Difference between revisions of "Docker Best Practices"

From Gcube Wiki
Jump to: navigation, search
Line 1: Line 1:
= Docker Repositories =
 
Setting up a DTR or Docker Hub?
 
 
* https://hub.docker.com/u/gcube
 
* https://hub.docker.com/u/d4science
 
 
Single User vs Organization?
 
 
= Layout of a Docker-enabled Project =
 
 
= Base/Composed Images =
 
Which ones we can use? Which repos/organizations do we trust?
 
 
 
= Dockerfile =
 
= Dockerfile =
  
Line 30: Line 17:
  
 
== Minimize the Image Size ==
 
== Minimize the Image Size ==
 
= Build the Image =
 
 
== Tags/SHAs ==
 
Use fixed tags for immutability.
 
 
== Automate ==
 
 
== Push ==
 
 
= Test the Images =
 
 
= Document How to launch the Containers =
 
 
= Maintain the Images =
 
 
== Find, Fix and Monitor for Image Vulnerabilities ==
 
 
== Scheduled (Monthly) Patching ==
 

Revision as of 04:06, 16 August 2020

Dockerfile

Use Metadata Labels

Define the Maintainers

Which Users inside the Image

Define the App Name

Define the WORKDIR

Use COPY instead of ADD

Sensitive Information

Never add passwords, hostnames, externals paths, tokens, and keys into images. Use a .dockerignore file to avoid a hazardous COPY instruction, which pulls in sensitive information from the build context.

Minimize the Image Size

Retrieved from "https://wiki.gcube-system.org/index.php?title=Docker_Best_Practices&oldid=33474"