22/09/2021

Docker Best Practices Workshop - Presentation

Well, this is the 3rd post in the same month, I didn't do that for a long time! But Q3 2021 has been super productive and many things have been done.

Yesterday, as part of the knowledge share and developer enablement at Camunda, I delivered a Docker Best Practices Workshop which was available for the whole engineering division at Camunda.

What I really liked about this workshop, that everyone told me that they learned something new, even though they have been working with Docker for a pretty long time!

If I have a single piece of advice out of this workshop, it will be ... use the Dockerfile linter, use hadolint! Use it via CLI or integrate it with your IDE (e.g. check VS Code hadolint extension) Also, make it part of your CI pipeline! By using hadolint, you will avoid at least 50% of the Docker issues with your eyes closed!


The first part of the workshop, the presentation recording in HQ (just about 20 min!)

In this workshop, I've covered the following:

Essential Practices

  • Use Dockerfile linter
  • Check Docker language specific best practices
  • Create a single application per Docker image
  • Create configurable ephemeral containers

Image Practices

  • Use optimal base image
  • Pin versions everywhere
  • Create image with the optimal size
  • Use multi-stage whenever possible
  • Avoid any unnecessary files

Security Practices

  • Always use trusted images
  • Never use untrusted resources
  • Never store sensitive data in the image
  • Use a non-root user
  • Scan image vulnerabilities

Misc Practices

  • Leverage Docker build cache
  • Avoid system cache
  • Create a unified image across envs
  • Use ENTRYPOINT with CMD

Finally, here is the hands-on repo, where the best practices will be applied to a simple application: https://github.com/aabouzaid/docker-best-practices-workshop


That's it, enjoy :-)

Powered by Blogger.

Hello, my name is Ahmed AbouZaid and this is my "lite" technical blog!

I'm a passionate DevOps engineer, Cloud/Kubernetes specialist, Free/Open source geek, and an author.

I believe in self CI/CD (Continuous Improvements/Development), also that "the whole is greater than the sum of its parts".

DevOps transformation, automation, data, and metrics are my preferred areas. And I like to help both businesses and people to grow.

Popular Posts