BoxBoat Blog

Service updates, customer stories, and tips and tricks for effective DevOps

Author: Brandon Mitchell

Using Containers to Reduce Your Exposure to Meltdown and Spectre

Using Containers to Reduce Your Exposure to Meltdown and Spectre

by Brandon Mitchell | Friday, Jan 5, 2018 | Docker

The release of Meltdown and Spectre has got IT departments everywhere scrambling, and for good reason. If you are running on an Intel, AMD, or ARM platform, data you expected to be secure can now be exposed by a malicious application. Eliminating the risk from untrusted code getting privileged access is going to take some workarounds in the OS kernel and ultimately updates from the CPU vendors. Until then, since containers run with a shared OS kernel, it is a best practice to segregate workloads of different trust levels onto separate VMs, if not completely separate hardware.

Managing Multiple Microservices with Traefik in Docker Swarm

Managing Multiple Microservices with Traefik in Docker Swarm

by Brandon Mitchell | Tuesday, Oct 10, 2017 | Docker

Docker’s Swarm Mode is a great way to run web applications in a highly available distributed environment. Docker provides that high availability with a quorum of managers and multiple instances of the application container distributed across the workers. With the application being distributed across the workers, you have a new challenge of how to know which node to contact to reach your application. Docker has solved that with it’s ingress network that publishes the port for your application across every node and then automatically routes your request to a container in the swarm providing that service, even if it’s on another node.

What’s New in Docker 17.06

What’s New in Docker 17.06

by Brandon Mitchell | Wednesday, Jun 28, 2017 | Docker

Docker recently released 17.06.0-ce, their latest stable release for the community edition. Full release notes are available at https://github.com/docker/docker-ce/releases/tag/v17.06.0-ce. Here are some of the highlights from this release: Version 1 Registries Are Deprecated If you use a 3rd party registry with docker, you’ll need to make sure it supports the version 2 protocol. If not, you can reenable version 1 support with --disable-legacy-registry=false but expect version 1 support to be completely removed in the 17.

The Moby Inception

The Moby Inception

by Brandon Mitchell | Friday, May 12, 2017 | Docker

[ Note, this is a follow up to our earlier blog post about the Moby Project. Check that one out for a less developer oriented take on the Moby project. ] The announcement of Moby Project at DockerCon 2017 left many confused. My own take is that it’s confusing because it means at least three different things depending on what piece you are talking about: The Moby Project which is Docker’s upstream development that’s open to the community.

Volumes and Dockerfiles Don’t Mix

Volumes and Dockerfiles Don’t Mix

by Brandon Mitchell | Monday, Jan 23, 2017 | Docker

Volumes with Docker are a popular topic, particularly on the forums and Q&A sites I watch. From there I’ve seen confusion because of the multiple ways to create a volume. From these interactions, I’ve come away with a best practice of my own: Don’t Create Volumes Inside a Dockerfile When creating an image, specifying your volumes in the image seems like a basic step that better defines how your image should be used.

  Page 1 of 3   Older Posts