Production ready docker image - HashedIn Technologies

Production ready docker image

Technology - 22 May 2017
Vinit Kumar

Docker is a great tool to containerized an application(Containers, allow to package application with its runtime dependencies). In HashedIn, we have been using docker for both internal & external projects and have learned good lessons from them. In this article we will discuss strategy to create production ready docker image taking Charcha into account.

Important checklist for creating a docker image

  1. Lightweight Image: Application should be packaged with minimal set of things which is required to run application. We should avoid putting unnecessary build / dev dependencies.
  2. Never add secrets: Your application might need various secrets like credentials to talk to S3 / database etc. These are all runtime dependencies for the application and they should never be added to docker image.
  3. Leverage docker caching: Every statement(except few ones) in Dockerfile, creates a layer(intermediate image) and to make build faster docker tries to cache these layer. We should pay attention to arrange our docker statements in a way to maximize the uses of docker cache.NOTE: As per documentation
    1. Except for ADD & COPY, usually instruction in dockerfile will be used to see matches for existing images.
    2. For the ADD and COPY instructions, the contents of the file(s) in the image are examined and a checksum is calculated for each file. During the cache lookup, the checksum is compared against the checksum in the existing images.

    Since, code is going to be changed very frequently than its dependencies, it is better to add requirements and install them before adding codebase in image.

Dockerfile for charcha

Let’s see dockerfile for charcha, which tries to adhere the above discussed checklist. Each instruction in dockerfile has been documented with inline comments which should describe importance of the instruction.

Question: What will happen if we move our Add . /charcha statement up, just after WORKDIR /charcha. That way we didn’t need add requirements separately?

Ans: As discussed above, your code is going to be changed very frequently in comparison to requirements file. And since for ADD statement, docker tries to create checksum using content of files to match against its cache keys, there will be very high chance of cache miss(because of content change). Also, once the cache is invalidated, all subsequent Dockerfile commands will generate new images and the cache will not be used. And hence, even though we didn’t have updated our requirements, almost every build will end up in installing dependencies.

This dockerfile provides production ready image, with minimal set of dependencies. To play with this image locally you can try following steps;

  1. Build docker image: Create a docker image using above specified dockerfile.

    Above command will create a docker image using current directory as context and then tag the image as charcha:1.0. Command also specifies to remove any intermediate images. For more information on docker build refer this link.

    NOTE: docker build will be executed by docker daemon, and hence the first thing a build process does is, it sends the complete docker context(in our case, entire content of the current directory) to daemon. Your context path might contain some unnecessary files like .git folder, ide related files etc. which are not at all required to build the image. So, it is a best practice to add a .dockerignore file which is more like .gitignore and lists files & folders which needs to be ignored by daemon.

    Following is the dockerignore file for charcha.

  2. Create container from docker image:

Now, charcha should be running(using local settings) in docker container and you can access charcha locally at http://localhost:8000. In coming blogs we will discuss how to use docker-compose to do stuffs automatically, which we have done here manually and how to locally create production like environment.


E-book on Digital Business Transformation