Klaus
 Fri, 28 Jul 2017 16:55:16 +0200 
#^Securing Docker » ADMIN Magazine
Image/photo
Docker containers introduce serious security problems, but you can employ a number of methods to deploy them securely.

Few debate that the destiny of a hosting infrastructure is running applications across multiple containers. Containers are a genuinely fantastic, highly performant technology ideal for deploying software updates to applications. Whether you're working in an enterprise with a number of critical microservices, tightly coupled with a pipeline that continuously deploys your latest software, or you're running a single LEMP (Linux, Nginx, MySQL, PHP) website that sometimes needs to scale up for busy periods, containers can provide with relative ease the software dependencies you need across all stages of your development life cycle.
Klaus

RDBMS containers

 Fri, 28 Jul 2017 13:04:28 +0200 last edited: Fri, 28 Jul 2017 16:55:45 +0200  
#^RDBMS Containers » ADMIN Magazine
Image/photo
If you spend very much of your time pushing containerized services from server to server, you might be asking yourself: Why not databases, as well? We describe the status quo for RDBMS containers.
Klaus

Deep Dive into Capabilities

 Sun, 25 Jun 2017 22:57:10 +0200 
Secure Your Containers with this One Weird Trick
Did you know there is an option to drop Linux capabilities in Docker? Using the docker run --cap-drop option, you can lock down root in a container so that it has limited access within the container. Sadly, almost no one ever tightens the security on a container or anywhere else.
Klaus

Docker 1.13

 Sat, 21 Jan 2017 16:29:50 +0100 
Introducing Docker 1.13
Today we’re releasing Docker 1.13 with lots of new features, improvements and fixes to help Docker users with New Year’s resolutions to build more and better container apps. Docker 1.13 builds on and improves Docker swarm mode introduced in Docker 1.12 and has lots of other fixes. Read on for Docker 1.13 highlights.
Klaus

Dockerized

 Fri, 09 Dec 2016 19:02:47 +0100 
Nearly all web projects are moved to #Docker containers now. The old infrastructure was mostly based on CentOS6/7 and the main reason for this step was the annoyance of legacy #PHP projects and their PHP version requirement conflicts. I don't need a cluster or swarm, so I have a single instance with #CentOS based #Project Atomic only. The dockerized projects include:
static pages with nginx
#TYPO3 7.6
#Drupal 8.2
#Piwik 2.17
#Revive Adserver 4.x
#OXID eShop 4.[9|10]
...

Here are some completely subjective "best practices":
  • I was a bit disappointed about most available images in Docker's Hub. But make use of the official mariadb, php, drupal, nginx images!
  • Use your Dockerfile and no massive entrypoint scripts.
  • Don't try to build a base images for all your projects, the projects have all too different requirements. Found it much easier to build custom images from the official PHP images directly with only what was really needed for the projects.
  • Think about mail delivery requirements. Does your application requires mail(), or can you configure a SMTP server. Use sSMTP if you need a local MTA.
  • Get your persistent volumes right and use the correct #SELinux labels.
  • A local repository makes deployment much easier.
  • Use #Jenkins to build and deploy new images.
  • Don't use --link, use Docker networks instead!
  • jwilder/nginx-proxy still has some bugs, especially with custom nginx configurations, but a wonderful tool.
  • jrcs/letsencrypt-nginx-proxy-companion and it was never easier to get certificates.
  • Think about reboots. How you want your containers to be managed? Services for systemctl work quite well so far.
  • Redirect your application logs to the right output. Log management I should take a look at again.

Should also get my private projects into containers next.
Klaus

infinit

 Wed, 07 Dec 2016 15:05:52 +0100 
#^Infinit Joins Docker
Image/photo

Today, we are thrilled to announce that Infinit and Docker are joining forces. To anyone following the container space, this may not come as a surprise because persistent storage remains the number one challenge when it comes to container technologies. Still, for Infinit, this is a huge milestone, closing the loop that has taken the team through quite an incredible journey.
 Docker
Klaus

Portainer

 Tue, 08 Nov 2016 11:43:15 +0100 
#^Portainer | Simple management UI for Docker
Image/photo
Portainer is a simple management solution for Docker. Easily manage your Docker hosts and Docker Swarm clusters via Portainer web user interface.


Interesting license decision Zlib-Libpng License
Klaus

Mounting single files to Docker

 Mon, 24 Oct 2016 18:45:39 +0200 
When you mount a single file into Docker, e.g.: -v /path/to/proxy/my_config.conf:/etc/nginx/conf.d/my_config.conf:ro,Z and wonder why your changes do not appear in the container check your editor to edit the original file and not renaming/replacing the original file.

When you use vim add a modeline to your file for example:
# Required when single files are mounted to container, so that inode does not change.
# vim: backupcopy=yes
Klaus

IP-based virtual hosts in a container

 Mon, 24 Oct 2016 18:34:46 +0200 last edited: Mon, 24 Oct 2016 18:45:59 +0200  
I have a Docker container with a nginx reverse proxy with name based virtual hosts and also wanted to have IP-based virtual hosts. But I always got the default server configuration, even I saw in the logs that the correct destination IP was logged, but the listen statements for the ip:port just had no effect.
It seems not to work with the default bridge network. Running the container with --net=host solved this problem and also the IP-based vhosts worked.
Klaus

Tear down docker test containers based on image name

 Thu, 01 Sep 2016 16:49:47 +0200 
Given your #CI generates #Docker images from your Git commits and tags them with something like web01-qa:$BUILD_NUMBER. Right now I can not set a name for the container that gets spun up after every commit, so I needed a solution to tear down the old containers after successful start of a new container based on the image they were created from. This is what I came up with:

docker ps --format "{{.ID}}\t{{.Image}}" | awk -F ':' '/web01-qa/{print $NF, $0}' | sort -r -n | tail -n+2 | awk '/web01-qa/{system("docker stop " $2)}'
Get all running containers, sort them by $BUILD_NUMBER for the image name containing web01-qa, stop all matching containers except the one from the newest image.

