BestHub
Sign in
Cloud Native 13 min read

Boost Docker Build Speed by 10%: Master BuildKit Optimizations

This tutorial explains how to enable Docker BuildKit and apply a series of Dockerfile optimizations—including reordering commands, using multi‑stage builds, minimizing base images, and leveraging cache and secret mounts—to significantly reduce build time and image size while improving maintainability and security.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
Boost Docker Build Speed by 10%: Master BuildKit Optimizations

Introduction

Docker builds images by reading the instructions in a Dockerfile, which records every layer added to the image. BuildKit, introduced in Docker v18.09, adds performance, storage‑management, and security enhancements.

Goals

Reduce build time

Shrink image size

Improve maintainability

Ensure reproducibility

Learn multi‑stage Dockerfiles

Understand BuildKit features

Prerequisites

Basic Docker knowledge

Docker installed (v19.03 used in examples)

A Java application (Jenkins Maven sample used)

Simple Dockerfile Example

Unoptimized Dockerfile for a Java app:

FROM debian
COPY . /app
RUN apt-get update
RUN apt-get -y install openjdk-11-jdk ssh emacs
CMD ["java", "-jar", "/app/target/my-app-1.0-SNAPSHOT.jar"]

Building this image without cache takes about 1 m 55 s.

Enabling BuildKit

Two ways to enable BuildKit:

time DOCKER_BUILDKIT=1 docker build --no-cache -t docker-class .

Or set it as default in /etc/docker/daemon.json:

{"features": {"buildkit": true}}

With BuildKit enabled, the same build finishes in ~1 m 43 s, about a 10% speed gain.

Optimization Techniques

Reorder COPY

Place COPY near the end to improve caching:

FROM debian
RUN apt-get update
RUN apt-get -y install openjdk-11-jdk ssh emacs
COPY . /app
CMD ["java", "-jar", "/app/target/my-app-1.0-SNAPSHOT.jar"]

Avoid "COPY ."

Copy only the needed artifact:

FROM debian
RUN apt-get update && apt-get -y install openjdk-11-jdk ssh vim
COPY target/my-app-1.0-SNAPSHOT.jar /app
CMD ["java", "-jar", "/app/my-app-1.0-SNAPSHOT.jar"]

Combine apt‑get commands

FROM debian
RUN apt-get update && \
    apt-get -y install openjdk-11-jdk ssh vim
COPY target/my-app-1.0-SNAPSHOT.jar /app
CMD ["java", "-jar", "/app/my-app-1.0-SNAPSHOT.jar"]

Remove unnecessary packages

FROM debian
RUN apt-get update && \
    apt-get -y install --no-install-recommends openjdk-11-jdk && \
    rm -rf /var/lib/apt/lists/*
COPY target/my-app-1.0-SNAPSHOT.jar /app
CMD ["java", "-jar", "/app/my-app-1.0-SNAPSHOT.jar"]

Use official minimal images

Prefer openjdk with a specific tag instead of latest:

FROM openjdk:8-jre-alpine
COPY target/my-app-1.0-SNAPSHOT.jar /app
CMD ["java", "-jar", "/app/my-app-1.0-SNAPSHOT.jar"]

Multi‑stage builds

Separate build and runtime environments:

FROM maven:3.6-jdk-8-alpine AS builder
WORKDIR /app
COPY pom.xml .
COPY src ./src
RUN mvn -e -B package

FROM openjdk:8-jre-alpine
COPY --from=builder /app/target/my-app-1.0-SNAPSHOT.jar /app.jar
CMD ["java", "-jar", "/app.jar"]

This reduces build time to ~35 s.

Targeted image flavors

ARG flavor=alpine
FROM maven:3.6-jdk-8-alpine AS builder
...
FROM openjdk:8-jre-${flavor} AS release
COPY --from=builder /app/target/my-app-1.0-SNAPSHOT.jar /
CMD ["java", "-jar", "/my-app-1.0-SNAPSHOT.jar"]

Concurrency

BuildKit runs independent stages in parallel, improving CPU utilization.

BuildKit cache mounts

FROM maven:3.6-jdk-8-alpine AS builder
WORKDIR /app
RUN --mount=type=cache,target=/root/.m2 \
    mvn package -DoutputDirectory=/out

FROM openjdk:8-jre-alpine
COPY --from=builder /out/my-app-1.0-SNAPSHOT.jar /
CMD ["java", "-jar", "/my-app-1.0-SNAPSHOT.jar"]

Security features

Use --mount=type=secret to hide credentials:

FROM <baseimage>
RUN ...
RUN --mount=type=secret,id=aws,target=/root/.aws/credentials,required \
    ./fetch-assets-from-s3.sh

Build with:

docker build --secret id=aws,src=~/.aws/credentials

Use SSH mount for private repositories:

FROM alpine
RUN apk add --no-cache openssh-client
ARG REPO_REF=19ba7bcd9976ef8a9bd086187df19ba7bcd997f2
RUN --mount=type=ssh,required git clone [email protected]:org/repo /work && \
    cd /work && git checkout -b $REPO_REF

Conclusion

By enabling Docker BuildKit and applying the presented Dockerfile optimizations—reordering commands, minimizing base images, leveraging multi‑stage builds, using cache and secret mounts—you can noticeably speed up image builds, reduce size, and improve overall development efficiency.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Dockerimage-optimizationContainerDockerfileBuildKitmultistage-build
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment