An Introduction to Docker Containers

The Journey of Application Deployment

Grasping Docker containers involves understanding the historical context of deployment methods and the problems Docker addresses.

1. Traditional Servers (Raw Hardware)

In the past, application infrastructure typically started with physical servers – dedicated machines running an operating system directly on the hardware. While seemingly simple at first, this model presents considerable drawbacks in today’s dynamic environments.

Challenges with Raw Servers

• Inefficient Resource Use: Applications seldom utilize the full processing power or memory of a server, leading to wasted capacity.
• Scaling Difficulties: Expanding capacity necessitates acquiring, setting up, and configuring new physical machines, a process that is both time-consuming and costly.
• Extended Setup Time: Preparing a new server, including OS installation, patching, and dependency setup, can often take days or even weeks.
• Substantial Maintenance Overhead: Physical servers demand space, power, cooling, and direct, hands-on upkeep.
• Poor Application Isolation: Running multiple applications directly on the same OS can lead to conflicts, such as incompatible library versions or competition for system resources.

2. Hypervisors and Virtual Machines (VMs)

To overcome the limitations of physical servers, hypervisor technology gained prominence in the early 2000s, introducing virtualization.

• Type 1 (Bare-Metal Hypervisors): These run directly on the server’s hardware (examples include VMware ESXi, Microsoft Hyper-V, KVM). They directly manage guest Virtual Machines.
• Type 2 (Hosted Hypervisors): These operate on top of a standard host operating system (examples include VirtualBox, VMware Workstation/Fusion).

Hypervisors enable multiple VMs to operate simultaneously on a single physical machine. Every VM encapsulates a complete operating system (the guest OS), plus the application and all its required dependencies.

Advantages of VMs:

• Enhanced resource utilization via server consolidation.
• Robust isolation between VMs, since each possesses its own OS kernel.
• Quicker provisioning compared to setting up new physical hardware.

VM Disadvantages

Despite being an improvement, VMs still came with their own set of challenges:

• Significant Overhead: Each VM necessitates a full guest OS installation (kernel, drivers, libraries), consuming substantial disk space, RAM, and CPU cycles even before the application itself runs.
• Lengthy Boot Process: VMs typically take minutes to start up as they need to boot an entire operating system.
• Large Size: VM disk images are often very large, measured in gigabytes.
• Portability Issues: Migrating VMs between different hypervisor platforms or cloud providers can sometimes be complicated.

3. Docker and Containerization

Docker, which debuted in 2013, brought OS-level virtualization, or containerization, into the mainstream. It tackled many VM drawbacks by leveraging container technology:

• Shared Host OS Kernel: Containers execute as isolated processes directly on the host operating system, sharing its kernel. This negates the need for a separate guest OS for each application.
• Lightweight and Fast: Containers launch almost instantaneously (often in seconds or less) because there’s no OS boot sequence. Their resource footprint is minimal.
• Efficient Resource Consumption: Containers allow for much greater density – significantly more containers can run on the same hardware compared to VMs due to lower overhead.
• Consistent Execution Environments: Docker packages applications with all their dependencies (libraries, binaries, configuration files). It solves the age-old problem: “it works on my machine”, ensuring uniformity across development, staging, and production systems.
• Strong Process Isolation: Containers provide isolation at the process level, keeping applications and their dependencies separate from one another and the host system.

Docker’s key contributions simplified container usage:

• Dockerfile: A text-based script defining the steps to assemble a container image.
• Standardized Image Format: Established a widely accepted standard for packaging applications.
• Container Registries: Centralized repositories (like Docker Hub) for storing, distributing, and finding container images.
• Developer Tools: A robust command-line interface (CLI) and surrounding ecosystem for building, executing, and managing containers.

What Exactly Are Containers?

Containers are self-contained, lightweight, executable software units. They bundle everything required to run a piece of software: the code, runtime environment (like Node.js or Python), system tools, libraries, and configuration settings. Containers isolate the application from the host environment, ensuring it behaves consistently regardless of the underlying infrastructure, thus greatly reducing the “it works on my machine” syndrome.

