recentpopularlog in

rdark : docker   63

We are the home of quality software with a focus on simplicity, usability, security and minimalism. No bullshit, no politics, all genuine.
tools  software  docker  linux  containers  devops  golang  github 
11 weeks ago by rdark
tobegit3hub/mirror-dockerhub: Tools to mirror container images from docker hub
Mirror-dockerhub is the tool to mirror container images from docker hub.

You can mirror images from not only docker hub but also other private registries.

Collection of rough bash scripts to mirror docker reops
mirror  docker  bash  github 
december 2018 by rdark
gaia-pipeline/gaia: Build powerful pipelines in any programming language.
gaia is an open source automation platform which makes it easy and fun to build powerful pipelines in any programming language. Based on HashiCorp's go-plugin and gRPC, gaia is efficient, fast, lightweight and developer friendly. Gaia is currently alpha! Do not use it for mission critical jobs yet!

Develop pipelines with the help of SDKs (currently only Go) and simply check-in your code into a git repository. Gaia automatically clones your code repository, compiles your code to a binary and executes it on-demand. All results are streamed back and formatted to a user-friendly graphical output.
golang  ci  devops  build  docker  hashicorp 
july 2018 by rdark
veggiemonk/awesome-docker: A curated list of Docker resources and projects
A curated list of Docker resources and projects Inspired by @sindresorhus' awesome and improved by these amazing contributors.
docker  github  tools 
february 2018 by rdark
Use multi-stage builds | Docker Documentation
Multi-stage builds are a new feature in Docker 17.05, and they will be exciting to anyone who has struggled to optimize Dockerfiles while keeping them easy to read and maintain.
docker  best_practice 
june 2017 by rdark
Yelp/dumb-init: A minimal init system for Linux containers
dumb-init is a simple process supervisor and init system designed to run as PID 1 inside minimal container environments (such as Docker). It is deployed as a small, statically-linked binary written in C.
yelp  devops  docker  containers  init  systemd  c 
june 2017 by rdark
workshop/ at master · gravitational/workshop
Kubernetes Production Patterns

... and anti-patterns.

We are going to explore helpful techniques to improve resiliency and high availability of Kubernetes deployments and will take a look at some common mistakes to avoid when working with Docker and Kubernetes.
kubernetes  docker  best_practice 
june 2017 by rdark
Amazon EC2 Container Service at AWS re:Invent 2016 – Wrap-up | AWS Compute Blog
We wanted to summarize a few of the highlights from this year’s AWS re:Invent.

On Thursday December 1, Werner Vogels announced two new features for Amazon ECS.

Blox is a new open source project that enables users to build custom schedulers and other tooling on top of Amazon ECS. Our goal with Blox is to provide tools that simplify the creation of custom schedulers, dashboards and other extensions, so that customers can meet the needs of their specific use cases. Werner also announced that new task placement strategies are coming later this year. Watch the keynote or see the AWS Compute blog for more details on these announcements.
aws  ecs  blox  docker  re:invent  talks 
december 2016 by rdark
Blox - Open Source Tools for Amazon ECS
Blox is a collection of open source projects for container management and orchestration on Amazon ECS

Blox gives you more control over how your containerized applications run on Amazon ECS. It enables you to build schedulers and integrate third-party schedulers on top of ECS, while leveraging Amazon ECS to fully manage and scale your clusters.
ecs  docker  clustering  scheduler  open_source  aws 
december 2016 by rdark
Say Hello to CircleCI 2.0 - CircleCI
Today we’re releasing CircleCI 2.0 in closed beta. 2.0 is a highly customizable, powerful platform that includes first-class container support. It will help teams of all sizes realize even more of the benefits CI and CD bring. The new and expanded CircleCI 2.0 functionalities empower teams to do their best work and stay on the cutting edge of software development.

There’s a paradigm shift happening today around how software is crafted and delivered, from monolithic architectures and a steady release cycle, to microservices, containers, and continuous delivery. Since CircleCI was founded five years ago, the number of technologies and approaches our customers use has grown exponentially. We’ve moved fast to accommodate those requests, and learned a lot along the way.

