuring faster deployment and transfers. Wish I had found this post before I started playing with Docker, as it is packed with solid advice which I found out “along the way” myself. In short: Find the right …

Reverse-engineer a Dockerfile from a Docker image with dfimage

Might come in handy: Similar to how the docker history command works, this Python script is able to re-create the Dockerfile (approximately) that was used to generate an image using the metadata that Docker stores alongside each image layer. $ docker pull laniksj/dfimage Using default tag: latest latest: Pulling from dfimage $ alias dfimage=”docker run …