Docker best practices

•Download as PPTX, PDF•

2 likes•686 views

This talks gives you a slide introduction about best practices writing docker files regarding, size, maintainability and security.

Engineering

Server
Host OS
Hyper Visor
GuestOS
Bins/
libs
App
A
GuestOS
Bins/
libs
App
A`
GuestOS
Bins/
libs
App
B
Server
Host OS
Docker Engine
Bins/ libs Bins/ libs
AppA
AppA`
AppA`
AppB
AppB`
AppB`
AppB`
AppB`
container
Container vs. VMs

Base Image
Dockerfile Docker container with Layers
FROM sonarqube:7.1
Define

Base Image
Layer A
Dockerfile Docker container with Layers
FROM sonarqube:7.1
ENV SONARQUBE_HOME=/opt/sonarqube
Define

Base Image
Layer A
Layer B
Dockerfile Docker container with Layers
FROM sonarqube:7.1
ENV SONARQUBE_HOME=/opt/sonarqube
COPY plugins/branch-2.0.0.jar
$SONARQUBE_HOME/extensions
Define

Base Image
Layer A
Layer B
Layer C
Dockerfile Docker container with Layers
FROM sonarqube:7.1
ENV SONARQUBE_HOME=/opt/sonarqube
COPY plugins/branch-2.0.0.jar
$SONARQUBE_HOME/extensions
RUN dpkg --add-architecture i386
&& apt-get update
&& apt-get install -y file git curl zip
Define

Base Image
Layer A
Layer B
Layer C
docker build -t my/container:1.0 .
Build
Docker registry
Push
custom/sonar:v1.1
FROM sonarqube:7.1
ENV SONARQUBE_HOME=/opt/sonarqube
COPY plugins/branch-2.0.0.jar
$SONARQUBE_HOME/extensions
RUN dpkg --add-architecture i386
&& apt-get update
&& apt-get install -y file git curl zip
docker push my/container :1.0

copy to temp
Base Image
Layer A
Layer B
Layer C
Build
Docker build context
docker build -t my/container:1.0 .
Build Context Pfad
/var/lib/docker/tmp/docker-builder001817348/

Base Image
Layer A
Layer B
Layer C
docker build -t my/container:1.0 .
Build
FROM sonarqube:7.1
ENV SONARQUBE_HOME=/opt/sonarqube
COPY plugins/branch-2.0.0.jar
$SONARQUBE_HOME/extensions
RUN dpkg --add-architecture i386
&& apt-get update
&& apt-get install -y file git curl zip
Build Cache
cached
Build
cached
Build
Docker build cache

https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/

copy to temp
Base Image
Layer A
Layer B
Layer C
Build
Use .dockerignore to reduce context
docker build -t my/container:1.0 . /var/lib/docker/tmp/docker-builder001817348/

https://snyk.io/blog/10-docker-image-security-best-practices/
Use Least privileged user
Having an application on the container run with the root user further broadens
the attack surface and enables an easy path to privilege escalation if the application
itself is vulnerable to exploitation.

UID & GUID
Use the same UID and GUID for interacting container
Container A
user: worker (uuid 500)
group: worker (guid 500)
Container B
user: worker (uuid 600)
group: worker (guid 600)
Write Files read Files
X

Don’t leak sensitive information to Docker images

https://snyk.io/blog/10-docker-image-security-best-practices/
Using multi-stage builds when using secrets
By leveraging Docker support for multi-stage builds, fetch and manage
secrets in an intermediate image layer that is later disposed of so that no
sensitive data reaches the image build

https://snyk.io/blog/10-docker-image-security-best-practices/
Using Docker secret commands
Use an alpha feature in Docker for managing secrets to mount sensitive
files without caching them.

Security-
Enhanced
Linux
(SELinux) … ?
https://en.wikipedia.org/wiki/Security-Enhanced_Linux#/media/File:SELinux_logo.svg

+
https://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf
=

Docker
image
Scanner
Base Image
Layer A
Layer B
Layer C

https://res.cloudinary.com/snyk/image/upload/v1551121069/Number_of_OS_vulnerabilities_by_docker_image.png

Next Steps @ home
https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/
https://snyk.io/blog/10-docker-image-security-best-practices/
https://res.cloudinary.com/snyk/image/upload/v1551798390/Docker_Image_Security_Best_Practices_.pdf
https://docs.docker.com/develop/develop-images/dockerfile_best-practices/

Monitoring@AWS / Architectural Draft / 2017-06-13 b 45
Thank you!

What's hot

Federico Bollotta, Software Analyst & Magento Specialist, presenta il workshop “Infrastructure as a code: a cloud approach”. Federico ci porta alla scoperta del kit AWS Cloud Development (AWS CDK), un framework di sviluppo software open source che consente di modellare ed erogare risorse di applicazioni cloud tramite linguaggi di programmazione noti. Durante l’incontro vengono approfondite le metodologie attuali e le diverse applicazioni del Cloud Development Kit, in particolare quelle per deploy di strutture serverless. L'evento è dedicato a tutti gli appassionati del mondo IT e a coloro che vogliono approfondire le proprie conoscenze in merito ad AWS CDK.

Infrastructure as a code: a cloud approach

ThinkOpen

Containers are an increasingly important way for developers to package and deploy their applications and AWS offers multiple container products to help you deploy, manage, and scale containers in production. In this session we dive deep into Amazon Elastic Container Service for Kubernetes (Amazon EKS), a new managed service for running Kubernetes on AWS. Learn how Amazon EKS works, from provisioning nodes, launching pods, and integrations with AWS services such as Elastic Load Balancing and Auto Scaling. Learn more about containers here: https://aws.amazon.com/containers/

Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018

AWS Germany

Containers have been a driving force in this industry for the last 5+ years. In the meanwhile we have seen the raise of other compute patterns, such as serverless. 2020 seems to be the year where the line between containers and serverless starts to blurry. We are seeing the raise of container serverless platforms (e.g. AWS Fargate) as well as the raise of higher order abstractions above container platforms (e.g. OpenFaaS, ECS CLI v2, …) that allows developers to focus on their code instead of managing containers. In this session we will discuss how the serverless benefits are starting to permeate into the container ecosystem and we will provide real life examples of how some AWS and OSS technologies can be used to abstract and remove part of the undifferentiated heavy lifting developers often need to take care of.

IDI 2020 - Containers Meet Serverless

Massimo Ferre'

Introduction to EKS (AWS User Group Slovakia)

Vladimir Simek

Introducing AWS Fargate

Amazon Web Services

CI&CD on AWS - Meetup Roma Oct 2016

Paolo latella

By packaging software into standardized units, Docker gives code everything it needs to run, ensuring consistency from your laptop all the way into production. But once you have your code ready to ship, how do you run and scale it in the cloud? In this session, you will learn about your options for running containers on AWS and the integrated AWS services that you can take advantage of to run and scale containerized applications

Using Containers on AWS

Amazon Web Services

AWS Container services

Aleksandr Maklakov

Advanced workload scheduling for containers on AWS

Nathan Peck

IaC on AWS Cloud

Bhuvaneswari Subramani

Amazon Elastic Kubernetes Service (EKS) is a managed service that lets you run Kubernetes on AWS without needing to maintain your own Kubernetes control plane. As recently announced, eksctl is the official CLI tool for creating clusters on EKS! Michael Hausenblas (AWS) and eksctl creator, Ilya Dmitrichenko (Weaveworks), walk you through the basics of Amazon EKS with eksctl, and why many EKS builders have come to rely on eksctl for the initial provisioning of new clusters and ongoing configuration management of long-running clusters. They cover use cases, how to get started, common pitfalls to avoid, how to migrate from DIY Kubernetes on AWS (eg. Kops) to EKS using eksctl.

