Docker best practices
- Use a least privileged user.
- Use multi-stage builds.
- Scan for security vulnerabilities.
- Use smaller size official images.
- Use caching.
- Use relevant tagging scheme for images rather than using the default tag.
- Run containers as non-root users.
- Use distroless images
- Multistage Builds
Creating a User in docker image to handle permission
By default docker uses root user permission
ARG UID=1000 ARG GID=1000 RUN groupadd -r --gid $GID user && useradd -r --uid $UID -g user user
Using the created
Docker file to run dev env
FROM node # Create app directory WORKDIR /app # Copy dep COPY package.json pnpm-lock.yaml ./ RUN pnpm install COPY .. ENTRYPOINT ["pnpm", "run"] CMD ["dev"]
Docker volumes are a way to manage and persist data in Docker containers. A volume is a directory or file that exists outside of the container's file system and can be shared by multiple containers. This allows for data to persist between container runs, making it easy to manage and backup data.
To create a host-mounted volume, you can use the
-vflag when running a container, followed by the path to the volume on the host system.
docker run -v /path/on/host:/path/in/container myimage
It is used to store sensitive data in memory
To create an anonymous volume, you can use the
-vflag followed by just the path in the container.
docker run -v /path/in/container myimage
This will create an anonymous volume at the path
/path/in/containerin the container.
You can also manage volumes using the
docker volumecommand, which allows you to create, list, inspect, and remove volumes.
It mount’s the host’s file system to a docker container.