Back to Details

containerize-aspnetcore

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

ASP.NET Core Docker Containerization Prompt

ASP.NET Core Docker容器化提示

Containerization Request

容器化需求

Containerize the ASP.NET Core (.NET) project specified in the settings below, focusing exclusively on changes required for the application to run in a Linux Docker container. Containerization should consider all settings specified here.
Abide by best practices for containerizing .NET Core applications, ensuring that the container is optimized for performance, security, and maintainability.
为下方设置中指定的ASP.NET Core(.NET)项目实现容器化,关注让应用能在Linux Docker容器中运行所需的修改。容器化需考虑此处指定的所有设置。
遵循.NET Core应用容器化的最佳实践,确保容器在性能、安全性和可维护性上都经过优化。

Containerization Settings

容器化设置

This section of the prompt contains the specific settings and configurations required for containerizing the ASP.NET Core application. Prior to running this prompt, ensure that the settings are filled out with the necessary information. Note that in many cases, only the first few settings are required. Later settings can be left as defaults if they do not apply to the project being containerized.
Any settings that are not specified will be set to default values. The default values are provided in 
[square brackets]
.
本部分包含ASP.NET Core应用容器化所需的具体设置和配置。在执行本提示前,请确保已填写必要的信息。注意多数情况下仅需填写前几项设置,后续设置若不适用于当前项目,可保留默认值。
未指定的设置将使用默认值,默认值标注在
[方括号]
中。

Basic Project Information

基础项目信息

  1. Project to containerize:
    • [ProjectName (provide path to .csproj file)]
  2. .NET version to use:
    • [8.0 or 9.0 (Default 8.0)]
  3. Linux distribution to use:
    • [debian, alpine, ubuntu, chiseled, or Azure Linux (mariner) (Default debian)]
  4. Custom base image for the build stage of the Docker image ("None" to use standard Microsoft base image):
    • [Specify base image to use for build stage (Default None)]
  5. Custom base image for the run stage of the Docker image ("None" to use standard Microsoft base image):
    • [Specify base image to use for run stage (Default None)]
  1. 要容器化的项目:
    • [项目名称(提供.csproj文件路径)]
  2. 使用的.NET版本:
    • [8.0或9.0(默认8.0)]
  3. 使用的Linux发行版:
    • [debian、alpine、ubuntu、chiseled或Azure Linux(mariner)(默认debian)]
  4. Docker镜像构建阶段的自定义基础镜像(使用“None”则采用标准Microsoft基础镜像):
    • [指定构建阶段使用的基础镜像(默认None)]
  5. Docker镜像运行阶段的自定义基础镜像(使用“None”则采用标准Microsoft基础镜像):
    • [指定运行阶段使用的基础镜像(默认None)]

Container Configuration

容器配置

  1. Ports that must be exposed in the container image:
    • Primary HTTP port: 
      [e.g., 8080]
    • Additional ports: 
      [List any additional ports, or "None"]
  2. User account the container should run as:
    • [User account, or default to "$APP_UID"]
  3. Application URL configuration:
    • [Specify ASPNETCORE_URLS, or default to "http://+:8080"]
  1. 容器镜像中必须暴露的端口:
    • 主HTTP端口:
      [例如:8080]
    • 额外端口:
      [列出所有额外端口,或填写“None”]
  2. 容器应使用的用户账户:
    • [用户账户,默认使用"$APP_UID"]
  3. 应用URL配置:
    • [指定ASPNETCORE_URLS,默认值为"http://+:8080"]

Build configuration

构建配置

  1. Custom build steps that must be performed before building the container image:
    • [List any specific build steps, or "None"]
  2. Custom build steps that must be performed after building the container image:
    • [List any specific build steps, or "None"]
  3. NuGet package sources that must be configured:
    • [List any private NuGet feeds with authentication details, or "None"]
  1. 构建容器镜像前必须执行的自定义构建步骤:
    • [列出具体构建步骤,或填写“None”]
  2. 构建容器镜像后必须执行的自定义构建步骤:
    • [列出具体构建步骤,或填写“None”]
  3. 必须配置的NuGet包源:
    • [列出带认证信息的私有NuGet源,或填写“None”]

