• Is it possible to escape from a container on Kubernetes?

    3 min read

    You might find some documents explaining containers (this applies to docker and Kubernetes as well) as chroot jails on steroids. One might end up thinking it might be as easy to escape from a root container as it is from a root chroot. But that's not true because it's just an analogy.


  • Using multi-stage build to optimize Docker images

    2 min read

    docker build multistage

    To be able to build a Docker image we might need some packages that we won't be using at runtime, an example of this would be the compiler or any of the tools we might be using to build it (make, ant, maven...)

    Instead of installing the tools to remove them later on while building the Docker image we can use a multistage build so we can just copy the artifacts we need to the final image.


  • docker: Finding an alternative to the ps command using the /proc filesystem

    2 min read

    On some container we might find the nasty surprise that the ps command is no available:

    $ ps
    sh: 1: ps: not found

    If we need to check the processes (and it's arguments) we'll need to resort to the /proc filesystem


  • How to enable GUI mode for the aws-azure-login docker container

    2 min read

    If you use Azure Active Directory to provide SSO login you might be using aws-azure-login to use the normal Azure AD login (including MFA) from the command line to create a federated AWS session, placing the temporary credentials for the AWS CLI and other tools like Terraform to use them

    If the tool is failing you might need to use the GUI mode to check what's going on, but if you are using the docker container you will get the following error instead:

    $ aws-azure-login --profile prod --mode=gui
    Logging in with profile 'prod'...
    Using AWS SAML endpoint https://signin.aws.amazon.com/saml
    Error: Failed to launch the browser process!
    Fontconfig warning: "/etc/fonts/fonts.conf", line 100: unknown element "blank"
    [16:16:1122/083057.367058:ERROR:browser_main_loop.cc(1425)] Unable to open X display.
    TROUBLESHOOTING: https://github.com/puppeteer/puppeteer/blob/main/docs/troubleshooting.md
        at onClose (/aws-azure-login/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:194:20)
        at ChildProcess.<anonymous> (/aws-azure-login/node_modules/puppeteer/lib/cjs/puppeteer/node/BrowserRunner.js:185:79)
        at ChildProcess.emit (events.js:387:35)
        at ChildProcess.emit (domain.js:470:12)
        at Process.ChildProcess._handle.onexit (internal/child_process.js:277:12)


  • How to build a multi architecture docker image using a github action

    3 min read

    Using buildx we can build multi architecture containers, we can use a github action to automatically build it



More recent...

From pet to cattle
Treat your kubernetes clusters like cattle, not pets