Docker 开发最佳实践
Docker development best practices
The following development patterns have proven to be helpful for people building applications with Docker. If you have discovered something we should add, let us know.
How to keep your images small
Small images are faster to pull over the network and faster to load into memory when starting containers or services. There are a few rules of thumb to keep image size small:
Start with an appropriate base image. For instance, if you need a JDK, consider basing your image on the official
openjdk
image, rather than starting with a genericubuntu
image and installingopenjdk
as part of the Dockerfile.Use multistage builds. For instance, you can use the
maven
image to build your Java application, then reset to thetomcat
image and copy the Java artifacts into the correct location to deploy your app, all in the same Dockerfile. This means that your final image doesn’t include all of the libraries and dependencies pulled in by the build, but only the artifacts and the environment needed to run them.If you need to use a version of Docker that does not include multistage builds, try to reduce the number of layers in your image by minimizing the number of separate
RUN
commands in your Dockerfile. You can do this by consolidating multiple commands into a singleRUN
line and using your shell’s mechanisms to combine them together. Consider the following two fragments. The first creates two layers in the image, while the second only creates one.RUN apt-get -y update
RUN apt-get install -y python
RUN apt-get -y update && apt-get install -y python
If you have multiple images with a lot in common, consider creating your own base image with the shared components, and basing your unique images on that. Docker only needs to load the common layers once, and they are cached. This means that your derivative images use memory on the Docker host more efficiently and load more quickly.
To keep your production image lean but allow for debugging, consider using the production image as the base image for the debug image. Additional testing or debugging tooling can be added on top of the production image.
When building images, always tag them with useful tags which codify version information, intended destination (
prod
ortest
, for instance), stability, or other information that is useful when deploying the application in different environments. Do not rely on the automatically-createdlatest
tag.
Where and how to persist application data
- Avoid storing application data in your container’s writable layer using storage drivers. This increases the size of your container and is less efficient from an I/O perspective than using volumes or bind mounts.
- Instead, store data using volumes.
- One case where it is appropriate to use bind mounts is during development, when you may want to mount your source directory or a binary you just built into your container. For production, use a volume instead, mounting it into the same location as you mounted a bind mount during development.
- For production, use secrets to store sensitive application data used by services, and use configs for non-sensitive data such as configuration files. If you currently use standalone containers, consider migrating to use single-replica services, so that you can take advantage of these service-only features.
Use swarm services when possible
- When possible, design your application with the ability to scale using swarm services.
- Even if you only need to run a single instance of your application, swarm services provide several advantages over standalone containers. A service’s configuration is declarative, and Docker is always working to keep the desired and actual state in sync.
- Networks and volumes can be connected and disconnected from swarm services, and Docker handles redeploying the individual service containers in a non-disruptive way. Standalone containers need to be manually stopped, removed, and recreated to accommodate configuration changes.
- Several features, such as the ability to store secrets and configs, are only available to services rather than standalone containers. These features allow you to keep your images as generic as possible and to avoid storing sensitive data within the Docker images or containers themselves.
- Let
docker stack deploy
handle any image pulls for you, instead of usingdocker pull
. This way, your deployment doesn’t try to pull from nodes that are down. Also, when new nodes are added to the swarm, images are pulled automatically.
There are limitations around sharing data amongst nodes of a swarm service. If you use Docker for AWS or Docker for Azure, you can use the Cloudstor plugin to share data amongst your swarm service nodes. You can also write your application data into a separate database which supports simultaneous updates.
Use CI/CD for testing and deployment
When you check a change into source control or create a pull request, use Docker Cloud or another CI/CD pipeline to automatically build and tag a Docker image and test it. Docker Cloud can also deploy tested apps straight into production.
Take this even further with Docker EE by requiring your development, testing, and security teams to sign images before they can be deployed into production. This way, you can be sure that before an image is deployed into production, it has been tested and signed off by, for instance, development, quality, and security teams.
Differences in development and production environments
Development | Production |
---|---|
Use bind mounts to give your container access to your source code. | Use volumes to store container data. |
Use Docker for Mac or Docker for Windows. | Use Docker EE if possible, with userns mapping for greater isolation of Docker processes from host processes. |
Don’t worry about time drift. | Always run an NTP client on the Docker host and within each container process and sync them all to the same NTP server. If you use swarm services, also ensure that each Docker node syncs its clocks to the same time source as the containers. |
Docker 开发最佳实践的更多相关文章
- web前端开发最佳实践笔记
一.文章开篇 由于最近也比较忙,一方面是忙着公司的事情,另外一方面也是忙着看书和学习,所以没有时间来和大家一起分享知识,现在好了,终于回归博客园的大家庭了,今天我打算来分享一下关于<web前端开 ...
