...
General Guidelines | Comments | Disposition |
---|---|---|
When executing " Irrespective of where the Inadvertently including files that are not necessary for building an image results in a larger build context and larger image size. This can increase the time to build the image, time to pull and push it, and the container runtime size. | "this can increase'..." I suggest the very first guideline should be a general statement about image size, as many of these individual items address that general concern | |
2. Exclude with .dockerignoreExclude files not relevant to the build with a This file supports exclusion patterns similar to | ||
3.Use multi-stage buildsMulti-stage builds reduces the size of an image, without worrying about the number of intermediate layers and files. An image is built during the final stage of the build process. The number of image layers can be minimized by leveraging build cache. For a build that contains several layers, order them from the less frequently changed (re-use build cache) to the more frequently changed:
| "the number of layers..." Perhaps say "see below 'Re-use the build cache' | |
4. Don’t install unnecessary packagesAvoid installing extra or unnecessary packages. This will reduce complexity, dependencies, file sizes, and build times, Don't include a text editor in a database image. | ||
5. Decouple applicationsApply the principle of "separation of concerns." Each container should have only one concern. Decoupling applications into multiple containers makes it easier to reuse containers. | ||
6. Minimize the number of layersThe instructions Use multi-stage builds, to only copy the artifacts you need into the final image. Tools and debug information can be added to intermediate build stages without increasing the size of the final image. | "tools and debug info..." I don't understand this. Perhaps an example would be helpful | |
7. Sort multi-line argumentsTo minimize duplication of packages and make the list of packages much easier to update, sort multi-line arguments alphanumerically. | ||
8. Re-use the build cacheAs each instruction in the Dockerfile is examined, the builder looks for an existing image in its cache that can be reused, rather than creating a duplicate image.
Once the cache is invalidated, all subsequent | ||
Build File Instructions | Comments | Disposition |
FROM Use current official repositories for base images. ONAP images must be vendor agnostic; ensure that the base images are cpu architecture-agnostic. | are there base images that are multi-pltfrom, or is there a need to create multiple images for multiple targets? eg. there is 'alpine' and 'arm64v8/alpine' | |
LABEL Labels are unique key-value pairs used to add metadata to container images and containers. They help organize images by project, add licensing information, or to support build and CI pipeline. An image can have more that one label. For each label, begin a new line with "LABEL" and add one or more key-value pairs. | ||
RUN To make the build file (e.g. Dockerfile) more readable, understandable and maintainable: RUN apt-get
Well-formatted example:
ERRORS IN STAGES OF A PIPE 7. Use "set -o pipefail &&" to ensure that the RUN command only succeeds if all stages of a pipe succeed.
| ||
CMD This instruction provides defaults to run the application packaged in a container image. It should always be used in the form:
Typically, CMD should run an interactive shell. That way users get a usable shell when they execute "docker run -it ..." For example:
Note: If the user provides arguments to "docker run", they override the defaults specified in "CMD." | ||
EXPOSE Use well-known ports for your application. For example, an image containing Apache web server should use | ||
ENV Use ENV to avoid hard-coding values for variables and parameters in the your build file. ENV can parameterize container variables. For example, the version of the software in the container (VERSION), the PATH environment variable and other execution environment variables (MAJOR).
Each Example
| ||
ADD or COPY is preferred because it only supports copying of local files into the container and it’s more transparent than ADD .ADD is recommended for local tar file auto-extraction into the image (e.g. If you have to copy several files from your context, To reduce the number of layers and the image size, don't use Example:
| ||
ENTRYPOINTUse Example: By setting ENTRYPOINT ["my_command"] CMD["–version"] The image can be run as $ docker run my_command or $ docker rum my_command --verbose -n 10
Copy the script into the container and run it via Example:
User can then execute: $ docker run redis | ||
VOLUMEThe VOLUME exposes database storage areas, configuration storage, or files/folders created by the container. | ||
USERDo not run containers as root. Use USER to change to an non-root user. Create the user and group as in this example:
Avoid installing or using To minimize the number of layers, avoid switching | ||
WORKDIRAlways use absolute paths for your Use | ||
ONBUILD
Images built from |
Build Environment
There are concerns in building images outside the scope of the Dockerfile itself
See here for image tagging guidelines: Independent Versioning and Release Process#StandardizedDockerTagging
The CIA has undertaken to reduce image size and ensure images may be build and run on multiple platforms.
...
1) alpine images use sh rather then bash. Some side-effects
- In Dockerfile, CMD and ENTRYPOINT
bash - ENTRYPOINT ["startup.sh"]
sh - ENTRYPOINT ["sh", "startup.sh"]