https://snyk.io/blog/10-best-practices-to-containerize-nodejs-web-applications-with-docker/
In this article, there is a tool called dumb-init and the point that nodejs process should not act as a pid=1 process is new, not sure about that. In practice, perhaps we are not depending on our nodejs app to react to SIGTEM singles from k8s. Maybe upper layer of lbs have done that.
- specify your image with specific tags instead of default latest tag. This way the image is more stable and secure. Latest tags always changes and makes your application pull frequently.
- install production dev only
- don’t run container as root, in early steps of copying file can be done as root, but later can use
Usercommand to change user. 
- Graceful shutdown
- Multi-stage building of the image
若有收获,就点个赞吧
0 人点赞
