When building a Docker image it might be a good idea to verify that no sensitive or unnecessary file or folder has leaked into it which might be the case if .dockerignore is not configured properly.
In this article I want to show how to inspect the content of the Docker image (before we create and run a container).
Let's say we have in Dockerfile:
…
WORKDIR /usr/src/app
…
COPY ./my-app/ .
…
We can build image but with output set to be an archive:
$ docker build -t my-app -f ./my-app/Dockerfile . --output type=tar,dest=my-app.tar
We can now extract only the content of usr/src/app directory (note there is no leading / in the path!) from the archive, into the directory named app:
$ mkdir ./app && tar -xvf my-app.tar -C ./app usr/src/app/
We can now inspect and verify the content of the ./app directory.
After inspection is done, we can delete target directory and an archive:
$ rm -rf app && rm python_demo.tar
No comments:
Post a Comment