Install Helm on Mac Kubernetes
This article is the steps required to install and initialize Helm on a Mac running macOS Mojave or High Sierra
Docker
【Docker + SELinux】 SELinux basics knowledge
SELinux (Secure Enhanced Linux) security enhanced Linux is a brand-new Linux security strategy mechanism developed by the US National Security Agency (NSA) for the security of computer infrastructure. SELinux can allow system administrators to define security policies more flexibly
Jenkins + Git + Docker automated deployment of JAVA projects
Development upload code through git push, with the cooperation of Git and Jenkins, program deployment and release are automatically completed, without the participation of operation and maintenance personnel throughout the process
【Docker + Selinux】 Can't Open / Permission denied
The main solution is how to configure `docker` security in the environment where `selinux` is turned on, as well as common error solutions. It is not blindly `chmod -R 777`,`--privileged=true`,`setenforce 0` , But focus on using the `selinux` security strategy
Build Go Dockerfile
Every time I start a new Go project, I repeat many steps. Like setting up .gitignore, CI configuration, Dockerfile,...so I decided to have a baseline Dockerfile like this
Docker commit saves data in the MySQL image
By default, when docker commits, MySQL data will bypass the file system of the container and will not commit to the image. Normally, MySQL data will not be retained in the image and uploaded to the hub, which has involved data leakage. An alternative method is to start the container initialization data through 'docker entrypoint initdb. D'
Vulnerability scanning of Docker images
Even if you have strong host-level security, infected containers can give attackers a foothold in your system. You can reduce this risk by using Docker Bench and active container vulnerability scanners such as Docker scan (snyk), Grype, Trivy, and Clair. These will help you identify issues in the container, such as outdated dependencies that may be exploited.
Docker limits container resource CPU usage
By default, the host CPU resources that the container can use are unlimited. Like the use of memory resources, if the CPU resources that can be used by the container are not limited, once the program in the container abnormally uses the CPU, it is likely to exhaust the CPU resources of the entire host, leading to greater disasters
Kubernetes creates a private Docker registry
The private Docker Registry simplifies managing your application deployment in Kubernetes. Read my tutorial and set up your own private Docker Registry in minutes
Docker artifact Compose Generator
Compose Generator is a command line tool that can help you set up a Docker project as quickly as possible. The command line interface (cli) acts as an assistant for common Docker tasks