{"id":253120,"date":"2026-05-05T10:35:11","date_gmt":"2026-05-05T08:35:11","guid":{"rendered":"https:\/\/www.itta.net\/?p=253120"},"modified":"2026-06-04T13:50:31","modified_gmt":"2026-06-04T11:50:31","slug":"docker-production-top-5-mistakes","status":"publish","type":"post","link":"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/","title":{"rendered":"Top 5 Docker Mistakes that Crash your Containers in Production"},"content":{"rendered":"<p><em>Are your Docker containers crashing in production without warning? In most cases, the issue isn&#8217;t Docker itself but a handful of recurring configuration mistakes. Here are the five most expensive ones, and how to fix them today.<\/em><\/p>\n    <div class=\"quiz-ia-box\" id=\"quiz-ia\" data-lang=\"en\" data-read-label=\"Read the dedicated section\" data-color=\"#00B0AE\" data-color-light=\"#e6f9f9\" style=\"background:linear-gradient(135deg,#f8fcfc 0%,#f0fafa 100%);border-radius:12px;padding:32px 36px;margin:32px 0;border-left:6px solid #00B0AE;font-family:Montserrat,Arial,sans-serif;\">\r\n\r\n        <p style=\"font-size:1.5vw;font-weight:700;color:#00B0AE;margin:0 0 6px;line-height:1.4;\">What is your Docker production maturity level?<\/p>\r\n        \r\n                <div class=\"quiz-step\" data-step=\"1\" style=\"display:block;\">\r\n            <p style=\"font-size:16px;font-weight:700;color:#111;margin:0 0 14px;\">1 \/ 5 &mdash; Do your Docker containers run as root by default?<\/p>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q1\" value=\"0\" style=\"margin-right:10px;accent-color:#00B0AE;\">Yes, that&#039;s the default setup at our company            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q1\" value=\"1\" style=\"margin-right:10px;accent-color:#00B0AE;\">We have a dedicated USER on some images, not all            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q1\" value=\"2\" style=\"margin-right:10px;accent-color:#00B0AE;\">All containers run as non-root, it&#039;s a strict rule            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:0;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q1\" value=\"0\" style=\"margin-right:10px;accent-color:#00B0AE;\">I don&#039;t know how to check            <\/label>\r\n            \r\n            <div class=\"quiz-nav\" style=\"display:flex;justify-content:flex-end;margin-top:16px;gap:8px;\">\r\n                                                    <button class=\"quiz-next\" data-next=\"2\" style=\"background:#00B0AE;color:#fff;border:none;padding:12px 24px;border-radius:8px;font-size:15px;font-weight:700;cursor:pointer;font-family:Montserrat,Arial,sans-serif;transition:opacity .15s;\">Next<\/button>\r\n                            <\/div>\r\n        <\/div>\r\n                <div class=\"quiz-step\" data-step=\"2\" style=\"display:none;\">\r\n            <p style=\"font-size:16px;font-weight:700;color:#111;margin:0 0 14px;\">2 \/ 5 &mdash; What is the average size of your Docker images in production?<\/p>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q2\" value=\"0\" style=\"margin-right:10px;accent-color:#00B0AE;\">Over 1 GB, we have never looked            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q2\" value=\"1\" style=\"margin-right:10px;accent-color:#00B0AE;\">Between 300 MB and 1 GB            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q2\" value=\"2\" style=\"margin-right:10px;accent-color:#00B0AE;\">Less than 200 MB thanks to multi-stage and minimal bases            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:0;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q2\" value=\"0\" style=\"margin-right:10px;accent-color:#00B0AE;\">No idea, we use the official images as-is            <\/label>\r\n            \r\n            <div class=\"quiz-nav\" style=\"display:flex;justify-content:space-between;margin-top:16px;gap:8px;\">\r\n                                    <button class=\"quiz-prev\" data-prev=\"1\" style=\"background:#fff;color:#333;border:2px solid #ddd;padding:12px 24px;border-radius:8px;font-size:15px;font-weight:700;cursor:pointer;font-family:Montserrat,Arial,sans-serif;transition:border-color .15s;\">Previous<\/button>\r\n                                                    <button class=\"quiz-next\" data-next=\"3\" style=\"background:#00B0AE;color:#fff;border:none;padding:12px 24px;border-radius:8px;font-size:15px;font-weight:700;cursor:pointer;font-family:Montserrat,Arial,sans-serif;transition:opacity .15s;\">Next<\/button>\r\n                            <\/div>\r\n        <\/div>\r\n                <div class=\"quiz-step\" data-step=\"3\" style=\"display:none;\">\r\n            <p style=\"font-size:16px;font-weight:700;color:#111;margin:0 0 14px;\">3 \/ 5 &mdash; How do you handle secrets (passwords, API keys) in your containers?<\/p>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q3\" value=\"0\" style=\"margin-right:10px;accent-color:#00B0AE;\">Environment variables straight in the Dockerfile or a .env            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q3\" value=\"1\" style=\"margin-right:10px;accent-color:#00B0AE;\">Variables passed at docker run, not committed            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q3\" value=\"2\" style=\"margin-right:10px;accent-color:#00B0AE;\">Vault, Docker Secrets, or a dedicated manager            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:0;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q3\" value=\"0\" style=\"margin-right:10px;accent-color:#00B0AE;\">We have very few of them, they live in the code            <\/label>\r\n            \r\n            <div class=\"quiz-nav\" style=\"display:flex;justify-content:space-between;margin-top:16px;gap:8px;\">\r\n                                    <button class=\"quiz-prev\" data-prev=\"2\" style=\"background:#fff;color:#333;border:2px solid #ddd;padding:12px 24px;border-radius:8px;font-size:15px;font-weight:700;cursor:pointer;font-family:Montserrat,Arial,sans-serif;transition:border-color .15s;\">Previous<\/button>\r\n                                                    <button class=\"quiz-next\" data-next=\"4\" style=\"background:#00B0AE;color:#fff;border:none;padding:12px 24px;border-radius:8px;font-size:15px;font-weight:700;cursor:pointer;font-family:Montserrat,Arial,sans-serif;transition:opacity .15s;\">Next<\/button>\r\n                            <\/div>\r\n        <\/div>\r\n                <div class=\"quiz-step\" data-step=\"4\" style=\"display:none;\">\r\n            <p style=\"font-size:16px;font-weight:700;color:#111;margin:0 0 14px;\">4 \/ 5 &mdash; Do you have HEALTHCHECK and resource limits on every container?