Home
Services
Work
About
Blog
Back to BlogDevOps

Docker in Production: 10 Mistakes You're Probably Making

Soumik Mukherjee2026-04-1010 min read
Docker in Production: 10 Mistakes You're Probably Making

Docker makes deployment easy. But easy doesn't always mean correct. Here are 10 mistakes we see in production constantly.

1. Running as Root

Never run your application as root inside the container.

``dockerfile

RUN addgroup -S appgroup && adduser -S appuser -G appgroup

USER appuser

`

2. Using the :latest Tag

Always pin your base image versions. :latest is a recipe for inconsistent builds.

3. Bloated Images

Multi-stage builds are your friend. A typical Spring Boot app can go from 600MB to 150MB:

`dockerfile

FROM eclipse-temurin:21-jdk AS builder

COPY . /app

WORKDIR /app

RUN ./gradlew bootJar

FROM eclipse-temurin:21-jre

COPY --from=builder /app/build/libs/*.jar app.jar

ENTRYPOINT ["java", "-jar", "app.jar"]

``

4. No Health Checks

Always include HEALTHCHECK in your Dockerfile. Orchestrators need to know if your app is actually healthy.

5. Storing Secrets in Images

Never hardcode secrets. Use Docker secrets, environment variables, or a vault service.

6. No .dockerignore

A proper .dockerignore prevents unnecessary files from bloating your image and leaking into it.

7. Single Process Per Container

One process per container makes monitoring, scaling, and debugging dramatically easier.

8. No Resource Limits

Always set CPU and memory limits in your orchestration config.

9. Ignoring Logs

Write logs to stdout/stderr. Let the orchestration platform handle log aggregation.

10. No Image Scanning

Use Trivy or Snyk to scan images for vulnerabilities before deploying.

S

Soumik Mukherjee

Full-Stack Developer. Building enterprise software since 2021.