Containers are changing how we view apps and infrastructure. Whether the code inside containers is big or small, container architecture introduces a change to how that code behaves with hardware - it fundamentally abstracts it from the infrastructure. Docker believes that there are three key components to container security and together they result in inherently safer apps.
For some time now, Minio has been making available an open-source distributed object server in a beta format that sits on top of Docker containers. Starting today, that distributed object server is now generally available, complete with support. Minio CEO Anand Babu Periasamy says Minio is looking to directly support organizations that will be spending roughly $1 million or more on storage.
The most popular stories on your favorite topics in your inbox daily. Subscribe now!
Last year we introduced Project Bonneville. The idea behind it, at the high level, is that there is a strong parallel between the constructs Docker uses inside a Linux Docker host and the constructs ESXi uses as a hypervisor.
A new container technology called Hyper.sh or just "Hyper" (formerly HyperHQ, and not to be confused with Microsoft's Hyper-V), could conceivably alter the course of containerization. Like dotCloud, which eventually became Docker, Hyper is a containerized workload deployment and hosting service. It's a PaaS that calls itself a "CaaS" (containers-as-a-service).
I wrote a blog post a couple of weeks ago explaining how SELinux can block breakout of processes in containers using when exploiting a vulnerability in the /usr/bin/docker-runc or /usr/bin/runc executable. At the time, I explained that the policy for container_t was blocked from writing to most parts of the OS other the container content labeled container_file_t.
After 4 months of development, we are proud to announce the second release of Traefik: version 1.1.0, codename . The full changelog is quite huge but here are some new features we want to highlight: Swarm mode support In v1.12, Docker introduced swarm mode, for natively managing a cluster of Docker engines.
What was it like building a bundle of commands for Cog? Fun! I really appreciated the cog-rb library, which made it easy to interact with Cog in a language close to our own codebase. I also liked the ability to use Docker images to package the bundles.
Ever wanted to know when a container image you are building on changes? MicroBadger have just beta-launched a new feature that helps with keeping images up-to-date and safe: Image Change Notifications. With change notifications, you'll get notified by webhook whenever a public image is updated on Docker Hub.
Recently I did an experiment: Can we build Docker images for ARM on ordinary cloud CI services that only provide Intel CPU's? The idea was to get rid of self hosted CI build agents that you have to care for.