<\/p>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q4\" value=\"0\" style=\"margin-right:10px;accent-color:#00B0AE;\">Neither, we trust Docker            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q4\" value=\"1\" style=\"margin-right:10px;accent-color:#00B0AE;\">Health checks on some, no resource limits            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q4\" value=\"2\" style=\"margin-right:10px;accent-color:#00B0AE;\">Healthcheck + memory\/CPU limits on 100% of containers            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:0;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q4\" value=\"0\" style=\"margin-right:10px;accent-color:#00B0AE;\">I have never heard of HEALTHCHECK            <\/label>\r\n            \r\n            <div class=\"quiz-nav\" style=\"display:flex;justify-content:space-between;margin-top:16px;gap:8px;\">\r\n                                    <button class=\"quiz-prev\" data-prev=\"3\" style=\"background:#fff;color:#333;border:2px solid #ddd;padding:12px 24px;border-radius:8px;font-size:15px;font-weight:700;cursor:pointer;font-family:Montserrat,Arial,sans-serif;transition:border-color .15s;\">Previous<\/button>\r\n                                                    <button class=\"quiz-next\" data-next=\"5\" style=\"background:#00B0AE;color:#fff;border:none;padding:12px 24px;border-radius:8px;font-size:15px;font-weight:700;cursor:pointer;font-family:Montserrat,Arial,sans-serif;transition:opacity .15s;\">Next<\/button>\r\n                            <\/div>\r\n        <\/div>\r\n                <div class=\"quiz-step\" data-step=\"5\" style=\"display:none;\">\r\n            <p style=\"font-size:16px;font-weight:700;color:#111;margin:0 0 14px;\">5 \/ 5 &mdash; How do you monitor your Docker containers in production?<\/p>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q5\" value=\"0\" style=\"margin-right:10px;accent-color:#00B0AE;\">Via docker logs over SSH when there&#039;s an issue            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q5\" value=\"1\" style=\"margin-right:10px;accent-color:#00B0AE;\">We have a basic tool but limited alerting            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:8px;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q5\" value=\"2\" style=\"margin-right:10px;accent-color:#00B0AE;\">Full stack: Prometheus + Grafana + Loki\/ELK + alerting            <\/label>\r\n                        <label style=\"display:block;padding:12px 16px;margin-bottom:0;background:#fff;border:2px solid #ddd;border-radius:8px;cursor:pointer;font-size:15px;color:#333;transition:border-color .15s,background .15s;\">\r\n                <input type=\"radio\" name=\"q5\" value=\"0\" style=\"margin-right:10px;accent-color:#00B0AE;\">We have no centralized monitoring            <\/label>\r\n            \r\n            <div class=\"quiz-nav\" style=\"display:flex;justify-content:space-between;margin-top:16px;gap:8px;\">\r\n                                    <button class=\"quiz-prev\" data-prev=\"4\" style=\"background:#fff;color:#333;border:2px solid #ddd;padding:12px 24px;border-radius:8px;font-size:15px;font-weight:700;cursor:pointer;font-family:Montserrat,Arial,sans-serif;transition:border-color .15s;\">Previous<\/button>\r\n                                                    <button id=\"quiz-ia-submit\" style=\"background:#00B0AE;color:#fff;border:none;padding:12px 24px;border-radius:8px;font-size:15px;font-weight:700;cursor:pointer;font-family:Montserrat,Arial,sans-serif;transition:opacity .15s;\">See my result<\/button>\r\n                            <\/div>\r\n        <\/div>\r\n        \r\n        <div id=\"quiz-ia-result\" style=\"display:none;\"><\/div>\r\n\r\n    <\/div>\r\n    \n<h2 id=\"toc\">Table of contents<\/h2>\n<ol>\n<li><a href=\"#why-docker-fails\">Why Docker fails in production<\/a><\/li>\n<li><a href=\"#mistake-1-root\">Mistake #1 &#8211; Running your containers as root<\/a><\/li>\n<li><a href=\"#mistake-2-bloated-images\">Mistake #2 &#8211; Building bloated images without multi-stage<\/a><\/li>\n<li><a href=\"#mistake-3-secrets\">Mistake #3 &#8211; Storing secrets and data inside the image<\/a><\/li>\n<li><a href=\"#mistake-4-healthchecks\">Mistake #4 &#8211; Skipping health checks and resource limits<\/a><\/li>\n<li><a href=\"#mistake-5-monitoring\">Mistake #5 &#8211; Flying blind with no logs or monitoring<\/a><\/li>\n<li><a href=\"#checklist\">The Docker production checklist<\/a><\/li>\n<li><a href=\"#conclusion\">Conclusion<\/a><\/li>\n<li><a href=\"#faq-docker-production\">Docker in production FAQ<\/a><\/li>\n<\/ol>\n<p><img decoding=\"async\" src=\"https:\/\/www.itta.net\/wp-content\/uploads\/2026\/05\/docker-production-conteneurs-serveur-2.webp\" alt=\"devops engineer monitoring docker containers in production on screen\" loading=\"lazy\" \/><\/p>\n<p>Docker remains the most widely deployed container engine in the world. These five mistakes are among the most frequent root causes of Docker incidents seen in production by DevOps teams in French-speaking Switzerland. They are not Docker bugs. Instead, they are configuration shortcuts taken in development that come back to haunt you the day traffic spikes or an attacker comes knocking.