Myapp

Docker and Containerization

Dockerfile Best Practices

Multi-Stage Builds for Optimization:

# Stage 1: Build stage
FROM golang:1.21-alpine AS builder
WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app .

# Stage 2: Runtime stage (minimal image)
FROM alpine:3.18
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=builder /app/app .
EXPOSE 8080
CMD ["./app"]

Node.js Multi-Stage Build:

FROM node:20-alpine AS dependencies
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production

FROM node:20-alpine AS build
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build

FROM node:20-alpine
WORKDIR /app
COPY --from=dependencies /app/node_modules ./node_modules
COPY --from=build /app/dist ./dist
COPY package.json .
EXPOSE 3000
CMD ["node", "dist/index.js"]

Key Principles:

• Use slim or alpine base images to reduce layer size
• Order Dockerfile commands from least to most frequently changing
• Leverage build cache by placing stable dependencies first
• Remove build dependencies in runtime stage
• Use .dockerignore to exclude unnecessary files
• Run as non-root user for security

Docker Image Optimization

# Minimize image size
FROM ubuntu:22.04 as base
RUN apt-get update && apt-get install -y \
    curl \
    git \
    && rm -rf /var/lib/apt/lists/*  # Clear apt cache

# Use layer caching effectively
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY app.py .
RUN chmod +x app.py

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:8080/health || exit 1

USER appuser
ENTRYPOINT ["python", "app.py"]

Image Analysis Tools:

• docker images - View image sizes
• docker history <image> - Examine layer composition
• dive <image> - Interactive image analysis
• trivy <image> - Security vulnerability scanning

Docker Compose Patterns

Multi-Service Development Environment: