4 Ways to Enhance Your Dockerfiles
Ten years ago, Docker released its first version of what democratized container technology. According to a recent survey, it is still the most used software package technology, with Maven and NPM listed as second and third, respectively. To celebrate the anniversary of the Docker container technology, let’s explore four areas — and their associated open source tools — where developers can better use Dockerfiles and images.
Lint Your Dockerfiles
I’ve always liked to use linters, which ensures that your work is perfect and gives the satisfaction of seeing a green check mark after all the little details are adjusted. We, humans, tend to forget things and make typos. That’s where linters come to the rescue.
Hadolint is one of the most popular open source linters for Dockerfiles. A linter examines a Dockerfile for errors. It uses a set of predefined rules — the complete list is available here — to analyze your Dockerfile and provide recommendations for improving its syntax style, efficiency and consistency.
Hadolint checks for issues such as using the latest tag, incorrect syntax and unnecessary instructions. You can also bring in your own custom rules or ignore predefined rules that don’t apply to your use case. Hadolint is easy and quick to run from your command line interface, and it runs on Linux and Windows.
Run a Security Audit on Them
The Snyk 2022 Container Security Trends report found that 46% of respondents mentioned security being a bottleneck that slows the speed of cloud deployment. And while container-based distributed architectures can provide benefits such as increased scalability, flexibility and fault tolerance, they also introduce new security challenges that need to be addressed.
Dockle is an open source tool that performs security-focused analysis on Docker images and Dockerfiles. It analyzes various aspects of the image build, such as ensuring the use of trusted base images, the exclusion of unnecessary packages and that security patches have been applied. It also checks for configuration-related issues such as unnecessarily exposed ports, the use of the root user and the storage of secrets. This tool fits well in a shipping pipeline and can help ensure that Docker images are secure.
Build and Update Them
Building Docker images is an art, and while some have been doing it for a decade, there is a constant flow of newcomers. The recent platform engineering movement was clear about one thing: the fewer Ops tasks developers can do, the better. And the responsibility of writing Dockerfiles often ends up with developers who may not have the knowledge to do it properly.
Paketo Buildpacks are a collection of open source Cloud Native Buildpacks that transform your application source code into images that can run on Docker runtimes. These images can even be built without the need for Dockerfiles.
With a single command, the tool will automatically detect your application language and automatically build a Docker container image that fits production requirements, including dependencies, language runtimes and other components. It supports popular programming languages such as Golang, Java, Node.js, Python, Ruby and PHP. Paketo isn’t only helping to build container images; it helps to maintain them as well. The tool even allows updating the OS layer of your app images without rebuilding your source code.
The size of Docker images getting out of control is a well-known issue: The 2020 Docker Usage Report, from Sysdig, found that the average size of Docker images has increased by 75% since 2016, and the average size of a Docker image is 1.5 GB.
Slim, which was initially created during a Docker Global Hack Day project, is tackling this. The open source tool can minify Docker images by up to 30 times their original size. The tool inspects the container metadata and data, and it runs the application to build smaller images. The results are impressive; for example, Slim minimizes the Ubuntu 14.04 Ruby Docker image from 433MB to 13.8 MB (31x).
A Decade of Docker
As the most used containerization method with a year-over-year growth of 10% in 2022, Docker isn’t going anywhere. The company, which struggled to adjust when Kubernetes won the orchestration battle, has been gaining momentum and recently announced WebAssembly tooling. Happy birthday, Docker! I hope this list of tools will help many to make better use of it.