<\/p>\n<p>In production, a container that keeps restarting, an image that ships 2 GB of unused weight, or a secret committed inside a Dockerfile costs time, money, and sometimes customer trust. The good news is that all these mistakes are preventable with the right method and reflexes. The catch is knowing which ones to look for first.<\/p>\n<h2 id=\"why-docker-fails\">Why Docker fails in production<\/h2>\n<p><img decoding=\"async\" src=\"https:\/\/www.itta.net\/wp-content\/uploads\/2026\/05\/docker-incident-equipe-devops-1.webp\" alt=\"devops team analyzing a production docker incident in a meeting\" loading=\"lazy\" \/><\/p>\n<p>First, a container is not a virtual machine. It is an isolated process that shares the host kernel. Therefore, any misconfiguration can ripple straight back to the host. Furthermore, unlike development where a quick restart erases the issue, production is unforgiving of the smallest oversight.<\/p>\n<p>According to a <a href=\"https:\/\/snyk.io\/blog\/10-docker-image-security-best-practices\/\" target=\"_blank\" rel=\"noopener\">2024 Snyk study<\/a>, more than 60% of scanned Docker images contain at least one critical vulnerability. In short, the gap between a robust Docker setup and a fragile one usually comes down to five key decisions.<\/p>\n<h3>Three symptoms that should set off alarms<\/h3>\n<ul>\n<li><strong>Containers stuck in a restart loop<\/strong>: typically a missing health check, an unset environment variable, or a permission issue.<\/li>\n<li><strong>Memory creeping up for no reason<\/strong>: missing <code>--memory<\/code> and <code>--cpus<\/code> limits, a memory leak, or unrotated logs.<\/li>\n<li><strong>Latency exploding under load<\/strong>: oversized image at startup, a database sharing the default Docker network, or no orchestration in place.<\/li>\n<\/ul>\n<p>Of course, these symptoms are only the visible tip of the iceberg. However, in production they are exactly what wakes up your team at 3 AM. Now let&#8217;s break down the five mistakes that cause them.<\/p>\n<h2 id=\"mistake-1-root\">Mistake #1 &#8211; Running your containers as root<\/h2>\n<p><img decoding=\"async\" src=\"https:\/\/www.itta.net\/wp-content\/uploads\/2026\/05\/docker-securite-conteneur-root-1.webp\" alt=\"cybersecurity analyst reviewing docker container permissions\" loading=\"lazy\" \/><\/p>\n<p>By default, a Docker container runs as <strong>root<\/strong>. That&#8217;s convenient in development, but it is a serious security flaw in production. If an attacker compromises your application, they immediately gain root privileges inside the container. Moreover, in some configurations they can break out toward the host.<\/p>\n<h3>The typical attack scenario<\/h3>\n<p>A developer publishes an image based on <code>node:18<\/code>. As a result, the image inherits the root user. In production, the Node app exposes an SSRF flaw. Consequently, the attacker triggers an arbitrary command inside the container. Because they are root, they can modify files, install tools, or abuse a poorly configured volume to reach the host system.<\/p>\n<h3>How to fix the mistake<\/h3>\n<p>Fortunately, the fix is straightforward. Add a dedicated user in your Dockerfile and switch to it before the entrypoint command.<\/p>\n<ul>\n<li><strong>Create an application user<\/strong>: <code>RUN addgroup --system app &amp;&amp; adduser --system --ingroup app app<\/code><\/li>\n<li><strong>Switch to it<\/strong>: <code>USER app<\/code> right before <code>CMD<\/code> or <code>ENTRYPOINT<\/code>.<\/li>\n<li><strong>Verify at runtime<\/strong>: <code>docker exec my-container whoami<\/code> must return something other than <em>root<\/em>.<\/li>\n<\/ul>\n<p>In addition, use the <code>--read-only<\/code> flag to make the container filesystem immutable. As a result, even an attacker with root inside the container cannot persist any file. This is a baseline requirement of the <a href=\"https:\/\/www.cisecurity.org\/benchmark\/docker\" target=\"_blank\" rel=\"noopener\">CIS Docker Benchmark<\/a>, the reference for container security.<\/p>\n<h2 id=\"mistake-2-bloated-images\">Mistake #2 &#8211; Building bloated images without multi-stage<\/h2>\n<p><img decoding=\"async\" src=\"https:\/\/www.itta.net\/wp-content\/uploads\/2026\/05\/docker-image-multi-stage-build-1.webp\" alt=\"developer optimizing a dockerfile with multi-stage build\" loading=\"lazy\" \/><\/p>\n<p>A 2 GB Docker image for an application that ships 50 MB of code is the most visible and most common mistake. It slows every deployment, inflates your storage bill, and increases the attack surface. Specifically, the more packages an image carries, the more potential vulnerabilities it ships.<\/p>\n<h3>The three main causes of overweight images<\/h3>\n<ol>\n<li><strong>Bloated base image<\/strong>: <code>ubuntu:latest<\/code> weighs 80 MB, <code>alpine:3.19<\/code> only 7 MB, and <code>distroless<\/code> a tiny 2 MB.<\/li>\n<li><strong>Build tools left in the final image<\/strong>: compilers, package managers, temporary files, and source maps.<\/li>\n<li><strong>Unoptimized layers<\/strong>: each <code>RUN<\/code> creates a layer, and a poorly written <code>RUN apt-get install<\/code> can double the image size.<\/li>\n<\/ol>\n<h3>The fix: multi-stage builds<\/h3>\n<p>The <strong>multi-stage<\/strong> pattern lets you compile inside a heavy image and then copy only the final binary into a minimal runtime image. In other words, you keep the comfort of a full build while shipping a featherweight runtime.<\/p>\n<p>For example, here is a typical Dockerfile for a Go application:<\/p>\n<ul>\n<li><strong>Stage 1 (builder)<\/strong>: <code>FROM golang:1.22 AS builder<\/code>, copy sources, run <code>go build<\/code>.<\/li>\n<li><strong>Stage 2 (runtime)<\/strong>: <code>FROM gcr.io\/distroless\/static<\/code>, then <code>COPY --from=builder \/app\/bin \/app<\/code>.<\/li>\n<li><strong>Result<\/strong>: a final image of 15 MB instead of 800 MB.