6. 2. Handle PID1, signal handling and zombie process
● Docker sends Linux signals to your application inside the container to
stop it
● PID 1 receives this signal
● For your application to be stopped gracefully when needed, you need to
properly handle those signals
7. 3. Optimize for the Docker build cache
● Image layers are cached which helps to accelerate later builds
8. 4. Remove unnecessary tools
● Remove everything that the application doesn’t need from your container
● Include just your application in a distroless or scratch image
9. 5. Build the smallest image possible
● Benefits:
○ decreases download times,
○ cold start times
○ reduces disk usage
● Strategies:
○ Start with a minimal base image
○ Leverage common layers between images
○ Make user of Docker’s multi-stage build feature
11. 6. Properly tag your images
● Tags are how the users choose which version of your image they want to
use
● 2 ways to tag images:
○ Semantic Versioning
○ Using Git commit hash of your application
● Be careful while using “latest” tag
12. 7. Carefully consider whether to use a public image
● Never ever use a public image in production environment
● Malicious images reported on docker hub recently
● Docker hub deleted account - docker123321
Reference Article:
https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerizati
on-trend-is-exploited-by-attackers
https://github.com/docker/hub-feedback/issues/1554