In this post, we will do an example by using the flag --build-arg
to build the image with a piece of security information.
NOTE: This example will use the word secret since it could be used to create a Secret, however, if you are looking to develop secrets I’d recommend you check the docker flag —secret as well. See here.
Example:
- Create the Dockerfile as follows
FROM busybox:latest AS builder ARG BUILD_SECRET RUN echo $BUILD_SECRET > /secret RUN stat /secret && cat /secret && echo 'fictional dependency' > /library.txt RUN rm /secret
- Now, build it with the following command
$ docker build --build-arg BUILD_SECRET=test-my-secret --tag secret-test-image .
- Analyse its output.
$ docker build --build-arg BUILD_SECRET=test-my-secret --tag secret-test-image . Sending build context to Docker daemon 2.048kB Step 1/5 : FROM busybox:latest AS builder ---> 19485c79a9bb Step 2/5 : ARG BUILD_SECRET ---> Using cache ---> e279fcf0f94e Step 3/5 : RUN echo $BUILD_SECRET > /secret ---> Running in 4e2214fdcd93 Removing intermediate container 4e2214fdcd93 ---> 0569566fb031 Step 4/5 : RUN stat /secret && cat /secret && echo 'fictional dependency' > /library.txt ---> Running in 2875dec92f0a File: /secret Size: 15 Blocks: 8 IO Block: 4096 regular file Device: 801h/2049d Inode: 1476418 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2019-10-21 08:34:27.000000000 Modify: 2019-10-21 08:34:27.000000000 Change: 2019-10-21 08:34:27.000000000 test-my-secret Removing intermediate container 2875dec92f0a ---> bb9ae29477cf Step 5/5 : RUN rm /secret ---> Running in 3cc3b47d6878 Removing intermediate container 3cc3b47d6878 ---> c6132a506183 Successfully built c6132a506183 Successfully tagged secret-test-image:latest
- Now, analyse the image and check that BUILD_ARG was used to build the image as required, but it is no longer in the container because of the last layer in the Dockerfile is
RUN rm /secret
$ docker run -it secret-test-image ls -lasp / total 48 4 drwxr-xr-x 1 root root 4096 Oct 21 08:38 ./ 4 drwxr-xr-x 1 root root 4096 Oct 21 08:38 ../ 0 -rwxr-xr-x 1 root root 0 Oct 21 08:38 .dockerenv 12 drwxr-xr-x 2 root root 12288 Sep 4 17:26 bin/ 0 drwxr-xr-x 5 root root 360 Oct 21 08:38 dev/ 4 drwxr-xr-x 1 root root 4096 Oct 21 08:38 etc/ 4 drwxr-xr-x 2 nobody nogroup 4096 Sep 4 17:26 home/ 4 -rw-r--r-- 1 root root 21 Oct 21 08:34 library.txt 0 dr-xr-xr-x 225 root root 0 Oct 21 08:38 proc/ 4 drwx------ 2 root root 4096 Sep 4 17:26 root/ 0 dr-xr-xr-x 13 root root 0 Oct 21 08:38 sys/ 4 drwxrwxrwt 2 root root 4096 Sep 4 17:26 tmp/ 4 drwxr-xr-x 3 root root 4096 Sep 4 17:26 usr/ 4 drwxr-xr-x 4 root root 4096 Sep 4 17:26 var/
NOTE: Also, feel free to check related post by searching for the Kubernetes and Docker tag in this website.
Sponsored by: