guides: remove develop with docker section

Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com>
2024-06-05 15:43:22 +02:00 · 2024-06-05 15:43:22 +02:00 · 389191d478
parent 69d375a480
commit 389191d478
23 changed files with 83 additions and 342 deletions
--- a/content/build/building/best-practices.md
+++ b/content/build/building/best-practices.md
@ -12,6 +12,8 @@ aliases:
  - /develop/develop-images/dockerfile_best-practices/
  - /develop/develop-images/guidelines/
  - /develop/develop-images/instructions/
  - /develop/dev-best-practices/
  - /develop/security-best-practices/
 ---
 ## Use multi-stage builds
@ -27,6 +29,80 @@ build steps in parallel.
 See [Multi-stage builds](../../build/building/multi-stage.md) for more
 information.
 ### Create reusable stages
 If you have multiple images with a lot in common, consider creating a reusable
 stage that includes the shared components, and basing your unique stages on
 that. Docker only needs to build the common stage once. This means that your derivative images use memory
 on the Docker host more efficiently and load more quickly.
 It's also easier to maintain a common base stage ("Don't repeat yourself"),
 than it is to have multiple different stages doing similar things.
 ## Choose the right base image
 The first step towards achieving a secure image is to choose the right base
 image. When choosing an image, ensure it's built from a trusted source and keep
 it small.
 - [Docker Official Images](https://hub.docker.com/search?image_filter=official)
  are some of the most secure and dependable images on Docker Hub. Typically,
  Docker Official images have few or no packages containing CVEs, and are
  thoroughly reviewed by Docker and project maintainers.
 - [Verified Publisher](https://hub.docker.com/search?image_filter=store) images
  are high-quality images published and maintained by the organizations
  partnering with Docker, with Docker verifying the authenticity of the content
  in their repositories.
 - [Docker-Sponsored Open Source](https://hub.docker.com/search?image_filter=open_source)
  are published and maintained by open source projects sponsored by Docker
  through an [open source program](../../trusted-content/dsos-program).
 When you pick your base image, look out for the badges indicating that the
 image is part of these programs.
 ![Docker Hub Official and Verified Publisher images](../images/hub-official-images.webp)
 When building your own image from a Dockerfile, ensure you choose a minimal base
 image that matches your requirements. A smaller base image not only offers
 portability and fast downloads, but also shrinks the size of your image and
 minimizes the number of vulnerabilities introduced through the dependencies.
 You should also consider using two types of base image: one for building and
 unit testing, and another (typically slimmer) image for production. In the
 later stages of development, your image may not require build tools such as
 compilers, build systems, and debugging tools. A small image with minimal
 dependencies can considerably lower the attack surface.
 ## Rebuild your images often
 Docker images are immutable. Building an image is taking a snapshot of that
 image at that moment. That includes any base images, libraries, or other
 software you use in your build. To keep your images up-to-date and secure, make
 sure to rebuild your image often, with updated dependencies.
 To ensure that you're getting the latest versions of dependencies in your build,
 you can use the `--no-cache` option to avoid cache hits.
 ```console
 $ docker build --no-cache -t my-image:my-tag .
 ```
 The following Dockerfile uses the `24.04` tag of the `ubuntu` image. Over time,
 that tag may resolve to a different underlying version of the `ubuntu` image,
 as the publisher rebuilds the image with new security patches and updated
 libraries. Using the `--no-cache`, you can avoid cache hits and ensure a fresh
 download of base images and dependencies.
 ```dockerfile
 # syntax=docker/dockerfile:1
 FROM ubuntu:24.04
 RUN apt-get -y update && apt-get install -y python
 ```
 Also consider [pinning base image versions](#pin-base-image-versions).
 ## Exclude with .dockerignore
 To exclude files not relevant to the build, without restructuring your source
@ -164,6 +240,12 @@ For more information about automatically updating your base images with Docker
 Scout, see
 [Remediation](../../scout/policy/remediation.md#automatic-base-image-updates)
 ## Build and test your images in CI
 When you check in a change to source control or create a pull request, use
 [GitHub Actions](../ci/github-actions/_index.md) or another CI/CD pipeline to
 automatically build and tag a Docker image and test it.
 ## Dockerfile instructions
 Follow these recommendations on how to properly use the [Dockerfile instructions](../../reference/dockerfile.md)
--- a/content/develop/images/hub-official-images.webp
+++ b/content/develop/images/hub-official-images.webp
--- a/content/compose/gettingstarted.md
+++ b/content/compose/gettingstarted.md
@ -117,7 +117,7 @@ Make sure you have:
   >Check that the `Dockerfile` has no file extension like `.txt`. Some editors may append this file extension automatically which results in an error when you run the application.
   { .important }
-   For more information on how to write Dockerfiles, see the [Docker user guide](../develop/index.md) and the [Dockerfile reference](/reference/dockerfile/).
+   For more information on how to write Dockerfiles, see the [Dockerfile reference](/reference/dockerfile/).
 ## Step 2: Define services in a Compose file
--- a/content/desktop/install/archlinux.md
+++ b/content/desktop/install/archlinux.md
@ -53,4 +53,3 @@ $ sudo pacman -S gnome-terminal
 - Take a look at the [Get started](../../get-started/index.md) training modules to learn how to build an image and run it as a containerized application.
 - [Explore Docker Desktop](../use-desktop/index.md) and all its features.
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn how to build new applications using Docker.
--- a/content/desktop/install/debian.md
+++ b/content/desktop/install/debian.md
@ -85,4 +85,3 @@ $ sudo apt-get install ./docker-desktop-<version>-<arch>.deb
 - Take a look at the [Get started](../../get-started/_index.md) training modules to learn how to build an image and run it as a containerized application.
 - [Explore Docker Desktop](../use-desktop/index.md) and all its features.
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn how to build new applications using Docker.
--- a/content/desktop/install/fedora.md
+++ b/content/desktop/install/fedora.md
@ -74,4 +74,3 @@ $ sudo dnf install ./docker-desktop-<version>-<arch>.rpm
 - Take a look at the [Get started](../../get-started/_index.md) training modules to learn how to build an image and run it as a containerized application.
 - [Explore Docker Desktop](../use-desktop/index.md) and all its features.
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn how to build new applications using Docker.
--- a/content/desktop/install/rhel.md
+++ b/content/desktop/install/rhel.md
@ -136,4 +136,3 @@ $ sudo dnf install ./docker-desktop-<version>-<arch>-rhel.rpm
 - Take a look at the [Get started](../../get-started/_index.md) training modules to learn how to build an image and run it as a containerized application.
 - [Explore Docker Desktop](../use-desktop/index.md) and all its features.
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn how to build new applications using Docker.
--- a/content/desktop/install/ubuntu.md
+++ b/content/desktop/install/ubuntu.md
@ -89,4 +89,3 @@ $ sudo apt-get install ./docker-desktop-<version>-<arch>.deb
 - Take a look at the [Get started](../../get-started/_index.md) training modules to learn how to build an image and run it as a containerized application.
 - [Explore Docker Desktop](../use-desktop/index.md) and all its features.
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn how to build new applications using Docker.
--- a/content/develop/_index.md
+++ b/content/develop/_index.md
@ -1,40 +0,0 @@
 ---
 title: Develop with Docker
 description: Overview of developer resources
 keywords: developer, developing, apps, api, sdk
 ---
 This page contains a list of resources for application developers who would like to build new applications using Docker.
 ## Prerequisites
 Work through the learning modules in [Get started](../get-started/index.md) to understand how to build an image and run it as a containerized application.
 ## Develop new apps on Docker
 If you're just getting started developing a brand new app on Docker, check out
 these resources to understand some of the most common patterns for getting the
 most benefits from Docker.