Here is a sneak peek at some key 2.0 features:

Native Docker Support

With CircleCI 2.0, we treat Docker as a first-class citizen. If it works with Docker, it will work with CircleCI 2.0. You can pull any image from container registry. You can also build and push images to a Docker registry or into their deploy environment. You can even use existing Dockerfiles and images on any registry. You control when/if your builds are updated or changed. You’ll be able to use any tools available in the Docker ecosystem.
circle_ci  docker  testing  beta  continous_integration 
november 2016 by rdark
Abusing Privileged and Unprivileged Linux Containers
In this paper, we'll discuss several security pitfalls with Linux containers. Many of them are intrinsic to the design of the container systems, or may be the result of insecure defaults. We'll analyze historical container attacks, and how they are currently mitigated. We will then examine several novel or poorly documented attacks possible against both privileged and unprivileged Linux containers. This paper is geared towards penetration testers, but also provides insight for administrators and developers looking to prevent common attacks against their container systems.
security  containers  linux  docker 
june 2016 by rdark
confluentinc/bottledwater-pg: Change data capture from PostgreSQL into Kafka
Bottled Water uses the logical decoding feature (introduced in PostgreSQL 9.4) to extract a consistent snapshot and a continuous stream of change events from a database. The data is extracted at a row level, and encoded using Avro. A client program connects to your database, extracts this data, and relays it to Kafka (you could also integrate it with other systems if you wish, but Kafka is pretty awesome).

Key features of Bottled Water are:

Works with any PostgreSQL database (version 9.4 or later). There are no restrictions on your database schema.
No schema changes are required, no triggers or additional tables. (However, you do need to be able to install a PostgreSQL extension on the database server. More on this below.)
Negligible impact on database performance.
Transactionally consistent output. That means: writes appear only when they are committed to the database (writes by aborted transactions are discarded), writes appear in the same order as they were committed (no race conditions).
Fault-tolerant: does not lose data, even if processes crash, machines die, the network is interrupted, etc.
docker  postgres  databases  replication  kafka  WAL 
april 2016 by rdark
redspread/spread: Docker to production in one command
spread is a command line tool that builds and deploys a Docker project to a Kubernetes cluster in one command. The project's goals are to:

* Enable rapid iteration with Kubernetes
* Be the fastest, simplest way to deploy Docker to production
* Work well for a single developer or an entire team (no more broken bash scripts!)
kubernetes  docker  devops  github  golang 
march 2016 by rdark
slides.pptx - ERNW_Stocard_Docker-Devops-Security_fbarth-mluft.pdf
this week I gave a presentation together with Florian Barth from StoCard on Docker, DevOps/Microservices, and Security — a topic and collaboration that I will definitely cover in even more detail in the future!
security  docker  presentation 
march 2016 by rdark
nicholasjackson/minke: Suite of rake tasks for building microservices in Go with Docker
Minke is an opinionated build system for Microservices and Docker, like a little envelope of quality it scaffolds the build, run and test (unit test and functional tests) phases of your microservice project allowing you to simply run and test your images using Docker Compose. Currently supporting Google's Go, extensions are planned for Node.js or HTML / Javascript sites with Grunt or Gulp based builds.
ruby  docker  golang  build  ruby_gems  cucumber  rake 
march 2016 by rdark
gravitational/docker_auth: Authentication server for Docker Registry 2.0
Fork of docker_auth that uses postgres database for ACL + authentication.

Also has a command line client for interacting with the database
docker  authentication  database  postgres 
february 2016 by rdark
cesanta/docker_auth: Authentication server for Docker Registry 2
Docker Registry 2.0 introduced a new, token-based authentication and authorization protocol, but the server to generate them was not released. Thus, most guides found on the internet still describe a set up with a reverse proxy performing access control.

This server fills the gap and implements the protocol described here.

Supported authentication methods:

Static list of users
Google Sign-In (incl. Google for Work / GApps for domain) (documented here)
LDAP bind
MongoDB user collection

Supported authorization methods:

Static ACL
MongoDB-backed ACL
oauth  ldap  docker  docker_registry  authentication  golang 
february 2016 by rdark
gliderlabs/docker-alpine: Alpine Linux Docker image. Win at minimalism!
A super small Docker image based on Alpine Linux. The image is only 5 MB and has access to a package repository that is much more complete than other BusyBox based images.
github  alpine_linux  linux  docker 
february 2016 by rdark
docker/notary: Notary is a Docker project that allows anyone to have trust over arbitrary collections of data
The Notary project comprises a server and a client for running and interacting with trusted collections.

