Hi there,
This is Ankit, your friendly DevOps content curator. I read a lot of articles about DevOps, distributed systems, performance monitoring, etc., and then share key takeaways from those articles so that you can stay updated and learn a few things quickly.π
I read this article on best practices for building a docker image. A Docker image serves as a template to build Docker containers. It also acts as a starting point when using Docker.
Link to the full articleπ
Dockerfile: Best practices for building an image
Summary of best practices for building Docker images
Below is the list of best practices to follow while building Docker images:
1. OS base image
OS base image size can have a lot of impact on image sizes and security vulnerabilities. You should choose minimal Docker images like Alpine(~5 MB) compared to the most downloaded base image like ubuntu(~188 MB)
2. Base images
Each base image should have a specific goal and should be as generic as possible to ensure re-usability.
3. Docker users with minimal privileges
Docker users should only have the privileges that they need. For e.g. the ROOT user should not be used for starting the container.
4. Leverage Dockerignore
Dockerignore can be used for keeping your Docker images as lean as possible. You can create a file named .dockerignore in your root folder and use it to exclude files and directories that are not needed to run the app.
5. Be specific with AND or COPY
While using AND or COPY, be specific with the folder or files you want. It is an easy way to optimize image size.
6. Specific tag instead of fixed tag
Docker tags convey useful information about specific image versions/variants. Avoid using fixed tags like 'latest' as it makes it hard to track which version of the image is running and hard to roll back.
7. Image life cycle management
A security breach can happen in case you are running a deprecated version of an image. Hence, it's necessary to put in place a proper image life cycle management.
8. Sensitive information
Environment variables are not a good way to manage secrets as they are not encrypted. Solutions like Hashicorp vault can be used for managing secrets.
9. Multi-stage builds
With multi-stage builds, you use multiple FROM statements in your Dockerfile. Using multi-stage builds, you can selectively copy artifacts from one stage to another, leaving behind everything you donβt want in the final image.
10. Combine commands
As each command in a Dockerfile adds one layer to the image, one way to reduce image size is by combining commands. For example, multiple RUN commands can be combined into a single RUN statement.
I hope you enjoyed this summary and learned something new. I will be coming up with more such notes soon.
Please give me a follow if you liked it π
Currently building SigNoz - an open-source APM & observability tool π
SigNoz
/
signoz
SigNoz is an open-source observability platform native to OpenTelemetry with logs, traces and metrics in a single application. An open-source alternative to DataDog, NewRelic, etc. π₯ π₯. π Open source Application Performance Monitoring (APM) & Observability tool
SigNoz
All your logs, metrics, and traces in one place. Monitor your application, spot issues before they occur and troubleshoot downtime quickly with rich context. SigNoz is a cost-effective open-source alternative to Datadog and New Relic. Visit signoz.io for the full documentation, tutorials, and guide.
Documentation β’ ReadMe in Chinese β’ ReadMe in German β’ ReadMe in Portuguese β’ Slack Community β’ Twitter
Features
Application Performance Monitoring
Use SigNoz APM to monitor your applications and services. It comes with out-of-box charts for key application metrics like p99 latency, error rate, Apdex and operations per second. You can also monitor the database and external calls made from your application. Read more.
You can instrument your application with OpenTelemetry to get started.
Logs Management
SigNoz can be used as a centralized log management solution. We use ClickHouse (used by likes of Uber & Cloudflare) as a datastore, β― an extremely fastβ¦
Top comments (0)