Day03 : Container multistage build | Image cleanup | docker inspect | container logs | run container as non root user

 Task today to explore:

1. Docker container multistage build
   
2. Docker image cleanup
3. Docker container configuration
4. Docker container logs
5. Run docker container as non-root user

Hmm, list is bit longer, but that's OK some day we had to cover and now this is the day 03.

• Docker Container Multistage Build:
• Multistage build allow us to optimize image. Optimize in term of  reduce size of disk, improvement in build performance and caching.
  
• Multistage build allow us to share our artifacts in stage one with other.
• Example: create Dockerfile to write "hello world" in go.
• In this example if we use traditional Dockerfile we have to use FROM to use base image, define workdir, copy code to container, run build and then copy artifacts to container again.
• But with multistage build we can have FROM, WORKDIR, COPY, RUN in one stage and then new stage with COPY artifacts to container.
• Also lets say we wish to deploy same artifacts with t different env. do we have to run from start or all stages? no . Multistage builds only targeted stage and dependency stage.
• Below is traditional dockerfile 
• FROM golang:latest
  WORKDIR /src
  COPY hello.go ./hello.go
  RUN go build -o /bin/hello ./hello.go
  CMD ["/bin/hello"]
  
  
  
• Below is multistage docker file
• FROM golang:latest
  WORKDIR /src
  COPY hello.go ./hello.go
  RUN go build -o /bin/hello ./hello.go
  CMD ["/bin/hello"]
• Now when we build traditional docker file please check time to build and image size in below screenshot
• 
  
  
  
  
• Time to build is approx 48 seconds
• Now when we build multistage docker file.
• 
  
  
  
  
• Time to build is more than 1 min. 
• Now we target "pre-prod" and "prod" env separately from dockerfile
• 
  
  
  
  
• Time to build for pre-prod is approx 2sec and for prod 3sec. too less compared to traditional way.
• In the same way size of image decreases.

• Docker cleanup
  

• For Docker image command is docker rmi <image id | image name>
• For Docker container command is docker rm <container id | container name>
•  
• Docker container configuration:
  
• To check container configuration command is docker inspect <container id | container name>

• Container logs:
• Command to check container logs(std-out of container) docker logs <container id | container name>

• Run container as non-root user:
  

• This is very important to know, if we do not add USER directive in Docker file or not mark user to at time to start container, it will use root user
  
• We can use USER directive in Dockerfile as 

• FROM golang:latest
  WORKDIR /src
  COPY hello.go ./hello.go
  RUN go build -o /bin/hello ./hello.go

  USER RAVI
  CMD ["/bin/hello"]
  
• CMD will run as RAVI user not root
  
• Start container with specific user
• docker run -it --user ravi nginx:latest