Docker Images Compared to Containers

Distinguishing between Docker images and containers is fundamental to using Docker effectively. Here’s a breakdown of their differences:

Docker Images

• A Docker image acts as a read-only template containing the instructions for building a container.
• Consider it a blueprint or a snapshot defining the container’s contents when launched.
• Images are immutable; once built, they cannot be altered.
• Images consist of layers, where each layer corresponds to an instruction in the Dockerfile.
• Images can be shared and retrieved using registries such as Docker Hub.
• They package all components needed for an application: code, runtime, libraries, environment variables, and configuration files.

Docker Containers

• A container is a live, runnable instance created from a Docker image.
• Think of it as an active process executing the instructions defined in the image.
• Containers are ephemeral and mutable; they can be started, stopped, moved, or deleted.
• Each container possesses its own writable layer for storing runtime data or changes.
• Multiple isolated containers can be launched from the identical image.
• A container exists only as long as the primary process inside it is running.

Analogy: Image vs. Container

Imagine a cooking recipe:

• The image is analogous to the recipe itself (listing ingredients, steps, etc.).
• The container is like the actual meal prepared by following that recipe.
• You can prepare multiple meals (containers) using the same recipe (image).
• Each meal (container) is independent and can be consumed or modified without changing the original recipe (image).

Containers vs. Virtual Machines (VMs) - A Comparison

Feature	Containers	Virtual Machines (VMs)
Architecture	Share the host OS kernel	Run a full guest OS plus a hypervisor
Size	Typically measured in Megabytes (MB)	Typically measured in Gigabytes (GB)
Startup Time	Seconds or even milliseconds	Minutes
Performance	Approaches native hardware speed	Performance penalty due to virtualization
Isolation	Process-level isolation	Complete hardware virtualization isolation
Resource Usage	Minimal overhead (CPU, RAM, Disk)	Substantial overhead (CPU, RAM, Disk)
Portability	Highly portable between host systems	Less portable, often tied to hypervisor
Density	High (many containers feasible per host)	Lower (fewer VMs feasible per host)

Visual Representation

Container Architecture

┌─────────────────────────────────────────────────┐
│              Application A   Application B      │
│              (Binaries / Libs)                  │
├─────────────┬─────────────────┬─────────────────┤
│  Container  │    Container    │    Container    │
│      A      │        B        │        C        │
│  (Node.js)  │    (Redis)      │   (MongoDB)     │
├─────────────┴─────────────────┴─────────────────┤
│                Container Engine (e.g., Docker)  │
├─────────────────────────────────────────────────┤
│                   Host OS (Kernel)              │
├─────────────────────────────────────────────────┤
│                  Infrastructure (Hardware)      │
└─────────────────────────────────────────────────┘

Virtual Machine Architecture

┌───────────────┐  ┌───────────────┐  ┌───────────────┐
│  Application  │  │  Application  │  │  Application  │
│   (Binaries / Libs)   │   (Binaries / Libs)    │   (Binaries / Libs)   │
├───────────────┤  ├───────────────┤  ├───────────────┤
│ Guest OS (A)  │  │ Guest OS (B)  │  │ Guest OS (C)  │
├───────────────┤  ├───────────────┤  ├───────────────┤
│      VM A     │  │      VM B     │  │      VM C     │
├───────────────┴──┴───────────────┴──┴───────────────┤
│                   Hypervisor                        │
├─────────────────────────────────────────────────────┤
│                     Host OS (Optional)              │
├─────────────────────────────────────────────────────┤
│                    Infrastructure (Hardware)        │
└─────────────────────────────────────────────────────┘

Note

Essentially, the key distinction lies in the abstraction layer. Containers virtualize the operating system itself, whereas VMs virtualize the physical hardware beneath.

Installing Docker

Docker Desktop provides the simplest path for getting started on Windows and macOS, offering a graphical user interface and managing the necessary backend components. On Linux servers, installing Docker Engine directly is the common practice.

Windows Installation

1. Download: Obtain Docker Desktop for Windows from the official Docker Hub website.

2. Install: Execute the downloaded installer file (Docker Desktop Installer.exe). Follow the installation wizard’s prompts. It will likely prompt you to enable the WSL 2 (Windows Subsystem for Linux 2) feature, which is the preferred backend for optimal performance. A system reboot might be required.

3. Launch: Open Docker Desktop using the Windows Start Menu. Give it a moment to initialize the Docker Engine in the background.

