10

Can we build a docker container that doesn't have any shell in that container ? Is it possible to create a container without a shell ?

Sandipan
  • 683
  • 8
  • 25
  • do you mean, without `bash`? what about alpine? – ItayB Nov 28 '19 at 18:56
  • 1
    No like any shell not only bash but any shell is it possible ? Does every container needs a shell ? – Sandipan Nov 28 '19 at 18:58
  • @Sandipan: I'm almost sure that you do not need to include shell - redefine `CMD` to something different than `/bin/sh` and do not ship any shell binary. But a container without a shell is not good for development. – Arkadiusz Drabczyk Nov 28 '19 at 19:04
  • 2
    Take a look at, say, `k8s.gcr.io/pause`, a pause image used by Kubernetes. All it has inside is a single statically-linked binary "pause". No shell, no libraries. – Danila Kiver Nov 28 '19 at 19:06
  • So if a container doesn't have shell then how a script will run ? If we give binaries then can it be run in that container ? Aa far as I know binaries gets process directly by the kernel so if any binary is given then will it just pass that to the host kernel and the script will run or it will fail as it doesn't have any shell ? – Sandipan Nov 28 '19 at 19:21
  • maybe [distroless](https://github.com/GoogleContainerTools/distroless)? – Lei Yang Jun 08 '23 at 08:30

1 Answers1

6

Yes, you can create a container from scratch, which does not contain anything even bash, it will only contain binaries that you copy during build time, otherwise, it will be empty.

FROM scratch
COPY hello /
CMD ["/hello"]

You can use Docker’s reserved, minimal image, scratch, as a starting point for building containers. Using the scratch “image” signals to the build process that you want the next command in the Dockerfile to be the first filesystem layer in your image.

While scratch appears in Docker’s repository on the hub, you can’t pull it, run it, or tag any image with the name scratch. Instead, you can refer to it in your Dockerfile. For example, to create a minimal container using scratch:

scratch-docker-image

Using this as a base image, you can create your custom image, for example you only node runtime not thing more, then you try form scratch-node.

FROM node as builder

WORKDIR /app

COPY package.json package-lock.json index.js ./

RUN npm install --prod

FROM astefanutti/scratch-node

COPY --from=builder /app /

ENTRYPOINT ["node", "index.js"]
Adiii
  • 54,482
  • 7
  • 145
  • 148