How does the new Docker –squash work

In Docker 1.13 the new squash parameter was added.

I’m now hoping to reduce the size of my images as well as being able to “hide” secret files I have in my layers.

  • Can docker containers within same host have same ports
  • Can't push image to Amazon ECR - fails with “no basic auth credentials”
  • Redirect several log files in docker container to stdout (legacy application)
  • What package rules do I need to set up in Kaspersky's Firewall to unblock Docker's “Shared Drive” feature?
  • Sentry Docker Port 80
  • Bluemix docker scalable group for non HTTP requests
  • Below you can now see the difference from doing a build with and without the –squash parameter.

    Without Squash

    enter image description here

    With Squash

    enter image description here

    Now to my question.

    If I add a secret file in my first layer, then use the secret file in my second layer, and the finally remove my secret file in the third layer, and then build with the –squash flag.

    Will there be any way now to get the secret file?

  • How do I configure Laradock IP?
  • Docker, Kafka - replication doesn't work between remote brokers
  • Mac OS X sudo docker Cannot connect to the Docker daemon. Is the docker daemon running on this host?
  • Docker git clone on container launch?
  • exec not found using Dockerfile ENTRYPOINT
  • how to select options properly for “/bin/bash” when writing a blueprint for cloudify
  • One Solution collect form web for “How does the new Docker –squash work”

    If I add a secret file in my first layer, then use the secret file in
    my second layer, and the finally remove my secret file in the third
    layer, and then build with the –squash flag.

    Will there be any way now to get the secret file?

    Answer: Your image wont have the secret file.

    How does squash work:

    Once the build is complete, docker creates a new image loading the diffs from each layer into a single new layer and references all the parent’s layers.

    In another words:

    When squashing, Docker will take all the filesystem layers produced by a build and collapse them into a single new layer.

    This can simplify the process of creating minimal container images, but may result in slightly higher overhead when images are moved around (because squashed layers can no longer be shared between images). Docker still caches individual layers to make subsequent builds fast.

    Please note this feature squashes all the newly built layers into a single layer, it is not squashing to scratch.

    Side notes:

    Docker 1.13 also has support for compressing the build context that is sent from CLI to daemon using the --compress flag. This will speed up builds done on remote daemons by reducing the amount of data sent.

    Please note as of docker 1.13 this feature is experimental.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.