Introduction to EKS and eksctl

Weaveworks

Docker clusters on AWS with Amazon ECS and Kubernetes

Julien SIMON

Ultimate kubernetes platform on aws with eks

armincoralic

A Pathway to Continuous Integration/Continuous Delivery on AWS

Bhuvaneswari Subramani

AWS ECS vs EKS

Norberto Enomoto

Kubernetes on AWS gone wild

Christian Jantz

Infrastructure as Code on AWS

Bhuvaneswari Subramani

Deep learning is an implementation of machine learning that uses neural networks to solve difficult and complex problems, such as computer vision, natural language processing, and recommendations. Due to the availability of deep learning libraries and frameworks, developers have the ability to enhance the capabilities of their applications and projects. In this workshop, you learn how to build and deploy a powerful deep learning framework called MXNet on containers. The portability and resource management benefit of containers means developers can focus less on infrastructure and more on building. The labs start by demonstrating the automation capabilities of AWS CloudFormation to stand up core infrastructure; as an added bonus, you use Spot Fleet to leverage the cost benefits of using Spot Instances, especially for developer environments. Then, you walk through creating an MXNet container in Docker and deploying it with Amazon ECS. Finally, you walk through an image classification demo of MXNet to validate that everything is working as expected. All you need to participate is a laptop and AWS account.

AWS re:Invent 2016: Workshop: Deploy a Deep Learning Framework on Amazon ECS ...

Amazon Web Services

Serverless architectures on aws

Paolo latella

Intro to AWS Developer Tools, featuring AWS CodeStar

Amazon Web Services

What's hot (20)

Infrastructure as a code: a cloud approach

Amazon Elastic Container Service for Kubernetes (Amazon EKS) I AWS Dev Day 2018

IDI 2020 - Containers Meet Serverless

Introduction to EKS (AWS User Group Slovakia)

Introducing AWS Fargate

CI&CD on AWS - Meetup Roma Oct 2016

Using Containers on AWS

AWS Container services

Advanced workload scheduling for containers on AWS

IaC on AWS Cloud

Introduction to EKS and eksctl

Docker clusters on AWS with Amazon ECS and Kubernetes

Ultimate kubernetes platform on aws with eks

A Pathway to Continuous Integration/Continuous Delivery on AWS

AWS ECS vs EKS

Kubernetes on AWS gone wild

Infrastructure as Code on AWS

AWS re:Invent 2016: Workshop: Deploy a Deep Learning Framework on Amazon ECS ...

Serverless architectures on aws

Intro to AWS Developer Tools, featuring AWS CodeStar

Similar to Docker best practices

BBL Premiers pas avec Docker

kanedafromparis

Docker in production

Mateusz Kutyba

Develop with docker 2014 aug

Vincent De Smet

Docker and containers - Presentation Slides by Priyadarshini Anand

PRIYADARSHINI ANAND

The talk will teach developers to automate and streamline their development environment setups using Docker, covering awesome tricks to make the experience smooth, fast, powerful and repeatable.The topics covered will be a selection amongst: - Sharing folders into containers - Transparent tunnels, dynamic ports for your apps - Tiny Core Linux - the secret horse to super fast container automation - Dockerfile caching tricks - Cheap orchestration tricks

Be a happier developer with Docker: Tricks of the trade

Nicola Paolucci

Docker for developers

andrzejsydor

[Codelab 2017] Docker 기초 및 활용 방안

양재동 코드랩

Docker: A New Way to Turbocharging Your Apps Development

msyukor

You are done coding and have got a runnable Jar file, but then what? How does it go into the cloud? In this talk we will explore how Java can be packaged inside a Docker image and discuss tips and common pitfalls. We will continue with a brief introduction to Kubernetes and how it can help deploying our Docker containers. Finally will look at a development workflow which allows local development of large micro-services apps leveraging Telepresence.

Cloud read java with kubernetes

Cesar Tron-Lozai

For those using Bitbucket Cloud, Bitbucket Pipelines makes Docker a first class citizen in your CI/CD cycle. Join Bitbucket Pipelines developer Philip Hodder to learn how containers are changing the way developers build software for the cloud, enabling faster development and safer deployments in a microservices world. He'll use practical, real-world examples to show best practices for testing, building, and pushing your Docker containers in the cloud when using Bitbucket Pipelines. Philip Hodder, Developer, Atlassian

Unleashing Docker with Pipelines in Bitbucket Cloud

Atlassian

Be a Happier Developer with Docker: Tricks of the Trade

Docker, Inc.