Dependencies

依赖项

  1. System packages that must be installed in the container image:
    • [Package names for the chosen Linux distribution, or "None"]
  2. Native libraries that must be copied to the container image:
    • [Library names and paths, or "None"]
  3. Additional .NET tools that must be installed:
    • [Tool names and versions, or "None"]
  1. 必须在容器镜像中安装的系统包:
    • [所选Linux发行版的包名称,或填写“None”]
  2. 必须复制到容器镜像中的原生库:
    • [库名称和路径,或填写“None”]
  3. 必须安装的额外.NET工具:
    • [工具名称和版本,或填写“None”]

System Configuration

系统配置

  1. Environment variables that must be set in the container image: 
    • [Variable names and values, or "Use defaults"]
  1. 必须在容器镜像中设置的环境变量: 
    • [变量名称和值,或填写“使用默认值”]

File System

文件系统

  1. Files/directories that need to be copied to the container image:
    • [Paths relative to project root, or "None"]
    • Target location in container: 
      [Container paths, or "Not applicable"]
  2. Files/directories to exclude from containerization:
    • [Paths to exclude, or "None"]
  3. Volume mount points that should be configured:
    • [Volume paths for persistent data, or "None"]
  1. 需要复制到容器镜像中的文件/目录:
    • [相对于项目根目录的路径,或填写“None”]
    • 容器中的目标位置:
      [容器内路径,或填写“不适用”]
  2. 容器化过程中需要排除的文件/目录:
    • [要排除的路径,或填写“None”]
  3. 应配置的卷挂载点:
    • [用于持久化数据的卷路径,或填写“None”]

.dockerignore Configuration

.dockerignore配置

  1. Patterns to include in the 
    .dockerignore
    file (.dockerignore will already have common defaults; these are additional patterns):
    • Additional patterns: 
      [List any additional patterns, or "None"]
  1. 要添加到
    .dockerignore
    文件中的规则(.dockerignore已包含常见默认规则;以下为额外规则):
    • 额外规则:
      [列出额外规则,或填写“None”]

Health Check Configuration

健康检查配置

  1. Health check endpoint:
    • [Health check URL path, or "None"]
  2. Health check interval and timeout:
    • [Interval and timeout values, or "Use defaults"]
  1. 健康检查端点:
    • [健康检查URL路径,或填写“None”]
  2. 健康检查间隔和超时:
    • [间隔和超时值,或填写“使用默认值”]

Additional Instructions

额外说明

  1. Other instructions that must be followed to containerize the project:
    • [Specific requirements, or "None"]
  2. Known issues to address:
    • [Describe any known issues, or "None"]
  1. 容器化项目必须遵循的其他说明:
    • [具体要求,或填写“None”]
  2. 需要解决的已知问题:
    • [描述已知问题,或填写“None”]

Scope

范围

  • ✅ App configuration modification to ensure application settings and connection strings can be read from environment variables
  • ✅ Dockerfile creation and configuration for an ASP.NET Core application
  • ✅ Specifying multiple stages in the Dockerfile to build/publish the application and copy the output to the final image
  • ✅ Configuration of Linux container platform compatibility (Alpine, Ubuntu, Chiseled, or Azure Linux (Mariner))
  • ✅ Proper handling of dependencies (system packages, native libraries, additional tools)
  • ❌ No infrastructure setup (assumed to be handled separately)
  • ❌ No code changes beyond those required for containerization
  • ✅ 修改应用配置,确保应用设置和连接字符串可从环境变量读取
  • ✅ 为ASP.NET Core应用创建并配置Dockerfile
  • ✅ 在Dockerfile中指定多阶段构建,用于构建/发布应用并将输出复制到最终镜像
  • ✅ 配置Linux容器平台兼容性(Alpine、Ubuntu、Chiseled或Azure Linux(Mariner))
  • ✅ 正确处理依赖项(系统包、原生库、额外工具)
  • ❌ 不涉及基础设施搭建(假设由其他流程处理)
  • ❌ 除容器化所需的修改外,不进行其他代码变更

