Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Docker: Core Principles > 3. Best Practices for Optimising Docker Images > Flashcards

3. Best Practices for Optimising Docker Images Flashcards

1
Q

Why is it important to understand the anatomy of Docker images?

A

Understanding how Docker images are constructed is key to managing their size.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where is the configuration data for an image located in the result from the docker inspect command?

A

Inside the top-level Config object.

{
   ...
   "Config": { ... }
   ...
}
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Where is the working directory path for an image located in the result from the docker inspect command?

A

Inside WorkingDir field of the top-level Config object.

{
   ...
   "Config": { 
        ...
        "WorkingDir": ".",
        ... 
    },
   ...
}
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How can we inspect a Docker image?

A

By running the docker inspect command with the image’s tag or id.

docker inspect mini:1.0
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Where is the filesystem definition for derived containers located in the result from the docker inspect command?

A

Inside the top-level RootFS object.

{
   ...
   "RootFS": { ... }
   ...
}
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Where is the content layers information for the image located in the result from the docker inspect command?

A

Inside the Layers field of the top-level RootFS object.

{
   ...
   "RootFS": {
        ...
        "Layers": [ ... ],
        ... 
   }
   ...
}
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the three types of Dockerfiel instructions?

A
  1. Instructions — Dockerfile instructions define the content and nature of images.
  2. Metadata — instructions that define how derived containers will get executed.
  3. Content — instructions that create files and directories for the image.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the three content-creating Dockerfile instructions?

A
  1. COPY — used to copy the build context into an image.
  2. ADD — similar to COPY instruction, but can retrieve remote content.
  3. RUN — executes commands to generate additional image content.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the three content-creating Dockerfile instructions?

A
  1. COPY — used to copy the build context into an image.
  2. ADD — similar to COPY instruction, but can retrieve remote content.
  3. RUN — executes commands to generate additional image content.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the three content-creating Dockerfile instructions?

A
  1. COPY — used to copy the build context into an image.
  2. ADD — similar to COPY instruction, but can retrieve remote content.
  3. RUN — executes commands to generate additional image content.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the three Dockerfiel instructions that add a new content layer to the image?

A

COPY, ADD, and RUN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which is the recommended method of copying content from the build context into the image context, COPY or ADD?

A

COPY wherever we can.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does Docker do with the layers created by content-creating Dockerfile instructions?

A

When a container is created, Docker assembles the content of each of the image layers to present a homogenous set of files and directories. This forms the basis of the container filesystem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What can be said about the mutability of a Docker image?

A

The content of the images is read-only and in this way, Docker achieves immutability for images.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What can be said about the duplication/sharing of a Docker image’s content when creating other images or building containers from it?

A

We can build images from other images and build containers that all share the same content without having to duplicate everything due to the immutable nature of containers and images.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can containers write to their filesystem?

A

To allow this to happen, Docker adds a final layer on top of the layers from the image that the container is built from. This is a unique, temporary writeable layer for every container instance — it’s not a part of the image and is removed when the container is removed.

17
Q

What does copy-on-write mean?

A

If the container needs to alter the content of a file that is built in one of the read-only layers, it first copies the content to the writeable layer where it can be amended without affecting the content in the image.

18
Q

Where does the container create new files/directories?

A

In a final, temporary, writeable layer that is separate from all the other layers, which are immutable.

19
Q

What happens when a container attempts to edit some content that is inside one of its immutable layers?

A

The content is copied into the writeable layer where it can be amended without affecting the content in the image.

20
Q

What happens when a container attempts to delete content that is inside one of its immutable layers?

A

The content remains in the image layer but is obscured in the union of the layers using a technique called whiteout.

21
Q

Is it a good idea to use CMD instruction to add a package that we temporarily need for another command, and then remove it by using CMD once we’re done using it? Why?

A

No, it’s not. When we delete something from an image using CMD, it’s obscured at the layer that we issue its deletion. However, it still exists at the layer that it was created in. This means that the image size will stay the same, or it might even get bigger!

22
Q

What is a trick we can use to install a package and delete it after its use in the Dockerfile without increasing the image size?

A

Instead of using multiple CMD instructions for each operation, use a single CMD and chain commands using the Shell logical “and” operator (&&) to execute each command in sequence.