<\/li>\n<\/ul>\n<p>Consequently, deployments drop from 45 seconds to 3 seconds, and the attack surface shrinks dramatically. To go further, read the <a href=\"https:\/\/docs.docker.com\/build\/building\/best-practices\/\" target=\"_blank\" rel=\"noopener\">official Docker building best practices<\/a>, which detail the advanced patterns.<\/p>\n<div style=\"background:linear-gradient(135deg,#f8fcfc 0%,#f0fafa 100%);border-radius:12px;padding:36px 40px;margin:40px 0;font-family:Montserrat,Arial,sans-serif;color:#111;border-left:6px solid #00B0AE;position:relative;\">\n<p style=\"font-size:1.1vw;font-weight:600;margin:0 0 6px;color:#00B0AE;line-height:1.3;text-transform:uppercase;letter-spacing:1px;\">Recommended training<\/p>\n<p style=\"font-size:1.6vw;font-weight:700;margin:0 0 4px;color:#1a1a2e;line-height:1.3;\">Docker &#8211; Administration<\/p>\n<p style=\"font-size:0.9vw;font-weight:600;margin:0 0 14px;color:#888;line-height:1.3;\">Ref. DOCK-02<\/p>\n<p style=\"font-size:1vw;margin:0 0 16px;color:#444;line-height:1.6;\">Master Docker in production: deployment, security, multi-stage builds, volume management, and orchestration. Prepares you for the Docker Certified Associate certification.<\/p>\n<div style=\"display:flex;flex-wrap:wrap;gap:8px 24px;margin:0 0 20px;\">\n<p><span style=\"font-size:0.95vw;color:#444;\"><strong style=\"color:#00B0AE;\">Duration:<\/strong> 3 days<\/span><\/p>\n<p><span style=\"font-size:0.95vw;color:#444;\"><strong style=\"color:#00B0AE;\">Level:<\/strong> Intermediate<\/span><\/p>\n<p><span style=\"font-size:0.95vw;color:#444;\"><strong style=\"color:#00B0AE;\">Location:<\/strong> Geneva \/ Lausanne \/ Virtual<\/span><\/p>\n<\/div>\n<p><a href=\"https:\/\/www.itta.net\/en\/formations\/informatique\/devops\/docker-administration\/\" target=\"_blank\" rel=\"noopener\" style=\"display:inline-block;background:#00B0AE;color:#fff;padding:14px 32px;border-radius:8px;font-size:1.05vw;font-weight:700;text-decoration:none;font-family:Montserrat,Arial,sans-serif;box-shadow:0 4px 15px rgba(0,176,174,0.3);\">Discover the training \u2192<\/a><\/p>\n<\/div>\n<h2 id=\"mistake-3-secrets\">Mistake #3 &#8211; Storing secrets and data inside the image<\/h2>\n<p><img decoding=\"async\" src=\"https:\/\/www.itta.net\/wp-content\/uploads\/2026\/05\/docker-secrets-vault-securite-1.webp\" alt=\"devsecops engineer managing docker secrets and sensitive variables\" loading=\"lazy\" \/><\/p>\n<p>Hardcoding a database password into a Dockerfile, or passing it as an environment variable at startup, looks harmless. In fact, it is one of the most common leaks <a href=\"https:\/\/snyk.io\/blog\/10-docker-image-security-best-practices\/\" target=\"_blank\" rel=\"noopener\">Snyk identifies every year<\/a> in public images. Furthermore, once a secret is committed inside a layer, it stays there even if you delete it later.<\/p>\n<h3>Why environment variables are not enough<\/h3>\n<p>Variables passed via <code>docker run -e DB_PASS=...<\/code> or a <code>.env<\/code> file are visible in many places. For instance, <code>docker inspect<\/code> exposes them, and any process inside the container can read them in <code>\/proc\/1\/environ<\/code>. In short, this is not a secret, it is plaintext configuration.<\/p>\n<h3>The three solutions to favor<\/h3>\n<ul>\n<li><strong>Docker Secrets (Swarm)<\/strong>: injects secrets in memory under <code>\/run\/secrets\/<\/code>, never on disk.<\/li>\n<li><strong>HashiCorp Vault or AWS Secrets Manager<\/strong>: secrets fetched at runtime via an authenticated API, with automatic rotation.<\/li>\n<li><strong>BuildKit secret mounts<\/strong>: <code>RUN --mount=type=secret<\/code> during build, without persisting the value into the final layer.<\/li>\n<\/ul>\n<p>Moreover, never commit a <code>.env<\/code> file to Git. Configure a pre-commit hook with <a href=\"https:\/\/github.com\/gitleaks\/gitleaks\" target=\"_blank\" rel=\"noopener\">Gitleaks<\/a> to block any leak. This is standard practice among the Swiss DevOps teams running critical <a href=\"https:\/\/www.itta.net\/en\/blog\/cicd-pipeline-hands-on-guide-automate-everything\/\" target=\"_blank\" rel=\"noopener\">CI\/CD pipelines<\/a>.<\/p>\n<h3>The special case of user data<\/h3>\n<p>In addition, never store data inside the container itself. Instead, always rely on persistent volumes. However, watch out for poorly configured volumes. A volume mounted with the wrong permissions can overwrite system files. Worse, it may enable a host escape. Always test with <code>docker volume inspect<\/code> before going to production.<\/p>\n<h2 id=\"mistake-4-healthchecks\">Mistake #4 &#8211; Skipping health checks and resource limits<\/h2>\n<p><img decoding=\"async\" src=\"https:\/\/www.itta.net\/wp-content\/uploads\/2026\/05\/docker-healthcheck-monitoring-prod-1.webp\" alt=\"SRE engineer monitoring docker healthchecks and metrics in production\" loading=\"lazy\" \/><\/p>\n<p>A running container is not a working container. That nuance is one many teams learn the hard way. Without a <code>HEALTHCHECK<\/code> directive in your Dockerfile, Docker has no idea whether your application actually answers requests. Consequently, the orchestrator keeps routing traffic to a zombie container.<\/p>\n<h3>Anatomy of a clean health check<\/h3>\n<p>For example, here is a typical health check for an HTTP API:<\/p>\n<ul>\n<li><code>HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 <\/code><\/li>\n<li><code>  CMD curl -fsS http:\/\/localhost:8080\/health || exit 1<\/code><\/li>\n<\/ul>\n<p>The orchestrator (Docker Swarm, Kubernetes, or Nomad) can then automatically restart the container on failure. In particular, the <code>start-period<\/code> avoids false positives when slow-starting apps (Java, .NET) take time to boot.<\/p>\n<h3>Resource limits: your safeguard against noisy neighbors<\/h3>\n<p>Without limits, a leaking container can devour all the host RAM and crash every other container next door. This is the classic <strong>noisy neighbor effect<\/strong>. Therefore, always configure:<\/p>\n<ul>\n<li><strong>Memory<\/strong>: <code>--memory=512m --memory-swap=512m<\/code> to prevent any overflow.