Amit's Linux & DevOps Blog

Essential Dockerfile Instructions: Best Practices for Optimized Containers

Important Dockerfile Steps: Guidelines for Better Container Performance

Amit Maurya's photo
Amit Maurya
·

3 min read

Essential Dockerfile Instructions: Best Practices for Optimized Containers

Photo by Rubaitul Azad on Unsplash

In this article, we will cover important Dockerfile Instructions that should be included in Dockerfile to make the container secure, follows the best practices and optimized for production.

Before heading to Introduction section, do read my latest blogs:

Building a Serverless Web Application with AWS Lambda, API Gateway, DynamoDB, S3

End-to-End DevOps for a Golang Web App: Docker, EKS, AWS CI/CD

Deploying Your Website on AWS S3 with Terraform

Learn How to Deploy Scalable 3-Tier Applications with AWS ECS

FROM Instruction

FROM python:3.10-slim

Always use smaller size images to make the image more optimized.

EXPOSE Instruction

EXPOSE 8080

Include EXPOSE instruction to document the port number on which container listens on.

USER Instruction

USER nonroot

Always avoid to run the container as non-root user because of security reasons.

COPY & ADD Instruction

COPY requirements.txt /app/
ADD app.tar.gz /app/

Always prefer COPY instruction over ADD instruction to copy the files into the image. Use ADD instruction only when you need to extract the files.

HEALTHCHECK Instruction

HEALTHCHECK --interval=30s CMD curl -f http://localhost/ || exit 1

Include HEALTHCHECK instruction always to test the container is working properly or not.

RUN Instruction

RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*

Always use single RUN Instruction to minimize the number of layers so that our build will become faster.

LABEL Instruction

LABEL maintainer="Amit Maurya"
LABEL version="1.0"

In an organisation there are multiple developers, devops engineers are working there so to check who has made the Dockerfile or to contact you, always use LABEL Instruction for documentation, versioning.

WORKDIR Instruction

WORKDIR /app

Always use WORKDIR to not to use RUN cd command to get inside the directory. This instruction will set the working directory in the image and copies all the files into this working directory only.

ARG Instruction

ARG APP_VERSION=1.0
ARG API_KEY
ENV API_KEY=${API_KEY}

Include ARG instruction to create build-time variables so that when the image is build we can pass the value at build time. It is used for secrets and versioning.

docker build --build-arg APP_VERSION=2.0 .
docker build --build-arg API_KEY=your_api_key .

CMD Instruction

CMD ["python", "app.py"]

Use CMD Instruction to specify the default command to run when the container starts.

ENTRYPOINT Instruction

ENTRYPOINT ["sh", "-c"]

This instruction is use to configure the container to run as executable. CMD command can be override by ENTRYPOINT instruction.

Conclusion

In upcoming posts, we will delve into the creation of various AWS services, DevOps tools, CNCF tools and their automation with Terraform and also do projects with DevSecOps approach. Stay tuned for the next blog!

GitHub Code : github.com/amitmaurya07/Serverless-AWS

Twitter : x.com/amitmau07

LinkedIn : linkedin.com/in/amit-maurya07

If you have any queries you can drop the message on LinkedIn and Twitter.

DevopsDeveloperDevops articlesDockerdocker imagesDocker composeDockerfileAWSdevelopment