lady:ops:docker

Docker images

Base image

  • Use a common base image
  • Stick to a fixed, known, stable version tag

Layers: Size and build time

Types

Distinct 3 types of layers :

  • Store layers (COPY, ADD) which increase image size (although not much)
  • Compute/Build layers (RUN) which requires build time, and MIGHT impact on size if they generate artifacts.
  • Metainformation layers (LABEL, ENTRYPOINT, EXPOSE, …) don't affect image size nor build time.
  • Compute Layers may incur size if they compile/build/download stuff
  • Store layers may incur build time if they fetch URLs as origin

Order and squashing

  • If the commands imply artifact generation (downloads, builds), ensure to cleanup on the same layer to reduce size
  • Put the most static (non-changing) layers first (building, files)
  • Put the most dynamic (changing) layers last (metainformation)
  • Metadata at the end (no-buildtime, no size)
  • If you have common pre-setups put them first on distinct layers, so the layers can be shared across multiple images (and increase cache hit). You can also benefit from multistage builds.
  • If there are many files, put them in a FS folder and copy them in one layer
  • Remember you can use .dockerignore to reduce the context

Version/Release

Major.Minor-release

LifeCycle

  • Start from zero version if still not released yet
  • While developing always push images as :devel on registry
  • If needed increase only release, then decide if major/minor increase is required (and restart release number)

Releasing

  • Ensure everything is commited and pushed
  • Update dockerfile LABEL version
  • Build and push with version-tag
  • Final test
  • Push same image with :stable (retag & push)
  • Merge if needed
  • git version over master and push tag

Entrypoint

No hints here, just good shell script programming skills. Just a few guidelines focused on docker:

  • Set safe defaults for ENV variables
  • Test the script with stadnard shell (sh)
  • Output to stdout and stderr
  • Launch the main process with exec

Template

FROM alpine:FIXED_VERSION

RUN true \
    && apk update \
    && apk add --no-cache \
        package \
        ... \
    && rm -rf /var/cache/apk/* \
    && true

# Copy start script
COPY *.sh /

EXPOSE 0000/tcp

ENTRYPOINT /entrypoint.sh

# Labels
LABEL name="lady/IMAGENAME"
LABEL summary="Description"
LABEL maintainer="Count Zero <count.zero@l3jane.net>"
LABEL version="0.0"
LABEL release="0"
LABEL vendor="Lady 3Jane"

References

  • lady/ops/docker.txt
  • Last modified: 2021/06/10 21:53
  • by 127.0.0.1