✦ For everyone, free.

Practical knowledge for real and everyday life

Home

12.2.4.5 Go Minimal Container

A focused guide to Go Minimal Container, connecting core concepts with practical Docker and container operations.

A Go minimal container brings together multi-stage builds, static compilation, and a minimal (or empty) final base image to produce one of the smallest, most efficient container images achievable across any common programming language, directly reflecting Go's particular design strengths.

Bringing the Full Pattern Together

Combining everything discussed individually elsewhere produces a genuinely minimal final image.

FROM golang:1.22 AS build
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o /app/server .

FROM scratch
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /app/server /server
ENTRYPOINT ["/server"]

The -ldflags="-s -w" build flags strip debugging symbols, further reducing the binary's own size.

Comparing the Final Result Against a More Typical Approach

The size difference compared to a more traditional, less optimized approach is often dramatic.

docker images

myapp-go-unoptimized   350MB
myapp-go-minimal       9MB
Why This Level of Minimalism Provides Real, Practical Benefits

A smaller image pulls faster, consumes less storage across however many nodes might run it, and presents a meaningfully smaller attack surface, given how little is actually present beyond the application's own compiled code.

docker scout cves myapp-go-minimal:1.0

A scan against an image this minimal typically reveals very few findings, simply because there's so little installed software present to potentially carry a vulnerability.

Balancing This Minimalism Against Debugging Convenience

The trade-off, as with any scratch-based image, is reduced in-container debugging convenience — a reasonable trade for many production deployments, though worth considering deliberately rather than by default.

FROM gcr.io/distroless/static-debian12

A distroless base, slightly less minimal than scratch but still very small, can provide a reasonable middle ground for teams wanting some debugging capability without sacrificing too much minimalism.

Why a Go Minimal Container Matters

This combination of techniques represents Go's particular strength in container image minimalism, and understanding how to apply them together produces images that are both highly efficient and well-suited to a security-conscious production deployment.

Related content