 - Learn how to [build an image](../reference/dockerfile.md) using a Dockerfile
 - Use [multi-stage builds](../build/building/multi-stage.md) to keep your images lean
 - Manage application data using [volumes](../storage/volumes.md) and [bind mounts](../storage/bind-mounts.md)
 - [Scale your app with Kubernetes](../get-started/kube-deploy.md) 
 - [Scale your app as a Swarm service](../get-started/swarm-deploy.md) 
 - [General application development best practices](dev-best-practices.md)
 ## Learn about language-specific app development with Docker
 - [Docker for Java developers lab](https://github.com/docker/labs/tree/master/developer-tools/java/) 
 - [Port a node.js app to Docker lab](https://github.com/docker/labs/tree/master/developer-tools/nodejs/porting)
 - [Ruby on Rails app on Docker lab](https://github.com/docker/labs/tree/master/developer-tools/ruby)
 - [Dockerize a .Net Core application](../language/dotnet/index.md)
 - [ASP.NET Core application with SQL Server](https://github.com/docker/awesome-compose/tree/master/aspnet-mssql) using Docker Compose
 ## Advanced development with the SDK or API
 After you can write Dockerfiles or Compose files and use Docker CLI, take it to
 the next level by using Docker Engine SDK for Go/Python or use the HTTP API
 directly. Visit the [Develop with Docker Engine API](../engine/api/index.md)
 section to learn more about developing with the Engine API, where to find SDKs
 for your programming language of choice, and to see some examples.
--- a/content/develop/dev-best-practices.md
+++ b/content/develop/dev-best-practices.md
@ -1,101 +0,0 @@
 ---
 title: Docker development best practices
 description: Rules of thumb for making your life easier as a Docker application developer
 keywords: application, development
 tags: [Best practices]
 ---
 The following development patterns have proven to be helpful for people
 building applications with Docker. 
 <!-- markdownlint-disable-next-line -->
 If you have discovered something we should add, [let us know]({{% param "repo" %}}/issues/new?template=doc_issue.yml&labels=status%2Ftriage).
 ## How to keep your images small
 Small images are faster to pull over the network and faster to load into
 memory when starting containers or services. There are a few rules of thumb to
 keep image size small:
 - Start with an appropriate base image. For instance, if you need a JDK,
  consider basing your image on a Docker Official Image which includes OpenJDK,
  such as `eclipse-temurin`, rather than building your own image from scratch.
 - [Use multistage builds](../build/building/multi-stage.md). For
  instance, you can use the `maven` image to build your Java application, then
  reset to the `tomcat` image and copy the Java artifacts into the correct
  location to deploy your app, all in the same Dockerfile. This means that your
  final image doesn't include all of the libraries and dependencies pulled in by
  the build, but only the artifacts and the environment needed to run them.
  - If you need to use a version of Docker that does not include multistage
    builds, try to reduce the number of layers in your image by minimizing the
    number of separate `RUN` commands in your Dockerfile. You can do this by
    consolidating multiple commands into a single `RUN` line and using your
    shell's mechanisms to combine them together. Consider the following two
    fragments. The first creates two layers in the image, while the second
    only creates one.
    ```dockerfile
    RUN apt-get -y update
    RUN apt-get install -y python
    ```
    ```dockerfile
    RUN apt-get -y update && apt-get install -y python
    ```
 - If you have multiple images with a lot in common, consider creating your own
  [base image](../build/building/base-images.md) with the shared
  components, and basing your unique images on that. Docker only needs to load
  the common layers once, and they are cached. This means that your
  derivative images use memory on the Docker host more efficiently and load more
  quickly.
 - To keep your production image lean but allow for debugging, consider using the
  production image as the base image for the debug image. Additional testing or
  debugging tooling can be added on top of the production image.
 - When building images, always tag them with useful tags which codify version
  information, intended destination (`prod` or `test`, for instance), stability,
  or other information that's useful when deploying the application in
  different environments. Don't rely on the automatically-created `latest` tag.
 ## Where and how to persist application data
 - Avoid storing application data in your container's writable layer using
  [storage drivers](../storage/storagedriver/select-storage-driver.md). This increases the
  size of your container and is less efficient from an I/O perspective than
  using volumes or bind mounts.
 - Instead, store data using [volumes](../storage/volumes.md).