4. Verify: Start PowerShell or Command Prompt and execute the command below. The output should display the installed Docker version.

   docker --version

macOS Installation

1. Download: Fetch Docker Desktop for Mac from the official Docker Hub. Ensure you select the correct download for your Mac’s architecture (Apple Silicon or Intel).

2. Install: Open the downloaded .dmg disk image file. Drag the Docker application icon into your Mac’s Applications folder.

3. Launch: Start the Docker application from your Applications folder. You may need to authorize system permissions during its initial launch.

4. Verify: Open the Terminal application (found in Applications/Utilities/Terminal.app) and run the following command.

   docker --version

Ubuntu Linux Installation (and similar Debian-based distributions)

1. Update System & Install Prerequisites: Refresh your package list and install necessary packages to allow apt to use repositories over HTTPS:

   sudo apt update
   sudo apt install apt-transport-https ca-certificates curl software-properties-common -y

2. Add Docker’s Official GPG Key: Import Docker’s GPG key to verify the authenticity of the Docker packages:

   curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

3. Configure the Stable Repository: Add the official Docker stable repository to your system’s APT sources list:

   echo \
     "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
     $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

4. Install Docker Engine: Update the package index again (this time including the Docker repository) and install the latest versions of Docker Engine, CLI, containerd, and the Docker Compose plugin:

   sudo apt update
   sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y

5. Start and Enable the Docker Service: Ensure the Docker daemon starts automatically when the system boots:

   sudo systemctl start docker
   sudo systemctl enable docker

6. Confirm Installation: Verify that Docker Engine has been installed correctly by checking its version information:

   docker --version

Post-Installation Configuration (Linux Only)

Execute Docker Commands without `sudo`

By default, running Docker commands requires root (administrator) privileges. To allow a non-root user to execute Docker commands, you need to add that user to the docker group. First, add your current user to the docker group:

sudo usermod -aG docker ${USER}

Next, you must apply these group membership changes. You might need to log out completely and log back in for the changes to be fully recognized. Alternatively, you can run the following command in your current terminal session (this activates the group change only for that specific session):

newgrp docker

Verify Installation Success (All Platforms) A straightforward test to confirm that Docker is installed and functioning properly is to run the standard hello-world container:

docker run hello-world

Fundamental Docker Commands

Below are essential Docker commands for effectively managing images and containers.

Image Management Commands

1. Pull an Image from Registry

   docker pull <image-name>:<tag>

   Fetches a specified image from a container registry (Docker Hub by default). If the <tag> is omitted, it defaults to latest.

2. List Local Images

   docker images
   # alternative command
   docker image ls

   Displays all Docker images currently stored on your local machine.

3. Remove a Local Image

   docker rmi <image-name>
   # force removal (e.g., if used by stopped containers)
   docker rmi -f <image-name>

   Deletes a specified image from your local storage.

4. Build an Image from Dockerfile

   docker build -t <image-name>:<tag> .

   Constructs a new Docker image based on the instructions in a Dockerfile located in the current directory (.). The -t flag tags the image.

Container Lifecycle Commands

1. Run a Container from Image

   docker run <image-name>
   # run in detached (background) mode
   docker run -d <image-name>
   # run with port mapping (host:container)
   docker run -p <host-port>:<container-port> <image-name>

   Instantiates and starts a new container based on the specified image. Various flags modify its behavior.

2. List Active/All Containers

   # display currently running containers
   docker ps
   # display all containers, including stopped ones
   docker ps -a

   Shows containers currently in operation or lists all containers regardless of state.

3. Stop a Running Container

   docker stop <container-id/name>

   Sends a signal to gracefully stop a specified running container.

4. Remove a Stopped Container

   docker rm <container-id/name>
   # force removal of a container (even if running)
   docker rm -f <container-id/name>

   Deletes a specified container that is already stopped (use -f to force removal of a running one).

Utility and Inspection Commands

1. View Container Logs

   docker logs <container-id/name>
   # continuously stream log output ('follow')
   docker logs -f <container-id/name>

   Displays the standard output logs generated by a container.

2. Execute a Command Inside a Container

   docker exec -it <container-id/name> <command>
   # example: open an interactive bash shell
   docker exec -it <container-id/name> bash

   Runs a specified command within an already running container. -it makes it interactive.

