Industry docker tips and best practices ideas

Industry docker tips and best practices ideas

Best Practice Questions

Here are some tips that may or may not conform to best practices and will be greatly appreciated for replying to comments.
? Keep the image small: Use the apt-get of the--no-install-recommends option to install a true dependency instead of a large metadata package (such as Texlive-full).
? Avoid combining the Run command, etc. to create more aufs layers? (limited to 42 at a time, but is now at least 127).
? You can use Run git clone ... Adding data to a container to the add location, this cache is invalid.
? Using an automated build link to GitHub, build based on dockerfiles instead of push local image. This not only makes Dockerfile transparent and provides a link that people can submit to the problem library, but it also helps to ensure that the image on the hub is available from the hub (from the entry point) instead of locally from any available base image. This can help avoid the various possible errors that are not synchronized.

Docker's label usage

Unfortunately, Docker seems to use this word tag to refer to the application to the image tag (for example, in Docker build-t Imagelabel. In the-t parameter "tags" the image is "Imagelabel", so we do not have to remember its hash) and also use a label to refer to a colon, such as the string applied to the end of the image name, ubuntu:latest in the latest. The latter is defined as "tags" under the Tabs tab of the Docker hub. The best practices for such labels (which I would arbitrarily call a "version mark") are unclear.

One case is to clearly label a specific version. Docker's auto-build lets users either "version tag" link to a branch or a git history tag. In this case the "branch" can refer to either a different Git branch or just a different subdirectory. Matching a git tag provides the most explicit use of the Docker version tag, providing a relatively static version of the stable link. (I say "relative" static, because even if we do not change the dockerfile, if we rebuild dockerfile we may get the newer version of the software that includes the new image that is present, which can be good relative to a fixed security vulnerability, and may also break the previous effective environment).

The use case is less clear to use Docker, these "version tags", which represent other differences between related images, such as Eddelbuettel/docker-ubuntu-r:add-r and Eddelbuettel/docker-ubuntu-r: Add-r-devel. Why these different tags, rather than the different root causes, is unclear, unless it is convenient for multiple Docker files on a single repository github. However, it is perfectly possible to configure auto-build to point to the same GitHub on repo, instead of adding an additional completely independent Docker hub build tags at the same docker hub repo.

The Docker language learns to borrow from git terminology, but it is quite dangerous to explain that these are exaggerated.

Keep a clean Docker environment

Run the interactive container--RM flag to avoid deleting it later.
? Delete all Stop containers:

Docker RM $ (Docker ps-a | grep Exited | awk ' {print $} ')

? Clean untagged Images Docker:

Docker RMI $ (Docker images-q--filter "Dangling=true")

? Stop and delete all containers, including running containers! ）

Docker Rm-f $ (Docker ps-a-Q)

Docker and its continuous integration

? We can install, but not at Travis-ci at this time run Docker. It seems that the Linux kernel is provided with too old. Maybe, when they upgrade to the ubuntu14:04 image ...
? (at least in the absence of Vagrant/virtualbox virtual tiers) The Docker type can send Shippable-ci, we can't run Docker. Docker is not possible to run in Docker (see below).
For the same reason, we cannot run Docker in Drone.io CI. However, drone provides its system, which can be different in its own server, this fully managed service, which allows the custom image to run on the open source version. Unfortunately, I can't let it work on this.

Docker running Docker inside:

Within the Docker container, we cannot install Docker directly. We can solve this problem by adding a complete virtualization layer-such as Docker in Vagrant Run/VirtualBox run in Docker.
Or, we can be smarter and tell our Docker to simply use a different volume to store its AUFS layer. Matt Gruter has this is a very ingenious example that it can be used, such as running a drone server (running Docker) within a Docker container (Mattgruter/drone).
I believe it's just work if we run an image outside of Docker with--privileged permissions, such as we can't use this method on a server like shippable which will take us into a pre-built Docker container.

This article translated from: Http://www.carlboettiger.info/2014/08/29/docker-notes

Industry docker tips and best practices ideas