0
0
Dockerdevops~10 mins

Scratch base image for minimal containers in Docker - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Scratch base image for minimal containers
Start Dockerfile
Use FROM scratch
Add minimal files
Build container image
Run minimal container
Container runs with minimal size
End
This flow shows how a Dockerfile starts with FROM scratch, adds only needed files, builds the image, and runs a minimal container.
Execution Sample
Docker
FROM scratch
ADD hello /
CMD ["/hello"]
This Dockerfile uses scratch as base, adds a hello binary, and runs it.
Process Table
StepDockerfile InstructionActionResulting Image StateNotes
1FROM scratchStart from empty base imageImage has no files or layersBase image is empty, no OS or tools
2ADD hello /Add hello binary to rootImage now contains /hello fileOnly the hello binary is added, minimal size
3CMD ["/hello"]Set default command to run /helloContainer will run /hello on startNo shell or other commands available
4docker build -t hello-minimal .Build image from DockerfileImage built with minimal sizeImage size is very small, only hello binary
5docker run --rm hello-minimalRun container from imageContainer runs and executes /helloContainer runs with minimal environment
6ExitContainer stops after /hello finishesContainer exits cleanlyNo extra processes or files remain
💡 Container exits after running the /hello binary, no OS or shell present
Status Tracker
VariableStartAfter Step 2After Step 3After BuildAfter RunFinal
Image Filesempty/hello/hello/hello/hello (running)empty (container exited)
Container Statenonenonenonebuiltrunning /helloexited
Key Moments - 3 Insights
Why does the image have no OS or shell?
Because FROM scratch starts with an empty image, no OS or shell is included, only what you add explicitly (see execution_table step 1).
How can the container run a command without a shell?
The CMD runs the binary directly; no shell is needed because the binary is self-contained (see execution_table step 3).
Why is the image size so small?
Only the hello binary is added, no extra OS files or libraries, so the image stays minimal (see execution_table step 2 and 4).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what files exist in the image after step 2?
AOnly /hello binary
BFull OS files
CNo files at all
DShell and utilities
💡 Hint
Check the 'Resulting Image State' column at step 2 in the execution_table
At which step does the container start running the /hello binary?
AStep 3
BStep 4
CStep 5
DStep 2
💡 Hint
Look at the 'Action' and 'Resulting Image State' columns in execution_table step 5
If you add a shell binary in step 2, how would the image size change?
AIt would stay the same
BIt would become larger
CIt would become smaller
DIt would fail to build
💡 Hint
Adding more files increases image size, see step 2 notes about minimal size
Concept Snapshot
FROM scratch starts an empty image with no OS.
ADD copies only needed files (like a binary).
CMD sets the command to run inside the container.
Result: minimal container size, no shell or OS included.
Use for very small, secure containers.
Full Transcript
This visual execution shows how to create a minimal Docker container using the scratch base image. The Dockerfile starts with FROM scratch, which means the image is empty with no operating system or shell. Then, the ADD instruction copies a single binary file named hello into the image. The CMD instruction sets the container to run this hello binary when started. Building the image creates a very small container image containing only the hello binary. Running the container executes the binary directly, without any shell or extra OS files. The container exits after the binary finishes. This approach is useful for creating minimal, secure containers with only the necessary files.