Prefetch Technologies // Keeping your cache lines cozy

Archive

Posts in Containers

Using dockle to check docker containers for known issues

containersJul 15, 2020 2 min read

As an SRE, I'm always on the look out for tooling that can help me do my job better. The Kubernetes ecosystem is filled with amazing tools, especially ones that can validate that your clusters and container images are configured in a reliable and secure fashion. One such tool is dockle. If you haven't heard of it, dockle is a container scanning tool that can be used verify that your containers are adhering to best practices…

$ read more →
earlier

Seeing what changed in a docker containers file system

containersNov 7, 2019 1 min

Docker has a number of nifty options to help investigate containers and container images. One option I have used over and over to debug issues is the docker ["diff" command.] (https://docs.docker.com/engine/reference/commandline/diff/) This dumps out the files that have been aded ), deleted ) and created ) since the container started. Here's a simple example showing diff in action: Cool stuff!

$ read more →

Using docker volumes on SELinux-enabled servers

containerssecuritySep 30, 2017 4 min

I was doing some testing this week and received the following error when I tried to access a volume inside a container: When I checked the system logs I saw the following error: The docker container was started with the "-v" option to bind mount a directory from the host: The error shown above was generated because I didn't tell my orchestration tool to apply an SELinux label to the volume I was trying to map into the container. In the SELinux world processes and file system objects are given contexts to describe their purpose. These contexts are then used by the kernel to allow processes to access file objects if policy allows it. To allow a docker container to access a volume on a SELinux-enabled host you need to attach the "z" or "Z" flag to the volume mount…

$ read more →

The subtle differences between the docker ADD and COPY commands

containersSep 24, 2017 1 min

This weekend I spent some time cleaning up a number of Dockerfiles and getting them integrated into my build system. Docker provides the ADD and COPY commands to take the contents from a given source and copy them into your container. On the surface both commands appear to do the same thing but there is one slight difference. The COPY command works solely on files and directories: The ADD instruction copies new files, directories or remote file URLs from and adds them to the file system of the image at the path …

$ read more →

One of the best docker resources on the interwebs

containersJan 21, 2017 1 min

For the past two years I've scoured the official docker documentation when I needed to learn something. Their documentation is really good but there are areas that lack examples and a deep explanation of why something is the way it is. One of my goals for this year is to read one technical book / RFC a month so I decided to start off the year with James Turnbull's The Docker Book. James starts with the basics and then extends this with a thorough description of images, testing with docker and orchestration…

$ read more →