Best Practices for building containers

Hi there,

This is Ankit, your friendly DevOps content curator. I read a lot of articles about DevOps, distributed systems, performance monitoring, etc. I will be sharing some key takeaways from these articles with you so that you can stay updated and …

Hi there,

This is Ankit, your friendly DevOps content curator. I read a lot of articles about DevOps, distributed systems, performance monitoring, etc. I will be sharing some key takeaways from these articles with you so that you can stay updated and learn a few things quickly.?

This was a fantastic read from google’s cloud architecture center.

Link to the full article?
Best Practices for building containers



Summary of best practices for building containers



Package a single app per container

Containers are meant to be treated as a single app, and not as a virtual machine. The best practice is to have a parent process and all its child processes as a single container. If you have multiple apps in a single container, you might end up with a running container with an unresponsive core component.



Properly handle PID 1, signal handling, and zombie processes

Linux signals control the lifecycle of processes inside a container. And to tightly link the lifecycle of your app to its container, your app needs to handle Linux signals properly. One of the ways it can be done is by using a specialized init system like tini.



Optimize for the Docker build cache

Docker build cache can be used for accelerating the building of container images by skipping potentially costly steps. To take full advantage of Docker build cache, the build steps that change often should be positioned at the bottom of the Dockerfile. Docker could use its build cache only if all previous build steps used it.



Remove unnecessary tools

To protect your apps, try reducing the attack surface of your app by removing all unnecessary tools. For example, you can remove utilities like netcat.



Build the smallest image possible

Small images are suited for faster upload and download times. A few ways to ensure the small size of the image includes:

  • using the smallest base image possible
  • reducing the amount of clutter by installing only what is needed, and
  • creating images with common layers.



Scan images for vulnerabilities

In case of vulnerabilities, the best practice is to rebuild the image and its patches and redeploy it. You can choose a service to constantly scan your images for security vulnerabilities. Docker has partnered with Snyk to provide the vulnerability scanning service.



Properly tag your images

It is advised to properly link the tagging system on container images to the release policy of your software. A coherent and consistent tagging policy must be set in place and documented so that users can easily understand it.

I hope you enjoyed this TL;DR summary and learned something new. I will be coming up with more such notes soon. So, stay tuned! ?


Print Share Comment Cite Upload Translate
APA
Ankit Anand ✨ | Sciencx (2024-03-29T10:18:18+00:00) » Best Practices for building containers. Retrieved from https://www.scien.cx/2021/06/15/best-practices-for-building-containers/.
MLA
" » Best Practices for building containers." Ankit Anand ✨ | Sciencx - Tuesday June 15, 2021, https://www.scien.cx/2021/06/15/best-practices-for-building-containers/
HARVARD
Ankit Anand ✨ | Sciencx Tuesday June 15, 2021 » Best Practices for building containers., viewed 2024-03-29T10:18:18+00:00,<https://www.scien.cx/2021/06/15/best-practices-for-building-containers/>
VANCOUVER
Ankit Anand ✨ | Sciencx - » Best Practices for building containers. [Internet]. [Accessed 2024-03-29T10:18:18+00:00]. Available from: https://www.scien.cx/2021/06/15/best-practices-for-building-containers/
CHICAGO
" » Best Practices for building containers." Ankit Anand ✨ | Sciencx - Accessed 2024-03-29T10:18:18+00:00. https://www.scien.cx/2021/06/15/best-practices-for-building-containers/
IEEE
" » Best Practices for building containers." Ankit Anand ✨ | Sciencx [Online]. Available: https://www.scien.cx/2021/06/15/best-practices-for-building-containers/. [Accessed: 2024-03-29T10:18:18+00:00]
rf:citation
» Best Practices for building containers | Ankit Anand ✨ | Sciencx | https://www.scien.cx/2021/06/15/best-practices-for-building-containers/ | 2024-03-29T10:18:18+00:00
https://github.com/addpipe/simple-recorderjs-demo