8. Base Image
Layer A
Dockerfile Docker container with Layers
FROM sonarqube:7.1
ENV SONARQUBE_HOME=/opt/sonarqube
Define
9. Base Image
Layer A
Layer B
Dockerfile Docker container with Layers
FROM sonarqube:7.1
ENV SONARQUBE_HOME=/opt/sonarqube
COPY plugins/branch-2.0.0.jar
$SONARQUBE_HOME/extensions
Define
10. Base Image
Layer A
Layer B
Layer C
Dockerfile Docker container with Layers
FROM sonarqube:7.1
ENV SONARQUBE_HOME=/opt/sonarqube
COPY plugins/branch-2.0.0.jar
$SONARQUBE_HOME/extensions
RUN dpkg --add-architecture i386
&& apt-get update
&& apt-get install -y file git curl zip
Define
11. Base Image
Layer A
Layer B
Layer C
docker build -t my/container:1.0 .
Build
Docker registry
Push
custom/sonar:v1.1
FROM sonarqube:7.1
ENV SONARQUBE_HOME=/opt/sonarqube
COPY plugins/branch-2.0.0.jar
$SONARQUBE_HOME/extensions
RUN dpkg --add-architecture i386
&& apt-get update
&& apt-get install -y file git curl zip
docker push my/container :1.0
12.
13. copy to temp
Base Image
Layer A
Layer B
Layer C
Build
Docker build context
docker build -t my/container:1.0 .
Build Context Pfad
/var/lib/docker/tmp/docker-builder001817348/
14. Base Image
Layer A
Layer B
Layer C
docker build -t my/container:1.0 .
Build
FROM sonarqube:7.1
ENV SONARQUBE_HOME=/opt/sonarqube
COPY plugins/branch-2.0.0.jar
$SONARQUBE_HOME/extensions
RUN dpkg --add-architecture i386
&& apt-get update
&& apt-get install -y file git curl zip
Build Cache
cached
Build
cached
Build
Docker build cache
21. copy to temp
Base Image
Layer A
Layer B
Layer C
Build
Use .dockerignore to reduce context
docker build -t my/container:1.0 . /var/lib/docker/tmp/docker-builder001817348/
32. UID & GUID
Use the same UID and GUID for interacting container
Container A
user: worker (uuid 500)
group: worker (guid 500)
Container B
user: worker (uuid 600)
group: worker (guid 600)
Write Files read Files
X
44. Next Steps @ home
https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/
https://snyk.io/blog/10-docker-image-security-best-practices/
https://res.cloudinary.com/snyk/image/upload/v1551798390/Docker_Image_Security_Best_Practices_.pdf
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/