Docker

Cleaning up the apt cache and removing /var/lib/apt/lists helps keep the image size down. Since the RUN statement starts with apt-get update, the package cache will always be refreshed prior to apt-get install.

COPY only supports the basic copying of local files into the container, while ADD has some additional features (like local-only tar extraction and remote URL support) that are not immediately obvious. Consequently, the best use for ADD is local tar file auto-extraction into the image.

Once a package is installed, it does not need to be re-installed and the Docker cache can be leveraged instead. Since the pip cache makes the images larger and is not needed, it's better to disable it.

yarn keeps a local cache of downloaded packages. Not cleaning cached package data after installation can result in higher image sizes. It is always recommended to clean the cached packages after installing them.

Not cleaning cached package data after installation can result in higher image sizes. It is always recommended to clean the cached packages after installing them.

Not cleaning cached package data after installation can result in higher image sizes. It is always recommended to clean the cached packages after installing them.

Without the -l or the --no-log-init flag, useradd will add the user to the lastlog and faillog databases. This can result in the creation of logically large (sparse) files under /var/log, which in turn unnecessarily inflates container image sizes. This is due to the lack of support for sparse files in overlay filesystems. For what it's worth, this behavior becomes more apparent with longer UIDs, resulting in a few megabytes of extra image size with a six-digit UID, up to several gigabytes of excessive image size with even longer UIDs. Disabling this functionality from useradd has minimal disadvantages in a container but saves space and build time.