Do you recommend to use official images from Docker Hub when it’s possible or use as base image something like some version of alpine, debian-slim when I deploy stuff like NGINX, PostgreSQL, MariaDB? When should I consider to write own Dockerfile from scratch, even if official or verified image is already available on Docker Hub?
I would assume the the official images are optimized, why bother creating a Dockerfile? My only Dockerfiles are for building my own NodeJS app images.
I consider doing it only for educational purposes.
How about when you are unhappy with those images?
- e.g. when you know the current base image has vulnerabilities, which already have a fix, and instead of installing the package, you want to build the base image from scratch so it does not include a vulnerability that needs fixing anymore.
- Or when you feel the image is bloated, or has packages or binaries you don’t want in your base image. Though in this case I would strongly suggest taking a look at Docker Hardend Images, and how to build dhi images yourself instead.
1 Like
Oh, and I forget a use case that is not uncommon:
- When you create a static linked binary (=runs without external libraries) and want to create an image for it that only contains the binary. In this case you would use a multi-staged build, compile the binary in a stage, and use
FROM scratchas final stage, and only copy the binary into the final image.