DEV Community

Discussion on: Top 8 Docker Best Practices for using Docker in Production ✅

Collapse
muayyadalsadi profile image
Muayyad Alsadi

there is a good point about layers, another example is to clear package manager cache after you finish in one layer that is:

FROM registry.fedoraproject.org/fedora-minimal:35
RUN \
  microdnf module enable -y nodejs:14 && \
  microdnf -y install nodejs zopfli findutils busybox && \
  microdnf clean all
Enter fullscreen mode Exit fullscreen mode

because if you add file in a layer and remove it in another layer it would still count and carried in the archive, it would be just carried with a flag that it's removed.

regarding: Use specific Docker image versions
pinning the exact version is a security risk, one might pin only the major version allowing it to receive security updates so instead of node:17.0.1 just node:17, it's less likely to break the application depending on 17-specific features, it it would be able to receive security fixes from 17.0.2.

Use .dockerignore file

even better, use buildah (podman build) which does not need to archive and create and send the archive to the docker daemon.

another workaround, create a directory called containers and put the docker file inside it, where only the needed files are inside that directory.

Make use of Multi-Stage Builds

this is very important, as someone who was part of that proposal, I'm very sad this feature is rarely used.

The compiler, git, intermediate files, ...etc should never be part of final image.