Brandon Mitchell - Tips and Tricks of the Docker Captains
The slides are available on GitHub.
Brandon Mitchell - Tips and Tricks of the Docker Captains
The slides are available on GitHub.
The Docker daemon can be configured by tweaking /etc/docker/daemon.json.
This is can also be done through in Settings -> GUI (Advanced) on Docker for Windows
Limit the size of log files for new containers as follows:
{
"log-opts": {"max-size": "10m", "max-file": "3"}
}
The local logging driver was introduced in Docker 18.09, released 2018-11-08.
Switch to the optimized driver for new containers as follows:
{
"log-driver": "local"
}
Avoid subnet collisions on other networks by using BIP and specifying default address pools:
{
"bip": "10.15.0.1/24",
"default-address-pools": [
{"base": "10.20.0.0/16", "size": 24},
{"base": "10.40.0.0/16", "size": 24}
]
}
Spin up another container containing the network debugging tools, connected to the network of the original container.
Identify what has been added / changed / deleted in each layer:
docker image build --no-cache --rm=false .
docker container diff [container]
A = added, C = changed (“copy on write”), D = deleted
This is a well known best practice to reduce the number of layers and size of images:
RUN apt-get update \
&& apt-get install -y curl \
&& rm -rf /var/lib/apt/lists/*
These are also a well known best practice to reduce the number of layers and size of images.
They are particularly useful for languages such as Java, Go, etc.
Note: The build layers are not shipped with the image but they are cached on the build server.
You can specify the garbage collection policy in daemon.json:
{
"builder": {
"gc": {
"enabled": true,
"policy": [
{"keepStorage": "512MB", "filter": {"unused-for": {"168h": true}}},
{"keepStorage": "2GB", "all": true}
]
}
}
}
This can be particularly useful as files can be used in the build but excluded from the final image:
--mount=type=bind
--mount=type=cache
--mount=type=secret
It is possible to mount NFS and EXT4 volumes in Docker containers.
An overlay file system ensures that writes to volumes are only visible to the container.
Different UID / GID on the host can be problematic on developer machines.
Brandon has created a script to fix these issues when the container starts up.
Check the slide decks on GitHub!
Since project files should be stored in the Linux distro you may need to copy files between different WSL distros.
This can easily be achieved when Docker Desktop is running because it creates some useful bind mounts.
From your target distro run the following command to check for /mnt/wsl:
mount | grep "mnt/wsl"
Create a folder to be mounted and then bind mount it into /mnt/wsl:
mkdir ~/testmount
mkdir /mnt/wsl/testmount
sudo mount -o bind ~/testmount /mnt/wsl/testmount
The source distro can then copy files into the mount:
cp -rp ~/project /mnt/wsl/testmount
Once you are done you can dispose of “testmount” in /mnt/wsl.
Note: This trick was mentioned in a Bret Fisher live show - starts at 1h40m in this video.