23
Q

What can we take advantage of Docker’s build cache?

A

Careful placement of Dockerfile instructions can maximize cache hits and significantly reduce the time it takes to build images.

24
Q

How does the Docker build cache work?

A
  1. Each Dockerfile instruction processed during a build results in the creation of an intermediary image that is part of the build cache.
  2. These images are created by commiting containers created from the image associated with the preceding Dockerfile instruction.
  3. Images reference their parent image and thereby create an implicit chain of images that represent a sequence of instructions.
  4. During an image build, if Docker recognises the sequence of steps that already exists in cache, it desists from executing the Dockerfile instructions that correspond to the sequence. Instead, it reuses the metadata and layer content from the cache intermediary images.
25
Q

How does the Docker build cache work?

A
  1. Each Dockerfile instruction processed during a build results in the creation of an intermediary image that is part of the build cache.
  2. These images are created by commiting containers created from the image associated with the preceding Dockerfile instruction.
  3. Images reference their parent image and thereby create an implicit chain of images that represent a sequence of instructions.
  4. During an image build, if Docker recognises the sequence of steps that already exists in cache, it desists from executing the Dockerfile instructions that correspond to the sequence. Instead, it reuses the metadata and layer content from the cache intermediary images.
26
Q

How does the Docker build cache work?

A
  1. Each Dockerfile instruction processed during a build results in the creation of an intermediary image that is part of the build cache.
  2. These images are created by commiting containers created from the image associated with the preceding Dockerfile instruction.
  3. Images reference their parent image and thereby create an implicit chain of images that represent a sequence of instructions.
  4. During an image build, if Docker recognises the sequence of steps that already exists in cache, it desists from executing the Dockerfile instructions that correspond to the sequence. Instead, it reuses the metadata and layer content from the cache intermediary images.
27
Q

What causes cache invalidation when building Docker images?

A
  1. Instruction change — adding, removing, or altering an instruction invalidates the cache.
  2. Checksum check — content change in the build context will invalidate the cache.
28
Q

What seemingly significant change is not checked by Docker when determining the validation of cache?

A

Command output — consequences of command execution are not checked.

29
Q

What seemingly significant change is not checked by Docker when determining the validation of cache?

A

Command output — consequences of command execution are not checked.

30
Q

What causes cache invalidation when building Docker images?

A
  1. Instruction change — adding, removing, or altering an instruction invalidates the cache.
  2. Checksum check — content change in the build context will invalidate the cache.
31
Q

What is the optimisation issue caused by copying across all files from the build context into the container with a single CMD instruction?

A

Since we’re copying across dependency files (eg. package.json, yarn.lock) alongside the source code, a change to the source code will invalidate the cache right at that instruction and cause dependencies to be installed all over again.

32
Q

How can we get around the optimisation issue of installing dependencies every time there’s a change to the source code of our project?

A

By separating the copying across of source code from that of dependency files (eg. package.json, yarn.lock) and placing it afterward. This means that the cache will be valid at the COPY instruction for the dependency files when a change occurs in the source code.

COPY package.json yarn.lock ./
RUN yarn install
COPY spec source ./  # invalidated here, cache is valid for previous steps.
33
Q

What are the three guidelines to follow for taking better advantage of the build cache when writing Dockerfile instructions?

A
  1. Analyze the dependencies between Dockerfile instructions to determine ordering constraints.
  2. Order Dockerfile instructions according to the frequency of change; less frequent first, more frequent last.
  3. Where it is beneficial, split COPY Dockerfile instructions that copy content from the build context.
34
Q

What is the relationship between multistage Dockerfiles and size optimisation for images?

A

Multi-stage Dockerfiles can the key to managing the size of Docker images.

35
Q

What is the drawback of using a single instruction to run multiple commands?

A

If we were to make a change to one of the multiple commands, all the other instructions in that layer will get executed all over again.

36
Q

What is an alternative to using a single instruction to run multiple commands for optimizing Docker image size?

A

To use a separate stage with every command getting its own RUN instruction, rather than there being a single RUN.

37
Q

What does it practically mean to use multi-stage Dockerfiles?

A
  1. Return to a RUN instruction for each command.
  2. Maximize the use of the build cache.
  3. Temporary content resides in a previous stage.

Docker: Core Principles (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions