This article explains why you should not tag your own Docker images with only the “latest” tag. I discuss alternative best practices, categorizing them into stable vs. unstable version tags. I also fully deconstruct a Docker image tag into its basic components to improve your understanding of Docker image names and tags. Introduction When you … Read more
In this article I explain how (and why) you install and use a Linux-based self-hosted GitLab CI/CD runner that executes jobs of your GitLab pipelines. I go into a few caveats and how you can reduce maintenance efforts for the runner to a minimum. Introduction GitLab CI/CD has a distributed architecture that consists of a … Read more
This article explains how to achieve Continuous Deployment of Docker-based software, using either pull-based approaches (external tools such as watchtower and harbormaster), or push-based techniques (deployment from the CI/CD pipeline). I explain the advantages and disadvantages of each approach, and also illustrate how automated testing greatly reduces the risk of unnoticed failed deployments. Introduction When … Read more
This article presents useful tips for operating Docker engine on a Linux server. I explain how you can improve the server’s security via automatic updates and scanning the images of your running containers, how to reduce the maintenance efforts by making sure your disks don’t run out of space, and how to set up a … Read more
This article introduces 12 tips to optimize your Docker image security. For each tip, it explains the underlying attack vector, and one or more mitigation approaches. Tips include avoiding leaking of build secrets, running as non-root user, or how to make sure to use the most recent dependencies and updates. Introduction When you are new … Read more
This article introduces several tricks that you can apply at build-time, to reduce the size of your Docker images, including the use of a small base image, multi-stage builds, consolidation of RUN statements, avoiding separate chown commands, or using the tool docker-slim. Introduction Docker has become a commodity to package and distribute (backend) software. So … Read more
This article offers several tips for tweaking the build speed of Docker images in CI pipelines. I explain multiple caching-tricks offered by BuildKit, which is an alternative image build engine. I also elaborate on how the .dockerignore file and extra arguments to package managers such as apt can speed up your image builds. Introduction As … Read more
This article presents 5 tips that improve the speed of building Docker images locally. It focuses on two problems: iterating on your unfinished Dockerfile (where you still figure out configuration options and which packages to install), and iterating on your code (assuming a finished Dockerfile). I discuss tricks such as using BuildKit, the .dockerignore file, … Read more
Updated 2022-09-18 to reflect that Docker for Desktop and Virtualbox can co-exist on Windows, because Hyper-V is no longer a requirement for Docker for Desktop. Vagrant is a tool that automatically downloads and configures virtual machines, according to a recipe file. Docker does something similar, but can achieve better performance in specific situations. This article … Read more
Vagrant is a tool that automatically downloads and configures virtual machines, according to a recipe file. Typically, the base image is downloaded from the Vagrant Cloud, a repository of user-submitted boxes. This article explains how to create a Vagrant box, which is necessary if there is no appropriate box on Vagrant Cloud, or if you … Read more