In the current IT industry, the use of docker technology has become a trend and inevitable trend. Many companies and individuals are using docker technology, and when using docker technology, choosing a suitable image is also very critical for the development of the project. Although the official provides many different images, in actual use, using official images is not always the best choice. So why should we avoid using official images? Next, we will explain the reasons from several aspects.
Although the official provides many different images, in actual use, there are certain security risks in using official images. First, official images are not guaranteed to be the latest and most secure versions. Because images are usually built on demand, either by triggering a regular build job or manually. In this case, the quality and security of the images vary. In addition, when you use official images, you are using a very widely used code base, and the risk of attackers injecting malicious code into official images increases.
However, the problem does not stop there. Because official images are easier to use, many people use the same source image and build on top of it. This means that if an attacker is able to compromise a common source image, they can inject malicious code into many projects, leading to catastrophic consequences for the entire ecosystem.
In addition to security issues, using official images also exposes the application to the risk of being vulnerable to attacks. Because the official image is run using the root user, this makes it easier for attackers to gain superuser privileges. Especially when your image is based on a common Linux distribution like CentOS or Ubuntu, it may be easy for an attacker to gain root privileges and gain full control. However, in docker, few applications require root privileges, so it is very important to use a non-root user to run the image.
When you use the official image, you just get a pre-packaged application and you can't customize it or do anything Changes that apply to your environment. Therefore, you must use other ways to deploy and customize the application. This often results in your application running inefficiently, since you need to use multiple images and concatenate them together to build your image.
Conversely, a Dockerfile allows you to add modifications to your application and adapt it to your own running environment. When you use a base image to build your own image, you can select the versions, dependencies, and tools you need and add them to your own image. This makes it the best way to build containerized applications.
Official images can be bulky because they contain common dependencies and an extremely wide variety of tools. However, if you use the image and only need a portion of it, this will significantly increase the download and deployment time of the image, which in turn will cause your application to deploy slowly and increase runtime.
Conclusion
In short, when using docker technology, we do not always recommend choosing the official image. Although the official image has complete applications and public dependencies, it also has certain problems in terms of security, vulnerability, unsuitability for customization, and excessive size. Therefore, we recommend using self-built images as appropriate replacements for official images. The images you build yourself can be freely customized and controlled, which can improve security and controllability, and speed up application deployment and operation.
The above is the detailed content of Docker does not use official images. For more information, please follow other related articles on the PHP Chinese website!