Buildah - build your containers from the ground up!
Since I’m relatively new to the world of containers and images, I was excited to learn about the Buildah tool. Especially since I’m a native New Englander and it’s a clever play on how we say Builder in these parts. Buildah is a newly released command line tool for efficiently and quickly building Open Container Initiative (OCI) compliant images and containers. Buildah simplifies the process of cr
6 Reasons why CRI-O is the best runtime for Kubernetes
CRI-O is a Kubernetes incubator project which is meant to provide an integration path between Open Containers Initiative (OCI) conformant runtimes and the kubelet. Specifically, it implements the Container Runtime Interface (CRI) using OCI conformant runtimes. CRI-O uses runc as its default runtime to run Kubernetes pods. For more information you can read a brief introduction here. Let’s look at t
How to Run a More Secure Non-Root User Container
I was asked a question about running users inside of a docker container: could they still get privileges? Before we begin, here is more background on Linux capabilities We’ll start with a simple container where the primary process is running as root. One can look at the capabilities of the current process via grep Cap /proc/self/status. There is also a capsh utility. # docker run --rm -ti fedora g
Why we don't let non-root users run Docker in CentOS, Fedora, or RHEL
I often get bug reports from users asking why can’t I use `docker` as a non root user, by default? Docker has the ability to change the group ownership of the /run/docker.socket to have group permission of 660, with the group ownership the docker group. This would allow users added to the docker group to be able to run docker containers without having to execute sudo or su to become root. Sounds g
What are Docker <none>:<none> images?
The last few days, I have spent some time playing around with Docker’s <none>:<none> images. I’m writing this post to explain how they work, and how they affect docker users. This article will try to address questions like: What are <none>:<none> images ? What are dangling images ? Why do I see a lot of <none>:<none> images when I do docker images -a ? What is the difference between docker images
Friends Don't Let Friends Run Docker on Loopback in Production
I’ve heard negative things about the Fedora|CentOS Docker storage configuration in the past, and while manning the Red Hat booth in San Francisco at DockerCon last week, I spoke to a number of people who’ve experienced these storage issues themselves. Much of the trouble, I think, boils down to how Docker in Fedora and CentOS have shipped with a storage configuration that optimizes for a convenien
Extending SELinux Policy for Containers
A developer contacted me about building a container that will run as a log aggregator for fluentd. This container needed to be a SPC container that would manage parts of the host system, namely the log files under /var/logs. Being a good conscientious developer, he wanted to run his application as securely as possible. The option he wanted to avoid was running the container in --privileged mode, r
CentOS Atomic Host Released
We would like to announce the general availability of CentOS Atomic Host (May 2015), a lean operating system designed to run Docker containers, derived from Red Hat Enterprise Linux Atomic Host (7.1.2), and built from standard CentOS 7 RPMs. CentOS Atomic Host is produced by the CentOS Atomic SIG, based on upstream work from Project Atomic. CentOS Atomic Host is available as a qcow2 image, as Virt
Testing Kubernetes with an Atomic Host
Atomic hosts include Kubernetes for orchestration and management of containerized application deployments, across a cluster of container hosts. If you’re interested in taking Kubernetes for a spin on an Atomic host, read on! Kubernetes+Atomic Hello World First, boot into CentOS Atomic host. You ought to be able to use Fedora Atomic as well, but currently, Atomic Fedora comes with an earlier versio
Project Atomic
Deploy and Manage Your Containers in the Next-Generation Container OS Use immutable infrastructure to deploy and scale your containerized applications. Project Atomic mainly comprises Atomic Host, Team Silverblue, and various container tooling. cloud native platforms. Twitter Facebook Google+ RSS Atomic Host Atomic Host provides immutable infrastructure for deploying to hundreds or thousands of se
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Reintroduction of Podman — Project Atomic
Using kubeadm with CRI-O
CRI-O and Alternative Runtimes in Kubernetes
Looking forward to working with containerd
How container registries prevent information leakage
Introduction to System Containers
Creating OCI configurations with the ocitools generate library
Getting Started with OCI
Logging Docker Container Output to journald