3. Inspect Container Details

   docker inspect <container-id/name>

   Provides detailed low-level information about a container’s configuration and state in JSON format.

4. System Resource Cleanup

   # remove all stopped containers
   docker container prune
   # remove dangling (unused) images
   docker image prune
   # remove all unused objects (containers, images, networks, volumes)
   docker system prune

   Commands to reclaim disk space by removing unused Docker resources.

Referring to Containers

When using container commands, you can identify containers using either their unique ID or their assigned name. You can often use a shortened, unique prefix of the container ID (e.g., 1a2b instead of 1a2b3c4d5e6f).

Automatic Container Names

If you don’t explicitly assign a name using the --name flag during docker run, Docker automatically generates a random name. These names typically follow the pattern adjective_surname (e.g., serene_hopper or vigilant_torvalds).

Introducing Docker Compose

Docker Compose is a utility designed for defining and managing multi-container Docker applications. It employs YAML configuration files to orchestrate application services, simplifying the setup and operation of complex applications involving multiple interconnected containers.

What Does Docker Compose Do?

Docker Compose enables you to:

• Define your entire application’s multi-container setup within a compose.yaml (or docker-compose.yml) file.
• Control multiple containers (services) collectively.
• Establish dependencies and relationships between containers.
• Easily scale individual services up or down.
• Manage persistent data using named volumes.
• Specify the startup sequence for dependent services.

Basic Structure of a Compose File

# Example compose.yaml
services:
  # Defines a service named 'web'
  web:
    build: .  # Build image from Dockerfile in current directory
    ports:
      - "8000:5000" # Map host port 8000 to container port 5000
    volumes:
      - .:/code # Mount current directory into /code in the container
    environment:
      FLASK_DEBUG: 1 # Set an environment variable
  # Defines another service named 'redis'
  redis:
    image: "redis:alpine" # Use a pre-built image from a registry
    ports:
      - "6379:6379" # Map host port 6379 to container port 6379

Frequent Docker Compose Commands

1. Start Application Services

   # Build (if needed), create, start containers, and attach console
   docker compose up
   # Start containers in detached (background) mode
   docker compose up -d

2. Stop Application Services

   # Stop and remove containers, networks defined by compose
   docker compose down
   # Stop/remove containers AND remove named volumes
   docker compose down -v

3. Check Service Status and Logs

   # List containers managed by compose
   docker compose ps
   # View aggregated logs from all services
   docker compose logs
   # Follow log output
   docker compose logs -f

4. Scale Specific Services

   # Adjust the number of containers for a service (e.g., 'web')
   docker compose up -d --scale web=3

Core Concepts in Compose Files

Defining Services

Services represent the individual containers making up your application (e.g., web server, database, cache).

services:
  webapp:
    build: ./webapp # Path to the build context
    ports:
      - "80:8080"  # Host:Container port mapping
    depends_on:    # Define startup dependencies
      - db
      - redis

Managing Persistent Data with Volumes

Volumes provide a way to persist data generated by containers beyond their lifecycle.

services:
  db:
    image: postgres
    volumes:
      # Mount a named volume 'db-data' into the container path
      - db-data:/var/lib/postgresql/data

# Declare the named volume
volumes:
  db-data:

Configuring Networks

Compose sets up a default network, but you can define custom networks for better isolation or connectivity.

services:
  frontend:
    networks: # Connect this service to a specific network
      - frontend-network
  backend:
    networks: # Connect this service to multiple networks
      - backend-network
      - frontend-network

# Declare the custom networks
networks:
  frontend-network:
  backend-network:

Compose Best Practices

• Maintain separate configuration files (e.g., using overrides) for development vs. production.
• Utilize environment variables or secrets for sensitive information like passwords or API keys.
• Implement health checks within service definitions to ensure containers are running properly.
• Choose descriptive and clear names for your services.

Handling Environment Variables in Compose

Docker Compose offers flexibility in managing environment variables for your services:

1. Using an Environment File (.env) Reference an external file containing key-value pairs.

services:
  web:
    env_file:
      - .env # Load variables from .env file in the same directory

2. Defining Environment Variables Directly Specify variables directly within the service definition. You can also interpolate variables from the host environment.

services:
  web:
    environment:
      - DEBUG=1 # Set a fixed value
      - API_KEY=${API_KEY} # Use value from host's API_KEY variable
      # Alternative map syntax:
      # DATABASE_URL: postgresql://user@db:5432/mydb

Security Reminder

Avoid committing files containing sensitive credentials (like .env files or secret files) directly into your version control system (e.g., Git). Ensure they are listed in your .gitignore file.

