In Docker 1.13 the new --squash parameter was added.
A conversation with Gerald Venzl, Developer Advocate at Oracle Code Seoul, about Docker, Oracle Code and OpenWorld 2017.
I'm now hoping to reduce the size of my images as well as being able to 'hide' secret files I have in my layers.
Below you can now see the difference from doing a build with and without the --squash parameter.
Without Squash
With Squash
Now to my question.
If I add a secret file in my first layer, then use the secret file in my second layer, and the finally remove my secret file in the third layer, and then build with the --squash flag.
Will there be any way now to get the secret file?
ForeFore
1 Answer
If I add a secret file in my first layer, then use the secret file in my second layer, and the finally remove my secret file in the third layer, and then build with the --squash flag.
Will there be any way now to get the secret file?
Answer: Your image won't have the secret file.
How
--squash
works:Once the build is complete, Docker creates a new image loading the diffs from each layer into a single new layer and references all the parent's layers.
In other words: when squashing, Docker will take all the filesystem layers produced by a build and collapse them into a single new layer.
This can simplify the process of creating minimal container images, but may result in slightly higher overhead when images are moved around (because squashed layers can no longer be shared between images). Docker still caches individual layers to make subsequent builds fast.
Please note this feature squashes all the newly built layers into a single layer, it is not squashing to scratch.
Side notes:
Docker 1.13 also has support for compressing the build context that is sent from CLI to daemon using the
--compress
flag. This will speed up builds done on remote daemons by reducing the amount of data sent.Please note as of Docker 1.13 this feature is experimental.
Ry-♦
Farhad FarahiFarhad Farahi
Not the answer you're looking for? Browse other questions tagged dockerdockerfilesquash or ask your own question.
I have a big docker image A, and i create a new Dockerfile
I've tried to build the image with:
Shouldn't the image size reduce by the dimension of /big-folder directory?
In my actual test both the image A and B maintain the same size of 1,26 GB.
Am I doing something wrong or haven't I understood the actual behavior of squash option?
matteosilv
matteosilvmatteosilv
1 Answer
Note, this feature is experimental and therefore may change in future releases. Testing was done on version 17.03.
From my testing, doing a
--squash
will compress the layers added only in the current image, without changing or merging any FROM
image layers.BMitchBMitch