TickYouOff
Sign in
Back
🐳

Docker Setup

Hard 16 items · 1 hour
testuser's avatar
testuser Published 2 weeks ago
Technical

This checklist helps developers and DevOps engineers set up Docker images and local container workflows following best practices. It covers Dockerfile patterns, compose files, secret handling, health checks, logging, and secure registry pushes.

Progress
0 / 16
  1. Initialize repository with a Dockerfile and .dockerignore — .dockerignore should exclude node_modules, .git, build artifacts, and local env files.
  2. Write a multi-stage Dockerfile to separate build and runtime — Compile in a builder stage and copy only runtime artifacts to the final image to reduce size.
  3. Pin base image versions and use a lightweight base — Use exact tags (e.g., node:18-slim) and prefer slim/alpine images when appropriate.
  4. Create a non-root user and drop privileges in the image — Use USER, set correct ownership, and avoid running processes as root.
  5. Optimize Dockerfile layers and caching
  6. Set WORKDIR and copy dependency manifests before source to leverage cache
  7. Combine package manager commands and clean caches in a single RUN — Reduce layer count and remove package lists or temp files in the same command.
  8. Minimize image contents by removing build tools and unnecessary files — Install build tools only in the builder stage and exclude tests/tools from final image.
  9. Add HEALTHCHECK in the Dockerfile or in docker-compose — Set sensible interval, timeout, and retries for realistic health probes.
  10. Inject environment variables securely using env_file for dev and secrets for prod — Use docker-compose env_file locally and Docker secrets or a secret manager in production.
  11. Avoid baking secrets into images and use build-args only for non-sensitive values — Never commit .env or credentials to the repo; treat build args as non-secret.
  12. Configure logging and mount log volumes or set a logging driver — Mount host paths for logs or configure drivers (json-file, syslog, fluentd) for aggregation.
  13. Create docker-compose.yml for local development with ports, volumes, and dependencies — Use depends_on with healthchecks and define env_file, named volumes, and networks.
  14. Build, tag (semantic + latest), and run the image locally; run smoke tests — Verify healthcheck, exposed ports, and logs before publishing.
  15. Tag and push images to your registry from CI using stored credentials — Use CI secrets, short-lived tokens, and avoid embedding creds in pipelines.
  16. Scan images for vulnerabilities and enforce policies in the CI pipeline — Use tools like Trivy or Clair and fail builds on critical CVEs; consider image signing.
Sign in to save
📝 My Notes