Sign in to track progress and bookmarks.
A basic Dockerfile is not enough for production. You need to optimize for Security, Size, and Speed. A well-crafted container is the foundation of a stable microservice.
Use a "Build" stage with the full .NET SDK to compile your code, and a "Run" stage with just the ASP.NET Runtime to host it. This reduces your image size from 800MB to ~200MB, which means faster deployments and less storage cost.
By default, Docker runs your app as the 'root' user. This is a massive security risk. If an attacker exploits your app, they have full control over the container. **Architect Tip:** Use the `USER app` instruction in your Dockerfile to run your app with minimum privileges.
Order your Dockerfile correctly. Copy your `.csproj` files and run `dotnet restore` BEFORE copying your source code. This ensures that when you change a line of code, Docker can reuse the cached 'Restore' layer, making your builds 10x faster.
Q: "What is 'Distroless' and why should architects care?"
Architect Answer: "'Distroless' images contain only your application and its runtime dependencies. They do NOT contain shells, package managers (apt), or other standard Linux tools. This drastically reduces the **Attack Surface** of your container. If an attacker gets inside, they can't run scripts or install malware because the tools simply aren't there."
Quizzes linked to this course—pass to earn certificates.
On this page
1. Multi-Stage Builds 2. Run as Non-Root 3. Layer Caching 4. Interview Mastery