Tags
Below are a few design patterns for Docker. It is an abbreviated version of docker-container-anti-patterns.
- Containers are ephemeral. Data or logs should be stored in volumes.
- Create services to tie containers together, such as the frontend (nginx)
and backend (database). This provides basic load balancing. You can update
your services and containers independently of each other. - A Dockerfile uses CMD or ENTRYPOINT to perform some configuration and then
start the container. Do not start multiple processes in that script. It makes
updating your container much harder. - “docker exec” starts a new command in a running container. It is useful
for attaching a shell (docker exec -it {id} bash). - Your image should be lean. Create a directory and include a Dockerfile and
anything relevant there. Use .dockerignore to remove any logs, source code, etc.
before creating the images. - Do not store security credentials in Dockerfile. They are in clear text and checked
into a repository, making them vulnerable. - Use tags when running a container. “latest” may not actually be the latest and
instead be an older version. - Do not run your containers as root. A compromised container can damage your
underlying host.