Example: Multi-Service Web Application with Compose

Here’s a more comprehensive example demonstrating a web application composed of multiple services (web frontend, database, cache) using various Compose features:

compose.yaml

version: '3.8' # Specify compose file version (optional but recommended)

services:
  # Web application service
  web:
    build: ./web # Build context for the web service
    ports:
      - "80:3000" # Map host port 80 to container port 3000
    environment:
      - NODE_ENV=production # Set environment for the application
      - DB_HOST=db          # Service name 'db' resolves to DB container IP
    depends_on:             # Ensure db and redis start before web
      - db
      - redis
    networks:               # Connect to both frontend and backend networks
      - frontend
      - backend

  # Database service
  db:
    image: postgres:13 # Use official PostgreSQL 13 image
    volumes:
      - db-data:/var/lib/postgresql/data # Persist database files
    environment:
      - POSTGRES_DB=myapp
      - POSTGRES_USER=user
      # Use Docker secrets for the password
      - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
    networks:
      - backend # Only accessible on the backend network
    secrets:
      - db_password # Grant access to the defined secret

  # Caching service
  redis:
    image: redis:6-alpine # Use official Redis 6 Alpine image
    networks:
      - backend # Only accessible on the backend network

# Define networks
networks:
  frontend:
  backend:

# Define named volume for database persistence
volumes:
  db-data:

# Define secrets (sensitive data)
secrets:
  db_password:
    file: ./db_password.txt # Load password from a local file

Crafting Effective Dockerfiles

A Dockerfile is a script containing a series of instructions used by Docker to automatically build a container image. Writing optimized and maintainable Dockerfiles is key to producing efficient and secure container images.

Fundamental Dockerfile Structure

A typical Dockerfile follows this general pattern:

# Start with an official base image (choose wisely)
FROM node:20-alpine

# Establish the working directory inside the container
WORKDIR /app

# Copy package manager configuration files first
COPY package*.json ./

# Install application dependencies (leverages layer caching)
RUN npm install

# Copy the rest of the application source code
COPY . .

# Inform Docker that the container listens on this port at runtime
EXPOSE 3000

# Specify the default command to execute when the container starts
CMD ["npm", "start"]

Key Dockerfile Instructions Explained

1. FROM

   FROM <base-image>:<tag>

   Sets the initial base image for subsequent instructions. Every Dockerfile must begin with a FROM instruction.

2. WORKDIR

   WORKDIR /path/inside/container

   Defines the working directory for RUN, CMD, ENTRYPOINT, COPY, and ADD instructions that follow it. Use absolute paths for clarity.

3. COPY and ADD

   COPY <source-on-host> <destination-in-container>
   ADD <source-on-host-or-url> <destination-in-container>

   Transfers files or directories from the host machine (build context) into the image’s filesystem. COPY is generally preferred; ADD has extra features like URL downloading and automatic archive extraction, which can be less predictable.

4. RUN

   RUN <shell-command>

   Executes commands within a new layer on top of the current image. Commonly used for installing packages, compiling code, etc. Chain commands using && to minimize layer count.

5. ENV

   ENV MY_VARIABLE=my_value

   Sets persistent environment variables within the image. These are available to subsequent RUN instructions and when the container runs.

6. EXPOSE

   EXPOSE <port-number>/<protocol>

   Documents the network ports on which the container application will listen. It doesn’t actually publish the port; that’s done with docker run -p.

7. CMD

   # Preferred "exec" form:
   CMD ["executable", "param1", "param2"]
   # Shell form:
   # CMD command param1 param2

   Specifies the default command to run when a container is started from the image. A Dockerfile should have only one CMD. If multiple are present, only the last one takes effect.

Optimizing Builds with Layer Caching

Understanding Docker Image Layers

Every instruction in a Dockerfile (except FROM) potentially creates a new layer in the resulting image. Docker utilizes layer caching during builds: if an instruction and its context haven’t changed since the last build, Docker reuses the existing layer instead of rebuilding it. This dramatically speeds up builds and can affect image size.

