Beta

Docker Certified Associate Exam Course

Docker Image Management

Dockerfile Best Practices

Containerizing applications effectively requires more than just writing a Dockerfile. In this guide, we’ll highlight common pitfalls to avoid and share best practices for building efficient, secure, and maintainable Docker images.

1. Build Modular Images

Avoid combining multiple services (e.g., web servers, databases, and supporting tools) into a single image. Instead, adopt a modular approach:

  • Dedicated images per component
    • Web server
    • Database
    • Supporting services
  • Independent scaling
  • Clear dependency management

When deployed together, these containers communicate over the network, forming a cohesive application without unnecessary coupling.

2. Keep Containers Stateless

Containers are ephemeral by design. Any data written to the container’s filesystem is lost when it’s removed or recreated.

Note

Use volumes or external storage to persist data across container restarts.

StrategyDescriptionExample
Host VolumeMount a host directory into the containerdocker run -v /host/data:/app/data
Docker Named VolumeUse Docker-managed volumes for portabilitydocker volume create app-data
External ServiceOffload state to services like Redis or S3Redis, Amazon S3

3. Minimize Image Size

Smaller images pull faster and consume fewer resources. Follow these tips to trim your Docker images:

  • Choose a minimal base image (e.g., Alpine)
  • Install only runtime dependencies
  • Clean package manager caches (apk cache clean, rm -rf /var/cache/*)
  • Exclude development tools from production stages

The image is a slide titled "Slim/Minimal Images" with three best practice tips: create slim/minimal images, find an official minimal image, and only install necessary packages. There's also a globe icon and a "Best Practice" label.

4. Use Multi-Stage Builds

Multi-stage builds let you separate build-time dependencies from your final runtime image. This ensures only the necessary artifacts ship in production.

# Builder stage
FROM golang:1.19-alpine AS builder
WORKDIR /app
COPY . .
RUN go build -o myapp

# Final stage
FROM alpine:latest
COPY --from=builder /app/myapp /usr/local/bin/myapp
ENTRYPOINT ["myapp"]

Note

You can name and reuse stages to optimize builds and caching.

5. Optimize Your Build Context with .dockerignore

Every file in your build context is sent to the Docker daemon. Exclude unnecessary files to speed up builds and reduce image bloat.

# .dockerignore
node_modules
.git
.DS_Store
tests

Warning

Forgetting to exclude large directories (e.g., .git or node_modules) can dramatically increase build time and image size.

Watch Video

Watch video content

Previous
Multi Stage Builds
Next
Docker Daemon Security