<\/li>\n<li><strong>CPU<\/strong>: <code>--cpus=1.5<\/code> to cap processor usage.<\/li>\n<li><strong>PIDs<\/strong>: <code>--pids-limit=200<\/code> to prevent fork bombs.<\/li>\n<li><strong>Logs<\/strong>: <code>--log-opt max-size=10m --log-opt max-file=3<\/code> to avoid filling the disk.<\/li>\n<\/ul>\n<p>Of course, the right values depend on your actual workload. First, measure with <code>docker stats<\/code> under nominal load. Then, add a 30% safety margin. This is the method recommended by reference DevOps guides such as <a href=\"https:\/\/blog.stephane-robert.info\/docs\/conteneurs\/moteurs-conteneurs\/docker\/\" target=\"_blank\" rel=\"noopener\">St\u00e9phane Robert&#8217;s Docker hub<\/a>.<\/p>\n<h2 id=\"mistake-5-monitoring\">Mistake #5 &#8211; Flying blind with no logs or monitoring<\/h2>\n<p><img decoding=\"async\" src=\"https:\/\/www.itta.net\/wp-content\/uploads\/2026\/05\/docker-monitoring-grafana-loki-1.webp\" alt=\"sre team analyzing docker logs and metrics in a control center\" loading=\"lazy\" \/><\/p>\n<p>The last trap is arguably the most underestimated one. In practice, many teams ship Docker to production without centralized monitoring. They rely on <code>docker logs<\/code> on demand. That works for a single container. However, it becomes unmanageable the moment you have ten of them.<\/p>\n<h3>The minimum recommended stack<\/h3>\n<p>For a calm production, three complementary building blocks are essential:<\/p>\n<ol>\n<li><strong>Centralized logs<\/strong>: <a href=\"https:\/\/grafana.com\/oss\/loki\/\" target=\"_blank\" rel=\"noopener\">Grafana Loki<\/a>, ELK, or a managed service like Datadog. Configure Docker to ship logs via the <code>json-file<\/code> driver with rotation, then aggregate with Promtail or Filebeat.<\/li>\n<li><strong>Metrics<\/strong>: Prometheus + cAdvisor expose CPU, RAM, and I\/O per container. Grafana renders the dashboards.<\/li>\n<li><strong>Alerting<\/strong>: Alertmanager or PagerDuty with thresholds on failed health checks, restart counts, and OOM kills.<\/li>\n<\/ol>\n<h3>The three metrics to monitor first<\/h3>\n<ul>\n<li><strong>Restart count<\/strong>: a container restarting more than 3 times an hour signals an unresolved issue.<\/li>\n<li><strong>Memory usage trend<\/strong>: a curve that climbs and never comes back down indicates a memory leak.<\/li>\n<li><strong>Latency p95 and p99<\/strong>: these percentiles surface the slowdowns that the average hides.<\/li>\n<\/ul>\n<p>Furthermore, consider enabling <strong>Docker events<\/strong> via <code>docker events<\/code>. Those logs detail every action on the daemon (start, stop, kill, OOM) and prove invaluable when investigating an incident afterwards. Combined with a SIEM, they also help detect abnormal behavior.<\/p>\n<h2 id=\"checklist\">The Docker production checklist<\/h2>\n<p>Finally, here is the condensed checklist to plug into your deployment pipeline before any production release. If any box is empty, you carry an unmanaged risk into production.<\/p>\n<div style=\"overflow-x:auto;-webkit-overflow-scrolling:touch;max-width:100%;width:100%;margin:1rem 0 0.5rem 0;\">\n<table style=\"width:100%;border-collapse:collapse;\">\n<thead>\n<tr style=\"background:#00B0AE;color:#fff;\">\n<th style=\"padding:12px;text-align:left;\">Area<\/th>\n<th style=\"padding:12px;text-align:left;\">Check<\/th>\n<th style=\"padding:12px;text-align:left;\">Tool or command<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Security<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Container runs as non-root<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\"><code>USER app<\/code> + <code>docker exec whoami<\/code><\/td>\n<\/tr>\n<tr>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Security<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Read-only filesystem<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\"><code>--read-only<\/code> + targeted tmpfs<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Image<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Multi-stage and minimal base<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Alpine or distroless<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Image<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Vulnerability scan<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Trivy or Snyk<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Secrets<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">No secret inside the image<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Vault or Docker Secrets<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Runtime<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Active health check<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\"><code>HEALTHCHECK<\/code> directive<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Runtime<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Memory and CPU limits<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\"><code>--memory<\/code> and <code>--cpus<\/code><\/td>\n<\/tr>\n<tr>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Observability<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Centralized logs<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Loki, ELK, or Datadog<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Observability<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Metrics + alerting<\/td>\n<td style=\"padding:10px;border-bottom:1px solid #eee;\">Prometheus + Grafana<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<p>This checklist covers the main Docker risks we regularly see in production environments at the teams we train. It does not replace a code review or a security audit, but it helps you avoid the most expensive mistakes.