[xkcd.com](https://xkcd.com/349/)

Keeping Docker afloat - Best practices for patching and deprecating images

Intro One of the biggest benefits of Docker images is their immutability. Once they’re built, they don’t change. Built once, would work forever… That’s how nightmares of security guys starts 🤣 We have then two contradictory concepts: flowchart LR id1(Keep it stable) <---> id2(Keep is up to date and secure) For day to day work, usually first concept wins. You want your builds stable and try to avoid tempting distractions of upgrading log4j to latest version… Who knows what might break....

2024-02-09 · 7 min · timor
AI generated

How to run x86-64 Docker images on Apple's MacBook with M1/M2/M3 CPU

Working with Docker environments amid diverse architectures, like Apple’s arm64 and x86-64/AMD64, presents challenges. I’ve encountered the clash between my Mac’s M1 arm64 architecture and my x86-centric server workloads. The solution? Just use DOCKER_DEFAULT_PLATFORM 1 2. Just run in the terminal: Enforce platform for all commands export DOCKER_DEFAULT_PLATFORM=linux/amd64 With this command, Docker enforces x86 architecture by default on commands supporting --platform parameter, streamlining workflows and sparing the need for repetitive --platform specifications....

2024-02-06 · 1 min · timor
[Photo by Ann H](https://www.pexels.com/photo/blue-tape-measure-on-yellow-surface-10894941/)

Checking compressed size of Docker image

One day, I was looking for some gains to improve the startup time for Jenkins agents. We run them as containers and because images are quite big, I was thinking about cutting the size, by cutting less frequently used features. I was looking for the metrics I could use to decide which changes are most valuable. I could think about two: download time and startup time. Together they combine to the gap between the request to start agent and the moment you can start to use it....

2024-01-24 · 2 min · timor
[Photo by RealToughCandy.com from Pexels](https://www.pexels.com/photo/a-person-holing-a-sticker-in-close-up-photography-11035380/)

The best way to get NVM working in CI/CD systems

TL;DR While reasoning is important, readers may not be interested in all the frustrations I experienced while figuring out how to get things done. If you’re looking for a quick solution, skip to the “What eventually worked?” section. However, if you’re interested in the thought process behind the solution, keep reading. Why? Some might bother why the hell I’d like to make my life so hard? 🤣 I’m supporting organization with thousands of projects....

2023-04-25 · 9 min · timor
[Photo by Lu Li from Pexels](https://www.pexels.com/photo/men-in-horses-raising-cattles-8916937/)

Change configuration of Docker daemon in Rancher Desktop

I switched recently from Docker Desktop on my MacBook to Rancher Desktop. The most important reason for me to do it, was possibility to gently switch between docker and containerd runtimes. There’s still one feature that I miss on Rancher Desktop - possibility to change Docker daemon configuration. I used to enable experimental features1 and BuildKit2. Sadly, there’s no easy way to do it on Rancher… But there’s a magical way3....

2023-03-23 · 1 min · timor
[Photo by Ghasiq Anjum from Pexels](https://www.pexels.com/photo/metal-trash-bin-on-the-side-of-the-street-12841982/)

Best practices for writing Dockerfiles - Use VOLUME for all mutable, temporary file locations

IMO people don’t understand how VOLUME1 works so they don’t use it. It’s generally used far too rarely! In short VOLUME means two things: Whatever is left in directory marked as VOLUME, stays there and can’t be changed in later layers (actually it can be changed but changes won’t be persistent). Volumes are not part of layered image FS. They’re mounted as anonymous volumes located on standard file system. This means they’re working much faster....

2022-09-12 · 2 min · timor
[Photo by Tom Fisk from Pexels](https://www.pexels.com/photo/birds-eye-view-photo-of-freight-containers-2226458/)

Best practices for writing Dockerfiles - Use .dockerignore

People often complain, that building Docker image takes a long time. “I just added a single jar package” they say… Really? They often don’t remember that whole “build context”1 is uploaded to Docker daemon during build, which often means they’re not only adding “single jar”, but also all sources, test results and whatever they have in working directory. Solution is simple - to use .dockerignore file2. Syntax is similar to ....

2022-09-11 · 1 min · timor
[Photo by Tom Fisk from Pexels](https://www.pexels.com/photo/top-view-photography-of-cargo-ship-with-intermodal-containers-3057963/)

Dockerfile writing best practices

I’ve been thinking for a long time about writing set of articles on the topic of: “Dockerfile writing best practices”. As it’s often my daily job to prepare best in class containers, that are later used by thousands of company’s applications, I have quite good insights on the topic. Some experience and knowledge gathered is often against intuition and building it took me a while. I want to share it, with a hope that feedback I get will allow me to excel on the topic even further....

2022-09-10 · 2 min · timor
Devoxx 2022

Back on the big stage!

I’m back on the big stage! I haven’t attend any big conferences as presenter for some time, but this year will change it. I’m starting big, with a talk: Docker base images - Ideas how to manage them on scale on Devoxx conference in Kraków, that will take place on 22-24th June 2022. Want to meet? Meet there 😄 Update I uploaded slides from presentation to my Github account. There’s also a video available:

2022-06-13 · 1 min · timor

Official CentOS 8 Stream Docker image finally available!

Finally, they’re available! Wait a moment.. Actually they’re available for few months, just nobody published information about moving them to quay.io and dropped poor guys using hub.docker.com without any updates! Yes, that how they did! I found new place accidentally, reading some news about CentOS Stream 9 on their blog. There was reference to CentOS 9 Stream dev builds of Docker images and I found “missing” stream and stream8 tags too....

2021-07-25 · 2 min · timor