Image Management & Mutability in Docker and Kubernetes

Kubernetes is a fantastic tool for building large containerised software systems in a manner that is both resilient and scalable. But the architecture and design of Kubernetes has evolved over time, and there are some areas that could do with tweaking or rethinking. This post digs into some … Read more

Lightning Image Deployment with ImageWolf

Modern web developers can push to staging or production multiple times a day. Each time this happens, there is a delay while images are distributed to the nodes, especially if the images need to be pulled from a remote registry. This can be a significant issue, forcing developers … Read more

Tricks of the Captains – DockerCon Talk

At DockerCon 2017 in Austin, Texas, I gave a talk entitled “Tricks of the Captains” in the community theatre track. The talk covered various tips and tricks for using Docker, compiled from the brains in the Docker Captains program.

The tricks included:

Configuring docker ps output Don’t bust … Read more

The Average Dev, Containers and Security

At the recent #INGLovesIT event in Bucharest, I gave a talk about Container Security. I went into details about features of Docker and the Linux kernel. This led Simon Brown (who gave a great keynote on the relationship between Agile and software architecture) to tweet:

Listening … Read more

Multi-arch Docker Images

Although the promise of Docker is the elimination of differences when moving software between environments, you’ll still face the problem that you can’t cross platform boundaries, i.e. you can’t run a Docker image built for x86_64 on a arm board such as the Raspberry Pi. This means that … Read more

Running a Secure Registry on Kubernetes

Once your shiny new Kubernetes cluster is up-and-running, one of the first things you’ll want to add is a local registry for storing private images. This is typically achieved using the official Kubernetes registry addon. Unfortunately, the official addon has a few shortcomings, especially with regards to security. … Read more

All Hail the New Docker Swarm

Unfortunately, I’m not able to attend DockerCon US this year, but I will be keeping up with the announcements. As part of the Docker Captains program, I was given a preview of Docker 1.12 including the new Swarm integration which is Docker’s native clustering/orchestration solution (also known as … Read more

Using binpack with Docker Swarm

Docker Swarm – Docker’s native clustering solution – ships with two main scheduling strategies, spread and binpack. The spread strategy will attempt to spread containers evenly across hosts, whereas the binpack strategy will place containers on the most-loaded host that still has enough resources to run the given … Read more

Running Docker Containers with Systemd

You can get by running Docker containers with shell scripts, or with Docker Compose (if you don’t mind ignoring the “don’t use in production” warnings), but for some use cases, it’s preferable to take advantage of the host init system/process manager. It seems that every major distro is … Read more