Execution Process

执行流程

  1. Review the containerization settings above to understand the containerization requirements
  2. Create a 
    progress.md
    file to track changes with check marks
  3. Determine the .NET version from the project's .csproj file by checking the 
    TargetFramework
    element
  4. Select the appropriate Linux container image based on:
  5. Create a Dockerfile in the root of the project directory to containerize the application
    • The Dockerfile should use multiple stages:
      • Build stage: Use a .NET SDK image to build the application
        • Copy csproj file(s) first
        • Copy NuGet.config if one exists and configure any private feeds
        • Restore NuGet packages
        • Then, copy the rest of the source code and build and publish the application to /app/publish
      • Final stage: Use the selected .NET runtime image to run the application
        • Set the working directory to /app
        • Set the user as directed (by default, to a non-root user (e.g., 
          $APP_UID
          ))
          • Unless directed otherwise in containerization settings, a new user does not need to be created. Use the 
            $APP_UID
            variable to specify the user account.
        • Copy the published output from the build stage to the final image
    • Be sure to consider all requirements in the containerization settings:
      • .NET version and Linux distribution
      • Exposed ports
      • User account for container
      • ASPNETCORE_URLS configuration
      • System package installation
      • Native library dependencies
      • Additional .NET tools
      • Environment variables
      • File/directory copying
      • Volume mount points
      • Health check configuration
  6. Create a 
    .dockerignore
    file in the root of the project directory to exclude unnecessary files from the Docker image. The 
    .dockerignore
    file MUST include at least the following elements as well as additional patterns as specified in the containerization settings:
    • bin/
    • obj/
    • .dockerignore
    • Dockerfile
    • .git/
    • .github/
    • .vs/
    • .vscode/
    • **/node_modules/
    • *.user
    • *.suo
    • **/.DS_Store
    • **/Thumbs.db
    • Any additional patterns specified in the containerization settings
  7. Configure health checks if specified in the containerization settings:
    • Add HEALTHCHECK instruction to Dockerfile if health check endpoint is provided
    • Use curl or wget to check the health endpoint
  8. Mark tasks as completed: [ ] → [✓]
  9. Continue until all tasks are complete and Docker build succeeds
  1. 查看上方容器化设置,明确容器化需求
  2. 创建
    progress.md
    文件,用勾选标记跟踪变更
  3. 通过检查项目.csproj文件中的
    TargetFramework
    元素,确定.NET版本
  4. 根据以下条件选择合适的Linux容器镜像:
  5. 在项目根目录创建Dockerfile以实现应用容器化
    • Dockerfile应使用多阶段构建:
      • 构建阶段:使用.NET SDK镜像构建应用
        • 先复制csproj文件
        • 如果存在NuGet.config则复制,并配置任何私有源
        • 还原NuGet包
        • 然后复制其余源代码,构建并发布应用到/app/publish
      • 最终阶段:使用选定的.NET运行时镜像运行应用
        • 设置工作目录为/app
        • 按要求设置用户(默认使用非根用户,例如
          $APP_UID
          • 除非容器化设置中有其他指示,否则无需创建新用户。使用
            $APP_UID
            变量指定用户账户。
        • 将构建阶段的发布输出复制到最终镜像
    • 务必考虑容器化设置中的所有要求:
      • .NET版本和Linux发行版
      • 暴露端口
      • 容器使用的用户账户
      • ASPNETCORE_URLS配置
      • 系统包安装
      • 原生库依赖
      • 额外.NET工具
      • 环境变量
      • 文件/目录复制
      • 卷挂载点
      • 健康检查配置
  6. 在项目根目录创建
    .dockerignore
    文件,排除Docker镜像中不需要的文件。
    .dockerignore
    文件必须至少包含以下元素,以及容器化设置中指定的额外规则:
    • bin/
    • obj/
    • .dockerignore
    • Dockerfile
    • .git/
    • .github/
    • .vs/
    • .vscode/
    • **/node_modules/
    • *.user
    • *.suo
    • **/.DS_Store
    • **/Thumbs.db
    • 容器化设置中指定的任何额外规则
  7. 如果容器化设置中指定了健康检查,则进行配置:
    • 如果提供了健康检查端点,在Dockerfile中添加HEALTHCHECK指令
    • 使用curl或wget检查健康端点
  8. 标记任务为已完成:[ ] → [✓]
  9. 持续执行直到所有任务完成且Docker构建成功

