• Is it possible to escape from a container on Kubernetes?

    3 min read

    You might find some documents explaining containers (this applies to docker and Kubernetes as well) as chroot jails on steroids. One might end up thinking it might be as easy to escape from a root container as it is from a root chroot. But that's not true because it's just an analogy.

    28/01/2022

    Read more...
  • Using multi-stage build to optimize Docker images

    2 min read

    docker build multistage

    To be able to build a Docker image we might need some packages that we won't be using at runtime, an example of this would be the compiler or any of the tools we might be using to build it (make, ant, maven...)

    Instead of installing the tools to remove them later on while building the Docker image we can use a multistage build so we can just copy the artifacts we need to the final image.

    17/01/2022

    Read more...
  • docker: Finding an alternative to the ps command using the /proc filesystem

    2 min read

    On some container we might find the nasty surprise that the ps command is no available:

    $ ps
    sh: 1: ps: not found
    

    If we need to check the processes (and it's arguments) we'll need to resort to the /proc filesystem

    16/12/2021

    Read more...
  • How to enable GUI mode for the aws-azure-login docker container

    2 min read

    If you use Azure Active Directory to provide SSO login you might be using aws-azure-login to use the normal Azure AD login (including MFA) from the command line to create a federated AWS session, placing the temporary credentials for the AWS CLI and other tools like Terraform to use them

    If the tool is failing you might need to use the GUI mode to check what's going on, but if you are using the docker container you will get the following error instead:

    $ aws-azure-login --profile prod --mode=gui
    Logging in with profile 'prod'...
    Using AWS SAML endpoint https://signin.aws.amazon.com/saml
    Error: Failed to launch the browser process!
    Fontconfig warning: "/etc/fonts/fonts.conf", line 100: unknown element "blank"
    [16:16:1122/083057.367058:ERROR:browser_main_loop.cc(1425)] Unable to open X display.
    
    
    TROUBLESHOOTING: https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md
    
        at onClose (/aws-azure-login/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:194:20)
        at ChildProcess.<anonymous> (/aws-azure-login/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:185:79)
        at ChildProcess.emit (events.js:387:35)
        at ChildProcess.emit (domain.js:470:12)
        at Process.ChildProcess._handle.onexit (internal/child_process.js:277:12)
    

    23/11/2021

    Read more...
  • How to build a multi architecture docker image using a github action

    3 min read

    Using buildx we can build multi architecture containers, we can use a github action to automatically build it

    28/09/2021

    Read more...

More recent...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets
Categories