- [转]Android开发最佳实践
——欢迎转载,请注明出处 http://blog.csdn.net/asce1885 ,未经本人同意请勿用于商业用途,谢谢—— 原文链接:https://github.com/futurice/and ...
- Hadoop MapReduce开发最佳实践(上篇)
body{ font-family: "Microsoft YaHei UI","Microsoft YaHei",SimSun,"Segoe UI& ...
- 【读书笔记】iOS-微信公众平台开发最佳实践
一,微信是由腾讯公司广州研发中心产品团队开发,该团队经理张小龙被称为“微信之父”,公司总裁马化腾确定该产品名称为“微信”. 二,常见问题及解决方案. 1,请求URL超时. 这种情况一般是由于服务器网速 ...
- Android开发最佳实践《IT蓝豹》
Android开发最佳实践 移动开发Android经验分享应用GoogleMaterial Design 摘要:前 段时间,Google公布了Android开发最佳实践的一系列课程,涉及到一些平时 ...
- Android和PHP开发最佳实践
Android和PHP开发最佳实践 <Android和PHP开发最佳实践>基本信息作者: 黄隽实丛书名: 移动应用开发技术丛书出版社:机械工业出版社ISBN:9787111410508上架 ...
- iOS应用开发最佳实践
<iOS应用开发最佳实践> 基本信息 作者: 王浩 出版社:电子工业出版社 ISBN:9787121207679 上架时间:2013-7-22 出版日期:2013 年8月 开本:16 ...
- 【社区公益】送《Web前端开发最佳实践》给需要的人
算起来至今,我进入软件开发行业已经有11年之久.从最初的研究人工智能,到后来的Web开发,控件开发,直到现在纯粹的Web前端开发.虽然没有大的作品问世,但也是勤勤恳恳,踏实做事,低调做人.从来不吹牛逼 ...
- Web前端开发最佳实践系列文章汇总
Web前端开发最佳实践(1):前端开发概述 Web前端开发最佳实践(2):前端代码重构 Web前端开发最佳实践(3):前端代码和资源的压缩与合并 Web前端开发最佳实践(4):在页面中添加必要的met ...
随机推荐
- java一维数组作业
package zuoYe; import java.util.Scanner; public class MaxSubArray { public static void main(String[] ...
- plsql 代码自动补全
1.新建一个文件,命名不限定,文件内容为自动补全内容,比如: i=INSERTu=UPDATEs=SELECTf=FROMw=WHEREo=ORDER BYd=DELETEdf=DELETE FROM ...
- 检测FTP服务并开启FTP服务
1. 检测FTP服务是否开启 1.1. 通过查询提供FTP服务的进程是否存在,并未找到任何包含ftp关键字的进程信息,可判断服务未开启. root@lb- ~ # ps -ef | grep ftp ...
- python windows安装 SQLServer pymssql,
1.到正儿八经的网站下载文件,找到适合自己的版本 2.把文件放到一个地方,能让pip找到就行, 不放scripts下面的话, 恐怕会报错“FileNotFoundError" 3. 走到pi ...
- Linux下实现免密登录
过程如下: 1.Linux下生成密钥 通过命令”ssh-keygen -t rsa“ 2.1 通过ssh-copy-id的方式 命令: ssh-copy-id -i ~/.ssh/id_rsa.put ...
- 只打开一次浏览器,生成html测试报告<小紧张中......>
from selenium import webdriverimport unittestimport time class Blog(unittest.TestCase): "" ...
- ESXi 嵌套KVM虚拟化 配置
VMware ESXi5.x默认不支持嵌套虚拟化,需要修改相关配置才能支持 1.ESXi5.1主机开通ssh,修改VMware ESXi配置文件使之嵌套虚拟化. 在配置文件后面加入如下配置:vhv ...
- [转载]window.location.href的用法(动态输出跳转)
无论在静态页面还是动态输出页面中window.location.href都是不错的用了跳转的实现方案 javascript中的location.href有很多种用法,主要如下. self.loca ...
- java使用ssh远程操作linux 提交spark jar
maven依赖 <!--Java ssh-2 --><dependency> <groupId>ch.ethz.ganymed</groupId> &l ...
- jvm 工作原理
作为一名Java使用者,掌握JVM的体系结构也是必须的. 说起Java,人们首先想到的是Java编程语言,然而事实上,Java是一种技术,它由四方面组成:Java编程语言.Java类文件格式.Java ...