Difference between revisions of "Docker Best Practices"
From Gcube Wiki
Manuele.simi (Talk | contribs) |
Manuele.simi (Talk | contribs) |
||
Line 1: | Line 1: | ||
= Docker Repositories = | = Docker Repositories = | ||
Setting up a DTR or Docker Hub? | Setting up a DTR or Docker Hub? | ||
+ | |||
+ | * https://hub.docker.com/u/gcube | ||
+ | * https://hub.docker.com/u/d4science | ||
+ | |||
Single User vs Organization? | Single User vs Organization? | ||
= Layout of a Docker-enabled Project = | = Layout of a Docker-enabled Project = | ||
− | + | = Base/Composed Images = | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
Which ones we can use? Which repos/organizations do we trust? | Which ones we can use? Which repos/organizations do we trust? | ||
+ | |||
+ | = Dockerfile = | ||
== Use Metadata Labels == | == Use Metadata Labels == | ||
Line 31: | Line 33: | ||
= Build the Image = | = Build the Image = | ||
− | == Tags == | + | == Tags/SHAs == |
Use fixed tags for immutability. | Use fixed tags for immutability. | ||
Line 42: | Line 44: | ||
= Document How to launch the Containers = | = Document How to launch the Containers = | ||
− | = Find, Fix and Monitor for Image Vulnerabilities = | + | = Maintain the Images = |
+ | |||
+ | == Find, Fix and Monitor for Image Vulnerabilities == | ||
+ | |||
+ | == Scheduled (Monthly) Patching == |
Revision as of 13:36, 15 August 2020
Contents
Docker Repositories
Setting up a DTR or Docker Hub?
Single User vs Organization?
Layout of a Docker-enabled Project
Base/Composed Images
Which ones we can use? Which repos/organizations do we trust?
Dockerfile
Use Metadata Labels
Define the Maintainers
Which Users inside the Image
Define the App Name
Define the WORKDIR
Use COPY instead of ADD
Sensitive Information
Never add passwords, hostnames, externals paths, tokens, and keys into images. Use a .dockerignore
file to avoid a hazardous COPY instruction, which pulls in sensitive information from the build context.
Minimize the Image Size
Build the Image
Tags/SHAs
Use fixed tags for immutability.