Notary aims to make the internet more secure by making it easy for people to publish and verify content. We often rely on TLS to secure our communications with a web server which is inherently flawed, as any compromise of the server enables malicious content to be substituted for the legitimate content.
github  docker  security  crypto 
february 2016 by rdark
alanfranz/docker-rpm-builder: Build native RPM packages by leveraging docker capabilities.
docker-rpm-builder works on any host distributions that supports docker, and is currently tested to build 64 bit Centos 5, 6 and 7 RPM packages, as well as Fedora 20, 21, 22, and rawhide.

It's designed to be a very small and hackable wrapper to help in rpm building, and lets you build binary RPMs on the fly, without generating an intermediate source rpm - which is required by tools like mock and it's a bit of an unnecessary byproduct nowadays, since most source tracking is done in a revision control system. Docker capabilities are leveraged to make the build fast; copy is limited, and bind-mount between host and container is privileged whenever it's possible.
github  development  redhat  rpm  docker  build  package_management 
january 2016 by rdark
the agile admin | Immutable Delivery
This article proposes a design pattern modeled after “Immutable Infrastructure”, something I call “Immutable Delivery”. There has been a lot of debate and discussion about the usage of the term “Immutable” lately. Let me clearly say that there is no such thing as an immutable server or immutable infrastructure. I know of no example in my 35 years of working with IT infrastructure of a system or infrastructure that is completely immutable. A system changes and continues to change the minute it is powered on. Things like logs, dynamic tables and memory are constantly changing during a system’s lifecycle.
docker  blogs  immutable_infrastructure  aws  devops 
november 2015 by rdark
Using Docker-in-Docker for your CI or testing environment? Think twice.
However, contrary to popular belief, Docker-in-Docker is not 100% made of sparkles, ponies, and unicorns. What I mean here is that there are a few issues to be aware of.
docker  ci  testing 
november 2015 by rdark
Migrating MongoDB data with Mesos and Flocker
Using Powerstrip, we can use the Flocker local-storage migration feature to move the data to a new server. This means we are treating the container and the data as an atomic unit — when Marathon reschedules the container to another machine, Flocker moves the data alongside it.
mesos  migration  flocker  mongoDB  marathon  docker 
november 2015 by rdark
Bowline provides a number of ways to stream-line the continuous builds of your Docker images, through a web interface.
docker  build  hooks  github  git 
october 2015 by rdark
Nomad - HashiCorp
Today we announce Nomad, a cluster manager and scheduler designed for microservices and batch workloads. Nomad is distributed, highly available, and scales to thousands of nodes spanning multiple datacenters and regions.
docker  hashicorp  clustering  coreOS 
september 2015 by rdark
Tool to migrate Docker images from a v1 registry to a v2 registry
docker  registry  migration  github 
september 2015 by rdark
Docker Notification Docs
overview of webhooks + monitoring endpoints in docker registry v2
docker  documentation  webhooks  monitoring  notifications 
july 2015 by rdark
Logspout is a log router for Docker containers that runs inside Docker. It attaches to all containers on a host, then routes their logs wherever you want. It also has an extensible module system.

It's a mostly stateless log appliance. It's not meant for managing log files or looking at history. It is just a means to get your logs out to live somewhere else, where they belong.

For now it only captures stdout and stderr, but a module to collect container syslog is planned.
logging  syslog  docker  logstash 
july 2015 by rdark
This docker image will attach an Amazon EBS Volume to an Amazon EC2 Instance. It will then wait for a SIGINT or SIGTERM signal, at which point it will detach the Amazon EBS Volume. This is meant to be used on a CoreOS cluster as a sidekick to another container that needs persistent storage.
ebs  ec2  aws  docker  coreOS  nodejs 
july 2015 by rdark
Building Docker Images for Static Go Binaries — Medium
getting go to compile completely standalone binaries without any linkage: CGO_ENABLED=0 GOOS=linux go build -a -tags netgo -ldflags '-w' .
devops  deployment  golang  docker  dll 
may 2015 by rdark
Microsoft Windows - Docker Documentation
boot2docker windows install howto (also seems to be available in chocolatey)
docker  windows  boot2docker  documentation 
may 2015 by rdark
Droplet Infrastructure: Service Registration and Discovery
useful bash function for pulling ports from local docker instance and populating etcd with that info
blogs  discovery  coreOS  etcd  bash  docker 
may 2015 by rdark
Service registry bridge for Docker, sponsored by Weave.
golang  docker  development  github  service_discovery 
may 2015 by rdark
Running a secured etcd instance with Docker
Further notes on etcd SSL using etcd-ca. etcd has some strict certificate requirements, that aren't supported by all CAs..
security  ssl  docker  etcd  certificate_authority 
april 2015 by rdark
CentOS/CentOS-Dockerfiles · GitHub
Official dockerfiles for various deployments of software on official CentOS images
github  docker  CentOS  reference 
april 2015 by rdark
docker - Is it possible to start a shell session in a running container (without ssh) - Stack Overflow
With docker 1.3, there is a new command docker exec. This allows you to enter a running docker:

