docker-opslisted

# Docker Operations Comprehensive Docker patterns for building, running, and composing containerized applications. ## Dockerfile Best Practices | Practice | Do | Don't | |----------|------|-------| | Base image | `FROM node:20-slim` | `FROM node:latest` | | Layer caching | Copy dependency files first, then source | `COPY . .` before `RUN install` | | Package install | `apt-get update && apt-get install -y ... && rm -rf /var/lib/apt/lists/*` | Separate `RUN` for update and install | | User | `USER nonroot` (create if needed) | Run as root in production | | Multi-stage | Separate build and runtime stages | Ship compiler toolchains | | Secrets | `--mount=type=secret` (BuildKit) | `COPY .env .` or `ARG PASSWORD` | | ENTRYPOINT vs CMD | `ENTRYPOINT` for fixed binary, `CMD` for defaults | Relying on shell form for signal handling | | WORKDIR | `WORKDIR /app` | `RUN cd /app && ...` | | .dockerignore | Include `.git`, `node_modules`, `__pycache__` | No .dockerignore at all | | Labels | `LABEL org.opencontainers.image.*` | No metadata | ## Multi-Stage Build Decision Tree Choose your runtime base image by language: ``` Go ──────────── CGO disabled? ──── Yes ──► scratch or distroless/static No ───► distroless/base or alpine Rust ─────────── Static musl? ──── Yes ──► scratch or distroless/static No ───► distroless/cc or debian-slim Node.js ──────── Need native? ──── Yes ──► node:20-slim