image-spec
Lean and Mean Docker containers
image-spec | Lean and Mean Docker containers | |
---|---|---|
25 | 38 | |
3,254 | 18,194 | |
1.1% | 0.7% | |
7.4 | 9.0 | |
8 days ago | 8 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
image-spec
-
Understanding Buildpacks in Cloud Native Buildpacks
A buildpack is a software, designed to transform application source code into executable (OCI) images that can run on a variety of cloud platforms. At its core, a buildpack is a directory that includes a specific file named buildpack.toml. This file contains metadata and configuration details that dictate how the buildpack should behave. Buildpacks in simple terms, is a set of standards defining how the different steps that are required to build a compliant container image can be automated. Using those standards, there are projects that have been built round enabling that using an CLI or an API. The most common way of doing that is through the Cloud Native Buildpacks' Pack project. Pack is a CLI command that can run in the same system the developers are using to actually go through creating a Dockerfile.
-
Dive: A tool for exploring a Docker image, layer contents and more
Eventually, once zstd support gets fully supported, and tiny gzip compression windows are not a limitation, then compressing a full layer would almost certainly have a better ratio over several smaller layers
https://github.com/opencontainers/image-spec/issues/803
- Homelab advice
- Containers - entre historia y runtimes
-
Is labelling best practice?
Please note that label-schema has been superseded by https://github.com/opencontainers/image-spec/blob/main/annotations.md<^
-
Pushing container images to GitHub Container Registry with GitHub Actions
GitHub Container Registry stores container images within your organization or personal account, and allows you to associate an image with a repository. It currently supports both the Docker Image Manifest V2, Schema 2 and Open Container Initiative (OCI) specifications.
-
The cloud-agnostic-architecture illusion
We build all services as containerized workloads, i.e., OCI images - sometimes called Docker images. We deploy these to the Kubernetes product offered by the cloud vendor. Whenever we need some capability, containers are the answer. This insulates our applications from the vendor. In principle, we could switch providers as long as Kubernetes is available.
-
Containerd... Do I use Docker to build the container image? I miss the Docker Shim
Build images with anything that makes OCI compliant images, push, and profit.
-
Opensource Server Hosting/Management Web Panel
it's funny that you mention this because it is actually the thing that is next on my agenda for the image, as you can probably see already I bake in OCI image annotations in our image, which is great for including some core pieces of meta data. In addition to this though I will soon be including custom labels for Base64 encoded YAMLs for Kubernetes deployments using this image. I will look at including helm configuration as well. Then it should be just as easy as: $ docker pull registry.gitlab.com/crafty-controller/crafty-4:latest $ docker image inspect registry.gitlab.com/crafty-controller/crafty-4:latest | jq -r ".[].Config.Labels.\"org.arcadiatech.crafty.k8s.deployment\"" | base64 -d | kubectl apply -f -
-
My director is mad that I accepted another internal position for a 26% raise when he was told he could only give me a 10%
They still don't do anything really of substance, they're just gateways to their vendor's world - booking systems, payment systems, etc. You learn those as you go along. Yes, as a potential employee, you need to be able to tick those boxes on your CV, but if you understand the underlying technology, it's mostly a matter of booking your own AWS or Azure server for $5-10 a month for a few weeks, and fooling around. (Docker is a bit different in the sense that they were the first to popularize today's de-facto container image standard, the "Docker container", which has since been accepted as a proper standard and renamed to "OCI image format"; but at the end of the day, at this point in time, Docker in itself is still just a company out for the money, and the multi-GB installation of their product can, for the essential functionality part, be replaced by a few hundred lines of Bash code. The cool boys today don't use Docker, they use [Podman(https://podman.io/), which is essentially a much more lightweight drop-in replacement ;-) )
Lean and Mean Docker containers
-
Is updating software in Docker containers useful?
And if you want to make the container quickly secure without bloats, maybe give this a try https://github.com/slimtoolkit/slim
-
An Overview of Kubernetes Security Projects at KubeCon Europe 2023
Slim.ai presents the data in a more user friendly way than many of the other tools in this post. On top of its open source SlimToolkit for identifying the contents of an image, Slim.ai uses Trivy for vulnerability scanning.
-
Tips for reducing Docker image size
What about https://github.com/slimtoolkit/slim?
-
package a poetry project in a docker container for production
A last practice that I do not use at all and which may interest you is to use slim toolkit to keep only the useful elements in your final image.
-
Standard container sizes
Anyone tried using https://github.com/docker-slim/docker-slim To minify an image?..
- DockerSlim - Optimize Your Containerized App Dev Experience. Better, Smaller, Faster, and More Secure Containers Doing Less! Minify Docker Images by up to 30x.
- A practical approach to structuring Golang applications
- How to optimize docker image size?
-
M1: Docker doesn't find shared x64 shared objects even though platform was specified
Distroless images are better left for people with serious need for lightweight images and good Linux knowledge because they require lot of planning with the build so that they stay light and work. If you need lighter images but docker isn't your main tool and you can't afford to take hours and hours of practicing different build strategies you can check docker-slim (https://dockersl.im/). With this tool you can easily size down the images.
-
I deleted 78% of my Redis container and it still works
Maybe this would help in that regard: https://github.com/docker-slim/docker-slim
What are some alternatives?
skopeo - Work with remote images registries - retrieving information, images, signing content
minideb - A small image based on Debian designed for use in containers
ovh-ipxe-customer-script - Boot OVH server with your own iPXE script
Go random string generator - Flexible and customizable random string generator
distroless - 🥑 Language focused docker images, minus the operating system.
pipx - Install and Run Python Applications in Isolated Environments
flyctl - Command line tools for fly.io services
dive - A tool for exploring each layer in a docker image
asmttpd - Web server for Linux written in amd64 assembly.
gophish - Open-Source Phishing Toolkit
simple-scrypt - A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go 🔑