docker exec -it "id of running container" bash
docker  shell  debugging 
april 2015 by rdark
Docker 1.6: Engine & Orchestration Updates, Registry 2.0, & Windows Client Preview | Docker Blog
* Container and Image Labels
* Windows Client Preview
* Logging Drivers
* Content Addressable Image Identifiers
* ‒‒cgroup-parent
* Ulimits
* Dockerfile instructions can now be used when committing and importing
* Registry 2.0 + Engine 1.6 = Faster image pulls
* Compose 1.2
* Swarm 0.2
* Machine 0.2
docker  release_notes 
april 2015 by rdark
Docker container that attaches an EBS volume to the local ec2 instance.
ec2  ebs  docker  coreOS 
april 2015 by rdark
A Docker ambassador (containerized TCP reverse proxy / forwarder) that supports static forwards, DNS-based forwards (with SRV), Consul+Etcd based forwards, or forwards based on the connecting container's intended backend (read: magic).
github  docker  discovery  SOI  consul 
january 2015 by rdark
SkyDNS is a distributed service for announcement and discovery of services built on top of etcd. It utilizes DNS queries to discover available services. This is done by leveraging SRV records in DNS, with special meaning given to subdomains, priorities and weights.
configuration  dns  distributed  docker  etcd  SOI 
january 2015 by rdark
How to scale Docker containers in production - Stack Overflow
good collection of docker links vaguely related to auto-scaling
automation  devops  docker  scalability 
january 2015 by rdark
Deis (pronounced DAY-iss) is an open source PaaS that makes it easy to deploy and manage applications on your own servers. Deis builds upon Docker and CoreOS to provide a lightweight PaaS with a Heroku-inspired workflow.
PAAS  github  docker  coreos  heroku 
november 2014 by rdark
Project Atomic
An Atomic Host is a lean operating system designed to run Docker containers, built from upstream CentOS, Fedora, or Red Hat Enterprise Linux RPMs. It provides all the benefits of the upstream distribution, plus the ability to perform atomic upgrades and rollbacks — giving the best of both worlds: A modern update model from a Linux distribution you know and trust.
devops  linux  openstack  docker  centos  RHEL 
november 2014 by rdark
Deni Bertovic
Overview of setting up logstash-forwarder on parent hosts, exposing named pipes to child containers
logstash  logging  docker 
july 2014 by rdark
Cluster-Level Container Deployment with fleet
So... what can it actually do?

Deploy docker containers on arbitrary hosts in a cluster
Distribute services across a cluster using machine-level anti-affinity
Maintain N instances of a service, re-scheduling on failure
Discover machines running in the cluster
Automatically SSH into the machine running a job
cloud  docker  clustering  systemd  etcd  coreOS 
february 2014 by rdark
Docker: Git for deployment
Our production environment has 16 servers. If I attempted to simulate this locally with VirtualBox's recommended configuration of 512 MB per-instance, this would use about twice the RAM I have on my laptop. VirtualBox has a lot of overhead as each image uses its own kernel and file system. This isn't the case with Docker - containers share the same operating system as the host, and when possible, the same binaries and libraries. It's possible to run hundreds of containers on a single Docker host.
git  deployment  docker  testing 
august 2013 by rdark
alpha-stage thin linux distro for hosting docker containers.
server  distro  linux  docker  virtualisation 
july 2013 by rdark

Copy this bookmark:

to read