1: History and Motivation
Examine the evolution of virtualization technologies from bare metal, virtual machines, and containers and the tradeoffs between them.
2: Technology Overview
Explores the three core Linux features that enable containers to function (cgroups, namespaces, and union filesystems), as well as the architecture of the Docker components.
3: Installation and Set Up
Install and configure Docker Desktop
4: Using 3rd Party Container Images
Use publicly available container images in your developer workflows and learn how about container data persistence.
5: Example Web Application
Building out a realistic microservice application to containerize.
6: Building Container Images
Write and optimize Dockerfiles and build container images for the components of the example web app.
7: Container Registries
Use container registries such as Dockerhub to share and distribute container images.
8: Running Containers
Use Docker and Docker Compose to run the containerized application from Module 5.
9: Container Security
Learn best practices for container image and container runtime security.
10: Interacting with Docker Objects
Explore how to use Docker to interact with containers, container images, volumes, and networks.
11: Development Workflow
Add tooling and configuration to enable improved developer experience when working with containers.
•Developer Experience Wishlist
12: Deploying Containers
Deploy containerized applications to production using a variety of approaches.
Choosing a Base Image
When choosing a base image for your container, it's important to consider factors such as size, language support, ergonomics, and security. In this guide, we'll discuss these considerations and present some sample images for a Node.js application.
Factors to Consider
- Size: The base image size is the lower bound of the final built image size.
- Language Support: Ensure that the base image supports the language you're running.
- Ergonomics: How easy is it to work with the image? Does it have utilities built in for debugging or package installation?
- Security: Consider the number of CVEs (Common Vulnerabilities and Exposures) and the attack surface area of the image.
Sample Images for Node.js Applications
Here are some sample images for a Node.js application, with their respective sizes and vulnerabilities:
- node:latest (Bullseye) - Almost 1 GB in size, with 5 critical vulnerabilities, but easy to work with.
- node:slim (Bullseye) - 4 times smaller than the full size image and eliminates critical vulnerabilities, but with fewer built-in utilities.
- node:alpine - Small and free of CVEs, but considered experimental by Node.js due to its different C library variant.
- gcr.io/distroless/nodejs - Security-focused image created by Google, with LTS Node.js support only and limited utilities.
- cgr.dev/chainguard/node - Smallest and most secure image, but may be more difficult to work with due to its software provenance and limited package support.
Recommendations
For general-purpose use, the node:slim (Bullseye) image is a good choice due to its balance between size, security, and ease of use.
If you're focused on security, consider using the chainguard/nodejs image, but be prepared for potential difficulties in working with certain packages or custom application needs.