<\/p>\n<div style=\"background:linear-gradient(135deg,#f8fcfc 0%,#f0fafa 100%);border-radius:12px;padding:36px 40px;margin:40px 0;font-family:Montserrat,Arial,sans-serif;color:#111;border-left:6px solid #00B0AE;position:relative;\">\n<p style=\"font-size:1.1vw;font-weight:600;margin:0 0 6px;color:#00B0AE;line-height:1.3;text-transform:uppercase;letter-spacing:1px;\">Recommended training<\/p>\n<p style=\"font-size:1.6vw;font-weight:700;margin:0 0 4px;color:#1a1a2e;line-height:1.3;\">Docker Associate (DCA) Certification Preparation<\/p>\n<p style=\"font-size:0.9vw;font-weight:600;margin:0 0 14px;color:#888;line-height:1.3;\">Ref. DCA-PREP<\/p>\n<p style=\"font-size:1vw;margin:0 0 16px;color:#444;line-height:1.6;\">Go further and validate your Docker production skills with a certification focused on operational Docker skills. Intensive preparation across the 13 domains of the DCA exam.<\/p>\n<div style=\"display:flex;flex-wrap:wrap;gap:8px 24px;margin:0 0 20px;\">\n<p><span style=\"font-size:0.95vw;color:#444;\"><strong style=\"color:#00B0AE;\">Duration:<\/strong> 4 days<\/span><\/p>\n<p><span style=\"font-size:0.95vw;color:#444;\"><strong style=\"color:#00B0AE;\">Level:<\/strong> Advanced<\/span><\/p>\n<p><span style=\"font-size:0.95vw;color:#444;\"><strong style=\"color:#00B0AE;\">Location:<\/strong> Geneva \/ Lausanne \/ Virtual<\/span><\/p>\n<\/div>\n<p><a href=\"https:\/\/www.itta.net\/en\/formations\/informatique\/devops\/docker-associate-dca-certification\/\" target=\"_blank\" rel=\"noopener\" style=\"display:inline-block;background:#00B0AE;color:#fff;padding:14px 32px;border-radius:8px;font-size:1.05vw;font-weight:700;text-decoration:none;font-family:Montserrat,Arial,sans-serif;box-shadow:0 4px 15px rgba(0,176,174,0.3);\">Discover the training \u2192<\/a><\/p>\n<\/div>\n<h2 id=\"conclusion\">Conclusion<\/h2>\n<p>Docker is neither complex nor moody. However, it does not forgive shortcuts taken in production. The five mistakes we just covered (running as root, bloated images, exposed secrets, missing health checks, and neglected monitoring) account for the vast majority of incidents Swiss DevOps teams hit on any given week.<\/p>\n<p>Fixing these five points stays within reach of an organized team, and the return on investment is fast. Your deployments get faster, your infrastructure becomes more stable, and your attack surface shrinks noticeably. The next time a container falls over in production, ask yourself this: which of these five mistakes did we let slip through?<\/p>\n<p>To go further, complete your Docker mastery with a structured path covering Docker, Kubernetes, and cloud-native orchestration. Specifically, that&#8217;s exactly what our DevOps trainings in Geneva and Lausanne are designed for: teams shipping to real production environments.<\/p>\n<h2 id=\"faq-docker-production\">Docker in production FAQ<\/h2>\n<p><strong>What is the leading cause of Docker container crashes in production?<\/strong><\/p>\n<p>In most cases, it&#8217;s the absence of a health check combined with the absence of resource limits. The container falls over with no safeguard to restart it, or it eats all the host RAM and drags the other services down with it.<\/p>\n<p><strong>Should you really avoid running Docker as root in production?<\/strong><\/p>\n<p>Yes, no exceptions. Running as root massively increases the impact of a compromise. A simple <code>USER app<\/code> in your Dockerfile neutralizes most known container escape techniques.<\/p>\n<p><strong>How do you reduce the size of a Docker image in production?<\/strong><\/p>\n<p>Use multi-stage builds to separate compilation from runtime, pick a minimal base image like Alpine or distroless, and group your <code>RUN<\/code> commands to limit the number of layers.<\/p>\n<p><strong>Which tools should you use to monitor Docker in production?<\/strong><\/p>\n<p>The standard stack combines Prometheus + cAdvisor for metrics, Grafana for visualization, and Loki or ELK for logs. For teams that prefer managed services, Datadog or New Relic cover all three needs in a single offering.<\/p>\n<p><strong>Is Docker suitable for critical workloads in production?<\/strong><\/p>\n<p>Yes, provided you pair it with an orchestrator like Kubernetes or Docker Swarm and stick to the security, monitoring, and resource-limit best practices. Without an orchestrator, standalone Docker remains viable only for non-critical workloads.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Are your Docker containers crashing in production without warning? In most cases, the issue isn&#8217;t Docker itself but a handful of recurring configuration mistakes. Here are the five most expensive ones, and how to fix them today. Table of contents Why Docker fails in production Mistake #1 &#8211; Running your containers as root Mistake #2 [&hellip;]<\/p>\n","protected":false},"author":112,"featured_media":253113,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":""},"categories":[2938,2944],"tags":[],"class_list":["post-253120","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-informatique","category-it-pro"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.5 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Docker Production: 5 Mistakes that Crash your Containers<\/title>\n<meta name=\"description\" content=\"Top 5 Docker production mistakes: root, bloated images, secrets, healthchecks, monitoring. Diagnostic and concrete fixes by ITTA.