docker

How to manage docker secrets The product that is produced by most software developer teams is a docker image. How can be sure that we are not leaking secrets in docker images? If we include them as building arguments for sure they are going to be stored in the own image. Is there any way to avoid having them inside the docker image? Introduction Suppose you have a docker image that requires a secret, you do not want to include it in the image, but you need during the process of building the image. [Read More]

Dockerfile stages must have a command In multi-stage Dockerfile, you have to be careful for what stages you run. Want to avoid having misteriously exit 0 errors in containers? Add a CMD at the end of the Dockerfile stage with some dummy command like CMD ["/bin/bash", "echo", "Command for stage X"]Any stage that has no command will exit without informing the user of what happened. This could cause some mysterious errors if you are getting up all containers and not overwritting the command of the ones that have none. [Read More]

Use the builder stage pattern in Dockerfiles Most of the time, some libraries that we install in a docker image are only used for the construction of our executables. Could we just not include in our final docker image? Docker images should be minimal As we saw in our previous post, docker images should be minimal for several reasons, but the aim is to reduce the cost of the transference of the docker image. [Read More]

Reduce the size of your builder images Docker images should have a small size. For example, Alpine Linux images have a mere 50MB of size, debian-slim is 50-60MB of size. Why do we seek a small size footprint? One reason is simply because the docker images are usually pushed to, and download from, docker repositories like dockerhub or other private docker repositories. Use a small base image Alpine and debian-slim-stable are like 50MB. [Read More]

Override docker-compose.yml files Sometimes we want to have different versions of docker-compose.yml files (one for production and one for development). Each environment has their own characteristics (slightly different images for example) we show here a good way to override sections of a docker-compose.yml file easily. Why? Sometimes we have several environments that share almost all docker configuration. Having a common docker-compose.yml file and several docker-compose.override.yml files is a great way to manage your service configurations. [Read More]

Docker is a container system that allow developers to have a common environment to develop and SRE/devops to have machine-independent deployment process. Allow writing of files in docker in Linux I have been working on a small project in Python: functainer. The goal of this project is to provide a Python package to run functions in docker seamlessly: you only will docker and Python to run it. Anyway, that project uses files as a mean of communication, i. [Read More]