dockerfile-optimizer
Dockerfile Optimizer
Optimize Docker images for size, speed, and security.
Quick Start
Analyze current Dockerfile:
docker build -t myapp .
docker images myapp
# Note the size, then optimize
Instructions
Step 1: Analyze Current Dockerfile
Review for optimization opportunities:
- Base image choice
- Layer structure
- Build dependencies
- Caching strategy
- Security practices
Step 2: Optimize Base Image
Choose minimal base:
# Before: Large base
FROM ubuntu:22.04 # ~77MB
# After: Minimal base
FROM alpine:3.18 # ~7MB
# or
FROM node:18-alpine # ~170MB vs node:18 ~990MB
Use specific tags:
# Bad: Unpredictable
FROM node:latest
# Good: Specific version
FROM node:18.17-alpine3.18
Step 3: Implement Multi-Stage Builds
For compiled languages:
# Before: Single stage
FROM golang:1.21
WORKDIR /app
COPY . .
RUN go build -o app
CMD ["./app"]
# Result: ~800MB
# After: Multi-stage
FROM golang:1.21-alpine AS builder
WORKDIR /app
COPY . .
RUN go build -o app
FROM alpine:3.18
COPY /app/app /app
CMD ["/app"]
# Result: ~15MB
Step 4: Optimize Layer Caching
Order by change frequency:
# Bad: Code changes invalidate all layers
FROM node:18-alpine
COPY . .
RUN npm install
CMD ["node", "server.js"]
# Good: Dependencies cached separately
FROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
CMD ["node", "server.js"]
Step 5: Combine and Minimize Layers
Reduce layer count:
# Before: Multiple layers
RUN apt-get update
RUN apt-get install -y curl
RUN apt-get install -y git
RUN apt-get clean
# After: Single layer
RUN apt-get update && \
apt-get install -y curl git && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
Step 6: Use .dockerignore
Create .dockerignore:
node_modules
npm-debug.log
.git
.gitignore
README.md
.env
.DS_Store
*.md
.vscode
.idea
dist
build
coverage
Step 7: Remove Build Dependencies
Clean up after install:
# Python example
RUN pip install --no-cache-dir -r requirements.txt
# Node example
RUN npm ci --only=production && npm cache clean --force
# Alpine example
RUN apk add --no-cache curl && \
apk del build-dependencies
Step 8: Add Security Improvements
Run as non-root:
# Create user
RUN addgroup -g 1001 -S appuser && \
adduser -u 1001 -S appuser -G appuser
# Switch to user
USER appuser
# Or use existing user
USER nobody
Step 9: Verify Optimization
Check image size:
docker images myapp
docker history myapp
Analyze layers:
docker history myapp --no-trunc
Use dive tool:
dive myapp
Optimization Patterns
Node.js Optimization:
FROM node:18-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
FROM node:18-alpine
WORKDIR /app
COPY /app/node_modules ./node_modules
COPY . .
USER node
EXPOSE 3000
CMD ["node", "server.js"]
Python Optimization:
FROM python:3.11-slim AS builder
WORKDIR /app
COPY requirements.txt .
RUN pip install --user --no-cache-dir -r requirements.txt
FROM python:3.11-slim
WORKDIR /app
COPY /root/.local /root/.local
COPY . .
ENV PATH=/root/.local/bin:$PATH
USER nobody
CMD ["python", "app.py"]
Go Optimization:
FROM golang:1.21-alpine AS builder
WORKDIR /app
COPY go.* ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app .
FROM scratch
COPY /app/app /app
COPY /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
EXPOSE 8080
CMD ["/app"]
Common Issues
Issue: Large image size
- Use alpine or slim base images
- Implement multi-stage builds
- Remove build dependencies
- Use .dockerignore
Issue: Slow builds
- Optimize layer caching
- Order commands by change frequency
- Use build cache mounts
- Parallelize where possible
Issue: Security vulnerabilities
- Use minimal base images
- Keep images updated
- Run as non-root
- Scan with security tools
Issue: Build cache not working
- Check command order
- Avoid COPY . . early
- Use specific COPY commands
- Check .dockerignore
Advanced
For detailed information, see:
- Multi-Stage Builds - Advanced multi-stage patterns
- Layer Caching - Caching strategies and optimization
- Base Images - Base image selection guide
More from armanzeroeight/fastagent-plugins
gcp-cost-optimizer
Analyzes GCP costs and provides optimization recommendations including committed use discounts, rightsizing, and unused resources. Use when optimizing GCP spending or analyzing GCP costs.
15kubernetes-best-practices
Provides production-ready Kubernetes manifest guidance including resource management, security, high availability, and configuration best practices. This skill should be used when working with Kubernetes YAML files, deployments, pods, services, or when users mention k8s, container orchestration, or cloud-native applications.
11schema-designer
Design database schemas with proper normalization, relationships, constraints, and indexes. Use when creating database tables, modeling data relationships, or designing database structure.
11api-documentation-generator
Generate OpenAPI/Swagger specifications and API documentation from code or design. Use when creating API docs, generating OpenAPI specs, or documenting REST APIs.
9goroutine-patterns
Implement Go concurrency patterns using goroutines, channels, and synchronization primitives. Use when building concurrent systems, implementing parallelism, or managing goroutine lifecycles. Trigger words include "goroutine", "channel", "concurrent", "parallel", "sync", "context".
9inventory-manager
Organizes Ansible inventory files, manages host groups, and configures dynamic inventory. Use when organizing Ansible inventory, managing host groups, or setting up dynamic inventory sources.
9