[Docker] DockerCompose Basics - Dockerfile
Section3: Node Dockerfile Best Practice
Dockerfile Best Practice Basics
COPY, not ADD
npm/yarn install during build
RUN npm install && npm cache clean —force : image is small as possible
CMD node, not npm
WORKDIR not RUN mkdir unless you need chown
FROM Base Image Guidelines
Stick to even numbered major releases
Don’t use :latest tag
Start with Debian if migrating
Move to Alpine later
Don’t use :slim
Don’t use :onbuild
When to use Alpine, Debian, or CentOS Images
Alpine is “small” and “sec focused”
But Debian/Ubuntu(85MB) are smaller now too
~100MB space savings isn’t significant
Alpine has its own issues
Alpine CVE scanning fails
Enterprises may require CentOS or Ubuntu/Debian
Assignment Making a CentOS Node Image
Running Non-root Container Users
FROM node:10-slim
EXPOSE 3000
WORKDIR /node
COPY package*.json ./
# here
RUN mkdir app && chown -R node:node .
USER node
RUN npm install && npm cache clean --force
WORKDIR /node/app
# here
COPY --chown node:node . .
CMD ["node", "app.js"]
docker-compose exec -u root
Making Images Efficiently
Pick proper FROM
Line order matters
COPY twice : package.json* then . .
- copy only the package and lock files
- run npm install
- copy everything else
apt-get update thing → top