A comprehensive guide to building minimal, efficient Docker images that reduce hosting costs, accelerate deployments, and shrink your attack surface.
Every byte in a Docker image has a cost. It costs time when pulling from a registry, money when stored and transferred, and risk when it carries packages with known vulnerabilities. Yet most teams ship images that are five to ten times larger than they need to be — not out of negligence, but because Docker makes it easy to get something working and hard to know when you’re done optimising.
This book addresses that gap. It covers the mechanics of how Docker images accumulate size, the techniques that eliminate unnecessary weight, and the tools that let you measure your progress. By the end, you will have a repeatable process for producing images that are lean by default, not by accident.
The techniques here are practical and immediately applicable. Each chapter builds on the last, moving from foundational concepts (how layers work, how to choose a base image) through high-impact techniques (multi-stage builds, BuildKit cache mounts) to language-specific advice and CI/CD integration. A final action-plan chapter distils everything into a prioritised checklist you can apply to any existing project today.
docker images and been surprised by what they sawNo prior optimisation experience is required, but familiarity with basic Docker commands (build, run, push) and a working knowledge of at least one programming language is assumed.
scratch, distroless, Alpine, slim, and full base imagesdive, docker scout, and hadolint to audit and score imagesThe book is organised in three parts:
Part 1 — Foundations (Chapters 0–2) establishes the mental model. You will understand why image size matters in concrete terms, how Docker’s layer system accumulates bloat, and how to choose a base image that does not fight you.
Part 2 — Techniques (Chapters 3–6) covers the four categories of optimisation: multi-stage builds, Dockerfile instruction patterns, package manager hygiene, and build cache strategies. These chapters contain the highest-leverage changes available to any project.
Part 3 — Application (Chapters 7–9) applies everything to specific languages and toolchains, introduces the analysis tools you need to measure your work, and shows how to integrate size and security gates into a CI/CD pipeline.
The Action Plan (Chapter 10) closes the book with a prioritised checklist and concrete size targets by language runtime.
All code examples use Python 3 unless the point being illustrated is language-specific. Longer scripts and complete Dockerfiles live in the code/ subdirectory of this book and are referenced from the relevant chapters. Inline snippets are kept to 20 lines or fewer.
Docker and its ecosystem evolve quickly. The techniques in this book are based on Docker Engine 24+ and BuildKit 0.12+. Where behaviour differs in older versions, the text notes the version requirement explicitly.