KB Platform
kb.erickguedes.com
Docker: Containers do Dev ao Deploy

Dockerfile

Aula 2 de 7

Estrutura do Dockerfile

# syntax=docker/dockerfile:1
FROM node:20-alpine AS base
LABEL maintainer="[email protected]"

WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production && npm cache clean --force

FROM base AS dev
RUN npm install -g nodemon
COPY . .
CMD ["nodemon", "server.js"]

FROM base AS prod
COPY . .
USER node
EXPOSE 3000
HEALTHCHECK --interval=30s --timeout=3s --retries=3 \
  CMD curl -f http://localhost:3000/health || exit 1
CMD ["node", "server.js"]

Instruções Essenciais

FROM python:3.12-slim    # Imagem base (sempre prefira slim/alpine)
WORKDIR /app              # Diretório de trabalho
COPY requirements.txt .   # Copia arquivos específicos
COPY . .                  # Copia tudo (use .dockerignore)
RUN pip install -r requirements.txt  # Comando em tempo de build
EXPOSE 8000               # Documenta porta (não publica)
CMD ["python", "app.py"]  # Comando padrão
ENTRYPOINT ["python"]     # Entry point (CMD vira argumento)

Multi-stage Build

# Stage 1: Build
FROM golang:1.22-alpine AS builder
WORKDIR /src
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -o /app .

# Stage 2: Runtime (mínimo)
FROM scratch
COPY --from=builder /app /app
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
EXPOSE 8080
ENTRYPOINT ["/app"]

docker build -t meu-app:latest .
docker images | grep meu-app  # ~10MB (vs ~500MB com Go SDK)

.dockerignore

node_modules
.git
.env
*.md
Dockerfile
docker-compose.yml
.gitignore
dist/
.cache/
*.log

Boas Práticas

# 1. Camadas (RUNs agrupados)
# RUIM
RUN apt-get update
RUN apt-get install -y curl
RUN apt-get clean

# BOM
RUN apt-get update && apt-get install -y curl \
    && apt-get clean && rm -rf /var/lib/apt/lists/*

# 2. Não rodar como root
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
USER appuser

# 3. Healthcheck
HEALTHCHECK --interval=30s --timeout=5s \
  CMD curl -f http://localhost:8080/ || exit 1

Lab: Dockerfile Python

FROM python:3.12-slim

WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY . .
RUN adduser -D appuser
USER appuser

EXPOSE 8000
CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000"]

docker build -t minha-api:1.0 .
docker run -d -p 8000:8000 --name api minha-api:1.0
docker inspect api | grep IPAddress

Multi-stage builds reduzem drasticamente o tamanho final. Prefira imagens slim/alpine. Sempre use .dockerignore para não enviar lixo para o build context.