I mostly use multistage builds for the security aspects. Most of my build require that I provide credentials to access external resources. In these situations you don't want your credentials in the final image. Newer versions of docker have ways of passing in secrets. But our IT department refuses to update the version we use so multi state build it is
@@lammelmiklos3765 you can pass in credentials file at runtime or use environment variables. Alternatively you can reference you secret store to get information at runtime as well.
I use multi-stage builds for python at work, to save disk space mostly. Why? Those images are pulled on IoT LTE connection with scarce limits, so smaller = better
For me caching in multistage build works. As I have notices, you will have rebuilds of first stage where you have changes: e.g. if you cp reqeuests.txt that is different from what was before, all later layers will be rebuild, otherwise docker will check later commands to find changes if any. So, if you want to optimize build time, put things that will change frequenty to the end to cache more layers.
yeah that's not really related to the multi stage problem. with multi stage it'll always rebuild unless you carefully cache all the intermediate builds
Any logical use case of using multi-stage for Python apps ? I mean for languages like Go, C, Rust etc where you have build artifacts as a binary output it makes absolute sense to reduce image size
@@anthonywritescode That's interesting. I've been recently using it for a machine. It's hard to learn and apply. Updating dependencies is also a manual process. But the end result looks consistent and reproducible. What problems do you see in it?
@@manuel_youtube_ttt it is difficult to learn. Documentation is all over the place. So using Docker or podman you are assured that it will work and there is a large community to help you.
Dockerfile: FROM ubuntu:jammy RUN : \ && apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommend gcc \ libc6-dev \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* COPY main.c . RUN gcc -o /usr/local/bin/hello-hello-world main.c Hi when I try to build image i recieve next error: ERROR: failed to solve: dockerfile parse error on line 6: unknown instruction: gcc Can you explain please what I am doing wrong ? And if it not secret what keyboard model do you use ?
I mostly use multistage builds for the security aspects. Most of my build require that I provide credentials to access external resources.
In these situations you don't want your credentials in the final image. Newer versions of docker have ways of passing in secrets. But our IT department refuses to update the version we use so multi state build it is
Do you need the credentials only to build the image? What about credentials to external resources which one needs during normal operation?
@@lammelmiklos3765 you can pass in credentials file at runtime or use environment variables.
Alternatively you can reference you secret store to get information at runtime as well.
I use multi-stage builds for python at work, to save disk space mostly. Why? Those images are pulled on IoT LTE connection with scarce limits, so smaller = better
For me caching in multistage build works. As I have notices, you will have rebuilds of first stage where you have changes: e.g. if you cp reqeuests.txt that is different from what was before, all later layers will be rebuild, otherwise docker will check later commands to find changes if any. So, if you want to optimize build time, put things that will change frequenty to the end to cache more layers.
yeah that's not really related to the multi stage problem. with multi stage it'll always rebuild unless you carefully cache all the intermediate builds
Any logical use case of using multi-stage for Python apps ? I mean for languages like Go, C, Rust etc where you have build artifacts as a binary output it makes absolute sense to reduce image size
same applies for python -- say you have to build one of your dependencies C extensions
Please explain Nix vs Docker, in terms of convenience for a long-term project which you want to always work, even if you build it 5-10 years later.
easy: I would never use or suggest anyone use nix
@@anthonywritescode That's interesting. I've been recently using it for a machine. It's hard to learn and apply. Updating dependencies is also a manual process. But the end result looks consistent and reproducible. What problems do you see in it?
@@manuel_youtube_ttt it is difficult to learn. Documentation is all over the place. So using Docker or podman you are assured that it will work and there is a large community to help you.
Great explanation, thank you
Your views are critically low for as good a channel you are! Thanks!
Thanks for sharing
awesome keyboard😁
thank you :)
Dockerfile:
FROM ubuntu:jammy
RUN : \
&& apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommend
gcc \
libc6-dev \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
COPY main.c .
RUN gcc -o /usr/local/bin/hello-hello-world main.c
Hi when I try to build image i recieve next error:
ERROR: failed to solve: dockerfile parse error on line 6: unknown instruction: gcc
Can you explain please what I am doing wrong ?
And if it not secret what keyboard model do you use ?
you're missing a backslash after `--no-install-recommends`
there's an faq playlist you can click on my channel to learn about the keyboard (and more!)