 - One case where it's appropriate to use
  [bind mounts](../storage/bind-mounts.md) is during development,
  when you may want to mount your source directory or a binary you just built
  into your container. For production, use a volume instead, mounting it into
  the same location as you mounted a bind mount during development.
 - For production, use [secrets](../engine/swarm/secrets.md) to store sensitive
  application data used by services, and use [configs](../engine/swarm/configs.md)
  for non-sensitive data such as configuration files. If you currently use
  standalone containers, consider migrating to use single-replica services, so
  that you can take advantage of these service-only features.
 ## Use CI/CD for testing and deployment
 - When you check in a change to source control or create a pull request, use
  [Docker Hub](../docker-hub/builds/index.md) or
  another CI/CD pipeline to automatically build and tag a Docker image and test
  it.
 - Take this even further by requiring your development, testing, and
  security teams to [sign images](../reference/cli/docker/trust/_index.md)
  before the teams deploy the images into production. This way, before an image is
  deployed into production, it has been tested and signed off by, for instance,
  development, quality, and security teams.
 ## Differences in development and production environments
 | Development                                                         | Production                                                                                                                                                                                                                                       |
 |:--------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Use bind mounts to give your container access to your source code.  | Use volumes to store container data.                                                                                                                                                                                                             |
 | Use Docker Desktop for Mac, Linux, or Windows.           | Use Docker Engine, if possible with [userns mapping](../engine/security/userns-remap.md) for greater isolation of Docker processes from host processes.                                                                                          |
--- a/content/develop/security-best-practices.md
+++ b/content/develop/security-best-practices.md
@ -1,162 +0,0 @@
 ---
 title: Security best practices
 description: Image security best practices guide
 keywords: docker, images, containers, vulnerability, cve
 aliases:
 - /develop/scan-images/
 tags: [Best practices]
 ---
 You can take a few steps to improve the security of your
 container. This includes:
 1. [Choosing the right base image](#choose-the-right-base-image) from a trusted source and keeping it small
 2. [Using multi-stage builds](#use-multi-stage-builds)
 3. [Rebuilding images](#rebuild-images)
 4. [Checking your image for vulnerabilities](#check-your-image-for-vulnerabilities)
 ### Choose the right base image
 The first step towards achieving a secure image is to choose the right base
 image. When choosing an image, ensure it's built from a trusted source and keep
 it small.
 Docker Hub has more than 8.3 million repositories. Some of these images are
 [Official Images](../trusted-content/official-images/_index.md), which are published by
 Docker as a curated set of Docker open source and drop-in solution repositories.
 Docker also offers images that are published by
 [Verified Publishers](../trusted-content/dvp-program.md). These high-quality images
 are published and maintained by the organizations partnering with Docker, with
 Docker verifying the authenticity of the content in their repositories. When you
 pick your base image, look out for the **Official Image** and **Verified Publisher**
 badges.
 ![Docker Hub Official and Verified Publisher images](images/hub-official-images.webp)
 When building your own image from a Dockerfile, ensure you choose a minimal base
 image that matches your requirements. A smaller base image not only offers
 portability and fast downloads, but also shrinks the size of your image and
 minimizes the number of vulnerabilities introduced through the dependencies.
 You should also consider using two types of base image: the first image for
 development and unit testing and the second image for testing during the later
 stages of development and production. In the later stages of development, your
 image may not require build tools such as compilers, build systems, and
 debugging tools. A small image with minimal dependencies can considerably
 lower the attack surface.
 ### Use multi-stage builds
 Multi-stage builds are designed to create an optimized Dockerfile that is easy
 to read and maintain. With a multi-stage build, you can use multiple images and
 selectively copy only the artifacts needed from a particular image.
 You can use multiple `FROM` statements in your Dockerfile, and you can use a
 different base image for each `FROM`. You can also selectively copy artifacts
 from one stage to another, leaving behind things you don’t need in the final
 image. This can result in a concise final image.
 This method of creating a tiny image doesn't only significantly reduce
 complexity, but also reduces the chance of implementing vulnerable artifacts in your
 image. Therefore, instead of images that are built on images, that again are
 built on other images, multi-stage builds let you 'cherry pick' your
 artifacts without inheriting the vulnerabilities from the base images on which
 they rely.
