Created
October 10, 2018 16:02
-
-
Save ttben/985264975a088f2169fe7f7d80867377 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Guidelines | |
--- | |
###### 1. `FROM` command first | |
the `FROM` command must be the first to appear in a dockerfile | |
--- | |
###### 2. `RUN` Exec form | |
`RUN` commands have two syntaxes, one with brackets and one without. Interpretation of arguments differ from the two syntaxes. The one with brackets must be used. | |
--- | |
###### 3. Multiple `CMD` | |
`CMD` commands allows one to start a service when booting up a container. Docker allows only **a single service** to be specified, therefore multiple `CMD` are useless since only the last one will be run. | |
--- | |
###### 4. Provides default to `CMD` | |
One has to provide default parametervia `CMD` to start a service. If an `EntryPoint` command is specified, `CMD` and `EntryPoint` commands should be specified in `JSON` format. | |
--- | |
###### 5. Variables in exec form of `CMD` | |
Variables used in `CMD` commands in its exec form are not interpreted. | |
`CMD [ "echo", "$HOME" ]` won't output the `$HOME` variable value. | |
--- | |
###### 6. Merge `LABEL` commands | |
When possible, merge labels commands. | |
--- | |
###### 7. Avoid `apt-get upgrade` | |
You should avoid `RUN apt-get upgrade` or `dist-upgrade`, as many of the “essential” packages from the base images won’t upgrade inside an unprivileged container | |
--- | |
###### 8. Combine `install` with `update` | |
Always combine `RUN apt-get update` with `apt-get install` in the same `RUN` statement. Ommiting this can lead to unexpected behaviour since `apt-get update` can be not run. | |
--- | |
###### 9. Packages, version pinning | |
Always fully specify the version of the package to install. | |
--- | |
###### 10. `FROM`, version pinning | |
Always fully specify the version of the parent dockerfile to use (**i.e.** __latest__ tag is therefore not permitted). | |
--- | |
###### 11. `CMD` exec form | |
`CMD` commands have two syntaxes, one with brackets and one without. Interpretation of arguments differ from the two syntaxes. The one with brackets must be used if parameters are specified. | |
--- | |
###### 12. Prefer `COPY` | |
Although `ADD` and `COPY` are functionally similar, generally speaking, `COPY` is preferred. | |
--- | |
###### 13. `ADD <http>` discouraged | |
Because image size matters, using `ADD` to fetch packages from remote `URL`s is strongly discouraged; you should use `curl` or `wget`. | |
--- | |
###### 14. User `root` discouraged | |
You should avoid installing or using `sudo` since it has unpredictable. `TTY` and signal-forwarding behavior that can cause more problems than it solves. If you absolutely need functionality similar to `sudo` (e.g., initializing the daemon as `root` but running it as non-root), you may be able to use `gosu`. | |
--- | |
###### 15. Less `USER` commands as possible | |
To reduce layers and complexity, avoid switching `USER` back and forth frequently. | |
--- | |
###### 16. `WORKDIR` must have absolute path | |
For clarity and reliability, you should always use absolute paths for your `WORKDIR`. | |
--- | |
###### 17. `cd` in `RUN` should be avoided | |
Don’t use `cd` in `RUN` commands, use `WORKDIR` instead. | |
--- | |
###### 18. Sort installation alphanumerically | |
Installation of multiple softwares must be written in alphanumerical order. | |
--- | |
###### 19. Add `–no-install-recommend` | |
Add `–no-install-recommend` when installing with `apt-get`, this will avoid installation not explicitly specified. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment