Best practices for production-ready Docker packaging

Learn how to make your Docker images secure and reliable

Itamar Turner-Trauring

Deployment/Continuous Integration and Delivery DevOps general Docker Packaging Security

See in schedule

You know the basics of packaging your Python application for Docker, but do you know enough to run that image in production? Bad packaging can result in security and production problems, not to mention wasted time try to debug unreproducible errors.

To help you avoid these problems, this talk will give you an overview of some of the techniques needed to build production-ready images: security, correct startup and shutdown, and preparing for failure.

This talk is for Python programmers who know the basics of Docker packaging, and need to run the resulting images in a production environment.

Some of the techniques covered include—

Securing your images:

* Ensure security updates, and the problem with caching.
* Don’t run as root.
* Dropping capabilities.

Startup and shutdown:

* Why bash is broken, and what you can do about it.
* Ensuring signal delivery for clean, fast shutdown.

Preparing for failure:

* Writing smoke tests for your build.
* Debugging C crashes with faulthandler.

Type: Talk (30 mins); Python level: Beginner; Domain level: Intermediate

Itamar Turner-Trauring

Itamar has been using Python since 1999, and was inspired to move to a new country by his trip to EuroPython in 2002. He writes extensively on Docker packaging for Python ( and software engineering for data scientists ( In the past he spent many years as a maintainer of the Twisted framework, and nowadays is the maintainer of the Eliot logging library (