Post by Damian Knopp
I recently had to navigate a data center that ran exclusively using Docker images with Apache Mesos (http://mesos.apache.org/) and Marathon resource schedulers. Doing so required me to become familiar with Docker quickly. I appreciate the conversations on this blog about Docker, since I believe they helped me even if I did not know it would when I read the posts. Thru my travels I have been surprised by how much material has been imported, still I do believe there is a learning curve. Here is my attempt to keep the conversation going.
If you are just starting to learn to use Docker images; here is a cheat sheet listing a common Docker workflow, https://gist.github.com/damianknopp/9cf55959a4f403cfc314
However in this post I really wanted to talk about building Docker images and some common practices. I have some barebone Dockerfile scripts posted here,https://github.com/damianknopp/docker-build
If you look thru them, here are a few tips on building Docker images;
1. Use a minimal base to keep images small. For example; FROM centos:latest
2. The Dockerfile commands for example; COPY and RUN (https://docs.docker.com/engine/reference/builder/) create a filesystem cache layer. Cache layers are invalidated when you modify your Dockerfile at and below your point of change. So try to put commands that will not change often to the top of the file. This will speed up your development
3. Put multiple commands on one line and clean up on that line, again to help the file system cache. Notice I even clean yum package after installing. For example; RUN yum install -y java-1.8.0-openjdk wget gzip python python-setuptools && yum clean install
4. Docker containers do use the init.d, systemd, or upstart initialization systems by default. Some people use the Python supervisord in its place. I found it to be pretty handy to use. Supervisord will restart processes if they are killed
5. Docker commands and logging in with exec bash run as root. Again supervisord may help you run processes as a different user, but I didn’t set that up and it is not as common as practice as you may think. Browse dockerhub for yourself to verify this assertion.
6. Ports are not exposed unless you use the EXPOSE command in your Dockerfile (https://docs.docker.com/engine/reference/builder/#expose) and/or use the -P/-p options at docker run time.
That’s all for now, thanks for reading.