“7 ways to do containers on AWS” covers a variety of different ways to run containers on the Amazon AWS cloud infrastructure. These include most of the usual suspects, like Amazon Elastic Container Service (ECS), Amazon Elastic Container Service for Kubernetes (EKS), and hand-rolled vanilla containers on EC2, as well as a few lesser known ones like templated Kubernetes and Amazon Fargate.
“A Practical Introduction to Container Terminology” is at the same time two things for me:
- The longest blog post that I’ve seen in a long time, if not ever.
- The best introductory tutorial into containers.
It’s been a while since I posted anything about Docker. That’s mostly because I still don’t really use it for anything – playing around locally, testing and learning doesn’t count yet.
But just to keep the ball rolling, here are a couple of handy links for the ideas on how to improve your Docker images, so that Docker uses much less space, benefits more from caching, and brings up the containers faster:
Both articles are around the same theme – choose your base image carefully, try to minimize the layers, use only what you need, and don’t forget to clean up the disk space with “docker system prune“.
- This document originated from a bunch of most commonly used links and learning resources I sent to every new web developer on our full-stack web development team.
- For each problem domain and each technology, I try my best to pick only one or a few links that are most important, typical, common or popular and not outdated, base on the clear trends, public data and empirical observation.
- Prefer fine-grained classifications and deep hierarchies over featureless descriptions and distractive comments.
- Ideally, each line is a unique category. The ” / “ symbol between the links means they are replaceable. The “, “symbol between the links means they are complementary.
- I wish this document could be closer to a kind of knowledge graph or skill tree than a list or a collection.
- It currently contains 2000+ links (projects, tools, plugins, services, articles, books, sites, etc.)
On one hand, this is one of the best single resources on the topic of web development that I’ve seen in a very long time. On the other hand, it re-confirms my belief in “there is no such thing as a full-stack web developer”. There’s just too many levels, and there’s too much depth to each level for a single individual to be an expert at. But you get bonus points for trying.
The Moby Project is a new open-source project to advance the software containerization movement and help the ecosystem take containers mainstream. It provides a library of components, a framework for assembling them into custom container-based systems and a place for all container enthusiasts to experiment and exchange ideas.
This just had to happen, given the nature of the Open Source and the importance of the container technology for the modern infrastructure.
Here are some exciting news from the BitBucket Pipelines blog: Bitbucket Pipelines now supports building Docker images, and service containers for database testing.
We developed Pipelines to enable teams to test and deploy software faster, using Docker containers to manage their build environment. Now we’re adding advanced Docker support – building Docker images, and Service containers for database testing.
Federacy has an interesting research in Docker image vulnerabilities. The bottom line is:
24% of latest Docker images have significant vulnerabilities
This can and should be improved, especially given the whole hierarchical structure of Docker images. It’s not like improving security of all those random GitHub repositories.
Jessie Frazelle reiterates her point on containers in the blog post “Setting the Record Straight: containers vs. Zones vs. Jails vs. VMs“:
The Design of Solaris Zones, BSD Jails, VMs and containers are very different.
Solaris Zones, BSD Jails, and VMs are first class concepts. This is clear from the Solaris Zone Design Spec and the BSD Jails Handbook. I hope it can go without saying that VMs are very much a first class object without me having to link you somewhere :P.
Containers on the other hand are not real things.
A “container” is just a term people use to describe a combination of Linux namespaces and cgroups. Linux namespaces and cgroups ARE first class objects. NOT containers.
10 things to avoid in Docker containers provides a handy reminder of what NOT to do when building Docker containers. Read the full article for details and explanations. For a brief summary, here are the 10 things:
- Don’t store data in containers
- Don’t ship your application in two pieces
- Don’t create large images
- Don’t use a single layer image
- Don’t create images from running containers
- Don’t use only the “latest” tag
- Don’t run more than one process in a single container
- Don’t store credentials in the image. Use environment variables
- Don’t run processes as a root user
- Don’t rely on IP addresses
I’ve been meaning to look into Docker for a long while now. But, as always, time is the issue. In the last couple of days though I’ve been integrating BitBucket Pipelines into our workflow. BitBucket Pipelines is a continuous integration solution, which runs your project tests in a Docker container. So, naturally, I had to get a better idea of how the whole thing works.
“Docker for PHP Developers” article was super useful. Even though it wasn’t immediately applicable to BitBucket Pipelines, as they don’t currently support multiple containers – everything has to run within a single container.
The default BitBucket Pipelines configuration suggests the phpunit/phpunit image. If you want to run PHPUnit tests only, that works fine. But if you want to have a full blown Nginx and MySQL setup for extra bits (UI tests, integration tests, etc), then you might find smartapps/bitbucket-pipelines-php-mysql image much more useful. Here’s the full bitbucket-pipelines.yml file that I’ve ended up with.