 For detailed information on how to configure multi-stage builds, see
 [multi-stage builds](../build/building/multi-stage.md).
 ### Rebuild images
 A Docker image is built from a Dockerfile. A Dockerfile contains a set of
 instructions which lets you automate the steps you would normally
 (manually) take to create an image. Additionally, it can include some imported
 libraries and install custom software. These appear as instructions in the
 Dockerfile.
 Building your image is a snapshot of that image at that moment. When
 you depend on a base image without a tag, you’ll get a different base image
 every time you rebuild. Also, when you install packages using a package
 installer, rebuilding can change the image drastically. For example, a
 Dockerfile containing the following entries can potentially have a different
 binary with every rebuild.
 ```dockerfile
 # syntax=docker/dockerfile:1
 FROM ubuntu:latest
 RUN apt-get -y update && apt-get install -y python
 ```
 Docker recommends that you rebuild your Docker image regularly to prevent known
 vulnerabilities that have been addressed. When rebuilding, use the option
 `--no-cache` to avoid cache hits and to ensure a fresh download.
 For example:
 ```console
 $ docker build --no-cache -t myImage:myTag myPath/
 ```
 Consider the following best practices when rebuilding an image:
 - Each container should have only one responsibility.
 - Containers should be immutable, lightweight, and fast.
 - Don’t store data in your containers. Use a shared data store instead.
 - Containers should be easy to destroy and rebuild.
 - Use a small base image (such as Linux Alpine). Smaller images are easier to
  distribute.
 - Avoid installing unnecessary packages. This keeps the image clean and safe.
 - Avoid cache hits when building.
 - Auto-scan your image before deploying to avoid pushing vulnerable containers
  to production.
 - Analyze your images daily both during development and production for
  vulnerabilities. Based on that, automate the rebuilding of images if necessary.
 For detailed best practices and methods for building efficient images, see
 [Image-building best practices](/build/building/best-practices).
 ## Check your image for vulnerabilities
 In addition to following the best practices outlined on this page when
 developing images, it's also important to continuously analyze and evaluate the
 security posture of your images using vulnerability detection tools.
 Docker tools come with features that help you to stay up to date about vulnerabilities
 that affect images that you build or use.
 - Docker Hub supports an automatic
  [vulnerability scanning](../docker-hub/vulnerability-scanning.md) feature,
  which when enabled automatically scans images when you push them to a Docker Hub
  repository. Requires a [Docker subscription](../subscription/index.md).
 - Docker Hub also supports an early-access
  [advanced image analysis](../scout/image-analysis.md) feature, which extends
  the "core" vulnerability scanning solution with enhanced capabilities and more
  detailed and actionable insights.
 - For the CLI, there's the
  [`docker scout` CLI plugin](../reference/cli/docker/scout/_index.md)
  which lets you explore vulnerabilities for images using the terminal.
 - Docker Desktop has a detailed image view for images in your local image
  store, that visualizes all of the known vulnerabilities affecting an image.
 All of these security features are powered by the same technology:
 [Docker Scout](../scout/index.md). These features help you to achieve a holistic
 view of your supply chain security, and to provide actionable suggestions for
 what you can do to remediate those vulnerabilities.
 ## Conclusion
 Building secure images is a continuous process. Consider the recommendations and
 best practices highlighted in this guide to plan and build efficient, scalable,
 and secure images.
 To summarize the topics covered in this guide:
 - Start with a base image that you trust. Pay attention to the Official image and
  Verified Publisher badges when you choose your base images.
 - Secure your code and its dependencies.
 - Select a minimal base image which contains only the required packages.
 - Use multi-stage builds to optimize your image.
 - Ensure you carefully monitor and manage the tools and dependencies you add to
  your image.
 - Ensure you scan images at multiple stages during your development lifecycle.
 - Check your images frequently for vulnerabilities.
--- a/content/engine/install/binaries.md
+++ b/content/engine/install/binaries.md
@ -251,5 +251,3 @@ version.
 ## Next steps
 - Continue to [Post-installation steps for Linux](linux-postinstall.md).
