• How docker generates container's names

    2 min read

    docker names

    Everytime you create a container using docker, if not already set using --name, docker chooses a name for you: you can expect two words with a underscore:

    $ docker run --rm -d alpine sleep 24h
    38c4cc4e87762fc113ef174e9a4989e13d21037678abd3fe73840b825f14c7bf
    $ docker ps
    CONTAINER ID   IMAGE                          COMMAND                  CREATED         STATUS                PORTS                    NAMES
    38c4cc4e8776   alpine                         "sleep 24h"              5 seconds ago   Up 3 seconds                                   romantic_shtern
    

    For this example it was chosen romantic_shtern, but it can use a great variety of words:

    $ docker ps --all | grep -v "Up" | awk '{ print $NF }'
    NAMES
    mystifying_poitras
    suspicious_shtern
    focused_chatelet
    keen_mendel
    happy_jackson
    xenodochial_margulis
    kind_blackburn
    gallant_pascal
    trusting_thompson
    (...)
    

    So, how does Docker generate names for it's containers?

    01/08/2022

    Read more...
  • Docker: Using the host's network

    2 min read

    If we use the --net=host option with docker to create a new container, it will share it's network namespace with the host machine. It's main advantage is that it will provide higher performance (it will be close to bare metal speed); however, we might get port conflicts.

    24/02/2022

    Read more...
  • How to build a multi architecture container using rootless nerdctl

    3 min read

    nerdctl rootless buildkit

    One of the great things about using nerdctl is that it does not try to include everything you might need. This means that if you try to build a container using nerdctl you'll realize you still need to install the buildkit (unless you have installed the "nerdctl-full" version)

    Moreover it's something you don't actually need to have installed locally:

    $ nerdctl build --help | grep buildkit
    Build an image from a Dockerfile. Needs buildkitd to be running.
          --buildkit-host string     BuildKit address [$BUILDKIT_HOST] (default "unix:///run/user/1000/buildkit/buildkitd.sock")
    

    09/02/2022

    Read more...
  • Running rootless containers with nerdctl

    6 min read

    nerdctl rootless containers docker

    It's no secret that docker comes stuffed with many options that many of us don't need. This is why on servers we can find containerd instead of a fully featured docker. Despite that, the real deal breaker is that whatever we are running, we are going to do it with root privileges. We can check this by running the following container:

    $ docker run -v /etc:/itc -it --rm alpine sleep 24
    

    And then looking for the process on the host

    $ ps auxf
    
    root        1307  0.0  0.1 2084820 46676 ?       Ssl  11:36   0:04 /usr/bin/containerd
    root       66978  0.0  0.0 709860  6120 ?        Sl   05:12   0:00  \_ containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/50cf9789d0e68949d1cf79462956bde98b46a4616e8
    b81977d8c89d2af9c34e7 -address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd -runtime-root /var/run/docker/runtime-runc
    root       66996  2.0  0.0   1588     4 pts/0    Ss+  05:12   0:00      \_ sleep 24
    

    Is it possible to run rootless containers? Is there an alternative to docker?

    08/02/2022

    Read more...
  • Is it possible to escape from a container on Kubernetes?

    3 min read

    You might find some documents explaining containers (this applies to docker and Kubernetes as well) as chroot jails on steroids. One might end up thinking it might be as easy to escape from a root container as it is from a root chroot. But that's not true because it's just an analogy.

    28/01/2022

    Read more...

Older content...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets