- https://images.chainguard.dev/
- https://edu.chainguard.dev/
- https://edu.chainguard.dev/chainguard/chainguard-images/videos/debugging_distroless/
- https://github.com/iximiuz/cdebug
- https://mt165.co.uk/blog/static-link-go/
Chainguard slack :
Affichage des articles dont le libellé est docker. Afficher tous les articles
Affichage des articles dont le libellé est docker. Afficher tous les articles
mardi 30 septembre 2025
[ref] Chainguard 101
mercredi 3 août 2022
docker : list containers in a specific network
List containers in a precise
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
f732a9b3c5a1 bridge bridge local
7ec614323767 host host local
...
docker network inspect -f '{{ range $key, $value := .Containers }}{{printf "%s: %s\n" $key .Name}}{{ end }}' <NETWORK NAME>
<ID> <Name>
jeudi 5 mai 2022
Caddy + xcaddy within a docker container
Start Caddy within a docker container and add a plugin.
https://caddyserver.com/docs/modules/security
./docker-compose.yml
version: '3.4'
networks:
monitor-net:
driver: bridge
volumes:
caddy_data: {}
services:
caddy:
# cf. https://github.com/caddyserver/caddy/releases
# image: caddy:2.5.0
build:
context: ./caddy/ # where to look for the Dockerfile
dockerfile: Dockerfile # actual name of the Dockerfile
args:
image_ref: caddy:2.5.0
container_name: caddy
ports:
- "80:80"
- "443:443"
volumes:
- ./caddy:/etc/caddy
- caddy_data:/data
env_file:
./.env
restart: unless-stopped
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
networks:
monitor-net:
driver: bridge
volumes:
caddy_data: {}
services:
caddy:
# cf. https://github.com/caddyserver/caddy/releases
# image: caddy:2.5.0
build:
context: ./caddy/ # where to look for the Dockerfile
dockerfile: Dockerfile # actual name of the Dockerfile
args:
image_ref: caddy:2.5.0
container_name: caddy
ports:
- "80:80"
- "443:443"
volumes:
- ./caddy:/etc/caddy
- caddy_data:/data
env_file:
./.env
restart: unless-stopped
networks:
- monitor-net
labels:
org.label-schema.group: "monitoring"
image_ref: caddy:2.5.0 # image reference used twice in the Dockerfile, once with ${image_ref}-builder, once directly
./caddy/Dockerfile :
ARG image_ref
FROM ${image_ref}-builder AS caddy-build
RUN xcaddy build --with github.com/greenpau/caddy-security
FROM ${image_ref}
COPY --from=caddy-build /usr/bin/caddy /usr/bin/caddy
FROM ${image_ref}-builder AS caddy-build
RUN xcaddy build --with github.com/greenpau/caddy-security
FROM ${image_ref}
COPY --from=caddy-build /usr/bin/caddy /usr/bin/caddy
Caddyfile must exist (content not relevant here):
./caddy/Caddyfile
command :
docker-compose up --build caddy
mardi 9 novembre 2021
Linux cleaning tips (systemd, apt/ubuntu, docker)
(evolutive article where I store what's been useful to me to clean space on linux servers I'm using)
Note : my current servers are running Ubuntu.
OS / SystemD : purge logs bigger than ...
Only keep 10M of each log files handle through syslog
sudo journalctl --vacuum-size 10M
OS / apt : remove remnants
Remove automatically all unused packages Remove automatically installed packages not needed anymore (i.e. packages that were installed as dependencies of packages that have now been removed or aren't requiring this dependency anymore)
apt options :
- autoremove - Remove automatically all unused packages
- clean - Erase downloaded archive files
- autoclean - Erase old downloaded archive files
sudo apt-get clean autoremove autoclean
Docker : remove logs older than ...
Only keep the last 1000h of docker containers logs
sudo docker image prune --all --filter "until=1000h" -f
Docker : remove remnants
Be careful ! If your docker environments are not running they might be deleted by some of the following commands !
Remove unused volumes, containers, images, networks, etc.
sudo docker system prune -f
sudo docker system prune -a --volumes
jeudi 28 octobre 2021
kill processes from docker-compose "container_name"
Context :
follwing a project-name change -> renaming the directory-name/docker-compose.yml the processes that were started by docker-compose were duplicated.
From the new project :
* impossible to see them.
From docker ps : no process listed
From OS perspective ps aux : process present.
Test 1 : kill them all !
Step 1 : identify them
ps aux | grep $(echo "$(grep container_name docker-compose.yml | grep -v '#' | awk '{printf("%s\\|", $2)}')grep")
Step 2 : kill -9 them all
ps aux | grep $(echo "$(grep container_name docker-compose.yml | grep -v '#' | awk '{printf("%s\\|", $2)}')grep") | awk '{print $2}' | xargs sudo kill -9
-> result : when restarting docker, they're back :-(
Test 2 : stop docker + docker-compose start
apparently working, but I lost my container's content...
lundi 11 octobre 2021
Docker : thiner images
(from GitLab Commit at KubeCon : One Layer Builds (Docker Not Included), by Jason Plum https://gitlab.com/WarheadsSE and Will Christensen)
* use FROM Scratch, instead of FROM <distro>
* Explore each layer of a docker image
https://github.com/wagoodman/dive
* use Buildah : http://buildah.io/ "A tool that facilitates building OCI container images."
Inscription à :
Articles (Atom)