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Damien Crocq\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/blog\\\/docker-production-top-5-mistakes\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/blog\\\/docker-production-top-5-mistakes\\\/\"},\"author\":{\"name\":\"Damien Crocq\",\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/#\\\/schema\\\/person\\\/ca875e6c61a8f6f224901d4b48e1494f\"},\"headline\":\"Top 5 Docker Mistakes that Crash your Containers in Production\",\"datePublished\":\"2026-05-05T08:35:11+00:00\",\"dateModified\":\"2026-06-04T11:50:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/blog\\\/docker-production-top-5-mistakes\\\/\"},\"wordCount\":2015,\"publisher\":{\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/blog\\\/docker-production-top-5-mistakes\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.itta.net\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/docker-production-erreurs_v2-1.webp\",\"articleSection\":[\"Informatique\",\"IT Pro\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/blog\\\/docker-production-top-5-mistakes\\\/\",\"url\":\"https:\\\/\\\/www.itta.net\\\/en\\\/blog\\\/docker-production-top-5-mistakes\\\/\",\"name\":\"Docker Production: 5 Mistakes that Crash your Containers\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/blog\\\/docker-production-top-5-mistakes\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/blog\\\/docker-production-top-5-mistakes\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.itta.net\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/docker-production-erreurs_v2-1.webp\",\"datePublished\":\"2026-05-05T08:35:11+00:00\",\"dateModified\":\"2026-06-04T11:50:31+00:00\",\"description\":\"Top 5 Docker production mistakes: root, bloated images, secrets, healthchecks, monitoring. Diagnostic and concrete fixes by ITTA.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/blog\\\/docker-production-top-5-mistakes\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.itta.net\\\/en\\\/blog\\\/docker-production-top-5-mistakes\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/blog\\\/docker-production-top-5-mistakes\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.itta.net\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/docker-production-erreurs_v2-1.webp\",\"contentUrl\":\"https:\\\/\\\/www.itta.net\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/docker-production-erreurs_v2-1.webp\",\"width\":1376,\"height\":768,\"caption\":\"miniature article docker production top 5 erreurs critiques\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/blog\\\/docker-production-top-5-mistakes\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.itta.net\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Top 5 Docker Mistakes that Crash your Containers in Production\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.itta.net\\\/en\\\/\",\"name\":\"ITTA\",\"description\":\"Formations &amp; Certifications en Suisse Romande\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.itta.net\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":[\"Organization\",\"EducationalOrganization\"],\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/#organization\",\"name\":\"ITTA\",\"alternateName\":\"IT TRAINING ACADEMY SA\",\"url\":\"https:\\\/\\\/www.itta.net\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.itta.net\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/Logo-transparent.png\",\"contentUrl\":\"https:\\\/\\\/www.itta.net\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/Logo-transparent.png\",\"width\":1500,\"height\":623,\"caption\":\"ITTA\"},\"image\":{\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/ITTA\\\/100063747262936\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/1001738\",\"https:\\\/\\\/www.instagram.com\\\/itta_suisse\\\/\"],\"contactPoint\":{\"@type\":\"ContactPoint\",\"telephone\":\"+41 58 307 73 00\",\"contactType\":\"customer service\",\"availableLanguage\":[\"French\",\"English\"],\"areaServed\":[{\"@type\":\"Country\",\"name\":\"Switzerland\"},{\"@type\":\"Country\",\"name\":\"France\"}]},\"location\":[{\"@type\":\"Place\",\"name\":\"ITTA Geneve\",\"address\":{\"@type\":\"PostalAddress\",\"streetAddress\":\"Route des Jeunes 35\",\"addressLocality\":\"Carouge\",\"postalCode\":\"1227\",\"addressRegion\":\"GE\",\"addressCountry\":\"CH\"},\"geo\":{\"@type\":\"GeoCoordinates\",\"latitude\":46.18274,\"longitude\":6.12922}},{\"@type\":\"Place\",\"name\":\"ITTA Lausanne\",\"address\":{\"@type\":\"PostalAddress\",\"streetAddress\":\"Rue des Cotes-de-Montbenon 16\",\"addressLocality\":\"Lausanne\",\"postalCode\":\"1003\",\"addressRegion\":\"VD\",\"addressCountry\":\"CH\"},\"geo\":{\"@type\":\"GeoCoordinates\",\"latitude\":46.52111,\"longitude\":6.62734}}]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.itta.net\\\/en\\\/#\\\/schema\\\/person\\\/ca875e6c61a8f6f224901d4b48e1494f\",\"name\":\"Damien Crocq\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.itta.net\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/damien-bio-1-100x100.jpg\",\"url\":\"https:\\\/\\\/www.itta.net\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/damien-bio-1-100x100.jpg\",\"contentUrl\":\"https:\\\/\\\/www.itta.net\\\/wp-content\\\/uploads\\\/2024\\\/04\\\/damien-bio-1-100x100.jpg\",\"caption\":\"Damien Crocq\"},\"description\":\"Damien est un professionnel dynamique, passionn\u00e9 par le marketing digital et le r\u00e9f\u00e9rencement naturel. Dipl\u00f4m\u00e9 d'un master en Web Marketing, il a acquis une solide exp\u00e9rience en e-commerce et a enseign\u00e9 sur des th\u00e9matiques de marketing digital. Aujourd'hui, il occupe le poste de sp\u00e9cialiste en marketing digital chez ITTA. Toujours curieux et innovant, Damien reste avant tout un passionn\u00e9 des technologies \u00e9mergentes, de l'informatique, de l'IA et du r\u00e9f\u00e9rencement naturel.\",\"sameAs\":[\"https:\\\/\\\/www.itta.net\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/damien-crocq\\\/?originalSubdomain=fr\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Docker Production: 5 Mistakes that Crash your Containers","description":"Top 5 Docker production mistakes: root, bloated images, secrets, healthchecks, monitoring. Diagnostic and concrete fixes by ITTA.