時代在變 Docker 要會：台北 Docker 一日入門篇

Philip Zheng

Dockerize your Symfony application - Symfony Live NYC 2014

André Rømcke

How to Dockerize Web Application using Docker Compose

Evoke Technologies

How to _docker

Abdur Rab Marjan

Introduction to Docker

Tharaka Devinda

Docker for developers z java

andrzejsydor

Faster and Easier Software Development using Docker Platform

msyukor

Dockerfiles building docker images automatically v (workdir, env, add, and ...

ansonjonel

You might (or might not) have heard of Docker. But you have no idea what it is and why you should care. But if you are a database or APEX developer and still work with Virtual Machines, it is about time to broaden your horizon. In this session you'll learn what Docker is and how you can benefit from it in your daily work. In this presentation we will walk through the following subjects: - What is Docker - Where do I get my images - Pull an image - Start a Docker container / Stop / Restart - Use a Docker container for APEX Development : Via the browser, SQL Developer, SQL Plus, etc - Make host directories accessible within the container - Use scripts to modify the image or create your own one

Docker for Dummies

Roel Hartman

Similar to Docker best practices (20)

BBL Premiers pas avec Docker

Docker in production

Develop with docker 2014 aug

Docker and containers - Presentation Slides by Priyadarshini Anand

Be a happier developer with Docker: Tricks of the trade

Docker for developers

[Codelab 2017] Docker 기초 및 활용 방안

Docker: A New Way to Turbocharging Your Apps Development

Cloud read java with kubernetes

Unleashing Docker with Pipelines in Bitbucket Cloud

Be a Happier Developer with Docker: Tricks of the Trade

時代在變 Docker 要會：台北 Docker 一日入門篇

Dockerize your Symfony application - Symfony Live NYC 2014

How to Dockerize Web Application using Docker Compose

How to _docker

Introduction to Docker

Docker for developers z java

Faster and Easier Software Development using Docker Platform

Dockerfiles building docker images automatically v (workdir, env, add, and ...

Docker for Dummies

Recently uploaded

MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE

SIVASHANKAR N

ONLINE FOOD ORDER SYSTEM is a website designed primarily for use in the food delivery industry. This system will allow hotels and restaurants to increase scope of business by reducing the labor cost involved. The system also allows to quickly and easily manage an online menu which customers can browse and use to place orders with just few clicks. Restaurant employees then use these orders through an easy to navigate graphical interface for efficient processing.

ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf

Kamal Acharya

Structural Analysis and Design of Foundations: A Comprehensive Handbook for Students and Professionals. Unlock the potential of foundation design with Dr. Costas Sachpazis’s enlightening handbook, a meticulously crafted guide poised to become an indispensable resource for both budding and seasoned civil engineers. This comprehensive manual illuminates the theoretical and practical aspects of structural analysis and design across various types of foundations and retaining walls. Within these pages, Dr. Sachpazis distills complex engineering principles into digestible, step-by-step processes, enhanced by detailed diagrams, case studies, and real-world examples that bridge the gap between academic study and professional application. From soil mechanics and load calculations to innovative design techniques and sustainability considerations, this book covers a vast landscape of structural engineering. Key Features: • In-Depth Analysis and Design: Explore thorough explanations of both shallow and deep foundation designs, supported by case studies that demonstrate their practical implementations. • Practical Guides: Benefit from detailed guides on site investigation, bearing capacity calculations, and settlement analysis, ensuring designs are both robust and reliable. • Innovative Techniques: Discover the latest advancements in foundation technology and retaining wall design, preparing you for future trends in civil engineering. • Educational Tools: Utilize this handbook as an educational tool, perfect for both classroom learning and professional development. Whether you're a student eager to learn the fundamentals or a professional seeking to deepen your expertise, Dr. Sachpazis’s handbook is designed to support and inspire excellence in the field of structural engineering. Embrace this opportunity to enhance your skills and contribute to building safer, more efficient structures.

Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...

Dr.Costas Sachpazis

Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Booking Booking Now open +91- 7737669865 Why you Choose Us- +91- 7737669865 HOT⇄ 7737669865 Mr ashu ji Call Mr ashu Ji +91- 7737669865 (V020524]N) 𝐇𝐨𝐭𝐞𝐥 𝐑𝐨𝐨𝐦𝐬 𝐈𝐧𝐜𝐥𝐮𝐝𝐢𝐧𝐠 𝐑𝐚𝐭𝐞 𝐒𝐡𝐨𝐭𝐬/𝐇𝐨𝐮𝐫𝐲🆓 .█▬█⓿▀█▀ 𝐈𝐍𝐃𝐄𝐏𝐄𝐍𝐃𝐄𝐍𝐓 𝐆𝐈𝐑𝐋 𝐕𝐈𝐏 𝐄𝐒𝐂𝐎𝐑𝐓 Hello Guys ! High Profiles young Beauties and Good Looking standard Profiles Available , Enquire Now if you are interested in Hifi Service and want to get connect with someone who can understand your needs. Service offers you the most beautiful High Profile sexy independent female Escorts in genuine ✔✔✔ To enjoy with hot and sexy girls ✔✔✔ ★providing:- • Models • vip Models • Russian Models

Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...

roncy bisnoi

Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Girls Waiting For You To Fuck Booking Contact Details WhatsApp Chat: +91-6297143586 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 01-may-2024(v.n)

Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...

Call Girls in Nagpur High Profile

Java Programming :Event Handling(Types of Events)

simmis5

Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik Booking Contact Details WhatsApp Chat: +91-7001035870 Nashik Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts Nashik understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 27-april-2024(v.n)

Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik

Call Girls in Nagpur High Profile

The Educational Administration: Theory and Practice publishes prominent empirical and conceptual articles focused on timely and critical leadership and policy issues of educational organizations. The journal embraces traditional and emergent research paradigms, methods, and issues. The journal particularly promotes the publication of rigorous and relevant scholarly work that enhances linkages among and utility for educational policy, practice, and research arenas. The goal of the editorial team and the journal’s editorial board is to promote sound scholarship and a clear and continuing dialogue among scholars and practitioners from a broad spectrum of education. Educational Administration: Theory and Practice presents prominent empirical and conceptual articles focused on timely and critical leadership and policy issues facing educational organizations. As an editorial team, we embrace traditional and emergent theoretical frameworks, research methods, and topics. We particularly promote the publication of rigorous and relevant scholarly work with utility for educational policy, practice, and research. The journal’s primary focus is on studies of educational leadership, organizations, leadership development, and policy as they relate to elementary and secondary levels of education. Examinations of leadership and policy that fall outside K-12 are considered insofar as there are meaningful connections to the K-12 arena (e.g., college pipeline). International comparative investigations are welcome to the extent they have implications for a broad audience.s.

Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...

Christo Ananth

Roadmap to Membership of RICS - Pathways and Routes

M Maged Hegazy, LLM, MBA, CCP, P3O

Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts Booking Contact Details WhatsApp Chat: +91-7001035870 Nagpur Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts Nagpur understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 27-april-2024(v.n)

Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts

Call Girls in Nagpur High Profile

African Journal of Biological Sciences is an International peer-reviewed, Open Access journal that publishes original research articles as well as review articles in all areas of Biological Sciences. It operates a fully open access publishing model which allows open global access to its published content. This model is supported through Article Processing Charges. For more information on Article Processing charges click here. Its scope embraces Animal Sciences, Biochemistry, Bioinformatics, Biotechnology, Botany, Cell Biology, Developmental Biology, Ecology, Environmental Sciences, Ethno Medicine, Food Science, Freshwater Biology, Genetics, Immunology, Marine Biology, Microbiology, Molecular Biology, Physiology, Plant Sciences, Structural Biology,Toxicology,Zoology etc. It is essential that authors prepare their manuscripts according to established specifications. Failure to follow them may result in papers being delayed or rejected. Therefore, contributors are strongly encouraged to read the author guidelines carefully before preparing a manuscript for submission. The manuscripts should be checked carefully for grammatical, punctuation errors. All papers are subjected to peer review. All articles published in this journal represent the opinion of the authors and not reflect the official policy of the Journal of African Journal of Biological Sciences

Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...

