Infrastructure Engineer, passionate about shortening and optimizing software development life cycle and keeping production systems scalable and reliable.
Great article for those who are trying to make their image slimmer :)
I will add couple of things:
RUN mkdir -p /home/node/app , you don't really need it , WORKDIR creates the dir if doesn't exists. (thats extra layer)
you don't want to yarn install, it will update all your packages to latest version your symantic version permits, so you don't really know what goes on there also it does updates your yarn.lock file and you don't maintain it for nothing . Usually it is better to use yarn install --frozen-lockfile .
Also at newer version of yarnyarn install --immutable --immutable-cache --check-cache , used as explained here: yarnpkg.com/cli/install
probably you don't want to use yarn start at your production containers, it can mess the SIGTERM and SIGKILL signals , kubernetes or docker swarm (or any other orchestration tool) will send to your container.
For more info read here : snyk.io/blog/10-best-practices-to-... , number 5.
also I would suggest using github.com/wagoodman/dive tool , to dive into your layers and understand where are the big MBs come from.
also slim.ai/ can help you with that
Great article for those who are trying to make their image slimmer :)
I will add couple of things:
RUN mkdir -p /home/node/app
, you don't really need it ,WORKDIR
creates the dir if doesn't exists. (thats extra layer)you don't want to
yarn install
, it will update all your packages to latest version your symantic version permits, so you don't really know what goes on there also it does updates youryarn.lock
file and you don't maintain it for nothing . Usually it is better to useyarn install --frozen-lockfile
.Also at newer version of
yarn
yarn install --immutable --immutable-cache --check-cache
, used as explained here: yarnpkg.com/cli/installprobably you don't want to use
yarn start
at your production containers, it can mess theSIGTERM
andSIGKILL
signals , kubernetes or docker swarm (or any other orchestration tool) will send to your container.For more info read here : snyk.io/blog/10-best-practices-to-... , number 5.
also I would suggest using
github.com/wagoodman/dive tool , to dive into your layers and understand where are the big MBs come from.
also slim.ai/ can help you with that
Thank you for your time. Useful tips / impulses for production oci images 👌