Welcome to my home page
This is the place where I publish articles about my findings and progress in the awesome world of technology and beyond! Also, check out my projects or get in touch.
My latest articles //
Docker image tagging: best practices in a CI pipeline
This article explains why you should not tag your own Docker images with only the “latest” tag. I discuss alternative best practices, categorizing them into stable vs. unstable version tags. I also fully deconstruct a Docker image tag into its basic components to improve your understanding of Docker image names and tags. Introduction When you build a Docker image in…
Operating a self-hosted GitLab runner with Docker
In this article I explain how (and why) you install and use a Linux-based self-hosted GitLab CI/CD runner that executes jobs of your GitLab pipelines. I go into a few caveats and how you can reduce maintenance efforts for the runner to a minimum. Introduction GitLab CI/CD has a distributed architecture that consists of a GitLab server and one or…
Book recommendation: Clean Code (Robert C. Martin)
In this book recommendation, I review the book Clean Code by Robert C. Martin, released in 2008. I offer my 13 page summary of the book as free download, and provide links to further reading material. Introduction to clean code In 2008, Robert C. Martin (a.k.a. “Uncle Bob”) released the book Clean code. It was not the first book about…
Automatic Continuous Deployment of Docker containers
This article explains how to achieve Continuous Deployment of Docker-based software, using either pull-based approaches (external tools such as watchtower and harbormaster), or push-based techniques (deployment from the CI/CD pipeline). I explain the advantages and disadvantages of each approach, and also illustrate how automated testing greatly reduces the risk of unnoticed failed deployments. Introduction When you use Docker (not Kubernetes)…
Tips for operating Docker – the best tools and commands
This article presents useful tips for operating Docker engine on a Linux server. I explain how you can improve the server’s security via automatic updates and scanning the images of your running containers, how to reduce the maintenance efforts by making sure your disks don’t run out of space, and how to set up a Prometheus-based monitoring system that lets…
Docker optimization guide: the 12 best tips to optimize Docker image security
This article introduces 12 tips to optimize your Docker image security. For each tip, it explains the underlying attack vector, and one or more mitigation approaches. Tips include avoiding leaking of build secrets, running as non-root user, or how to make sure to use the most recent dependencies and updates. Introduction When you are new to Docker, you will most…
Docker optimization guide: 8 tricks to optimize your Docker image size
This article introduces several tricks that you can apply at build-time, to reduce the size of your Docker images, including the use of a small base image, multi-stage builds, consolidation of RUN statements, avoiding separate chown commands, or using the tool docker-slim. Introduction Docker has become a commodity to package and distribute (backend) software. So much so, that the Docker…
Docker optimization guide: optimize build speed in CI pipelines
This article offers several tips for tweaking the build speed of Docker images in CI pipelines. I explain multiple caching-tricks offered by BuildKit, which is an alternative image build engine. I also elaborate on how the .dockerignore file and extra arguments to package managers such as apt can speed up your image builds. Introduction As further explained in my previous…
Docker optimization guide: the 5 best tips to optimize Docker development speed
This article presents 5 tips that improve the speed of building Docker images locally. It focuses on two problems: iterating on your unfinished Dockerfile (where you still figure out configuration options and which packages to install), and iterating on your code (assuming a finished Dockerfile). I discuss tricks such as using BuildKit, the .dockerignore file, or tweaking the RUN statement…
GitOps for managing cluster software using GitLab, ArgoCD and Renovate Bot
This article demonstrates how to use the ArgoCD GitOps controller to deploy applications to a Kubernetes cluster. The definitions/manifests of these applications, such as an Ingress controller, monitoring stack, etc., are stored in GitLab. They are automatically updated by Renovate Bot, which regularly scans your GitLab project for outdated dependencies. A demo project illustrates how deployment errors (happening in ArgoCD)…