Melhores PrΓ‘ticas Docker: O Caminho do Mestre π―
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β DOCKER BEST PRACTICES MATRIX β
β β
β Security ββββββΊ Performance ββββββΊ Maintainability β
β β² β² β² β
β β β β β
β ββββββββββββββββ΄βββββββββββββββββ β
β DevOps Flow β
β β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Dockerfile Best Practices π
Otimização de Imagens
# β
Multi-stage build
FROM node:alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
FROM nginx:alpine
COPY --from=builder /app/dist /usr/share/nginx/html
Layer Optimization
# β
Combine RUN commands
RUN apt-get update && \
apt-get install -y \
package1 \
package2 && \
rm -rf /var/lib/apt/lists/*
# β Avoid multiple RUN commands
RUN apt-get update
RUN apt-get install package1
RUN apt-get install package2
Security Guidelines π
Container Hardening
# β
Use non-root user
FROM alpine
RUN adduser -D appuser
USER appuser
# β
Read-only root filesystem
docker run --read-only nginx
Secrets Management
# β
Use Docker secrets
docker secret create app_secret secret.txt
docker service create \
--secret app_secret \
myapp
# β Avoid environment variables for secrets
docker run -e "API_KEY=secret" myapp
Performance Optimization π
Resource Management
# β
Set resource limits
docker run \
--cpus=".5" \
--memory="512m" \
--memory-swap="1g" \
nginx
Networking
# β
Use user-defined networks
docker network create --driver overlay mynet
# β
Enable DNS caching
docker run --dns-opt="ndots:1" nginx
Development Workflow π»
Docker Compose
# β
docker-compose.yml
version: '3.8'
services:
app:
build:
context: .
target: development
volumes:
- .:/app
- /app/node_modules
environment:
- NODE_ENV=development
Testing
# β
Dedicated test container
docker-compose -f docker-compose.test.yml up
Production Deployment π
Health Checks
# β
Add HEALTHCHECK
HEALTHCHECK --interval=30s --timeout=3s \
CMD curl -f http://localhost/ || exit 1
Logging
# β
Configure logging
docker run \
--log-driver json-file \
--log-opt max-size=10m \
--log-opt max-file=3 \
nginx
CI/CD Integration π
Build Pipeline
# β
GitHub Actions example
name: Docker Build
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Build and test
run: |
docker build -t myapp:test .
docker run myapp:test npm test
Monitoring & Maintenance π
Container Health
# β
Regular health checks
docker inspect --format='{{.State.Health.Status}}' container_name
# β
Resource monitoring
docker stats --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}"
DO's and DON'Ts Matrix β¨
DO's β
ββββββββββββββββββββββββββββββββββ
β 1. Use multi-stage builds β
β 2. Set resource limits β
β 3. Implement health checks β
β 4. Use .dockerignore β
β 5. Version control images β
ββββββββββββββββββββββββββββββββββ
DON'Ts β
ββββββββββββββββββββββββββββββββββ
β 1. Run as root β
β 2. Store secrets in images β
β 3. Use latest tag β
β 4. Ignore security scans β
β 5. Skip health checks β
ββββββββββββββββββββββββββββββββββ
Waifu Best Practice Tips π‘
Checklist de Qualidade β
Antes do Deploy
[ ] Imagem otimizada
[ ] Security scan realizado
[ ] Resources limits definidos
[ ] Health checks implementados
[ ] Logs configurados
[ ] Backups planejados
[ ] Monitoring setup
Troubleshooting Guide π§
Common Issues
# β
Debug container
docker logs container_name
# β
Interactive debug
docker exec -it container_name sh
# β
Network debug
docker network inspect bridge
Próximos Passos π―
Certificação Docker
15 abril 2025