...
- Separate installation from configuration: installation should occur in your Dockerfile, dynamic configuration should happen during container startup.
- Use official images where possible
- Always pin version numbers (avoid "latest")
- Run dependent services in separate containers. If your service requires MySQL, configure it as a dependency, don't install it in your image.
See also:
- Best practices for writing Dockerfiles
- Guidelines for Official Docker ImagesAlways use the VOLUME instruction to specify the location of mutable data. For example, Postgres data directory.
Docker best practices
Here is a summary of points from the Docker Best Practices and the Docker Official Images guidelines.
- Containers are ephemeral: they can be stopped and destroyed and a new one built with absolute minimum setup and configuration.
- One process per container
- Minimize layers
- Sort multi-line arguments and split RUN statements for readability
- Use official images as basis for images (Docker recommends Debian because it's small and kept up-to-date)
- Pin versions to avoid failures. Always pin the version of the main application, if installing via apt-get or similar.
- Use CMD or ENTRYPOINT for service-based images.
- ENTRYPOINT should be used when you want the container to behave exclusively as if it were the executable it's wrapping.
- CMD should be used if the user needs flexibility to run any executable they choose when starting the container.
- You can combine ENTRYPOINT and CMD to specify a default executable with default arguments that can be overridden
- Understand shell vs exec uses of CMD. Prefer exec form for signal handling.
- If image requires initialization, use ENTRYPOINT and CMD
- Make sure "bash" works too
- Model entrypoint.sh use after Postgres
- Use EXPOSE for ports
- Use VOLUME for mutable/customizable parts of image
- Use WORKDIR for clarity
- Use https where possible, import PGP keys with full fingerprint to check package signing, embed checksums in Dockerfile if PGP signing not available
- Forked/detached processes: Containers will stop when the process specified in the "docker run" command stops. For services that generally run detached (e.g., httpd, nginx, postgres), the Dockerfile should call a command that runs in the foreground. For example, the Apache httpd has a "-DFOREGROUND" option.
Dependencies
Often our applications depend on other services. A particular web application might consist of a web server, application server, database, and search engine. Dependencies introduce complexity when running containers. For example:
...
- Dependencies: as discussed above, environment variables providing the IP and PORT of all services in a stack are injected into all related containers.
- System variables: provided for convenience in all containers
- Custom variables
System variables
| Variable | Description |
|---|---|
| NDSLABS_DOMAIN | Domain of the Workbench cluster |
| NDSLABS_HOSTNAME | Full host name of your running service |
| NDSLABS_STACK | Unique ID of your application stack |
| NDSLABS_HOME | Home directory for your account |
| NDSLABS_EMAIL | Account email address |
Custom variables
Labs Workbench supports custom configuration through the use of environment variables.
...