Docker Hub public repos best practices

As the we prepare to start using Docker, I’d like to learn some best practices around the technology. Right off the bat, it seems that we shouldn’t use images from public repositories. I’m proposing that we leverage those published docker files to build our own images but that all of our Docker images should start from Scratch, building our own RHEL base image or should, at the least, start from an official Docker image where an image provider has a strong interest in providing secure images without unexpected software, etc.

How do other large users of Docker work with the Docker Hub? How are the Docker images they use created and managed?

Thanks for any feedback.

Hello,

Information about the official images can be found here: https://github.com/docker-library/official-images

Each individual image varies slightly, but the Dockerfile and build process for each one is available on github.

There is a build system that builds and pushes each image. This is a separate system from the automated builds feature.

Official images are signed, and the docker content trust feature can be utilized to verify those signatures. https://docs.docker.com/security/trust/content_trust/

Depending on your exact security requirements, it is very doable to create and maintain your own base images. You could even use the official images source as a starting point.

Redhat provides the official rhel images. If you do a pull as seen in this redhat documentation, and look at the docker daemon output, the docker hub will actually refer your engine to https://registry.access.redhat.com/v1/, where the rhel image actually comes from. It is actually possible to pull from them directly by doing the following:

docker pull registry.access.redhat.com/rhel7.0

Hopefully this is helpful.

/Jeff