Building Secure, Compliant Containers
- Elliot Volkman tl;dr: Containers are ideal for cloud-first organizations. However, as their use has grown, so have security incidents in container environments. Learn how to build secure containers that support business objectives.featured in #376
`COPY --chmod` Reduced The Size Of My Container Image By 35%
- Vamsi Atluri tl;dr: "I removed chmod from RUN and rebuilt the image. And bingo - the image size is down to 174MB. And the RUN layer’s size is down to 6.7MB. So, OverlayFS is copying the binary into RUN layer even though chmod is only updating the metadata of the file…?"featured in #303
The Container Throttling Problem
- Dan Luu tl;dr: "At Twitter, most CPU bound services start falling over at around 50% reserved container CPU utilization and almost all services start falling over at not much more CPU utilization even though CPU bound services should, theoretically, be able to get higher CPU utilizations." This document describes potential solutions.featured in #278
Learning Containers From The Bottom Up
- Ivan Velichko tl;dr: "This article is not an attempt to explain containers in one go. Instead, it's a front-page for my multi-year study of the domain. It outlines the said learning path and then walks you through it, pointing to more in-depth write-ups on this same blog."featured in #271
Sharing SQLite Databases Across Containers Is Surprisingly Brilliant
- Rick Branson tl;dr: Backed into a corner, Rick came up with a creative solution of writing data to a local file read by dozens of containers using SQLite. Having seen success with this implementation, he believe there is room to innovate here. Bypass the paywall here by clicking the link in this tweet.featured in #168
How Containers Work: Overlayfs
- Julia Evans tl;dr: Julia explains how containers work with overlays, which let you mount a filesystem using 2 directories - a lower, read only one & an upper, read and write one.featured in #162
featured in #157