The DevOps Roadmap: 7 Containerization Best Practices

by | 15.02.2021 | Engineering

Containers have the opportunity for developers to build predictable environments isolated from other applications. The application’s software dependencies can also be bundled in containers, such as particular versions of programming language runtimes and other software libraries. Apart from these reasons, several other reasons make containers a preferable option when you think of your cloud-native strategy.

Learn more about containers here!

As we went around, Containerization makes our life more comfortable, and to make your dev life a bit easier, following the best practices is one way to start.

In this post, we will go around few best practices in the industry and reasons you should consider these practices when you start or are in the middle of your cloud-native journey.

The list is not in any order of priority. Feel free to experiment or adapt any/all!

Choose Container Engine Properly

Choose the right container engine for your application based on the project and use cases; if you are not sure what the right container engine for your application would be, then it is good to go with the most common and popular one, i.e., Docker.

But don’t just choose Docker because someone says it, do your own analysis, and then select the right one for your project. Careful consideration helps you to minimize technical debt.

Keep Container Image Small

It’s generally preferable to have a small Docker Image, everyone agrees. To Keep images smaller:

  • Use multi-stage builds (e.g. docker multi-stage build)
  • Use smaller base image
  • Avoid storing application data in your container’s writable layer. This is less efficient from an I/O perspective than using volumes or bind mounts, instead of storing data in external data storage (e.g. volumes in docker.) Also, this increases the size of your container.
  • When building images, make sure that image only contain the appropriate packages, delete what is not required and always tag the image. The actual application output would be affected by running several processes within a single container, so build multiple containers for an application that can communicate with each other instead.

Single App per Container

You can run several, but running a single app per container is a great practice. Each of your containers should contain just one app since a container is built to have the same lifecycle as the app it hosts. So when a container starts and stops so should the app start and stop.

Use Trusted/Secure Images

Try to use verified images while you deploy your container and if you need to use an unverified image scan it well, so any vulnerability doesn’t creep into your application. Scan for vulnerability in images/packages/dependencies and if found, fix it and also don’t forget to keep searching for newer vulnerabilities regularly.

Don’t store secrets in simple text

Never store in plain text secrets/sensitive files containing content such as DB username/passwords or any other sensitive credentials or tokens, use native secret management software in the container engine or use powerful external plugins instead.

Never Run Container as Root

Because of security issues, never run a container as root. As if the container will have root access, any security flow in any package/dependencies installed will affect the original host system.

Monitor Your Containers

It is best practice to regularly and automatically track your containers, check how they work, collect CPU, RAM, I/O usage and other resource data, and also collect and review logs from time to time. While debugging or monitoring this data would be very helpful.

Few tools that can help you to monitor:

Final Thoughts⭐

I hope you went through all of these practices and are ready to create a better containerization environment for your organization.

One pro tip: Try using any CI/CD pipeline to automatically build, tag images, test and deploy containers when you check a change to the source control or create a pull request.

If you’d like to explore more best practices for your cloud-native journey, we have put an excellent blog discussing best practices for your CI/CD.

Read it here!

Happy Experimentation!

Join the Community

The DevOps Awareness Program

Subscribe to the newsletter

Join 100+ cloud native ethusiasts

#wearep3r

Join the community Slack

Discuss all things Kubernetes, DevOps and Cloud Native

More stories from our blog

Linkerd: Looming on Service Meshes

Linkerd: Looming on Service Meshes

Microservices and service meshes have become a staple of the industry as companies realize the full potential of creating an independent architecture that allows for easier scale up, agile development, resilience and streamlined deployment. Many of these applications...

What’s new in Flux v0.17.0?

What’s new in Flux v0.17.0?

Flux2 came with its new update a while ago, and it is sheer exciting for the users because it brought a lot of new features. It also made a lot of new enhancements and updates. We will take a look at the entire catalogue in this article. So, without further a due,...

What’s new in Portainer v2.7.0 BE?

What’s new in Portainer v2.7.0 BE?

A few days ago, Portainer Business Edition came up with their new update. It is quite a massive update with many new features, bug fixes, enhancements and much more. In this article, we will see all of those in a nutshell. Let's start What is Portainer? Portainer is...

DVC (Git For Data): A Complete Intro

DVC (Git For Data): A Complete Intro

As a data scientist or ML engineer, have you ever faced the inconvenience of experimenting with the model? When we train the model, the model file is generated. Now, if you want to experiment with some different parameters or data, generally people rename the existing...

Recap of the Cloud Native Meetup Saar #3

Recap of the Cloud Native Meetup Saar #3

We are looking back on a very successful third edition of our Cloud Native Meetup Saar #3! Togetherer with our co-host anynines, we enjoyed a fun afternoon filled with great speakers, intriguing topics and thoughtful conversations! We welcomed a total of three...

Portainer Ambassador Series ft. Fabian Peter

Portainer Ambassador Series ft. Fabian Peter

Portainer arranged a fun and informative discussion through a one-hour special named “Ambassador Series” on 1st July 2021. It was pretty amazing to see Savannah Peterson as the host and two other guests. One is our very own CEO of p3r.one, Fabian Peter and the other...

What’s new in Longhorn v1.2.0?

What’s new in Longhorn v1.2.0?

Longhorn came with their new update. It is full of surprises. We will peel off one by one to see all the latest updates, features, bug fixes and much more. This one is a much-awaited update, and we will see all of it in a moment. So, without further a due, let's...

Kubernetes Stateful Friend: What’s more to etcd?

Kubernetes Stateful Friend: What’s more to etcd?

The Kubernetes control plane consists of various components, and one of such components is etcd. Anyone starting to learn k8s come across it and memorizes quickly that it’s a key-value pair for Kubernetes with persistence store. But, what’s more to it? Why do we need...

What’s New in Flux 1.24.0?

What’s New in Flux 1.24.0?

Flux 1.24 is out this month with couple of updates and Important notices. Let’s get around what are the updates in the new release. But, first, let’s do a quick intro on Flux. What is Flux? Flux is a tool that checks to see if the status of a cluster matches the git...

Event Driven Architecture Demystified (For Pros)

Event Driven Architecture Demystified (For Pros)

Event-Driven Architecture or EDA is talked about with pride inside any organization. But, through last few months, I have noticed a trend that the definition of EDA is not consistent across people and organizations. It’s vague. EDA is something where you have events...

Interested in what we do? Looking for help? Wanna talk about software strategy?