1.1 The legacy container

Problem statement

• We are trying to run a container image with a legacy application
• The application is not cloud native (no logs to stdout)
• Application writes lots of files into the container
• The application fails on startup and the container
• May or may not have the Dockerfile

What we should know

• docker exec doesn’t work!
• docker run -it bash doesn’t work!
• A glimpse into container storage.

Solution

• docker commit to the rescue.

1.2 The minimalistic container

Problem statement

• We are trying to run our minimalistic image
• The application keeps failing for unknown network issues.
• The image has no utilities installed.
• No internet access.

What we should know

• Minimalistic images.
• Namespaces (Network namespace as an example)

Solution

• Using nsenter.

1.3 Batch workloads

Problem statement

• We need to run multiple tasks sequentially.
• We need to control the running order and report errors.

What we should know

• Docker Compose limitations

Solution

• docker wait and scripting.

1.4 Reporting and Documentation

Problem statement

• We need to run multiple tasks sequentially.
• We need to control the running order and report errors.

What we should know

• Docker Compose limitations

Solution

• docker wait and scripting.

2.1 Application backup

Problem statement

• We are running an application that needs special backup process.
• The required tools are not included in the container image.

What we should know

• We can backup the entire volumes from the host.

Solution

• --volumes-from and scripting.

2.2 Minimalistic application revisited

Problem statement

• We are trying to run our minimalistic image
• The application keeps failing for unknown network issues.
• The image has no utilities installed.
• No internet access.

Solution

• Mounting images into containers.

3.1 Forever failing builds

Problem statement

• We are trying to build an image from a Dockerfile
• A Build step keeps failing for unknown reasons

What we should know

• What do image builds work ?

Solution

• docker run

3.2 Generic Images

Problem statement

• We have to create a build image for other service teams.
• The service teams do not have expertise on our build process

What we should know

• What do image builds work ?

Solution

• ONBUILD

3.3 Control your builds

Problem statement

• How can we add conditionals and loops into our build ?
• How can we add complex logic to the build process.

What we should know

• How image builds work ?
• Buildah ?

Solution

• buildah + scripting

4. Container distribution

4.1 Proxy registries

Problem statement

• We are using images from public registries (or private - pulling over internet)
• We need to minimise the time we spend pulling the images.

Solution

• Pull-Through caching registry
• Offline Environment
• Skopeo sync

4.1 Copy images from anywhere to everywhere

Problem statement

• We need to copy images between to 2 registries

Solution

• skopeo copy
• It support lots of formats

5.1 Connect to that remote docker

Problem statement

• We need to deploy our apps to a distant docker daemon.
• The Dockerd is not exposed to internet

What we should know

• How do we connect to docker daemon ?

Solution

• -H ssh://
• docker context

6.1 From root to roots

Problem statement

• We need to run our container with the least privileges

What we should know

• Old vs New root.
• Capabilities.

Solution

• --cap-drop and --cap-add

6.2 Oh Docker! Why so evil ?

Problem statement

• We need to run Docker while staying safe.

What we should know

• What are the different container attacks.

Solution

• SeLinux to the rescue
• Always run docker rootless (if you can)