Docker is not too difficult to understand but there are some tips to a user that should be followed to use it more effectively. In this post, we are going to cover best practices for Docker like how to write Dockerfile, how to trim your image size, etc. If you’re new for Docker then go through – Docker-Better way to build, it provides an overview of Docker fundamentals.

Following are some patterns best practices to create an application with docker

1. Managing Dockerfile
2. Docker Image
3. Docker Container
4. Docker Security

Managing Dockerfile 

• Dockerfile allows a user to define exact actions needed to create a container.
• While selecting base images, prefer a smaller base image because each line in Dockerfile will increase the size of the image.
• Avoid installing unnecessary packages  E.g. the user doesn’t need to include a text editor in the image.
• Each RUN statement adds a layer that increases the size, below command shows how to use a single RUN statement to reduce the size

• CMD sets default command and/or parameters, which can be overwritten from the command line when Docker container runs. For E.g. an example for CMD would be running an application upon creation of a container which is already installed using RUN inside the image.

• ENTRYPOINT allows the user to configure a container that will be executable. Following will start Nginx with its default content.

• ENV instruction sets environment variables to a value.

• EXPOSE instruction indicates the ports on which a container will listen for connections.

• ADD or COPY both commands functionality are similar. COPY is used for copying files to a container, while ADD command has some features like extraction tar file and remote URL support. COPY is preferred because it’s more transparent than ADD. These both instruction adds the layer that increase the size.

• Sort multi-line arguments alphanumerically. This will help you to avoid duplication of package installations.

• USER can be added if required but we have to make sure that after user is added, only non-root privilege service will be executed

Docker Image

• A container is a lightweight machine and its size depends on Image size.
• While creating Docker images try to keep a minimum number of layers that will be created in your Dockerfile.
• Try to reduce unnecessary data within layers
• Starts with the appropriate base image. For e.g. If the user wants Nginx select official Nginx image rather than selecting any CentOS/Ubuntu machine and install Nginx on that.
• Small images are faster to pull over the network(for e.g Docker hub) and faster to load into memory when the container starts.
• Use multi-stage builds, it is a new feature which requires Docker 17.05 or higher version of the daemon and client.
• While building an image, always tag them with a useful name. This will help user while deploying the application in different environments. Do not rely on the automatically created tags.

Docker container

• Containers are an abstraction at the app layer that packages code and dependencies together.
• Don’t ship application in two pieces. E.g. For a continuous delivery (CD) pipeline to QA and production, your application should be part of the image.
• One container has one process, this makes easier to scale or reuse the container.
• The container should be ephemeral. For e.g. it can be stopped, destroyed, recreated and put in place with an absolute minimum of set-up.
• Try to avoid creating images from running containers.
• Do not store data in containers, make sure your applications use shared volumes for data store.

Docker Security

• Do not trust an unofficial image until they are used by multiple devices.
  
• In the container, a user can open specific ports which needed. 
  
• Group of containers should use their own sub-network.
• If service does not need root user privilege, do not use root user. Create a new user and switch to that user.
• Limit access to file-system and memory
• Don’t store credentials in the image, use environment variables.

Conclusion

This post guides us with the better way to use docker, dockerfile writing, how to reduce image size, points to take care while running a container and docker security. So go ahead and take deep dive into docker.

Reference

Docker – Better way to build

Docker docs

https://github.com/FuriKuri/docker-best-practices

The post Docker – Best Practices appeared first on DevOpsTech Solutions.