Build and Runtime Verification

构建与运行验证

Confirm that Docker build succeeds once the Dockerfile is completed. Use the following command to build the Docker image:
bash
docker build -t aspnetcore-app:latest .
If the build fails, review the error messages and make necessary adjustments to the Dockerfile or project configuration. Report success/failure.
Dockerfile完成后,确认Docker构建成功。使用以下命令构建Docker镜像:
bash
docker build -t aspnetcore-app:latest .
如果构建失败,查看错误信息,对Dockerfile或项目配置进行必要调整。报告构建成功/失败情况。

Progress Tracking

进度跟踪

Maintain a 
progress.md
file with the following structure:
markdown
undefined
维护
progress.md
文件,结构如下:
markdown
undefined

Containerization Progress

容器化进度

Environment Detection

环境检测

  • .NET version detection (version: ___)
  • Linux distribution selection (distribution: ___)
  • .NET版本检测(版本:___)
  • Linux发行版选择(发行版:___)

Configuration Changes

配置变更

  • Application configuration verification for environment variable support
  • NuGet package source configuration (if applicable)
  • 验证应用配置是否支持环境变量
  • NuGet包源配置(如适用)

Containerization

容器化

  • Dockerfile creation
  • .dockerignore file creation
  • Build stage created with SDK image
  • csproj file(s) copied for package restore
  • NuGet.config copied if applicable
  • Runtime stage created with runtime image
  • Non-root user configuration
  • Dependency handling (system packages, native libraries, tools, etc.)
  • Health check configuration (if applicable)
  • Special requirements implementation
  • 创建Dockerfile
  • 创建.dockerignore文件
  • 使用SDK镜像创建构建阶段
  • 复制csproj文件以还原包
  • 如适用则复制NuGet.config
  • 使用运行时镜像创建运行阶段
  • 非根用户配置
  • 依赖项处理(系统包、原生库、工具等)
  • 健康检查配置(如适用)
  • 特殊需求实现

Verification

验证

  • Review containerization settings and make sure that all requirements are met
  • Docker build success

Do not pause for confirmation between steps. Continue methodically until the application has been containerized and Docker build succeeds.

**YOU ARE NOT DONE UNTIL ALL CHECKBOXES ARE MARKED!** This includes building the Docker image successfully and addressing any issues that arise during the build process.
  • 检查容器化设置,确保所有需求已满足
  • Docker构建成功

步骤间无需等待确认,按流程持续执行直到应用完成容器化且Docker构建成功。

**所有复选框标记完成前,任务不算结束!** 这包括成功构建Docker镜像并解决构建过程中出现的任何问题。

Example Dockerfile

示例Dockerfile

An example Dockerfile for an ASP.NET Core (.NET) application using a Linux base image.
dockerfile
undefined
适用于ASP.NET Core(.NET)应用的Linux基础镜像示例Dockerfile。
dockerfile
undefined

