add some code

code/docker/best-practise/1-how-to-chose-image/Dockerfile

@@ -0,0 +1,14 @@
+FROM python:3.8.5-slim-buster
+#FROM python:3.8.5
+
+LABEL maintainer="XYZ <xxx@xxx.com>"
+
+COPY . /app
+
+WORKDIR /app
+
+RUN pip install -r requirements.txt
+
+EXPOSE 5000
+
+ENTRYPOINT [ "./run.sh" ]

code/docker/best-practise/1-how-to-chose-image/app.py

@@ -0,0 +1,6 @@
+from flask import Flask
+app = Flask(__name__)
+
+@app.route('/')
+def hello_world():
+    return 'Hello, World!'

code/docker/best-practise/1-how-to-chose-image/requirements.txt

@@ -0,0 +1 @@
+Flask==1.1.1

code/docker/best-practise/1-how-to-chose-image/run.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+export FLASK_APP=app.py
+flask run --host=0.0.0.0

code/docker/best-practise/2-build-with-cache/Dockerfile

@@ -0,0 +1,16 @@
+FROM python:3.8.5-slim-buster
+#FROM python:3.8.5
+
+LABEL maintainer="XYZ <xxx@xxx.com>"
+
+COPY requirements.txt /app/requirements.txt
+
+WORKDIR /app
+
+RUN pip install --quiet -r requirements.txt
+
+COPY . /app
+
+EXPOSE 5000
+
+ENTRYPOINT [ "./run.sh" ]

code/docker/best-practise/2-build-with-cache/app.py

@@ -0,0 +1,6 @@
+from flask import Flask
+app = Flask(__name__)
+
+@app.route('/')
+def hello_world():
+    return 'Hello, World!'

code/docker/best-practise/2-build-with-cache/requirements.txt

@@ -0,0 +1 @@
+Flask==1.1.1

code/docker/best-practise/2-build-with-cache/run.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+export FLASK_APP=app.py
+flask run --host=0.0.0.0

code/docker/best-practise/3-multi-stage-build/Dockerfile

@@ -0,0 +1,5 @@
+FROM golang:alpine
+WORKDIR /app
+ADD . /app
+RUN cd /app && go build -o goapp
+ENTRYPOINT ./goapp

code/docker/best-practise/3-multi-stage-build/Dockerfile.multi-stage

@@ -0,0 +1,10 @@
+# build stage
+FROM golang:alpine AS build-env
+ADD . /src
+RUN cd /src && go build -o goapp
+
+# final stage
+FROM alpine
+WORKDIR /app
+COPY --from=build-env /src/goapp /app/
+ENTRYPOINT ./goapp

code/docker/best-practise/3-multi-stage-build/app.go

@@ -0,0 +1,7 @@
+package main
+
+import "fmt"
+
+func main() {
+	fmt.Println("Hello world!")
+}

code/docker/best-practise/5-dockerignore-file/.dockerignore

@@ -0,0 +1,4 @@
+.git/
+*.md
+**/*.log
+**/*.pyc

code/docker/best-practise/5-dockerignore-file/Dockerfile

@@ -0,0 +1,16 @@
+FROM python:3.8.5-slim-buster
+#FROM python:3.8.5
+
+LABEL maintainer="XYZ <xxx@xxx.com>"
+
+COPY requirements.txt /app/requirements.txt
+
+WORKDIR /app
+
+RUN pip install --quiet -r requirements.txt
+
+COPY . /app
+
+EXPOSE 5000
+
+ENTRYPOINT [ "./run.sh" ]

code/docker/best-practise/5-dockerignore-file/app.py

@@ -0,0 +1,6 @@
+from flask import Flask
+app = Flask(__name__)
+
+@app.route('/')
+def hello_world():
+    return 'Hello, World!'

code/docker/best-practise/5-dockerignore-file/requirements.txt

@@ -0,0 +1 @@
+Flask==1.1.1

code/docker/best-practise/5-dockerignore-file/run.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+export FLASK_APP=app.py
+flask run --host=0.0.0.0

