Skip to content


The Dockerfile file is a standard Dockerfile with a few additions.

Base images

Be sure to use one of the base k8s@home images for the FROM instruction.


# hadolint ignore=DL3007


# hadolint ignore=DL3007


Also, be sure to add the package_info file to the image so that others can find the source of the container image.

RUN printf "UpdateMethod=docker\nPackageVersion=%s\nPackageAuthor=[Team k8s-at-home](" "${VERSION}" > /app/package_info

UMASK and ca-certificates

Ensure that you change the permissions of the /app folder, set the UMASK environmental variable, and update ca-certificates.

  chmod -R u=rwX,go=rX /app \
  && printf "umask %d" "${UMASK}" >> /etc/bash.bashrc \
  && update-ca-certificates


When using the COPY instruction, be sure to start from the root of the repository so that the github actions can build the container image properly.

COPY ./apps/<app name>/ /


Be sure set the USER to kah.

See Configuration for details.

USER kah

shim scripts

If custom shim scripts are used, be sure to copy them to the container image.

COPY ./apps/<app name>/shim/<app name> /shim/<app name>


Hadolint needs to be used to lint the Dockerfile before publishing.

Hadolint is also used as a check in the Apps - Build, Test, Push github action

hadolint Dockerfile

Best practices

Be sure to use best practices up for writing Dockerfiles in order to reduce the container image size.