============================================================

============================================================

Stage 1: Build and publish the application

Stage 1: Build and publish the application

============================================================

============================================================

Base Image - Select the appropriate .NET SDK version and Linux distribution

Base Image - Select the appropriate .NET SDK version and Linux distribution

Possible tags include:

Possible tags include:

- 8.0-bookworm-slim (Debian 12)

- 8.0-bookworm-slim (Debian 12)

- 8.0-noble (Ubuntu 24.04)

- 8.0-noble (Ubuntu 24.04)

- 8.0-alpine (Alpine Linux)

- 8.0-alpine (Alpine Linux)

- 9.0-bookworm-slim (Debian 12)

- 9.0-bookworm-slim (Debian 12)

- 9.0-noble (Ubuntu 24.04)

- 9.0-noble (Ubuntu 24.04)

- 9.0-alpine (Alpine Linux)

- 9.0-alpine (Alpine Linux)

Uses the .NET SDK image for building the application

Uses the .NET SDK image for building the application

FROM mcr.microsoft.com/dotnet/sdk:8.0-bookworm-slim AS build ARG BUILD_CONFIGURATION=Release
WORKDIR /src
FROM mcr.microsoft.com/dotnet/sdk:8.0-bookworm-slim AS build ARG BUILD_CONFIGURATION=Release
WORKDIR /src

Copy project files first for better caching

Copy project files first for better caching

COPY ["YourProject/YourProject.csproj", "YourProject/"] COPY ["YourOtherProject/YourOtherProject.csproj", "YourOtherProject/"]
COPY ["YourProject/YourProject.csproj", "YourProject/"] COPY ["YourOtherProject/YourOtherProject.csproj", "YourOtherProject/"]

Copy NuGet configuration if it exists

Copy NuGet configuration if it exists

COPY ["NuGet.config", "."]
COPY ["NuGet.config", "."]

Restore NuGet packages

Restore NuGet packages

RUN dotnet restore "YourProject/YourProject.csproj"
RUN dotnet restore "YourProject/YourProject.csproj"

Copy source code

Copy source code

COPY . .
COPY . .

Perform custom pre-build steps here, if needed

Perform custom pre-build steps here, if needed

RUN echo "Running pre-build steps..."

RUN echo "Running pre-build steps..."

Build and publish the application

Build and publish the application

WORKDIR "/src/YourProject" RUN dotnet build "YourProject.csproj" -c $BUILD_CONFIGURATION -o /app/build
WORKDIR "/src/YourProject" RUN dotnet build "YourProject.csproj" -c $BUILD_CONFIGURATION -o /app/build

Publish the application

Publish the application

RUN dotnet publish "YourProject.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
RUN dotnet publish "YourProject.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false

Perform custom post-build steps here, if needed

Perform custom post-build steps here, if needed

RUN echo "Running post-build steps..."

RUN echo "Running post-build steps..."

============================================================

============================================================

Stage 2: Final runtime image

Stage 2: Final runtime image

============================================================

============================================================

Base Image - Select the appropriate .NET runtime version and Linux distribution

Base Image - Select the appropriate .NET runtime version and Linux distribution

Possible tags include:

Possible tags include:

- 8.0-bookworm-slim (Debian 12)

- 8.0-bookworm-slim (Debian 12)

- 8.0-noble (Ubuntu 24.04)

- 8.0-noble (Ubuntu 24.04)

- 8.0-alpine (Alpine Linux)

- 8.0-alpine (Alpine Linux)

- 8.0-noble-chiseled (Ubuntu 24.04 Chiseled)

- 8.0-noble-chiseled (Ubuntu 24.04 Chiseled)

- 8.0-azurelinux3.0 (Azure Linux)

- 8.0-azurelinux3.0 (Azure Linux)

- 9.0-bookworm-slim (Debian 12)

- 9.0-bookworm-slim (Debian 12)

- 9.0-noble (Ubuntu 24.04)

- 9.0-noble (Ubuntu 24.04)

- 9.0-alpine (Alpine Linux)

