Dockerfile

Dockerfile Explained (With Best Practices & Scenarios)

A Dockerfile is a script containing instructions to automate the building of a Docker image. Each instruction creates a new image layer, and optimizing these layers improves performance and efficiency.

Big Images to lead high startup time for container

1. Basic Structure of a Dockerfile

# Base image
FROM ubuntu:20.04  

# Maintainer information (optional)
LABEL maintainer="[email protected]"

# Set working directory
WORKDIR /app  

# Copy application files
COPY . /app  

# Install dependencies
RUN apt-get update && apt-get install -y curl  

# Default command
CMD ["echo", "Hello, Docker!"]

2. Key Dockerfile Instructions

2.1 `FROM` (Base Image)

Defines the base OS/image for your container.
Example:
```
FROM node:18-alpine
```
Best Practice: Use minimal base images like alpine for smaller images.

2.2 `WORKDIR` (Working Directory)

Sets the working directory for subsequent commands.
Example:
```
WORKDIR /usr/src/app
```
Best Practice: Avoid using RUN cd /path && command, use WORKDIR.

2.3 `COPY` vs `ADD`

Feature

COPY

ADD

Function

Copies files/directories

Copies + Extracts archives (tar, gzip)

Security

More secure

May introduce security risks

Use Case

When copying files

When adding & extracting archives, allows downloading files from URLs. ADD http://untrusted-source.com/script.sh /usr/local/bin/

Example:

COPY myfile.txt /app/

ADD myarchive.tar.gz /app/

Best Practice: Prefer COPY unless you need automatic extraction.
If a remote URL is used instead of a verified source, an attacker could inject a malicious file.

2.4 `RUN` (Execute Commands)

Executes commands inside the container during image build.

Example:

RUN apt-get update && apt-get install -y nginx

Best Practice:
- Use a single RUN command to minimize layers.
- Clean up unnecessary files to reduce image size:
  RUN apt-get update && apt-get install -y curl \ && rm -rf /var/lib/apt/lists/*

2.5 `CMD` vs `ENTRYPOINT`

Feature

CMD

ENTRYPOINT

Purpose

Default command

Fixed command

Overridable?

Yes (docker run <override>)

No (unless --entrypoint is used)

Use Case

Scripts or defaults

Applications that must always execute a specific binary

Example of CMD (Can be overridden):
```
CMD ["nginx", "-g", "daemon off;"]
```
Example of ENTRYPOINT (Fixed command, cannot be overridden):
```
ENTRYPOINT ["nginx", "-g", "daemon off;"]
```
Best Practice:
- Use ENTRYPOINT for essential commands (e.g., nginx, java).
- Combine with CMD for default parameters:
  ENTRYPOINT ["python"] CMD ["app.py"]

2.6 `EXPOSE` (Ports)

Declares the port the container listens on.
Example:
```
EXPOSE 80
```
Best Practice:
- EXPOSE is just documentation; you still need to use -p in docker run.

2.7 `VOLUME` (Persistent Storage)

Creates a mount point for persistent data.
Example:
```
VOLUME /data
```
Best Practice: Use named volumes instead of anonymous ones.

2.8 `ENV` (Environment Variables)

Sets environment variables inside the container.
Example:
```
ENV NODE_ENV=production
```
Best Practice:
- Use environment variables instead of hardcoding values.
- Store secrets in external tools (like AWS Secrets Manager) instead of ENV.

2.9 `HEALTHCHECK` (Container Health Monitoring)

Monitors container health and restarts if needed.

Example:

HEALTHCHECK --interval=30s --timeout=10s --retries=3 \
  CMD curl -f http://localhost || exit 1

Best Practice: Use HEALTHCHECK to detect application failures.

3. Reducing Docker Image Size

Use lightweight base images (alpine, distroless).

Remove unnecessary files:

RUN apt-get update && apt-get install -y curl \
    && rm -rf /var/lib/apt/lists/*

Use multi-stage builds (explained below).
Avoid adding node_modules, .git, or unnecessary logs.

4. Multi-Stage Dockerfile (Best for Production)

Reduces image size by building dependencies separately.

Example (Node.js app):

# Stage 1: Build
FROM node:18-alpine AS builder
WORKDIR /app
COPY package.json .
RUN npm install
COPY . .
RUN npm run build

# Stage 2: Production
FROM node:18-alpine
WORKDIR /app
COPY --from=builder /app/dist ./dist
COPY --from=builder /app/node_modules ./node_modules
CMD ["node", "dist/index.js"]

Benefits:
- Keeps final image clean and small.
- No extra dependencies (e.g., build tools like gcc are removed).