code/docker/best-practise/6-no-root/Dockerfile

@@ -0,0 +1,108 @@
+FROM ubuntu:xenial
+
+# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
+RUN groupadd -r mongodb && useradd -r -g mongodb mongodb
+
+RUN set -eux; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+    ca-certificates \
+    jq \
+    numactl \
+    ; \
+    if ! command -v ps > /dev/null; then \
+    apt-get install -y --no-install-recommends procps; \
+    fi; \
+    rm -rf /var/lib/apt/lists/*
+
+# grab gosu for easy step-down from root (https://github.com/tianon/gosu/releases)
+ENV GOSU_VERSION 1.12
+# grab "js-yaml" for parsing mongod's YAML config files (https://github.com/nodeca/js-yaml/releases)
+ENV JSYAML_VERSION 3.13.1
+
+RUN set -ex; \
+    \
+    savedAptMark="$(apt-mark showmanual)"; \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+    wget \
+    ; \
+    if ! command -v gpg > /dev/null; then \
+    apt-get install -y --no-install-recommends gnupg dirmngr; \
+    savedAptMark="$savedAptMark gnupg dirmngr"; \
+    elif gpg --version | grep -q '^gpg (GnuPG) 1\.'; then \
+    # "This package provides support for HKPS keyservers." (GnuPG 1.x only)
+    apt-get install -y --no-install-recommends gnupg-curl; \
+    fi; \
+    rm -rf /var/lib/apt/lists/*; \
+    \
+    dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')"; \
+    wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch"; \
+    wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc"; \
+    export GNUPGHOME="$(mktemp -d)"; \
+    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \
+    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \
+    command -v gpgconf && gpgconf --kill all || :; \
+    rm -r "$GNUPGHOME" /usr/local/bin/gosu.asc; \
+    \
+    wget -O /js-yaml.js "https://github.com/nodeca/js-yaml/raw/${JSYAML_VERSION}/dist/js-yaml.js"; \
+    # TODO some sort of download verification here
+    \
+    apt-mark auto '.*' > /dev/null; \
+    apt-mark manual $savedAptMark > /dev/null; \
+    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
+    \
+    # smoke test
+    chmod +x /usr/local/bin/gosu; \
+    gosu --version; \
+    gosu nobody true
+
+RUN mkdir /docker-entrypoint-initdb.d
+
+ENV GPG_KEYS 9DA31620334BD75D9DCB49F368818C72E52529D4
+RUN set -ex; \
+    export GNUPGHOME="$(mktemp -d)"; \
+    for key in $GPG_KEYS; do \
+    gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key"; \
+    done; \
+    gpg --batch --export $GPG_KEYS > /etc/apt/trusted.gpg.d/mongodb.gpg; \
+    command -v gpgconf && gpgconf --kill all || :; \
+    rm -r "$GNUPGHOME"; \
+    apt-key list
+
+# Allow build-time overrides (eg. to build image with MongoDB Enterprise version)
+# Options for MONGO_PACKAGE: mongodb-org OR mongodb-enterprise
+# Options for MONGO_REPO: repo.mongodb.org OR repo.mongodb.com
+# Example: docker build --build-arg MONGO_PACKAGE=mongodb-enterprise --build-arg MONGO_REPO=repo.mongodb.com .
+ARG MONGO_PACKAGE=mongodb-org
+ARG MONGO_REPO=repo.mongodb.org
+ENV MONGO_PACKAGE=${MONGO_PACKAGE} MONGO_REPO=${MONGO_REPO}
+
+ENV MONGO_MAJOR 4.0
+ENV MONGO_VERSION 4.0.20
+# bashbrew-architectures:amd64 arm64v8
+RUN echo "deb http://$MONGO_REPO/apt/ubuntu xenial/${MONGO_PACKAGE%-unstable}/$MONGO_MAJOR multiverse" | tee "/etc/apt/sources.list.d/${MONGO_PACKAGE%-unstable}.list"
+
+RUN set -x \
+    # installing "mongodb-enterprise" pulls in "tzdata" which prompts for input
+    && export DEBIAN_FRONTEND=noninteractive \
+    && apt-get update \
+    && apt-get install -y \
+    ${MONGO_PACKAGE}=$MONGO_VERSION \
+    ${MONGO_PACKAGE}-server=$MONGO_VERSION \
+    ${MONGO_PACKAGE}-shell=$MONGO_VERSION \
+    ${MONGO_PACKAGE}-mongos=$MONGO_VERSION \
+    ${MONGO_PACKAGE}-tools=$MONGO_VERSION \
+    && rm -rf /var/lib/apt/lists/* \
+    && rm -rf /var/lib/mongodb \
+    && mv /etc/mongod.conf /etc/mongod.conf.orig
+
+RUN mkdir -p /data/db /data/configdb \
+    && chown -R mongodb:mongodb /data/db /data/configdb
+VOLUME /data/db /data/configdb
+
+COPY docker-entrypoint.sh /usr/local/bin/
+ENTRYPOINT ["docker-entrypoint.sh"]
+
+EXPOSE 27017
+CMD ["mongod"]