- 9.0-alpine (Alpine Linux)

- 9.0-noble-chiseled (Ubuntu 24.04 Chiseled)

- 9.0-noble-chiseled (Ubuntu 24.04 Chiseled)

- 9.0-azurelinux3.0 (Azure Linux)

- 9.0-azurelinux3.0 (Azure Linux)

Uses the .NET runtime image for running the application

Uses the .NET runtime image for running the application

FROM mcr.microsoft.com/dotnet/aspnet:8.0-bookworm-slim AS final
FROM mcr.microsoft.com/dotnet/aspnet:8.0-bookworm-slim AS final

Install system packages if needed (uncomment and modify as needed)

Install system packages if needed (uncomment and modify as needed)

RUN apt-get update && apt-get install -y \

RUN apt-get update && apt-get install -y \

curl \

curl \

wget \

wget \

ca-certificates \

ca-certificates \

libgdiplus \

libgdiplus \

&& rm -rf /var/lib/apt/lists/*

&& rm -rf /var/lib/apt/lists/*

Install additional .NET tools if needed (uncomment and modify as needed)

Install additional .NET tools if needed (uncomment and modify as needed)

RUN dotnet tool install --global dotnet-ef --version 8.0.0

RUN dotnet tool install --global dotnet-ef --version 8.0.0

ENV PATH="$PATH:/root/.dotnet/tools"

ENV PATH="$PATH:/root/.dotnet/tools"

WORKDIR /app
WORKDIR /app

Copy published application from build stage

Copy published application from build stage

COPY --from=build /app/publish .
COPY --from=build /app/publish .

Copy additional files if needed (uncomment and modify as needed)

Copy additional files if needed (uncomment and modify as needed)

COPY ./config/appsettings.Production.json .

COPY ./config/appsettings.Production.json .

COPY ./certificates/ ./certificates/

COPY ./certificates/ ./certificates/

Set environment variables

Set environment variables

ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_URLS=http://+:8080
ENV ASPNETCORE_ENVIRONMENT=Production ENV ASPNETCORE_URLS=http://+:8080

Add custom environment variables if needed (uncomment and modify as needed)

Add custom environment variables if needed (uncomment and modify as needed)

ENV CONNECTIONSTRINGS__DEFAULTCONNECTION="your-connection-string"

ENV CONNECTIONSTRINGS__DEFAULTCONNECTION="your-connection-string"

ENV FEATURE_FLAG_ENABLED=true

ENV FEATURE_FLAG_ENABLED=true

Configure SSL/TLS certificates if needed (uncomment and modify as needed)

Configure SSL/TLS certificates if needed (uncomment and modify as needed)

ENV ASPNETCORE_Kestrel__Certificates__Default__Path=/app/certificates/app.pfx

ENV ASPNETCORE_Kestrel__Certificates__Default__Path=/app/certificates/app.pfx

ENV ASPNETCORE_Kestrel__Certificates__Default__Password=your_password

ENV ASPNETCORE_Kestrel__Certificates__Default__Password=your_password

Expose the port the application listens on

Expose the port the application listens on

EXPOSE 8080
EXPOSE 8080

EXPOSE 8081 # Uncomment if using HTTPS

EXPOSE 8081 # Uncomment if using HTTPS

Install curl for health checks if not already present

Install curl for health checks if not already present

RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*

Configure health check

Configure health check

HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3
CMD curl -f http://localhost:8080/health || exit 1
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3
CMD curl -f http://localhost:8080/health || exit 1

Create volumes for persistent data if needed (uncomment and modify as needed)

Create volumes for persistent data if needed (uncomment and modify as needed)

VOLUME ["/app/data", "/app/logs"]

VOLUME ["/app/data", "/app/logs"]

Switch to non-root user for security

Switch to non-root user for security

USER $APP_UID
USER $APP_UID

Set the entry point for the application

Set the entry point for the application

ENTRYPOINT ["dotnet", "YourProject.dll"]
undefined
ENTRYPOINT ["dotnet", "YourProject.dll"]
undefined

