Difference between revisions of "Docker Best Practices"

From Gcube Wiki
Jump to: navigation, search
(Created page with "= Repositories = Setting up a DTR or Docker Hub? Single User vs Organization? = Dockerfile = == Where to keep the Dockerfile == == Base/Composed Images == Which ones we can...")
 
(What to Package)
 
(12 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Repositories =
+
= Base and Composed Images =
Setting up a DTR or Docker Hub?
+
 
Single User vs Organization?
+
Never build or compose from a <code>latest</code> tag.
  
 
= Dockerfile =
 
= Dockerfile =
  
== Where to keep the Dockerfile ==
+
== Use Metadata Labels ==
 +
 
 +
== Define the Maintainers ==
 +
 
 +
== Which Users inside the Image ==
 +
 
 +
== Define the App Name ==
 +
 
 +
== Define the WORKDIR ==
  
== Base/Composed Images ==
+
== Use COPY instead of ADD ==
Which ones we can use? Which repos/organizations do we trust?
+
  
== Labels ==
+
== Sensitive Information ==
 +
Never add passwords, hostnames, externals paths, tokens, and keys into images. Use a <code>.dockerignore</code> file to avoid a hazardous COPY instruction, which pulls in sensitive information from the build context.
  
== Maintainers ==
+
== Minimize the Image Size ==
  
= Building the Image =  
+
= What to Package =
== Tags ==
+
What do we put inside a Docker image.
  
== Automating ==
 
  
== Pushing ==
+
= Stubs =
 +
Sample stub for a service's Dockerfile:
 +
<pre>
 +
FROM tomcat:8.0-jre8
 +
ADD /my-web-app.war /usr/local/tomcat/webapps/
 +
CMD ["catalina.sh", "run"]
 +
</pre>
  
= Testing the Images =
+
''Back to the [[Docker_Guide_for_gCube_Users | Docker guide]].''
  
= Security =
+
[[Category:Docker]]

Latest revision as of 21:52, 16 August 2020

Base and Composed Images

Never build or compose from a latest tag.

Dockerfile

Use Metadata Labels

Define the Maintainers

Which Users inside the Image

Define the App Name

Define the WORKDIR

Use COPY instead of ADD

Sensitive Information

Never add passwords, hostnames, externals paths, tokens, and keys into images. Use a .dockerignore file to avoid a hazardous COPY instruction, which pulls in sensitive information from the build context.

Minimize the Image Size

What to Package

What do we put inside a Docker image.


Stubs

Sample stub for a service's Dockerfile: 

FROM tomcat:8.0-jre8
ADD /my-web-app.war /usr/local/tomcat/webapps/
CMD ["catalina.sh", "run"]

Back to the Docker guide.

Retrieved from "https://wiki.gcube-system.org/index.php?title=Docker_Best_Practices&oldid=33499"