Run Docker container with user who started it
I have two users on host machine usera, userb. I have added these users to the Dockerfile as below.FROM ubuntu:latestENV DEBIAN_FRONTEND=noninteractive \ TERM=xtermRUN groupadd -g 1111 groupname...
View ArticleWhat is best practice for passing files and directories as command line...
I am working to containerize a program. The program requires a configuration file and directories for its operation, which are passed as command line arguments, e.g. something like this:$ myprog -c...
View ArticleHow to determine if cAdvisor is installed and what is its version/origin
We have a number of Kubernetes clusters that we use for our daily work. I am trying to determine:Is cAdvisor installed and running?What is its version and origin?Based on my research, cAdvisor appears...
View ArticleWhy does stripping executables in Docker add ridiculous layer memory overhead?
On this image, I ran the following command to reduce executable sizes:find -P -O3 /usr/bin/ /usr/local/bin -type f -not -name strip -and -not -name dbus-daemon -execdir strip -v --strip-unneeded '{}'...
View ArticleChange memlock limit in a Docker container; is it possible?
I'm running a container from vast.ai, Ubuntu 20.04 LTS.I'd like to change memlock limit in the Docker container. Is it possible?What I've already tried:Changing the memlock limits in...
View ArticleClik here to view.
How to get the IDs of Docker Containers that belong to a Service, given the...
BackgroundI'm trying to maintain some websites running in a Docker Swarm. I want to do security updates on them.In a non-Docker environment, like a VPS, my simple process is that I would connect in and...
View ArticleProcesses in "podman build" have lower file descriptor limit than processes...
I'm running podman 3.4.4 on Ubuntu 22.04 LTS server.I have been having podman build issues that are not reproducible if I do those steps after the container build using podman run.Eventually I traced...
View ArticleDocker build reset file ownership after each layer built
I've noticed a new strange thing where file permissions reset while building a docker image.Consider the following Dockerfile:FROM ubuntuRUN mkdir -p /home/user && \ useradd -l -u 1000 userRUN...
View ArticleWhat is the performance difference between running Docker on Windows versus...
We are looking at containerizing some of our applications and servers (Red Hat servers to be specific), and there was an idea to run Docker on Windows instead of Linux so the end user has an easier...
View ArticleHow do you distinguish between a timeshare system, a VM, and a container?
A timeshare system, a virtual machine and a container all seem very similar. How do you materially and meaningfully distinguish between them? What are the merits, benefits and drawbacks of each...
View ArticleHow to run nerdctl run inside a container?
This is not for building inside a container, this is for running containerized CLI tools in a Job. I know the security implications. This is a lateral move security wise from DooD just to get us to EKS...
View ArticleHow reliable is NFS for using in Kubernetes?
I'm setting up a self-managed Kubernetes cluster where I'm limited by the number of choices for the backend storage for Pods.I should use a remote storage, so that multiple Pods can read/write at the...
View ArticleHow to add packages to the micro and mini suse base images
I want to install tar and zstd packages to the base image of registry.suse.com/bci/bci-minimal:15.5 and registry.suse.com/bci/bci-micro:15.5 (taken from https://registry.suse.com/) but none of the...
View Articledocker | database connection refused between two containers
I have a mysql database running with the following docker-compose.yml:version: '3.3' services: db: image: mysql:5.7 restart: always environment: MYSQL_DATABASE: 'demo' # So you don't have to use root,...
View ArticleDisguise docker environment to resist fingerprinting
How would I go about disguising the fact an application is running in Docker? I need applications that perform fingerprinting to think we are running on a physical device, not a container.
View ArticleWhat is the difference between dockerd and com.docker.service in Docker for...
What is the difference between dockerd and com.docker.service in Docker for Windows? Or rather I should ask: why do I need (if I need) com.docker.service running?Intention: I want to use Docker only...
View ArticleCreating container image without docker
Is it possible to build a container image as a simple user account on a system which does not have docker or podman installed? In other words, is there a user-space tool/application which can build an...
View ArticleMarket share stats for Docker, LXC, rkt category?
Doing some web searching and found a lot of market share stats that I don't trust; e.g., ones that put Mesos and Marathon and CoreOS high up the list.Is there a good, trusted source for a [rough]...
View ArticleWhat is one name to describe VM hypervisors, Docker and other OS-level...
I am writing and need a heading after which I can describe unikernels, Kata, cgroups and namespaces, and all that nice stuff.What is the name for this thing?A small amount of research brought...
View ArticleKubernetes pods container initialization doesn't finish for Dagster
Installation set-up:I'm trying to run dagster on Kubernetes. I use the default values.yaml file and the only change I'm making is replacing "docker.io" with "registry.hub.docker.com" as my network...
View Article