10 thoughts on “Write a Good Dockerfile in 19 Easy Steps”

  1. Great summary. A bunch of these things are caught when using a linting tool such as Hadolint. We’ve baked that into our pipelines that build containers.

  2. dude… step 5 through 7 are conflicting for someone that doesn’t know whats up.

    if a person has got to the point of writing their own… they should be doing step 7. build it from scratch.

  3. In step 3, you can still run into caching issues all the same. There’s no reason to believe that just because they’re in one step instead of two, they won’t be cached.

    The advice of combining the lines into one is good, but it sounds like the author doesn’t actually understand this advice.

    Step 4 is… Also weird. Why would more steps be better for caching? If any one command invalidates the cache, then all the layers after that will also be invalidated. Doesn’t sound like he completely gets it again.

    Step 6 is… Not a step.

    Step 7 I don’t agree with. I previously worked in healthcare, now in the payment card industry. I’d argue we do care about security, after all we’re PCI DSS compliant. Yet we don’t build our own scratch images, because that isn’t safer, unless you got a guy working full-time updating all your own base images. If you don’t have the resources for that, use the Debian base image. You’re probably not smarter than the guys maintaining that anyway.

    Step 9 is wrong. There’s no guarantee that certain tags aren’t mutable. If you want to ensure you’re always using the same base image (which you shouldn’t, because security patches), you should refer to the SHA – not some tag that you think looks immutable.

    Step 14 is just fucking weird. No, I don’t want to copy your random article into every repository I have. It also has relative URLs to resources, so it’d kind of break as well. What the fuck is that advice.

    I feel 90% of articles like these are written by some guy just learning the technology, jotting some thoughts down and then thinking “I should write an article!”, which then ends up being half-arsed and wrong. I don’t want to just shit on articles, but when an article with half-misunderstood/half-wrong advices gets 100 upvotes, it just annoys me.

    Anyway, that’s my angry-old-man speech.


Leave a Comment