Lightning Image Deployment with ImageWolf

Modern web developers can push to staging or production multiple times a day. Each time this happens, there is a delay while images are distributed to the nodes, especially if the images need to be pulled from a remote registry. This can be a significant issue, forcing developers and ops to wait much longer than … Continued

Tricks of the Captains – DockerCon Talk

At DockerCon 2017 in Austin, Texas, I gave a talk entitled “Tricks of the Captains” in the community theatre track. The talk covered various tips and tricks for using Docker, compiled from the brains in the Docker Captains program. The tricks included: Configuring docker ps output Don’t bust the build cache Cleaning up with docker … Continued

The Average Dev, Containers and Security

At the recent #INGLovesIT event in Bucharest, I gave a talk about Container Security. I went into details about features of Docker and the Linux kernel. This led Simon Brown (who gave a great keynote on the relationship between Agile and software architecture) to tweet: Listening to @adrianmouat talking about Docker and security; scary stuff, … Continued

Multi-arch Docker Images

Although the promise of Docker is the elimination of differences when moving software between environments, you’ll still face the problem that you can’t cross platform boundaries, i.e. you can’t run a Docker image built for x86_64 on a arm board such as the Raspberry Pi. This means that if you want to support multiple architectures, … Continued

Running a Secure Registry on Kubernetes

Once your shiny new Kubernetes cluster is up-and-running, one of the first things you’ll want to add is a local registry for storing private images. This is typically achieved using the official Kubernetes registry addon. Unfortunately, the official addon has a few shortcomings, especially with regards to security. In this post, I’ll describe these shortcomings, … Continued

Adding Self-signed Registry Certs to Docker & Docker for Mac

The Docker registry image has over 10 million pulls on Docker Hub, so it’s safe to say that a lot of people out there are making use of it. When running a registry, it’s essential to make sure your clients can access it easily and securely. If your registry isn’t running on a public domain, … Continued

All Hail the New Docker Swarm

Unfortunately, I’m not able to attend DockerCon US this year, but I will be keeping up with the announcements. As part of the Docker Captains program, I was given a preview of Docker 1.12 including the new Swarm integration which is Docker’s native clustering/orchestration solution (also known as SwarmKit, but that’s really the repo/library name). … Continued

Using binpack with Docker Swarm

Docker Swarm – Docker’s native clustering solution – ships with two main scheduling strategies, spread and binpack. The spread strategy will attempt to spread containers evenly across hosts, whereas the binpack strategy will place containers on the most-loaded host that still has enough resources to run the given containers. The advantage of spread is that … Continued

Running Docker Containers with Systemd

You can get by running Docker containers with shell scripts, or with Docker Compose (if you don’t mind ignoring the “don’t use in production” warnings), but for some use cases, it’s preferable to take advantage of the host init system/process manager. It seems that every major distro is moving to systemd these days, so that’s … Continued

Docker Inspect Template Magic

Most Docker users are aware of the docker inspect command which is used to get metadata on a container or image, and may have used the -f argument to pull out some specific data, for example using docker inspect -f {{.IPAddress}} to get a container’s IP Address. However, a lot of users seem confused by … Continued