Optimize Docker image

[md5]

I ended up looking at the Dockerfile for docker-gen after seeing this comment: #50 (comment)

I made the following improvements to help speed up and optimize the Docker image build:

• Remove and unpack TAR file in the same layer as the download
• Clean up more leftovers from installing curl
• Add .dockerignore to minimize build context to necessary files

I actually think that the ENTRYPOINT should be changed to a CMD too, but that would be a breaking change for some users and I didn't include it.

[thaJeztah]

I actually think that the ENTRYPOINT should be changed to a CMD too, but that would be a breaking change for some users and I didn't include it.

The advantage of having it as "entrypoint", is that the whole image can be used as it it was the 'docker-gen', so docker run --rm jwilder/docker-gen --version. It could even be set as an alias

Two thoughts to get the image-size down even further (and/or simplify the Dockerfile);

1. Would it be possible to put raw binaries on the releases page (no .tar.gz)? That would allow skipping the whole curl/untar steps, and simply do:

   ADD https://github.com/jwilder/docker-gen/releases/download/$VERSION/docker-gen-linux-amd64-$VERSION.tar.gz /usr/local/bin/docker-gen

2. Is it possible to build docker-gen statically? This would make it possible to have an image containing just the binary. For reference, the official Docker Swarm image (https://github.com/docker/swarm-library-image/blob/d9999a8a797d8e9744f1bfc0e7211d016478b2fc/Dockerfile) is 7mb total.

[md5]

I just consider this the low-hanging fruit based on the current Dockerfile. It would be interesting to play around with getting a really small image based on scratch like Docker Swarm does, but it's not something I've been inclined to do myself.

[md5]

@thaJeztah do you know how they're building the swarm binary? I don't see a Makefile in https://github.com/docker/swarm

[thaJeztah]

@md5 I'm 👍 on the changes in this PR, but it got me thinking if more awesomeness was possible

do you know how they're building the swarm binary? I don't see a Makefile in

Hm, I think I saw it pass on IRC when it was first added to the official library. I can try and find the logs (in #docker-library), or you can ask "aluzzardi" (left out the @ to not ping him unnecessarily)

[thaJeztah]

@md5 oh, think I found it; docker-library/official-images#440 (comment)

edit; hm, not sure that gives all the info though

[md5]

@thaJeztah I remember following that discussion, but as you say it doesn't say how they're actually building swarm.

After a bit of Googling, I found a few blog posts (e.g. this one) about how to create statically compiled Go binaries and created this: appropriate@dd66573

This was the result:

$ docker images docker-gen
REPOSITORY          TAG                 IMAGE ID            CREATED             VIRTUAL SIZE
docker-gen          latest              26cd1e51a52f        3 minutes ago       6.746 MB
docker-gen          build               7aefbbca8031        3 minutes ago       557.8 MB
$ docker run --rm docker-gen 
Usage: docker-gen [-config file] [-watch=false] [-notify="restart xyz"] [-notify-sighup="container-ID"] [-interval=0] [-endpoint tcp|unix://..] [-tlscert file] [-tlskey file] [-tlscacert file] [-tlsverify] <template> [<dest>]

I haven't had a chance to play around with it yet and probably won't get to today.

[thaJeztah]

💯 Oh, that's looking awesome! I'll see if I can find some time to test it as well (but it's quite hectic at work atm, so no promises)

Are there known use-cases of people building on top of the docker-gen image? If that's the case, I can imagine offering both variations (debian + docker-gen and only "bare" docker-gen). If not, making this the default does look good.

[md5]

I don't know of anyone building on top of the docker-gen image, but who knows if that's in the wild. I definitely think the way to go is with multiple tags, though getting an automated build for this setup is going to be tricky (someone or something would still have to build and push a docker-gen binary to Github to trigger the automated build, possibly from a branch or something).

I did get a minute to test this and it appears to work fine (see the tip of the static-build branch since I added another commit):

$ docker run --rm -v /var/run/docker.sock:/tmp/docker.sock -v $(pwd)/templates:/templates:ro -w /templates -v /output docker-gen nginx.tmpl /output/nginx.conf
2015/03/01 20:57:19 Generated '/output/nginx.conf' from 4 containers

I checked the output and it looks as it should.

[md5]

I just did a quick search for people making images FROM jwilder/docker-gen: https://github.com/search?l=dockerfile&q=from+docker-gen&ref=searchresults&type=Code&utf8=%E2%9C%93

There's at least one result from the first page: https://github.com/nuclyus/docker-juhasz

[md5]

I took a closer look at how Docker Swarm is building their binary and it looks like they actually do it in the Dockerfile of the docker/swarm repo itself. The normal build there is based on golang:1.3 and builds a static swarm binary that it uses as the ENTRYPOINT as the image. There is then an update.sh script over in docker/swarm-library-image that is responsible for getting the binary out of the first image with docker cp as well as for extracting a CA root bundle from debian:latest.

I've made a couple changes to the static-build branch to merge Dockerfile and Dockerfile.build and created an orphan branch at static-build-image as a POC of the separated image build.

[md5]

Apparently the apt-get clean -y isn't necessary due to some voodoo magic in Docker.

[thaJeztah]

^^ just read the discussion there, talk about bad UX 😞

[md5]

Ping @jwilder