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/","twitter_misc":{"Written by":"Damien Crocq","Estimated reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/#article","isPartOf":{"@id":"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/"},"author":{"name":"Damien Crocq","@id":"https:\/\/www.itta.net\/en\/#\/schema\/person\/ca875e6c61a8f6f224901d4b48e1494f"},"headline":"Top 5 Docker Mistakes that Crash your Containers in Production","datePublished":"2026-05-05T08:35:11+00:00","dateModified":"2026-06-04T11:50:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/"},"wordCount":2015,"publisher":{"@id":"https:\/\/www.itta.net\/en\/#organization"},"image":{"@id":"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/#primaryimage"},"thumbnailUrl":"https:\/\/www.itta.net\/wp-content\/uploads\/2026\/05\/docker-production-erreurs_v2-1.webp","articleSection":["Informatique","IT Pro"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/","url":"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/","name":"Docker Production: 5 Mistakes that Crash your Containers","isPartOf":{"@id":"https:\/\/www.itta.net\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/#primaryimage"},"image":{"@id":"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/#primaryimage"},"thumbnailUrl":"https:\/\/www.itta.net\/wp-content\/uploads\/2026\/05\/docker-production-erreurs_v2-1.webp","datePublished":"2026-05-05T08:35:11+00:00","dateModified":"2026-06-04T11:50:31+00:00","description":"Top 5 Docker production mistakes: root, bloated images, secrets, healthchecks, monitoring. Diagnostic and concrete fixes by ITTA.","breadcrumb":{"@id":"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/#primaryimage","url":"https:\/\/www.itta.net\/wp-content\/uploads\/2026\/05\/docker-production-erreurs_v2-1.webp","contentUrl":"https:\/\/www.itta.net\/wp-content\/uploads\/2026\/05\/docker-production-erreurs_v2-1.webp","width":1376,"height":768,"caption":"miniature article docker production top 5 erreurs critiques"},{"@type":"BreadcrumbList","@id":"https:\/\/www.itta.net\/en\/blog\/docker-production-top-5-mistakes\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.itta.net\/en\/"},{"@type":"ListItem","position":2,"name":"Top 5 Docker Mistakes that Crash your Containers in Production"}]},{"@type":"WebSite","@id":"https:\/\/www.itta.net\/en\/#website","url":"https:\/\/www.itta.net\/en\/","name":"ITTA","description":"Formations &amp; Certifications en Suisse Romande","publisher":{"@id":"https:\/\/www.itta.net\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.itta.net\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":["Organization","EducationalOrganization"],"@id":"https:\/\/www.itta.net\/en\/#organization","name":"ITTA","alternateName":"IT TRAINING ACADEMY SA","url":"https:\/\/www.itta.net\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.itta.net\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.itta.net\/wp-content\/uploads\/2023\/02\/Logo-transparent.png","contentUrl":"https:\/\/www.itta.net\/wp-content\/uploads\/2023\/02\/Logo-transparent.png","width":1500,"height":623,"caption":"ITTA"},"image":{"@id":"https:\/\/www.itta.net\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/ITTA\/100063747262936\/","https:\/\/www.linkedin.com\/company\/1001738","https:\/\/www.instagram.com\/itta_suisse\/"],"contactPoint":{"@type":"ContactPoint","telephone":"+41 58 307 73 00","contactType":"customer service","availableLanguage":["French","English"],"areaServed":[{"@type":"Country","name":"Switzerland"},{"@type":"Country","name":"France"}]},"location":[{"@type":"Place","name":"ITTA Geneve","address":{"@type":"PostalAddress","streetAddress":"Route des Jeunes 35","addressLocality":"Carouge","postalCode":"1227","addressRegion":"GE","addressCountry":"CH"},"geo":{"@type":"GeoCoordinates","latitude":46.18274,"longitude":6.12922}},{"@type":"Place","name":"ITTA Lausanne","address":{"@type":"PostalAddress","streetAddress":"Rue des Cotes-de-Montbenon 16","addressLocality":"Lausanne","postalCode":"1003","addressRegion":"VD","addressCountry":"CH"},"geo":{"@type":"GeoCoordinates","latitude":46.52111,"longitude":6.62734}}]},{"@type":"Person","@id":"https:\/\/www.itta.net\/en\/#\/schema\/person\/ca875e6c61a8f6f224901d4b48e1494f","name":"Damien Crocq","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.itta.net\/wp-content\/uploads\/2024\/04\/damien-bio-1-100x100.jpg","url":"https:\/\/www.itta.net\/wp-content\/uploads\/2024\/04\/damien-bio-1-100x100.jpg","contentUrl":"https:\/\/www.itta.net\/wp-content\/uploads\/2024\/04\/damien-bio-1-100x100.jpg","caption":"Damien Crocq"},"description":"Damien est un professionnel dynamique, passionn\u00e9 par le marketing digital et le r\u00e9f\u00e9rencement naturel. Dipl\u00f4m\u00e9 d'un master en Web Marketing, il a acquis une solide exp\u00e9rience en e-commerce et a enseign\u00e9 sur des th\u00e9matiques de marketing digital. Aujourd'hui, il occupe le poste de sp\u00e9cialiste en marketing digital chez ITTA. Toujours curieux et innovant, Damien reste avant tout un passionn\u00e9 des technologies \u00e9mergentes, de l'informatique, de l'IA et du r\u00e9f\u00e9rencement naturel.","sameAs":["https:\/\/www.itta.net","https:\/\/www.linkedin.com\/in\/damien-crocq\/?originalSubdomain=fr"]}]}},"_links":{"self":[{"href":"https:\/\/www.itta.net\/en\/wp-json\/wp\/v2\/posts\/253120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itta.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itta.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itta.net\/en\/wp-json\/wp\/v2\/users\/112"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itta.net\/en\/wp-json\/wp\/v2\/comments?post=253120"}],"version-history":[{"count":4,"href":"https:\/\/www.itta.net\/en\/wp-json\/wp\/v2\/posts\/253120\/revisions"}],"predecessor-version":[{"id":253555,"href":"https:\/\/www.itta.net\/en\/wp-json\/wp\/v2\/posts\/253120\/revisions\/253555"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.itta.net\/en\/wp-json\/wp\/v2\/media\/253113"}],"wp:attachment":[{"href":"https:\/\/www.itta.net\/en\/wp-json\/wp\/v2\/media?parent=253120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itta.net\/en\/wp-json\/wp\/v2\/categories?post=253120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itta.net\/en\/wp-json\/wp\/v2\/tags?post=253120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}