As Docker projects multiplied, so did the number of images. Docker Hub for public ones is fine, but company code? Private Docker Registry 2.0 addresses security but adds operational overhead.
Image tagging strategy¶
myapp:1.2.3— semantic versioning, immutablemyapp:develop-abc123— dev build with git SHA- NEVER :latest in production — a moving target
Multi-stage builds¶
FROM maven:3.3-jdk-8 AS build
COPY pom.xml .
COPY src src
RUN mvn package -DskipTests
FROM tomcat:8-jre8
COPY --from=build target/myapp.war /usr/local/tomcat/webapps/
200 MB instead of 1.2 GB. Smaller image = faster deploy.
Operations and security¶
Garbage collection as a cron job. Security scanning via Clair from CoreOS. CI/CD automatically builds, tags, and pushes images.
A registry is infrastructure¶
If you use Docker as a team, a private registry is a necessity.
dockerregistrydocker hubci/cd
Need help with implementation?
Our experts can help with design, implementation, and operations. From architecture to production.
Contact us