-
- Introduction to docker to Kubernetees deployments
-
The Docker, Kubernetes, Terraform, and AWS crash course series [kubernetes]
- Ramp up on DevOps tools in minutes via a series of lightning quick, hands-on crash courses where you learn by doing.
Dockerfile
data containers --volumes-from
lxc (docker) lxd (aws lambda) https://github.com/p8952/bocker
--squash
https://github.com/slimtoolkit/slim brew install docker-slim
https://ubuntu.com/blog/we-reduced-our-docker-images-by-60-with-no-install-recommends
apt-get purge --auto-remove &&
apt-get clean
- Running Docker Containers as Current Host User - Making local development less aggravating
- Best Practices Around Production Ready Web Apps with Docker Compose
- Optimizing Docker image size and why it matters
https://medium.com/sciforce/strategies-of-docker-images-optimization-2ca9cc5719b6
Sharing build cache
-
Rubbish - manual and clumbsy
- Distributing Docker Cache across Hosts
- Docker 1.10 changed layer cache
- explicitly use
saveandloadfor tag.gz of layers
- Caching Docker layers on serverless build hosts with multi-stage builds, --target, and --cache-from
--cache-fromfor manually pushing build image. There must be a better way ...
- Distributing Docker Cache across Hosts
-
Docker build cache sharing on multi-hosts with BuildKit and buildx
- docker/buildx
-
IMAGE_TAG=<IMAGE_REPO>:<CI_COMMIT_HASH> CACHE_TAG=<CACHE_REPO>:<CI_PROJECT_ID>-<CI_BRANCH_NAME> docker buildx build \ -t $IMAGE_TAG \ -f ./Dockerfile \ --cache-from=type=registry,ref=$CACHE_TAG \ --cache-to=type=registry,ref=$CACHE_TAG,mode=max \ --push \ --progress=plain \ .
-
- Using docker containers to run applications with only dir level access
-
Subuser turns a docker container into a normal program. But this program is not fully privileged. It can only access the directory from which it was called
-
The smallest Docker image to serve static websites
thttpd187kb - built with alpine but uses thescratchimage with no OS installed
-
Working on Multiple Web Projects with Docker Compose and Traefik
- Using a domain trafik that points to 127.0.0.1 and having name resolution - Kind of neat and simple docker-compose.override
alias docker_clean='docker volume rm $(docker volume ls -qf dangling=true) ; docker rm $(docker ps -q -f status=exited) ; docker rmi $(docker images -q -f dangling=true)'
alias docker_nuke='docker_rm_all ; docker rmi --force $(docker images -q -a) ; docker volume rm $(docker volume ls -qf dangling=true) ; docker network rm $(docker network ls -q)'
alias docker_ps='docker ps -a --format "{{.ID}}\t{{.Names}}"'
alias docker_rm_all='docker_stop_all ; docker rm $(docker ps -a -q) --force'
alias docker_rm_exited='docker ps -a | grep Exit | cut -d " " -f 1 | xargs docker rm'
alias docker_stop_all='docker stop $(docker ps -a -q)'-
Secure by default
-
No Root level daemon
-
- repl.it is moving from a single 30gb mega- container to a
nixpackage pick and mix approach
- repl.it is moving from a single 30gb mega- container to a
-
On the joy of podman and auto-updates
- using podman for system services
-
How we reduced 502 errors by caring about PID 1 in Kubernetes #SIGTERM #SIGKILL
- The container orchestrator landscape
- Systems quickly require many containers and they are difficult to deploy individually. We need orchestration. We keen [kubernetes]