Christo Ananth

The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss This Chance Of Getting Into My Sexy Boobs? Booking Contact Details WhatsApp Chat: +91-8250192130 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 30-april-2024(v.n)

The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...

ranjana rawat

High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts Booking Contact Details WhatsApp Chat: +91-7001035870 Nagpur Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts Nagpur understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 27-april-2024(v.n)

High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts

ranjana rawat

The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Chance Of Getting Into My Sexy Boobs? Booking Contact Details WhatsApp Chat: +91-8250192130 pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 30-april-2024(v.n)

The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...

ranjana rawat

N-Grade deals with the maintenance of university, department, faculty, student information within the university. N-Grade is an automation system, which is used to store the department, faculty, student, courses and information of a university. Starting from registration of a new student in the university, it maintains all the details regarding the attendance and marks of the students. The project deals with retrieval of information through an INTRANET based campus wide portal. It collects related information from all the departments of an organization and maintains files, which are used to generate reports in various forms to measure individual and overall performance of the students.

University management System project report..pdf

Kamal Acharya

IEEE stands for Institute of Electrical and Electronics Engineers. It is the largest technical professional association dedicated to advancing innovation and technological excellence for the benefit of humanity. It is designed to build industry standards, serve professionals involved in every aspect of electrical, electronic and computing field. It also organizes conferences and provides a platform for publications.

Introduction to IEEE STANDARDS and its different types.pptx

upamatechverse

Extrusion Processes and Their Limitations

120cr0395

UNIT-II FMM-Flow Through Circular Conduits

rknatarajan

(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts Booking Contact Details WhatsApp Chat: +91-7001035870 nashik Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable. Independent Escorts nashik understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together. We provide - 27-april-2024(v.n)

(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...

ranjana rawat

Welcome to the April edition of WIPAC Monthly, the magazine brought to you by Water Industry Process Automation & Control. In this month's edition, along with the latest news from the industry we have articles on: The use of artificial intelligence and self-service platforms to improve water sustainability A feature article on measuring wastewater spills An article on the National Underground Asset Register Have a good month, Oliver

Water Industry Process Automation & Control Monthly - April 2024

Water Industry Process Automation & Control

Recently uploaded (20)

MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE

ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf

Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...

Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...

Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...

Java Programming :Event Handling(Types of Events)

Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik

Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...

Roadmap to Membership of RICS - Pathways and Routes

Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts

Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...

The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...

High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts

The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...

University management System project report..pdf

Introduction to IEEE STANDARDS and its different types.pptx

Extrusion Processes and Their Limitations

UNIT-II FMM-Flow Through Circular Conduits

(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...

Water Industry Process Automation & Control Monthly - April 2024

Docker best practices

1. Docker Best Practices

2. Some basics to start with

3. Server Host OS Hyper Visor GuestOS Bins/ libs App A GuestOS Bins/ libs App A` GuestOS Bins/ libs App B Server Host OS Docker Engine Bins/ libs Bins/ libs AppA AppA` AppA` AppB AppB` AppB` AppB` AppB` container Container vs. VMs

4. As „ephemeral“ as possible

5. Single-process-per-container

6. Docker has layers

7. Base Image Dockerfile Docker container with Layers FROM sonarqube:7.1 Define

8. Base Image Layer A Dockerfile Docker container with Layers FROM sonarqube:7.1 ENV SONARQUBE_HOME=/opt/sonarqube Define

