At this time we are not actively adding labs to this repository. Our focus is on training.play-with-docker.com where new lab and workshop oriented content is being added. We welcome fixes to existing content. For any new content you wish to contribute, please use this repository:https://github.com/play-with-docker/play-with-docker.github.io.

This repo contains Docker labs and tutorials authored both by Docker, and by members of the community. We welcome contributions and want to grow the repo.

• Docker for beginners
• Docker Swarm Mode
• Configuring developer tools and programming languages
  • Java
    • Live Debugging Java with Docker
    • Docker for Java Developers
  • Node.js
    • Live Debugging a Node.js application in Docker
    • Dockerizing a Node.js application
• Docker for ASP.NET and Windows containers
• Building a 12 Factor app with Docker
• Docker Security
• Docker Networking
• Hands-on Labs from DockerCon US 2017

• Docker Tutorials from the Community - links to a different repository
• Advanced…

Note that DockerSlim is now just Slim (SlimToolkit is the full name, so it's easier to find it online) to show its growing support for additional container tools and runtimes in the cloud native ecosystem.

Slim is now a CNCF Sandbox project. It was created by Kyle Quest and it's been improved by many contributors. The project is supported by Slim.AI.

Slim allows developers to inspect, optimize and debug their containers using its xray, lint, build, debug, run, images, merge, registry, vulnerability (and other) commands. It simplifies and improves your developer experience building, customizing and using containers. It makes your containers better, smaller and more secure while providing advanced visibility and improved usability working with the…

This is a repo to hold various Dockerfiles for images I create.

Table of Contents

• About
• Resources
  • My dotfiles
• Contributing
  • Using the Makefile

Almost all of these live on dockerhub under jess. Because you cannot use notary with autobuilds on dockerhub I also build these continuously on a private registry at r.j3ss.co for public download. (You're welcome.)

You may also want to checkout my dotfiles, specifically the aliases for all these files which are here: github.com/jessfraz/dotfiles/blob/master/.dockerfunc.

I try to make sure each Dockerfile has a command at the top to document running it, if a file you are looking at does not have a command, please pull request it!

$ make help
build                          Builds all the dockerfiles in the repository
dockerfiles                    Tests the changes to the Dockerfiles build.
image                          Build a Dockerfile (ex. DIR=telnet).
latest-versions                Checks all the

Writing production-worthy Dockerfiles is, unfortunately, not as simple as you would imagine. Most Docker images in the wild fail here, and even professionals often[1] get[2] this[3] wrong[4].

This repository has best-practices for writing Dockerfiles that I (@slimsag) have quite painfully learned over the years both from my personal projects and from my work @sourcegraph. This is all guidance, not a mandate - there may sometimes be reasons to not do what is described here, but if you don't know then this is probably what you should be doing.

Copy the Dockerfile into your own project and follow the comments to create your Dockerfile.

The following are included in the Dockerfile in this repository:

• Run as a non-root user
• Do not use a UID below 10,000
• Use a static UID and GID
• Do…

"Distroless" images contain only your application and its runtime dependencies They do not contain package managers, shells or any other programs you would expect to find in a standard Linux distribution.

For more information, see this talk (video).

Since March 2023, Distroless images use oci manifests, if you see errors referencing application/vnd.oci.image.manifest.v1+json or application/vnd.oci.image.index.v1+json, update your container tooling (docker, jib, etc) to latest.

Restricting what's in your runtime container to precisely what's necessary for your app is a best practice employed by Google and other tech giants that have used containers in production for many years. It improves the signal to noise of scanners (e.g. CVE) and reduces the burden of establishing provenance to just what you need.

Distroless images are very small The smallest distroless image, gcr.io/distroless/static-debian12, is around 2 MiB. That's about 50% of…

Watchtower

A process for automating Docker container base image updates

With watchtower you can update the running version of your containerized app simply by pushing a new image to the Docker Hub or your own image registry.

Watchtower will pull down your new image, gracefully shut down your existing container and restart it with the same options that were used when it was deployed initially. Run the watchtower container with the following command:

$ docker run --detach \
    --name watchtower \
    --volume /var/run/docker.sock:/var/run/docker.sock \
    containrrr/watchtower

Watchtower is intended to be used in homelabs, media centers, local dev environments, and similar. We do not recommend using Watchtower in a commercial or production environment. If that is you, you should be looking into using Kubernetes. If that feels like too big a step for you, please look into solutions like MicroK8s and k3s that take away a lot of the…