Lead Image © Sergey Nivens, 123RF.com
Troubleshooting Kubernetes and Docker with a SuperContainer
Super Powers
We're often advised that containers should be as small as possible. Containers are designed for microservices – the decoupling of components into small, manageable applications. And by applications I mean processes . In other words, your containers should run one main process with a few supporting child processes to assist the parent on its travels.
A smaller container means better security, with less code, fewer packages, and a smaller attack surface. From a performance perspective, large, bloated, and unwieldy images lead to slower execution times. Another issue is image registry costs. If developers are frequently altering chunky binaries within their builds, which don't get absorbed into the sophisticated image layering process (designed to save only differences or diffs between the last saved version of an image and the newly pushed image), then with each subsequent tag update, you can increase an image's size by another couple of hundred megabytes per push without much effort. That might sound trivial, but what about hundreds of developers pushing to a registry several times a day? Cloud storage costs soon add up.
But what happens when you try to troubleshoot the container using your favorite admin tools? In this article I'm going to help you create what I'll call a SuperContainer. The following approach suits both Kubernetes pods running the Docker run time and, indeed, straightforward Docker containers.
The concept of this powerful container was inspired by the ideas of others. The idea for SuperContainers comes from a well-written blog post by Justin Garrison [1], who in turn attributes the mechanics to the frighteningly clever Justin McCormack [2] of Docker and LinuxKit fame. In this case, I'm using Docker as an example container run time for a SuperContainer. If you use this approach with Kubernetes, a good
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Docker image security analysis
Up your security by determining the provenance of a container image. -
Securing containers with Anchore
Anchore produces a detailed analysis of your container images for known vulnerabilities in your application and operating system packages. -
Minifying container images with DockerSlim
DockerSlim minifies your Docker container images up to 30x and adds security, too. -
Keeping the software in Docker containers up to date
Docker has radically changed the way admins roll out their software in many companies. However, regular updates are still needed. How does this work most effectively with containers? -
Build and host Docker images
When facing the challenge of packaging your application in a container, take into account your needs in terms of handling and security and investigate sensible options for hosting your own registry.