9. Base Image Layer A Layer B Dockerfile Docker container with Layers FROM sonarqube:7.1 ENV SONARQUBE_HOME=/opt/sonarqube COPY plugins/branch-2.0.0.jar $SONARQUBE_HOME/extensions Define

10. Base Image Layer A Layer B Layer C Dockerfile Docker container with Layers FROM sonarqube:7.1 ENV SONARQUBE_HOME=/opt/sonarqube COPY plugins/branch-2.0.0.jar $SONARQUBE_HOME/extensions RUN dpkg --add-architecture i386 && apt-get update && apt-get install -y file git curl zip Define

11. Base Image Layer A Layer B Layer C docker build -t my/container:1.0 . Build Docker registry Push custom/sonar:v1.1 FROM sonarqube:7.1 ENV SONARQUBE_HOME=/opt/sonarqube COPY plugins/branch-2.0.0.jar $SONARQUBE_HOME/extensions RUN dpkg --add-architecture i386 && apt-get update && apt-get install -y file git curl zip docker push my/container :1.0

12.

13. copy to temp Base Image Layer A Layer B Layer C Build Docker build context docker build -t my/container:1.0 . Build Context Pfad /var/lib/docker/tmp/docker-builder001817348/

14. Base Image Layer A Layer B Layer C docker build -t my/container:1.0 . Build FROM sonarqube:7.1 ENV SONARQUBE_HOME=/opt/sonarqube COPY plugins/branch-2.0.0.jar $SONARQUBE_HOME/extensions RUN dpkg --add-architecture i386 && apt-get update && apt-get install -y file git curl zip Build Cache cached Build cached Build Docker build cache

15.

16. Best Practices

17. Optimize Build Time

18. https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/

19. https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/

20. https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/

21. copy to temp Base Image Layer A Layer B Layer C Build Use .dockerignore to reduce context docker build -t my/container:1.0 . /var/lib/docker/tmp/docker-builder001817348/

22. Reduce image size

23. https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/

24. https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/

25. https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/

26. Maintainability

27. https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/

28. https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/

29.

30. User minimal images

31. https://snyk.io/blog/10-docker-image-security-best-practices/ Use Least privileged user Having an application on the container run with the root user further broadens the attack surface and enables an easy path to privilege escalation if the application itself is vulnerable to exploitation.

32. UID & GUID Use the same UID and GUID for interacting container Container A user: worker (uuid 500) group: worker (guid 500) Container B user: worker (uuid 600) group: worker (guid 600) Write Files read Files X

33. Don’t leak sensitive information to Docker images

34. https://snyk.io/blog/10-docker-image-security-best-practices/ Using multi-stage builds when using secrets By leveraging Docker support for multi-stage builds, fetch and manage secrets in an intermediate image layer that is later disposed of so that no sensitive data reaches the image build

35. https://snyk.io/blog/10-docker-image-security-best-practices/ Using Docker secret commands Use an alpha feature in Docker for managing secrets to mount sensitive files without caching them.

36. COPY . . Beware of recursive copy

37. COPY VS. ADD Use COPY instead of ADD

38. What is your best pratice?

39. Further Topics

40. Security- Enhanced Linux (SELinux) … ? https://en.wikipedia.org/wiki/Security-Enhanced_Linux#/media/File:SELinux_logo.svg

41. + https://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf =

42. Docker image Scanner Base Image Layer A Layer B Layer C

43. https://res.cloudinary.com/snyk/image/upload/v1551121069/Number_of_OS_vulnerabilities_by_docker_image.png

44. Next Steps @ home https://www.docker.com/blog/intro-guide-to-dockerfile-best-practices/ https://snyk.io/blog/10-docker-image-security-best-practices/ https://res.cloudinary.com/snyk/image/upload/v1551798390/Docker_Image_Security_Best_Practices_.pdf https://docs.docker.com/develop/develop-images/dockerfile_best-practices/

45. Monitoring@AWS / Architectural Draft / 2017-06-13 b 45 Thank you!

Docker best practices

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Docker best practices

Similar to Docker best practices (20)

Recently uploaded

Recently uploaded (20)

Docker best practices