{"id":17384143,"url":"https://github.com/mcandre/docker-first-aid-kit","last_synced_at":"2025-04-14T07:40:41.128Z","repository":{"id":152485278,"uuid":"620993601","full_name":"mcandre/docker-first-aid-kit","owner":"mcandre","description":"guidance for making the best use of Docker","archived":false,"fork":false,"pushed_at":"2023-04-04T23:51:26.000Z","size":3,"stargazers_count":13,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-27T21:15:38.608Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mcandre.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-03-29T19:25:43.000Z","updated_at":"2023-04-23T09:55:07.000Z","dependencies_parsed_at":null,"dependency_job_id":"5f94e8c0-c99a-43b9-b8c1-e35e52285882","html_url":"https://github.com/mcandre/docker-first-aid-kit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcandre%2Fdocker-first-aid-kit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcandre%2Fdocker-first-aid-kit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcandre%2Fdocker-first-aid-kit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mcandre%2Fdocker-first-aid-kit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mcandre","download_url":"https://codeload.github.com/mcandre/docker-first-aid-kit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248841569,"owners_count":21170210,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-16T07:44:44.815Z","updated_at":"2025-04-14T07:40:41.104Z","avatar_url":"https://github.com/mcandre.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# DOCKER FIRST AID KIT\n\n# ABOUT\n\nWe provide practical guidance here, for making the best use of the amazing Docker containerized application system.\n\n## GENERAL\n\n# What the heck is Docker?\n\nDocker works like tupperware for software applications.\n\nDocker is a system for bundling, transferring, and enjoying software applications. Docker is an implementation of the more general idea of application *containers*, based on the `cgroups` functionality of the Linux kernel.\n\nBefore Docker, engineers used older tools like Vagrant and virtual machines, in order to accomplish similar goals. But virtual machines are less efficient than containers.\n\nMany digital systems continue to run as host-native applications; they never adopted containerization (or virtualization). For these legacy style applications, migrating to Docker can dramatically improve reliability.\n\nLooking past Docker into the future, High Performance Computing (HPC) alternatives include FPGA's and serverless computing. These disciplines are helpful in the pursuit of hyperoptimization, when the cost of engineering is outweighed by intense needs for realtime programming, low latency programming, or reducing cloud computing fees to the absolute minimum. However, HPC tech tends to restrict functionality compared to general purpose containers. HPC is also a moving target at a technical level, where the tools involved can change quite rapidly.\n\nFortuantely, containers provide a convenient middle ground between the extremes of host-native applications and HPC applications. The practice of containers is relatively easy to adopt, and suitably *impactful*. The current state of the art in Internet scale deployments relies heavily on Docker containers.\n\n# Avoid daemons\n\nFor Dockerfile `COMMAND`s and `ENTRYPOINT`s, avoid launching processes as background daemons. Daemons trigger Docker to artificially terminate containers early, because Docker drives the entire container system using direct, foreground user application processes.\n\nFor example, avoid using init scripts/services, which are normally designed for use in backgrounded, traditional host contexts.\n\n## Avoid docker-compose\n\n`docker-compose` is a vistigial tool for gluing containers together into an aggregate application. `docker-compose` is ill-suited for production use.\n\nToday, we enjoy much better tools for this, such as `minikube`. In fact, `minikube` replicates production Kubernetes environments much more closely than `docker-compose`. This helps to bridge the developer / operator gap at many technical organizations.\n\n## Configuration\n\n### Guests\n\nFor guest base layers, prefer `scratch`, a GNU/Linux flavor, or a musl/Linux flavor. While other guest operating systems are available such as Windows, FreeBSD, etc., these tend to restrict the kinds of different host machines able to run your containers.\n\nOptimal attack surface:\n\n* scratch\n\nOptimal image size:\n\n* scratch\n* Alpine Linux\n* Debian or Ubuntu\n\nOptimal portability:\n\n* scratch\n* Debian or Ubuntu\n* Fedora\n\n## Hosts\n\nFor host operating system, prefer a Kubernetes node, a GNU/Linux flavor, a musl/Linux flavor, macOS, or Windows. While other host operating systems are available such as Alpine Linux, OpenWrt, Void Linux, FreeBSD, etc., these tend to restrict the kinds of guest containers able to run on different hosts.\n\nOptimal support for assorted guest containers:\n\n* macOS\n* Windows\n* GNU/Linux\n\n### Docker resource allocation\n\nReserve ~0.5 TB space on the host for Docker images. This ensures smoother operation, such as when using Docker for multiple software projects.\n\nFor laptops, ensure the host is actively receiving power from a wall outlet. This helps the CPU to run at a faster clock rate.\n\nQuit any other resource-intensive applications that may be running. This helps to reduce interruption to container processes.\n\nSet `CPUs` to the number of (efficiency) cores. This allows Docker to use more of the available host CPU resources.\n\nSet `Memory` to 8 GB or higher. This allows Docker to use more of the available host RAM resources.\n\nSet `Swap` to 1 GB or higher. This allows Docker to use more host resources for swap space.\n\nSet `Virtual disk limit` to 128 GB or higher. This allows Docker to use more of the available host file system resources, particularly for guest /tmp operations.\n\n# VARIOUS DOCKER FAILURES\n\nDocker may begin to act strangely after resuming from host hibernation. When in doubt, restart the Docker service.\n\n# CLEAN\n\nRegularly remove stale containers listed in `docker ps -a`. This removes junk from CPU and disk.\n\nRegularly remove stale images listed in `docker images`. This removes junk from the local Docker image registry.\n\nRegularly run `docker system prune -f`. This often removes an enormous amount of Docker temporary data.\n\n# RESOURCES\n\n* [Docker](https://www.docker.com/)\n* [.dockerignore](https://docs.docker.com/engine/reference/builder/#dockerignore-file)\n* [Docker Multi-stage builds](https://docs.docker.com/build/building/multi-stage/)\n* [Docker Hub](https://hub.docker.com/)\n* [Flatpak](https://flatpak.org/)\n* [FPGA](https://en.wikipedia.org/wiki/Field-programmable_gate_array)\n* [Go](https://go.dev/)\n* [Kubernetes](https://kubernetes.io/)\n* [minikube](https://minikube.sigs.k8s.io/docs/start/)\n* [Serverless computing](https://en.wikipedia.org/wiki/Serverless_computing)\n* [tug](https://github.com/mcandre/tug)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmcandre%2Fdocker-first-aid-kit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmcandre%2Fdocker-first-aid-kit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmcandre%2Fdocker-first-aid-kit/lists"}