Docker Images: Blueprint do Seu Container π¨
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β IMAGE ARCHITECTURE MATRIX β
β β
β Base Image Layer [Alpine/Ubuntu/Debian] β
β β β
β Dependencies Layer [Runtime/Libraries] β
β β β
β Application Layer [Your Code/Apps] β
β β β
β Configuration Layer [ENV/Settings] β
β β β
β Runtime Layer [CMD/ENTRYPOINT] β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Fundamentos de Imagens π
Conceitos Básicos
Imagem: Template read-only para containers
Container: Instância executável de uma imagem
Layer: Camada incremental de mudanças
Registry: Repositório de imagens
Tag: Identificador de versão
Digest: Hash SHA256 único da imagem
Tipos de Imagens
Base Images
Scratch
Alpine (5MB)
Debian Slim (80MB)
Ubuntu (120MB)
Runtime Images
node:alpine
python:slim
openjdk:slim
Application Images
nginx:alpine
postgres:alpine
redis:alpine
Anatomia Detalhada π¬
Sistema de Camadas
# AnΓ‘lise de camadas
docker history --no-trunc nginx:latest
# Metadata detalhada
docker inspect --format='{{.RootFS.Layers}}' nginx:latest
# Exportar imagem
docker save nginx:latest | tar -tvf -
Estrutura Interna
# Exemplo de construção em camadas
FROM alpine:3.14
# Layer 1: Base OS
RUN apk add --no-cache python3
# Layer 2: Runtime
COPY ./app /app
# Layer 3: Application
ENV APP_ENV=production
# Layer 4: Configuration
CMD ["python3", "/app/main.py"]
# Layer 5: Runtime command
Gerenciamento Avançado π οΈ
Image Operations
# Criar tag local
docker tag source:latest target:v1.0
# Salvar imagem como tar
docker save myapp:latest > myapp.tar
# Carregar imagem de tar
docker load < myapp.tar
# Filtrar imagens
docker images --filter "dangling=true"
docker images --filter "label=environment=prod"
Batch Operations
# Remover todas imagens nΓ£o utilizadas
docker image prune --all --force
# Remover por padrΓ£o
docker images -q "python*" | xargs docker rmi
# Limpar imagens antigas
docker images --format "{{.ID}}\t{{.CreatedAt}}" | sort -k 2 | head -n 5 | cut -f1 | xargs docker rmi
Sistema de Tags π·οΈ
Convenções de Versionamento
# Tags especΓficas
registry.example.com/app:1.0.0
username/app:latest
custom/app:dev-build
# Multi-arquitetura
docker pull --platform linux/amd64 nginx
docker pull --platform linux/arm64 nginx
Boas Práticas π
DO's β
Use tags específicas
Minimize camadas
Otimize cache
Documente dependências
Implemente multi-stage builds
DON'Ts β
Evite
latestem produçãoNão armazene secrets
Não instale pacotes desnecessários
Não ignore
.dockerignoreNão use imagens não oficiais sem verificação
Image Operations Matrix π
Operação | Comando | Uso Comum |
|---|---|---|
Build |
| Criar nova imagem |
Pull |
| Baixar do registry |
Push |
| Enviar para registry |
Tag |
| Criar alias/versão |
Remove |
| Deletar imagem |
Inspect |
| Ver metadata |
Prune |
| Limpar não usadas |
Otimização de Imagens π
Redução de Tamanho
# Multi-stage build
FROM node:alpine AS builder
WORKDIR /app
COPY . .
RUN npm ci && npm run build
FROM nginx:alpine
COPY --from=builder /app/dist /usr/share/nginx/html
Cache Optimization
# Ordem eficiente
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build
Registry Management π
Docker Hub
# Login
docker login [options] [SERVER]
# Logout
docker logout [SERVER]
# Pull de registry privado
docker pull private-registry.com/app:tag
Advanced Security π
Image Signing
# Configurar DCT (Docker Content Trust)
export DOCKER_CONTENT_TRUST=1
# Gerar chaves
docker trust key generate mykey
# Assinar imagem
docker trust sign myregistry/myimage:tag
# Verificar assinatura
docker trust inspect --pretty myregistry/myimage:tag
Security Scanning
# Trivy scan
trivy image python:3.9-alpine
# Snyk scan
snyk container test nginx:latest
# Anchore scan
anchore-cli image add nginx:latest
anchore-cli image wait nginx:latest
anchore-cli image vuln nginx:latest os
Monitoring & Metrics π
Image Analytics
# Tamanho das camadas
docker history --no-trunc --format "{{.Size}}\t{{.CreatedBy}}" nginx:latest
# Uso de disco
docker system df -v --format "{{.Type}}\t{{.TotalCount}}\t{{.Size}}"
# Cache status
docker builder prune -f --filter until=24h
Performance Tracking
# Build time analysis
time docker build --no-cache .
# Layer size tracking
docker image inspect myapp:latest -f '{{.RootFS.Layers}}'
# Pull time metrics
time docker pull large-image:latest
Advanced Troubleshooting π§
Debug Techniques
# Debug build
DOCKER_BUILDKIT=1 docker build --progress=plain .
# Layer inspection
docker save myimage:latest | tar -xC /tmp/image-layers
# Network issues
docker pull --verbose registry.example.com/image:tag
Common Issues Matrix
Problema | Diagnóstico | Solução |
|---|---|---|
Pull Timeout |
| Verificar rede/proxy |
Build Failure |
| Limpar cache/deps |
Layer Issues |
| Otimizar Dockerfile |
Space Issues |
| Prune/cleanup |
Automation & CI/CD π€
GitHub Actions
name: Docker Build
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v2
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: user/app:latest
Automated Testing
# Test script
#!/bin/bash
set -e
# Build image
docker build -t test-image .
# Run container tests
docker run --rm test-image npm test
# Security scan
trivy image test-image
# Cleanup
docker rmi test-image
Waifu Advanced Tips π«
Quick Reference Pro π
ββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β ADVANCED IMAGE MANAGEMENT β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββ£
β Multi-arch β docker buildx build --platform all β
β Sign β docker trust sign image:tag β
β Scan β trivy image nginx:latest β
β Analyze β docker history --no-trunc image β
β Debug β DOCKER_BUILDKIT=1 docker build . β
β Optimize β docker build --squash . β
β Monitor β docker events --filter type=image β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Advanced Checkpoint β
Você agora domina:
[x] Arquitetura interna de imagens
[x] Multi-stage builds avançados
[x] Registry privado e autenticação
[x] Signing e scanning
[x] Debug e troubleshooting
[x] CI/CD integration
[x] Performance optimization
Next Level Steps π―
Container Orchestration
Advanced Security
Custom Base Images
Registry Federation
Image Policy Management
16 abril 2025