Here’s a bunch of Docker best practices that I picked up after having used Docker for the last ~4 years

They are all based around Docker related files (Dockerfile, docker-compose.yml and .dockerignore):

What are some of your Docker best practices?

9 thoughts on “Here’s a bunch of Docker best practices that I picked up after having used Docker for the last ~4 years”

  1. What is the reason for this one?

    >Use Alpine as a base image unless you can’t due to technical reasons

    I tend to use CentOS as a base because it’s what I’m most familiar with. Are there technical reasons for using Alpine over anything else? Does this only apply to using Docker for a specific purpose?

  2. Just a few off my head:

    * Explicit > Implicit
    * Don’t forward database ports (or at least only on “secure” network interfaces)
    * Use entrypoints for any application that relies on another service.
    * Be wary of data persistence.
    * Be wary of naming conflicts and shared files when using multiple docker compose instances.
    * Bloat matters, no need to stick dev libs in a production-ready image.

  3. If alpine is the best practice, i must be using it wrong. I have had major problems with the dns randomly failing when doing things like connecting to databases or other external services. Anyone else have this issue?

  4. i stay away from alpine and also from certain applications in docker. always weird stuff happens while on a bare vm it stays solid for months

  5. Good post, though I don’t know if I’d say using Alpine is a best practice. More precisely, keep your base image as lean as possible. If I were going to use a slim base image I’d also consider the Google slim images.

    Another thing worth mentioning is using multi-stage builds where possible. It can have a HUGE impact on your final file size and make your containers much easier to maintain.

  6. Beware: you should never use $PWD unless you’re sure you always run docker-compose on the DOCKER_HOST. Whenever you are using the client/server functionality of docker, this no longer works correctly (unless you also deploy the files you are referring to on the host itself.

  7. \> Include a curl driven HEALTHCHECK (if it makes sense)

    Why not use wget? Curl isn’t shipped with Alpine by default

    \> Stick to the \[\] syntax when supplying your CMD instructions

    Why not just write the plain command? The \[\] syntax only seems to clutter the picture

    \> Use $PWD instead of . for when you need the current directory’s path



Leave a Comment