Layer Optimization Strategies

1. Combine RUN Commands: Chain related commands using && and \ for line breaks to create fewer layers. Clean up temporary files within the same RUN instruction.

   # Less Optimal - Creates multiple layers
   RUN apt-get update
   RUN apt-get install -y --no-install-recommends some-package
   RUN rm -rf /var/lib/apt/lists/*
   
   # More Optimal - Single layer, includes cleanup
   RUN apt-get update && \
       apt-get install -y --no-install-recommends some-package && \
       rm -rf /var/lib/apt/lists/*

2. Order Instructions Logically: Place instructions that change less frequently (like installing dependencies) before instructions that change more often (like copying source code). This maximizes cache hits.

   # Good ordering for cache efficiency
   WORKDIR /app
   # Copy dependency manifests first
   COPY package*.json ./
   # Install dependencies (cached if manifests don't change)
   RUN npm install
   # Copy source code (changes frequently, invalidates cache from here down)
   COPY . .

3. Leverage Multi-stage Builds: Use multiple FROM instructions in one Dockerfile. This allows you to build your application with all necessary tools and dependencies in one stage, then copy only the essential artifacts (like compiled binaries or static assets) into a smaller, cleaner final image.

   # Stage 1: Build the application
   FROM node:20 AS build-stage
   WORKDIR /app
   COPY package*.json ./
   RUN npm install
   COPY . .
   RUN npm run build # Assume this creates a 'dist' directory
   
   # Stage 2: Create the final, minimal image
   FROM nginx:alpine
   # Copy only the built assets from the previous stage
   COPY --from=build-stage /app/dist /usr/share/nginx/html
   EXPOSE 80
   CMD ["nginx", "-g", "daemon off;"]

Utilizing the .dockerignore File

Similar to .gitignore, a .dockerignore file in the root of your build context prevents specified files and directories from being sent to the Docker daemon during the build. This speeds up builds (less data transferred), avoids unnecessarily large images, and prevents sensitive files from being accidentally included.

# Example .dockerignore contents
# Exclude node_modules, build artifacts, logs
node_modules
npm-debug.log
dist
build
*.log

# Exclude Docker and Git specific files
Dockerfile
.dockerignore
.git
.gitignore

# Exclude secrets and local environment files
.env
*.secret
secrets/

Security Best Practice

Always create a .dockerignore file to explicitly exclude secrets (like .env files, private keys, cloud credentials), version control directories (.git), and any other files not needed in the final image.

General Dockerfile Best Practices

1. Use Specific Base Image Tags: Avoid latest. Pin base images to specific versions (e.g., node:20.11.1-alpine3.19) for predictable and reproducible builds.

   # Avoid: Prone to unexpected breaking changes
   # FROM python:latest
   
   # Prefer: Ensures consistent builds
   FROM python:3.11.7-slim-bookworm

2. Run Containers as Non-Root User: Create a dedicated user and group, then switch to that user using the USER instruction for enhanced security.

   RUN addgroup --system appgroup && adduser --system --ingroup appgroup appuser
   # ... other setup ...
   USER appuser # Switch to non-root user

3. Optimize Dependency Caching: Copy only the necessary package manifest files (package.json, requirements.txt, etc.) and install dependencies before copying the entire application code.

   WORKDIR /app
   COPY requirements.txt ./
   RUN pip install --no-cache-dir -r requirements.txt
   COPY . .

4. Use ARG for Build-Time Variables: Pass variables during the build process using ARG. Combine with ENV if the variable needs to persist in the running container.

   ARG APP_VERSION=unknown
   ENV APP_VERSION=${APP_VERSION}
   RUN echo "Building version $APP_VERSION"

5. Implement Health Checks: Use the HEALTHCHECK instruction to define how Docker can check if the application inside the container is healthy.

   HEALTHCHECK --interval=1m --timeout=5s --start-period=30s --retries=3 \
     CMD curl --fail http://localhost:8080/healthz || exit 1

Impact of Layer Caching

Remember that Docker’s layer cache is crucial for build speed. Any change to a line in the Dockerfile, or to files being copied by COPY or ADD, invalidates the cache for that layer and all subsequent layers, forcing them to be rebuilt. Structuring your Dockerfile thoughtfully maximizes cache usage.