As you become more proficient with Docker, you'll encounter more advanced concepts and features. This chapter explores some of these topics to help you take your Docker skills to the next level even though this is beyond the scope of this introductory ebook.
Multi-stage builds allow you to create more efficient Dockerfiles by using multiple FROM statements in your Dockerfile.
# Build stage
FROM golang:1.16 AS builder
WORKDIR /app
COPY . .
RUN go build -o main .
# Final stage
FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=builder /app/main .
CMD ["./main"]This approach reduces the final image size by only including necessary artifacts from the build stage.
BuildKit is a next-generation build engine for Docker. Enable it by setting an environment variable:
export DOCKER_BUILDKIT=1BuildKit offers faster builds, better cache management, and advanced features like:
- Concurrent dependency resolution
- Efficient instruction caching
- Automatic garbage collection
Create isolated network environments for your containers:
docker network create --driver bridge isolated_network
docker run --network=isolated_network --name container1 -d nginx
docker run --network=isolated_network --name container2 -d nginxContainers on this network can communicate using their names as hostnames.
Manage multiple Docker environments with contexts:
# Create a new context
docker context create my-remote --docker "host=ssh://user@remote-host"
# List contexts
docker context ls
# Switch context
docker context use my-remoteDCT provides a way to verify the integrity and publisher of images:
# Enable DCT
export DOCKER_CONTENT_TRUST=1
# Push a signed image
docker push myrepo/myimage:latestManage sensitive data with Docker secrets:
# Create a secret
echo "mypassword" | docker secret create my_secret -
# Use the secret in a service
docker service create --name myservice --secret my_secret myimageImplement custom health checks in your Dockerfile:
HEALTHCHECK --interval=30s --timeout=10s CMD curl -f http://localhost/ || exit 1Extend Docker's functionality with plugins:
# Install a plugin
docker plugin install vieux/sshfs
# Use the plugin
docker volume create -d vieux/sshfs -o sshcmd=user@host:/path sshvolumeEnable experimental features in your Docker daemon config (/etc/docker/daemon.json):
{
"experimental": true
}This unlocks features like:
- Checkpoint and restore
- Rootless mode
Use security options to prevent container escapes:
docker run --security-opt="no-new-privileges:true" --cap-drop=ALL myimageCreate custom Dockerfile instructions using ONBUILD:
ONBUILD ADD . /app/src
ONBUILD RUN /usr/local/bin/python-build --dir /app/srcCreate and push multi-architecture images:
docker manifest create myrepo/myimage myrepo/myimage:amd64 myrepo/myimage:arm64
docker manifest push myrepo/myimageBuildx is a CLI plugin that extends the docker build command with the full support of the features provided by BuildKit:
# Create a new builder instance
docker buildx create --name mybuilder
# Build and push multi-platform images
docker buildx build --platform linux/amd64,linux/arm64 -t myrepo/myimage:latest --push .Use profiles in Docker Compose to selectively start services:
services:
frontend:
image: frontend
profiles: ["frontend"]
backend:
image: backend
profiles: ["backend"]Start specific profiles:
docker-compose --profile frontend up -dThese advanced Docker concepts and features provide powerful tools for optimizing your Docker workflows, improving security, and extending Docker's capabilities. As you incorporate these techniques into your projects, you'll be able to create more efficient, secure, and flexible Docker environments.