✦ For everyone, free.

Practical knowledge for real and everyday life

Home

4.2.1.5 FROM Minimal Base

A focused guide to FROM Minimal Base, connecting core concepts with practical Docker and container operations.

A FROM minimal base refers to deliberately choosing the smallest, most stripped-down base image suitable for an application's needs — scratch, a distroless image, or a minimal distribution like Alpine — specifically to minimize the resulting image's size and attack surface.

Choosing Scratch for Static Binaries

For applications compiled into fully static binaries with no remaining runtime dependencies, scratch provides the smallest possible starting point, containing nothing at all beyond what is explicitly added afterward.

FROM scratch
COPY --from=build /src/app /app
ENTRYPOINT ["/app"]
Choosing a Distroless Base for Managed Runtimes

For applications written in a language with a managed runtime (such as Python or Java) that still benefit from minimal surrounding tooling, a distroless image provides just the runtime itself, without a shell or package manager.

FROM gcr.io/distroless/python3
COPY app.py /app.py
CMD ["/app.py"]
Choosing Alpine as a Lightweight General-Purpose Base

When some general-purpose tooling is still needed but minimizing size remains a priority, Alpine provides a reasonable middle ground, offering a working shell and package manager in a much smaller footprint than a typical full-featured distribution.

FROM python:3.12-alpine
Verifying Minimal Base Compatibility Before Committing

Because minimal bases often trade away conveniences (shells, broader package availability, glibc compatibility) for size, verifying that an application's specific dependencies actually work correctly on a candidate minimal base is an important step before adopting it as the standard choice.

docker run --rm myapp:alpine python -c "import numpy"
Why Choosing a Minimal Base Matters

Deliberately starting from the most minimal base an application can actually support reduces both the final image's size and the amount of software present that could potentially be exploited, making this choice one of the highest-leverage decisions available when optimizing a Dockerfile for production use.

docker images myapp

Related content