A Dockerfile is a text-based script containing sequential instructions for building Docker container images. It lives at the heart of containerization workflows, enabling developers to package applications with all dependencies into portable, reproducible runtime environments. Every instruction in a Dockerfile creates a layer in the final image—understanding layer mechanics, caching behavior, and optimization strategies is critical for building lean, fast, and secure images. Modern Dockerfile authoring relies heavily on multi-stage builds, BuildKit features like cache mounts and heredocs, and security best practices such as non-root execution and minimal base images. The key mental model: treat your Dockerfile as production code—every line impacts image size, build speed, security posture, and runtime behavior.
What This Cheat Sheet Covers
This topic spans 12 focused tables and 80 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.
Table 1: Base Image Selection
| Technique | Example | Description |
|---|---|---|
FROM node:20-alpine | • Use Docker Official Images from verified publishers • maintained, scanned, and documented by Docker or upstream maintainers. | |
FROM alpine:3.20 | • Minimal base image (~5 MB) using musl libc and apk package manager • excellent for reducing image size but may have compatibility issues with glibc-dependent binaries. | |
FROM gcr.io/distroless/python3 | • Google's minimal images containing only runtime dependencies—no shell, package manager, or OS utilities • drastically reduces attack surface. | |
FROM python:3.11-slim | • Debian-based images with non-essential packages removed • balances size reduction with broader compatibility than Alpine. |