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn
  how to build new applications using Docker.
--- a/content/engine/install/centos.md
+++ b/content/engine/install/centos.md
@ -237,5 +237,3 @@ You have to delete any edited configuration files manually.
 ## Next steps
 - Continue to [Post-installation steps for Linux](linux-postinstall.md).
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn
  how to build new applications using Docker.
--- a/content/engine/install/debian.md
+++ b/content/engine/install/debian.md
@ -257,5 +257,3 @@ You have to delete any edited configuration files manually.
 ## Next steps
 - Continue to [Post-installation steps for Linux](linux-postinstall.md).
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn
  how to build new applications using Docker.
--- a/content/engine/install/fedora.md
+++ b/content/engine/install/fedora.md
@ -233,5 +233,3 @@ You have to delete any edited configuration files manually.
 ## Next steps
 - Continue to [Post-installation steps for Linux](linux-postinstall.md).
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn
  how to build new applications using Docker.
--- a/content/engine/install/linux-postinstall.md
+++ b/content/engine/install/linux-postinstall.md
@ -141,5 +141,3 @@ options:
 - Read the [Get started](../../get-started/index.md) training modules
  to learn how to build an image and run it as a containerized application.
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn
  how to build new applications using Docker.
--- a/content/engine/install/raspberry-pi-os.md
+++ b/content/engine/install/raspberry-pi-os.md
@ -246,5 +246,3 @@ You have to delete any edited configuration files manually.
 ## Next steps
 - Continue to [Post-installation steps for Linux](linux-postinstall.md).
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn
  how to build new applications using Docker.
--- a/content/engine/install/rhel.md
+++ b/content/engine/install/rhel.md
@ -249,5 +249,3 @@ You have to delete any edited configuration files manually.
 ## Next steps
 - Continue to [Post-installation steps for Linux](linux-postinstall.md).
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn
  how to build new applications using Docker.
--- a/content/engine/install/sles.md
+++ b/content/engine/install/sles.md
@ -256,5 +256,3 @@ You have to delete any edited configuration files manually.
 ## Next steps
 - Continue to [Post-installation steps for Linux](linux-postinstall.md).
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn
  how to build new applications using Docker.
--- a/content/engine/install/ubuntu.md
+++ b/content/engine/install/ubuntu.md
@ -260,5 +260,3 @@ You have to delete any edited configuration files manually.
 ## Next steps
 - Continue to [Post-installation steps for Linux](linux-postinstall.md).
 - Review the topics in [Develop with Docker](../../develop/index.md) to learn
  how to build new applications using Docker.
--- a/content/guides/_index.md
+++ b/content/guides/_index.md
@ -27,10 +27,6 @@ dive-deeper:
  description: Walk through practical Docker applications for specific scenarios.
  link: /guides/use-case/
  icon: task
 - title: Develop with Docker
  description: Master Docker best practices for efficient, secure development.
  link: /develop/
  icon: rule
 - title: Build with Docker
  description: Deep-dive into building software with Docker.
  link: /build/guide/
--- a/content/language/_index.md
+++ b/content/language/_index.md
@ -17,7 +17,6 @@ The language-specific guides walk you through the process of:
 In addition to the language-specific modules, Docker documentation also provides guidelines to build images and efficiently manage your development environment. For more information, refer to the following topics:
 * [Building best practices](../build/building/best-practices.md)
 * [Docker development best practices](../develop/dev-best-practices.md)
 * [Build images with BuildKit](../build/buildkit/index.md#getting-started)
 * [Build with Docker](../build/guide/_index.md)
--- a/data/toc.yaml
+++ b/data/toc.yaml
@ -216,16 +216,6 @@ Guides:
    - path: /guides/use-case/databases/
      title: Use containerized databases
 - sectiontitle: Develop with Docker
  section:
  - path: /develop/
    title: Overview
  - path: /develop/dev-best-practices/
    title: Development best practices
  - path: /develop/security-best-practices/
    title: Security best practices
 - sectiontitle: Build with Docker
  section:
  - path: /build/guide/