Or use docker rm -f if not interested in the old containers anymore.
Klaus

You trust your kernel?

 Mon, 14 Dec 2015 18:17:10 +0100 
#^Container Security » ADMIN Magazine
By Sebastian Meyer
The focus for container solutions such as Docker is increasingly shifting to security. Some vulnerabilities have been addressed, with plans to take further steps in the future to secure container virtualization.
Klaus

so many containers ;-)

 Thu, 25 Jun 2015 17:49:07 +0200 
Our docker service was a bit slowly loading...
$ docker ps -aq | wc -l
97691

#Docker? #Jenkins? #WTF?!?

Spinning up a container seems to be much quicker than removing an old container. I started to delete these containers this morning. After 7 hours there are still around 45000 containers left. o_O
Klaus

Docker meets the IDE

 Thu, 25 Jun 2015 17:40:41 +0200 
#^Docker meets the IDE - Integrating your favorite containers in the editor of your choice!
Image/photo
Some tools to help integrating Docker into some of the most popular Integrated Development Environments.


Looking forward to Eclipse Mars release from today with the Docker integration in the Eclipse Linux Tools.
Klaus

Jenkins Docker Plugin

 Thu, 30 Oct 2014 22:55:50 +0100 
Looks really nice. Too bad I did not get it finished at office today.

#^Docker Plugin - Jenkins - Jenkins Wiki
No plugin specified.This plugin allows slaves to be dynamically provisioned using Docker. The aim of the docker plugin is to be able to use a docker host to dynamically provision a slave, run a single build, then tear-down that slave. Optionally, the container can be committed, so that (for example) manual QA could be performed by the container bei...

#Jenkins
Klaus
 Thu, 16 Oct 2014 00:42:27 +0200 
Wo wird das wohl hin führen?

#^Anwendungs-Container: Microsoft will Docker für Windows entwickeln
Image/photo

Microsoft hat die Wichtigkeit von Docker erkannt und wird die Container-Verpackungstechnik in Zusammenarbeit mit deren Entwicklern künftig auf seinen Plattformen unterstützen.
Klaus

CoreOS Meetup live stream

 Tue, 14 Oct 2014 11:39:16 +0200 
There will be a live stream from tonight's Docker Cologne meetup about #CoreOS with Brandon Philips (CTO, CoreOS).

#^CoreOS Meetup Cologne, October 14, 2014
Image/photo


Video stream/recording of the October 14, 2014 event in Cologne, hosted by Giant Swarm. Talks featuring Brandon Philips (CTO, CoreOS) and Luke Marsden (CTO, ClusterHQ).

#DockerCGN
Klaus

CoreOS Meetup in Cologne 14. Oct. 2014

 Tue, 07 Oct 2014 22:20:20 +0200 last edited: Tue, 07 Oct 2014 23:39:48 +0200  
CoreOS has some quite interesting concepts, especially about how to do system updates.

#^Docker Cologne / Köln
Brandon Philips (CTO, CoreOS) will be in Cologne and give us some insights into their product.
https://coreos.com/
Luke Marsden (CTO, ClusterHQ) - Data focused Docker clustering
https://clusterhq.com
#dockermeetup
 Docker
Klaus
 Tue, 07 Oct 2014 21:41:33 +0200 
#^Bonn Agile Meetup - Oktober 2014: Docker - Einführung und Microservices mit Docker | Data in Transit
Für das Meetup am 7. Oktober freuen wir uns euch zwei Vorträge zum Thema Container-Virtualisierung mit Docker zu präsentieren. Die agile Softwareentwicklung birgt immer neue Herrausforderung rund um Individuen, Prozesse, Organisation und Infrastruktur. Wir möchten uns den Themen Infrastruktur und Organisation widmen. Docker ist hier eine Teilan...

War ein sehr interessanter Abend. Ein paar gute Ideen mitgenommen. Werde mir auf jeden Fall mal Fig ansehen um Container leichter zu verbinden.
Klaus

dockercon14eu

 Mon, 22 Sep 2014 23:26:48 +0200 
No DockerCon14EU without PayPal. :-! Too bad, looks like they don't want me to attend.

#^DockerCon Europe 2014
Image/photo

DockerCon Europe 2014 is a two-day Docker-centric conference that is organized by Docker, Inc. It will feature topics and content about all aspects of Docker and will be suitable for Developers, DevOps, Ops, System Administrators and C-level executives. At DockerCon Europe you will also be able to meet wit...

#dockercon
 Docker
Klaus

Kernel panic with Docker

 Sun, 20 Jul 2014 22:38:17 +0200 
Already had several Kernel panics while playing with Docker. :-( Until now I only tried it on one machine, so not sure if something else is maybe wrong here.

This one appeared right after a docker run:
Image/photo
 Docker