5. Best Practices for Writing Dockerfiles

✅ Use Minimal Base Images (Alpine, Distroless) ✅ Leverage Multi-Stage Builds ✅ Reduce Layers by Combining RUN Commands ✅ Use COPY Instead of ADD for Security ✅ Avoid Running Containers as Root (USER directive) ✅ Set a HEALTHCHECK for Service Monitoring ✅ Use .dockerignore to Exclude Unnecessary Files

6. Scenario-Based Questions on Dockerfile

Q1: How would you reduce the size of a Docker image?

Answer:

Use alpine or distroless base images.
Combine RUN commands to reduce layers.
Remove unnecessary dependencies (rm -rf /var/lib/apt/lists/*).
Use multi-stage builds to remove build-time dependencies.

Q2: When would you use `ENTRYPOINT` over `CMD`?

Answer: Use ENTRYPOINT when you want a fixed command (e.g., nginx, python, java). Use CMD when you need default arguments that can be overridden.

Q3: What happens if you specify both `CMD` and `ENTRYPOINT`?

Answer:

ENTRYPOINT runs first.
CMD arguments are passed to ENTRYPOINT.
Example:
```
ENTRYPOINT ["python"]
CMD ["app.py"]
```
- Runs as python app.py.

Q4: How do you prevent unnecessary files from being copied into the image?

Answer:

Use .dockerignore:
```
node_modules
.git
logs
```

7. Summary

Topic

Key Takeaways

Base Images

Use lightweight images (alpine, distroless)

COPY vs ADD

Prefer COPY for security

CMD vs ENTRYPOINT

ENTRYPOINT is fixed, CMD is overrideable

Reducing Size

Use multi-stage builds, minimize layers, clean up

Multi-Stage

Separate build dependencies to keep images small

Best Practices

Use .dockerignore, USER, HEALTHCHECK, and keep it clean

This covers Dockerfiles, best practices, and interview scenarios! 🚀 Let me know if you need more details. 😊

PreviousArchitecture NextDocker Volume

Last updated 11 months ago

hashtagDockerfile Explained (With Best Practices & Scenarios)

hashtag1. Basic Structure of a Dockerfile

hashtag2. Key Dockerfile Instructions

hashtag2.1 FROM (Base Image)

hashtag2.2 WORKDIR (Working Directory)

hashtag2.3 COPY vs ADD

hashtag2.4 RUN (Execute Commands)

hashtag2.5 CMD vs ENTRYPOINT

hashtag2.6 EXPOSE (Ports)

hashtag2.7 VOLUME (Persistent Storage)

hashtag2.8 ENV (Environment Variables)

hashtag2.9 HEALTHCHECK (Container Health Monitoring)

hashtag3. Reducing Docker Image Size

hashtag4. Multi-Stage Dockerfile (Best for Production)

hashtag5. Best Practices for Writing Dockerfiles

hashtag6. Scenario-Based Questions on Dockerfile

hashtagQ1: How would you reduce the size of a Docker image?

hashtagQ2: When would you use ENTRYPOINT over CMD?

hashtagQ3: What happens if you specify both CMD and ENTRYPOINT?

hashtagQ4: How do you prevent unnecessary files from being copied into the image?

hashtag7. Summary

Dockerfile Explained (With Best Practices & Scenarios)

1. Basic Structure of a Dockerfile

2. Key Dockerfile Instructions

2.1 `FROM` (Base Image)

2.2 `WORKDIR` (Working Directory)

2.3 `COPY` vs `ADD`

2.4 `RUN` (Execute Commands)

2.5 `CMD` vs `ENTRYPOINT`

2.6 `EXPOSE` (Ports)

2.7 `VOLUME` (Persistent Storage)

2.8 `ENV` (Environment Variables)

2.9 `HEALTHCHECK` (Container Health Monitoring)

3. Reducing Docker Image Size

4. Multi-Stage Dockerfile (Best for Production)

5. Best Practices for Writing Dockerfiles

6. Scenario-Based Questions on Dockerfile

Q1: How would you reduce the size of a Docker image?

Q2: When would you use `ENTRYPOINT` over `CMD`?

Q3: What happens if you specify both `CMD` and `ENTRYPOINT`?

Q4: How do you prevent unnecessary files from being copied into the image?

7. Summary