Docker Notes

Docker Notes

July 25, 2021

Docker best practices

  • Use a least privileged user.
  • Use multi-stage builds.
  • Scan for security vulnerabilities.
  • Use smaller size official images.
  • Use caching.
  • Use relevant tagging scheme for images rather than using the default tag.
  • Run containers as non-root users.
  • Use distroless images.
  • Multistage Builds

Creating a User in docker image to handle permission

By default docker uses root user permission
ARG UID=1000 ARG GID=1000 RUN groupadd -r --gid $GID user && useradd -r --uid $UID -g user user
Make sure to match permission with the user.

Using the created user

USER user

Docker Commands

Docker inspect

docker inspect {{ image name }}

Docker remove container

docker image rm

Docker remove image

docker image rmi

Docker Format

Docker format can be used with any command to format it output.
docker --format '{{ Tag }}'

Docker Filter

Docker filter
docker --filter


Docker file to run dev env

FROM node # Create app directory WORKDIR /app # Copy dep COPY package.json pnpm-lock.yaml ./ RUN pnpm install COPY .. ENTRYPOINT ["pnpm", "run"] CMD ["dev"]

Docker Volumes

Docker volumes are a way to manage and persist data in Docker containers. A volume is a directory or file that exists outside of the container's file system and can be shared by multiple containers. This allows for data to persist between container runs, making it easy to manage and backup data.

Persistent Storage

Volume Plugins

Filesystem Mount

To create a host-mounted volume, you can use the -v flag when running a container, followed by the path to the volume on the host system.
docker run -v /path/on/host:/path/in/container myimage

TMPS Mount

It is used to store sensitive data in memory.


Anonymous volumes

To create an anonymous volume, you can use the -v flag followed by just the path in the container.
docker run -v /path/in/container myimage
Anonymous Volume
This will create an anonymous volume at the path /path/in/container in the container.
You can also manage volumes using the docker volume command, which allows you to create, list, inspect, and remove volumes.

Bind Mount

It mounts the host’s file system to a docker container.