Remove `VOLUME` instruction

[polarathene]

Welcome!

• Yes, I've searched similar issues on GitHub and didn't find any.

What did you expect to see?

This instruction has no clarification for why it was added to the scratch Dockerfiles only (original commit here). It was likely misunderstood.

Whenever a new container is created via docker run, this instruction creates a new anonymous volume, and will accumulate over time. So long as there is not much data used by such volumes this is rarely a concern and cleanup of dangling volumes can be done via CLI.

However, it is generally considered a bad practice to use these days. The instruction was introduced prior to Docker landing better support for explicit volumes and bind mounts. Implicit volume creation like this can be unexpected and undesired, the container itself has it's own volume/layer at runtime that will persist changes across container restarts which often makes this use redundant, unless the data is important to preserve across container instances and image upgrades at which point the volume should be explicit regardless.

Docker Compose is an example where a legacy feature will preserve the anonymous volume (implicit or explicit) across new container instances and change of images (be that an upgraded tag or an entirely unrelated image). If the data is sensitive, this can unintentionally lead to leaking that data to another image. To preserve the anonymous volume this way Docker Compose associates the volume to the service name, rather than the container instance.

There is rarely a good reason to keep VOLUME, and given it's not used in the other images I would encourage it's removal 👍