Docker-advanced.txt

- .dockerignore 

- dockerd - containerd - runc

https://github.com/kratochj/docker-advance-training-exercise

- CMD vs ENTRYPOINT

- signal handling

https://hackernoon.com/my-process-became-pid-1-and-now-signals-behave-strangely-b05c52cc551c

Dos

- pouzivat exec

- combine commands in one RUN

- share base images (debian, python)

- preffer distroless images

Donts

- multiple processes in one containers

- delete data from previous layers (apt get, rm /var/cache/apt)

- writing data into containers
  - radsej stateless, ked tak pouzit VOLUME /var/data

- using "large relation databases" in container
  - no DB in docker
    - lot of processes
    - non scalable

- run docker in docker
 
 Multistage builds


Tips and Tricks

- never root
- no data in container
- no credentials in container
- update images (`--no-cache`)
- verify 3rd party repos
- use tool docker-security-scanning

clair - image scanner


pouzivat sha a pre baseimage


Image Registry

- opensource
  - docker registry - free, nevie nic
- proprietary
  - docker hub
  - quay.io
  - artifactory
  - cloud (Google, AWS ECR, Azure CR)

- url/org/name:tag
         /name:@sha256....



- last pulled
- jasna zodpovednost
- zapnut delete
- riesit dependecies


Security
 - java detekuje zo systemu, moze byt problem s cgroup limitom
 - docker no swappines - inak prideli 2x limit

 Notary
  - podpisane kontainery
 

 - docker volume create

 Storage - best practices
  - separate docker partition
  - monitor storage performance (inode count)
  - data in mounted volumes

Networking
  - 

Logging
  - trik /app/log -> /dev/stdout