Difference between revisions of "Docker Best Practices"
From Gcube Wiki
Manuele.simi (Talk | contribs) |
Manuele.simi (Talk | contribs) (→What to Package) |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | = | + | = Base and Composed Images = |
| − | + | ||
| − | + | Never build or compose from a <code>latest</code> tag. | |
= Dockerfile = | = Dockerfile = | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
== Use Metadata Labels == | == Use Metadata Labels == | ||
| Line 22: | Line 17: | ||
== Use COPY instead of ADD == | == Use COPY instead of ADD == | ||
| − | == | + | == Sensitive Information == |
| + | Never add passwords, hostnames, externals paths, tokens, and keys into images. Use a <code>.dockerignore</code> file to avoid a hazardous COPY instruction, which pulls in sensitive information from the build context. | ||
| − | = | + | == Minimize the Image Size == |
| − | = | + | = What to Package = |
| − | + | What do we put inside a Docker image. | |
| − | |||
| − | == | + | = Stubs = |
| + | Sample stub for a service's Dockerfile: | ||
| + | <pre> | ||
| + | FROM tomcat:8.0-jre8 | ||
| + | ADD /my-web-app.war /usr/local/tomcat/webapps/ | ||
| + | CMD ["catalina.sh", "run"] | ||
| + | </pre> | ||
| − | + | ''Back to the [[Docker_Guide_for_gCube_Users | Docker guide]].'' | |
| − | + | [[Category:Docker]] | |
Latest revision as of 21:52, 16 August 2020
Contents
Base and Composed Images
Never build or compose from a latest tag.
Dockerfile
Use Metadata Labels
Define the Maintainers
Which Users inside the Image
Define the App Name
Define the WORKDIR
Use COPY instead of ADD
Sensitive Information
Never add passwords, hostnames, externals paths, tokens, and keys into images. Use a .dockerignore file to avoid a hazardous COPY instruction, which pulls in sensitive information from the build context.
Minimize the Image Size
What to Package
What do we put inside a Docker image.
Stubs
Sample stub for a service's Dockerfile:
FROM tomcat:8.0-jre8 ADD /my-web-app.war /usr/local/tomcat/webapps/ CMD ["catalina.sh", "run"]
Back to the Docker guide.
