Most of the time we add files that are not necessary to the final build. These files don't do anything but consume space in the final build. If these files are too heavy, it will cause the construction of the final build to take time or if the files are very important and are added to the final build without knowing they can cause security issues.
This goes with Docker too. It is very important to make sure certain files are ignored when building the final image. Files that are not important and files that are very important need to be ignored in the final build. Docker provides a way to let the docker engine ignore certain file while building the images.
Introducing .dockerignore
Docker provides a way to ignore or prevent sensitive files or directories from being included by mistake in the final images and this can be done by adding .dockerignore file. The file .dockerignore will be stored alone with the dockerfile to make sure that files are ignored. For instance, we have a directory with files,
[root@ip-172-31-40-44 testing]# ls
Dockerfile password.txt test.sh
Build the image using, [root@ip-172-31-40-44 testing]# docker build -t noignore .
Run the image as,
[root@ip-172-31-40-44 testing]# docker run noignore ls /app
Dockerfile
password.txt
Test.sh
We can see the all files are included, now add the .dockerignore as,
[root@ip-172-31-40-44 testing]# ls -a
.dockerignore Dockerfile password.txt test.sh
[root@ip-172-31-40-44 testing]# cat .dockerignore
password.txt
Now build the image using,
[root@ip-172-31-40-44 testing]# docker build -t dockerignore .
Run the image using,
[root@ip-172-31-40-44 testing]# docker run dockerignore ls /app
Dockerfile
test.sh
We can see the image does not contain the password.txt file which is ignored.The ignore file supports directories and Regular expressions to define the restrictions, very similar to .gitignore.
No comments :
Post a Comment