Started using Docker yet? Here are some tips on writing dockerfile for your application.
While may be obvious to docker experts, these tips might help you avoid common issues.
1. Minimize the number of layers.
RUN apt-get update
RUN apt-get install node
RUN apt-get install npm
RUN apt-get install curl
Apt-get would be the most used command in all docker files command. While the above
dockerfile looks fine, it has a couple of issues.
- apt-get update and apt-get install’s are on different lines, which would lead to caching of apt-get update command. Read more on docker build cache.
- Each of the RUN statements creates a layer in docker image, this leads to a bulkier image, try clubbing RUN commands logically.
A Better build would start like –
RUN apt-get update && apt-get install -y curl \
2. Use .dockerignore
Let me clear out one thing – Containers are not a thing. VMs are a thing FreeBSDs Jails and Solaris containers are primitive concepts, Containers are almost a clever trickery over Linux
Most of the container management tool out there including docker are made up from Linux kernel primitives C-groups and namespace;(yes they have a lot of tooling and patches that make the environment more consistent and stable).
C-groups and namespaces
Cgroups and namespace applied on process groups allow the container to have an isolated and accounted environment.
Namespaces provides the necessary isolation on subsystems. This allows the processes to run in their own bubble.
Some of the namespace are listed.
- pid – Allows processes to see only processes inside the group
- net – Namespace for the network.Everything from ip tables to routing rules.
- uts – namespace hostname
Convenient utility to run process in new namespace
unshare -p -f /bin/bash
Control groups allow for accounting and throttling of sub-systems like io, memory, cpu.
- Memory cgroup – memory group
- CPU cgroup
- CPUset cgroup
- BlockIo cgroups
- Network io cgroup
- Device cgroups
Control groups have a file based Api and can be accessed through
/sys/fs/cgroup/. Though its is advised to use a higher level abstraction than directly writing to files.
# tree -L 1 -d /sys/fs/cgroup/
|– cpu -> cpu,cpuacct
|– cpuacct -> cpu,cpuacct
|– net_cls -> net_cls,net_prio
|– net_prio -> net_cls,net_prio
Dependency injection and IOC are patterns that have been talked about a lot.
If you are using something like spring(java) or Laravel(PHP) you might be using DI and IOC without even knowing it.
But what exactly are they and why should you care?