Docker makes deployment easy. But easy doesn't always mean correct. Here are 10 mistakes we see in production constantly.
1. Running as Root
Never run your application as root inside the container.
``dockerfile
RUN addgroup -S appgroup && adduser -S appuser -G appgroup
USER appuser
`
2. Using the :latest Tag
Always pin your base image versions. :latest is a recipe for inconsistent builds.
3. Bloated Images
Multi-stage builds are your friend. A typical Spring Boot app can go from 600MB to 150MB:
`dockerfile
FROM eclipse-temurin:21-jdk AS builder
COPY . /app
WORKDIR /app
RUN ./gradlew bootJar
FROM eclipse-temurin:21-jre
COPY --from=builder /app/build/libs/*.jar app.jar
ENTRYPOINT ["java", "-jar", "app.jar"]
``
4. No Health Checks
Always include HEALTHCHECK in your Dockerfile. Orchestrators need to know if your app is actually healthy.
5. Storing Secrets in Images
Never hardcode secrets. Use Docker secrets, environment variables, or a vault service.
6. No .dockerignore
A proper .dockerignore prevents unnecessary files from bloating your image and leaking into it.
7. Single Process Per Container
One process per container makes monitoring, scaling, and debugging dramatically easier.
8. No Resource Limits
Always set CPU and memory limits in your orchestration config.
9. Ignoring Logs
Write logs to stdout/stderr. Let the orchestration platform handle log aggregation.
10. No Image Scanning
Use Trivy or Snyk to scan images for vulnerabilities before deploying.