Looking to up your Docker build game? Trying using a .dockerignore file for more efficient and secure builds. Jack Wallen shows you how.
Despite rumors to the contrary, Docker is still very popular. Many large businesses and developers continue to depend on this container technology and will do so for a very long time. So if you have your sights set on joining the rank and file of enterprise dev teams, you probably should continue honing your Docker skills.
If you’re new to Docker, there’s a lot to learn. You’ve probably already figured out how to deploy a simple app with Docker and even deploy more complicated apps with the runtime. But there are other skills and features you’re going to want to know about. One such feature is the .dockerignore file.
The .dockerignore file is very similar to the .gitignore file in that it allows you to specify a list of files or directories that Docker is to ignore during the build process. This can come in really handy in certain instances. But more importantly, the .dockerignore can help you reduce the size of the image and dramatically speed up the build process. Anyone who works in an incredibly busy environment fully understands the need to speed up builds. And shrinking the size of images can be crucial, especially when your company is paying for storage and you’re deploying applications and services at scale.
An added benefit of the .dockerignore file is that it can help shrink the attack plane of your images. You want as little extraneous “stuff” inside your images as possible (especially password files), and sometimes you might launch a build forgetting that you’ve left a few bits and pieces in the build folder. It happens to the best of the best.
Finally, the .dockerignore file can help with cache invalidation. It’s pretty common to use the COPY instruction to copy files and folders within a Docker build context. However, each statement inside your Dockerfile would result in building a new intermediate image layer. Because of this, when you make changes to the Dockerfile over and over, this can lead to multiple cache invalidations which can waste precious resources.
With that said, let’s find out how to use the .dockerignore file and the types of items you might want to include in them.
How to use the .dockerignore file
This is really simple. In your Docker build folder, create the file with the command:
Inside of that file, you create a list of things for Docker to ignore, one item per line. So, that file might contain:
#Ignore passwords file passwords.txt #Ignore logs directory logs/ #Ignore the git and cache folders .git .cache #Ingore all markdown and class files *.md **/*.class
That’s a pretty solid .gitignore file. But let’s say, for some reason, you work with .iso images (maybe you’re building your base images from them), and you accidentally leave that image in the build folder. Do that and the process will be considerably longer and the resultant image could grow quite a bit as well. To avoid that, let’s add ISO images to the .dockerignore file like so:
#Ignore passwords file passwords.txt #Ignore logs directory logs/ #Ignore the git and cache folders .git .cache #Ingore all markdown and class files *.md **/*.class #Ignore ISO images *.iso
Now, when you go to run the build process, you don’t have to worry about it picking up anything that you’ve added to the .dockerignore file. Once you’ve created a solid .dockerignore file, you could probably move it from build to build (unless you create an ignore file based on a specific use case).
This is a great (and easy) way to bring a bit more efficiency and security to your Docker builds. Start using .dockerignore files immediately … you’ll be glad you did.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.