Multi-arch Docker Images

Although the promise of Docker is the elimination of differences when moving software between environments, you’ll still face the problem that you can’t cross platform boundaries, i.e. you can’t run a Docker image built for x86_64 on a arm board such as the Raspberry Pi. This means that if you want to support multiple architectures, … Continued

Running a Secure Registry on Kubernetes

Once your shiny new Kubernetes cluster is up-and-running, one of the first things you’ll want to add is a local registry for storing private images. This is typically achieved using the official Kubernetes registry addon. Unfortunately, the official addon has a few shortcomings, especially with regards to security. In this post, I’ll describe these shortcomings, … Continued

Adding Self-signed Registry Certs to Docker & Docker for Mac

The Docker registry image has over 10 million pulls on Docker Hub, so it’s safe to say that a lot of people out there are making use of it. When running a registry, it’s essential to make sure your clients can access it easily and securely. If your registry isn’t running on a public domain, … Continued

All Hail the New Docker Swarm

Unfortunately, I’m not able to attend DockerCon US this year, but I will be keeping up with the announcements. As part of the Docker Captains program, I was given a preview of Docker 1.12 including the new Swarm integration which is Docker’s native clustering/orchestration solution (also known as SwarmKit, but that’s really the repo/library name). … Continued

Using binpack with Docker Swarm

Docker Swarm – Docker’s native clustering solution – ships with two main scheduling strategies, spread and binpack. The spread strategy will attempt to spread containers evenly across hosts, whereas the binpack strategy will place containers on the most-loaded host that still has enough resources to run the given containers. The advantage of spread is that … Continued

Running Docker Containers with Systemd

You can get by running Docker containers with shell scripts, or with Docker Compose (if you don’t mind ignoring the “don’t use in production” warnings), but for some use cases, it’s preferable to take advantage of the host init system/process manager. It seems that every major distro is moving to systemd these days, so that’s … Continued

Docker Inspect Template Magic

Most Docker users are aware of the docker inspect command which is used to get metadata on a container or image, and may have used the -f argument to pull out some specific data, for example using docker inspect -f {{.IPAddress}} to get a container’s IP Address. However, a lot of users seem confused by … Continued

Running Docker in Jenkins (in Docker)

In this post we’re going to take a quick look at how you can mount the Docker sock inside a container in order to create “sibling” containers. One of my colleagues calls this DooD (Docker-outside-of-Docker) to differentiate from DinD (Docker-in-Docker), where a complete and isolated version of Docker is installed inside a container. DooD is … Continued

The Future is Containerized

We’ve seen a lot of critical posts about Docker recently. I don’t remember the last time a technology caused so much controversy and heated debate1. In this article I’m not going to address any specific technical issues, but try to explain why Docker — or at least some form of containerization platform — is here … Continued

Docker and Provenance – Talk to Amsterdam Docker Meetup

The regular Docker Amsterdam meetup was held on Thursday 26th January at the offices of Schuberg Phillis. There were talks on “Docker and Provenance” by our own Chief Scientist Adrian Mouat, Mike Wessling from Bitbrains on “Falling off the shoulders of giants” and Michael Boelen from CISOfy on “Docker Security”. All the talks were well … Continued