Skip to content
/ containers-best-practices Public

Public repository dedicated to guide the use of multi-stage and distroless dockerfile examples in docker, or other containers technologies, with the objetive to create secured templates for new developments

34 stars 14 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pabpereza/containers-best-practices

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

78 Commits
.github/workflows
.github/workflows
 
 
go
go
 
 
java
java
 
 
node
node
 
 
python
python
 
 
rust/simple
rust/simple
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Curated Dockerfiles examples

This repository contains examples of Dockerfiles using the best practices that docker recommends. This approach allows to build a Docker image with a minimal footprint, by copying only the necessary files from the build stage to the final image and using non-root user to run the application.

For more information about multi stage builds, please refer to the official documentation.

📊 Comparativa de tamaños de imágenes Docker

Esta tabla muestra la diferencia de tamaño entre los Dockerfiles sin optimizar (.old) y los Dockerfiles optimizados con multi-stage builds y mejores prácticas.

Imagen Dockerfile.old Dockerfile (Optimizado) Tiempo de Build
go/simple 841MB 1.81MB 21s
go/simple_with_packages 845MB 1.81MB 21s
java/maven 678MB Build Failed -
java/simple 276MB 184MB 9s
node/backend 1.13GB 79.1MB 9s
node/nextjs 62.2MB 28s
python/flask 873MB 89.2MB 37s
python/simple 873MB 37s
rust/simple 1.64GB 8.98MB 12s

🤝 ¿Quieres contribuir? Añade tus propios ejemplos y ayuda a la comunidad a ver el impacto de las buenas prácticas en Docker. ¡La tabla se actualiza automáticamente con cada push!

Los valores se actualizan automáticamente mediante GitHub Actions.

Best practices and security checks

  • Use a lightweight image.
  • Minimun number of layers.
  • Optimize build order.
    • Install OS packages and dependencies first (cache in another image).
    • Copy library definitions first, then build.
  • Multi-stage.
    • Avoid compilers.
    • Avoid caching the build process.
  • Avoid using the root user.
  • File permissions (when copying from the builder).
  • Sort multi-line arguments.
  • Exclude with dockerignore.

Examples by language or technology

How to use these examples

Each example contains a Dockerfile and Dockerfile.old. The .old file contains simple Dockerfile without multi stage builds and the Dockerfile contains the multi stage build version.

To build the image, you can use the following command:

docker build -t <image_name> .

If you want to build the image using the old Dockerfile, you can use the following command:

docker build -t <image_name> -f Dockerfile.old .

To run the image, you can use the following command:

docker run -it <image_name>

How contribute to this repository

If you want to contribute to this repository, please follow these steps:

  1. Fork this repository
  2. Add your example in a new folder or update an existing example (always grouped by language or technology). This example must to contain a curated dockerfile and an old version called "dockerfile.old" to exemplify the less optimized version.
  3. Create a pull request with your changes

About

Public repository dedicated to guide the use of multi-stage and distroless dockerfile examples in docker, or other containers technologies, with the objetive to create secured templates for new developments

Topics

python java docker kubernetes rust dockerfile security node build optimization container best oci practices buildah dockerbuild kaniko podman

Resources

Readme
Activity

Stars

34 stars

Watchers

3 watching

Forks

14 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages