posts-go/docs/2022-06-08-dockerfile-go.html

231 lines
7.8 KiB
HTML

<!doctype html>
<html>
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link
rel="stylesheet"
href="https://cdnjs.cloudflare.com/ajax/libs/github-markdown-css/5.5.1/github-markdown.min.css"
/>
<title>haunt98 posts</title>
</head>
<style>
.markdown-body {
box-sizing: border-box;
min-width: 200px;
max-width: 980px;
margin: 0 auto;
padding: 45px;
font-family:
Shantell Sans Normal,
Rec Mono Casual,
SF Pro,
Inter,
sans-serif;
font-weight: 500;
}
.markdown-body pre {
font-family:
Berkeley Mono,
IBM Plex Mono,
SF Mono,
Jetbrains Mono,
monospace;
}
@media (max-width: 767px) {
.markdown-body {
padding: 15px;
}
}
</style>
<body class="markdown-body">
<h2>
<a href="index.html"><code>~</code></a>
</h2>
<div class="markdown-heading">
<h1 class="heading-element">Dockerfile for Go</h1>
<a
id="user-content-dockerfile-for-go"
class="anchor"
aria-label="Permalink: Dockerfile for Go"
href="#dockerfile-for-go"
><span aria-hidden="true" class="octicon octicon-link"></span
></a>
</div>
<p>
Each time I start a new Go project, I repeat many steps. Like set up
<code>.gitignore</code>, CI configs, Dockerfile, ...
</p>
<p>So I decide to have a baseline Dockerfile like this:</p>
<div class="highlight highlight-source-dockerfile">
<pre><span class="pl-k">FROM</span> golang:1.22.0-bookworm as builder
<span class="pl-k">RUN</span> go install golang.org/dl/go1.22.0@latest \
&amp;&amp; go1.22.0 download
<span class="pl-k">WORKDIR</span> /build
<span class="pl-k">COPY</span> go.mod .
<span class="pl-k">COPY</span> go.sum .
<span class="pl-k">COPY</span> vendor .
<span class="pl-k">COPY</span> . .
<span class="pl-k">RUN</span> CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOAMD64=v3 go build -o ./app -tags timetzdata -trimpath -ldflags=<span class="pl-s">"-s -w"</span> .
<span class="pl-k">FROM</span> gcr.io/distroless/base-debian12
<span class="pl-k">COPY</span> --from=builder /build/app /app
<span class="pl-k">ENTRYPOINT</span> [<span class="pl-s">"/app"</span>]</pre>
</div>
<p>
I use
<a
href="https://docs.docker.com/develop/develop-images/multistage-build/"
rel="nofollow"
>multi-stage build</a
>
to keep my image size small. First stage is
<a href="https://hub.docker.com/_/golang" rel="nofollow"
>Go official image</a
>, second stage is
<a href="https://github.com/GoogleContainerTools/distroless">Distroless</a
>.
</p>
<p>
Before Distroless, I use
<a href="https://hub.docker.com/_/alpine" rel="nofollow"
>Alpine official image</a
>, There is a whole discussion on the Internet to choose which is the best
base image for Go. After reading some blogs, I discover Distroless as a
small and secure base image. So I stick with it for a while.
</p>
<p>
Also, remember to match Distroless Debian version with Go official image
Debian version.
</p>
<div class="highlight highlight-source-dockerfile">
<pre><span class="pl-k">FROM</span> golang:1.22.0-bookworm as builder</pre>
</div>
<p>
This is Go image I use as a build stage. This can be official Go image or
custom image is required in some companies.
</p>
<div class="highlight highlight-source-dockerfile">
<pre><span class="pl-k">RUN</span> go install golang.org/dl/go1.22.0@latest \
&amp;&amp; go1.22.0 download</pre>
</div>
<p>
This is optional. In my case, my company is slow to update Go image so I
use this trick to install latest Go version.
</p>
<div class="highlight highlight-source-dockerfile">
<pre><span class="pl-k">WORKDIR</span> /build
<span class="pl-k">COPY</span> go.mod .
<span class="pl-k">COPY</span> go.sum .
<span class="pl-k">COPY</span> vendor .
<span class="pl-k">COPY</span> . .</pre>
</div>
<p>
I use <code>/build</code> to emphasize that I am building something in
that directory.
</p>
<p>
The 4 <code>COPY</code> lines are familiar if you use Go enough. First is
<code>go.mod</code> and <code>go.sum</code> because it defines Go modules.
The second is <code>vendor</code>, this is optional but I use it because I
don't want each time I build Dockerfile, I need to redownload Go modules.
</p>
<div class="highlight highlight-source-dockerfile">
<pre><span class="pl-k">RUN</span> CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GOAMD64=v3 go build -o ./app -tags timetzdata -trimpath -ldflags=<span class="pl-s">"-s -w"</span> .</pre>
</div>
<p>This is where I build Go program.</p>
<ul>
<li>
<code>CGO_ENABLED=0</code> because I don't want to mess with C
libraries.
</li>
<li>
<code>GOOS=linux GOARCH=amd64</code> is easy to explain, Linux with
x86-64.
</li>
<li>
<code>GOAMD64=v3</code> is new since
<a href="https://go.dev/doc/go1.18#amd64" rel="nofollow">Go 1.18</a>, I
use v3 because I read about AMD64 version in
<a
href="https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0002-march.rst"
rel="nofollow"
>Arch Linux rfcs</a
>. TLDR's newer computers are already x86-64-v3.
</li>
<li>
<code>-tags timetzdata</code> to embed timezone database in case base
image does not have.
</li>
<li><code>-trimpath</code> to support reproduce build.</li>
<li><code>-ldflags="-s -w"</code> to strip debugging information.</li>
</ul>
<p>Also there are some experiment:</p>
<ul>
<li><code>GOMEMLIMIT=1024MiB</code>: soft memory limit.</li>
</ul>
<div class="highlight highlight-source-dockerfile">
<pre><span class="pl-k">FROM</span> gcr.io/distroless/base-debian12
<span class="pl-k">COPY</span> --from=builder /build/app /app
<span class="pl-k">ENTRYPOINT</span> [<span class="pl-s">"/app"</span>]</pre>
</div>
<p>Finally, I copy <code>app</code> to Distroless base image.</p>
<div class="markdown-heading">
<h2 class="heading-element">Thanks</h2>
<a
id="user-content-thanks"
class="anchor"
aria-label="Permalink: Thanks"
href="#thanks"
><span aria-hidden="true" class="octicon octicon-link"></span
></a>
</div>
<ul>
<li>
<a
href="https://boyter.org/posts/how-to-start-go-project-2023/"
rel="nofollow"
>How to start a Go project in 2023</a
>
</li>
<li>
<a
href="https://words.filippo.io/shrink-your-go-binaries-with-this-one-weird-trick/"
rel="nofollow"
>Shrink your Go binaries with this one weird trick</a
>
</li>
<li>
<a
href="https://weaviate.io/blog/gomemlimit-a-game-changer-for-high-memory-applications"
rel="nofollow"
>GOMEMLIMIT is a game changer for high-memory applications</a
>
</li>
</ul>
<div>
Feel free to ask me via
<a href="mailto:hauvipapro+posts@gmail.com">email</a> or
<a rel="me" href="https://hachyderm.io/@haunguyen">Mastodon</a>.
<br />Source code is available on
<a href="https://github.com/haunt98/posts-go">GitHub</a>
<a href="https://codeberg.org/yoshie/posts-go">Codeberg</a>
<a href="https://git.sr.ht/~youngyoshie/posts-go">sourcehut</a>
<a href="https://gitea.treehouse.systems/yoshie/posts-go">Treehouse</a>
<a href="https://gitlab.com/youngyoshie/posts-go">GitLab</a>
</div>
</body>
</html>