Adapting this Example

示例适配说明

Note: Customize this template based on the specific requirements in containerization settings.
When adapting this example Dockerfile:
  1. Replace 
    YourProject.csproj
    , 
    YourProject.dll
    , etc. with your actual project names
  2. Adjust the .NET version and Linux distribution as needed
  3. Modify the dependency installation steps based on your requirements and remove any unnecessary ones
  4. Configure environment variables specific to your application
  5. Add or remove stages as needed for your specific workflow
  6. Update the health check endpoint to match your application's health check route
注意: 根据容器化设置中的具体需求自定义本模板。
适配本示例Dockerfile时:
  1. YourProject.csproj
    YourProject.dll
    等替换为实际项目名称
  2. 根据需要调整.NET版本和Linux发行版
  3. 根据需求修改依赖项安装步骤,移除不必要的内容
  4. 配置应用特定的环境变量
  5. 根据特定工作流程添加或移除构建阶段
  6. 更新健康检查端点以匹配应用的健康检查路由

Linux Distribution Variations

Linux发行版变体

Alpine Linux

Alpine Linux

For smaller image sizes, you can use Alpine Linux:
dockerfile
FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build
如需更小的镜像体积,可使用Alpine Linux:
dockerfile
FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine AS build

... build steps ...

... build steps ...

FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine AS final
FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine AS final

Install packages using apk

Install packages using apk

RUN apk update && apk add --no-cache curl ca-certificates
undefined
RUN apk update && apk add --no-cache curl ca-certificates
undefined

Ubuntu Chiseled

Ubuntu Chiseled

For minimal attack surface, consider using chiseled images:
dockerfile
FROM mcr.microsoft.com/dotnet/aspnet:8.0-jammy-chiseled AS final
如需最小化攻击面,可考虑使用Chiseled镜像:
dockerfile
FROM mcr.microsoft.com/dotnet/aspnet:8.0-jammy-chiseled AS final

Note: Chiseled images have minimal packages, so you may need to use a different base for additional dependencies

注意:Chiseled镜像包含的包极少,若需要额外依赖项,可能需要使用其他基础镜像

undefined
undefined

Azure Linux (Mariner)

Azure Linux (Mariner)

For Azure-optimized containers:
dockerfile
FROM mcr.microsoft.com/dotnet/aspnet:8.0-azurelinux3.0 AS final
如需Azure优化的容器:
dockerfile
FROM mcr.microsoft.com/dotnet/aspnet:8.0-azurelinux3.0 AS final

Install packages using tdnf

Install packages using tdnf

RUN tdnf update -y && tdnf install -y curl ca-certificates && tdnf clean all
undefined
RUN tdnf update -y && tdnf install -y curl ca-certificates && tdnf clean all
undefined

Notes on Stage Naming

阶段命名说明

  • The 
    AS stage-name
    syntax gives each stage a name
  • Use 
    --from=stage-name
    to copy files from a previous stage
  • You can have multiple intermediate stages that aren't used in the final image
  • The 
    final
    stage is the one that becomes the final container image
  • AS stage-name
    语法为每个阶段命名
  • 使用
    --from=stage-name
    从之前的阶段复制文件
  • 可包含多个不用于最终镜像的中间阶段
  • final
    阶段将成为最终的容器镜像

Security Best Practices

安全最佳实践

  • Always run as a non-root user in production
  • Use specific image tags instead of 
    latest
  • Minimize the number of installed packages
  • Keep base images updated
  • Use multi-stage builds to exclude build dependencies from the final image
  • 生产环境中始终以非根用户运行
  • 使用具体的镜像标签而非
    latest
  • 最小化安装的包数量
  • 保持基础镜像更新
  • 使用多阶段构建,将构建依赖项排除在最终镜像之外