Iduoad's links

  • tags
  • sites
  • github
  • Treating containers like VMs: Containers are processes (don’t ssh into them), they are stateless and ephemeral (don’t store thing inside), and intended to run one process at a time.
  • Images should be transparent: images build should be reproducible and should not depend on the state of the build environnement.
  • No side effets ! Images should build on Read-on mode. they should not tinker with external state. (reproducible builds)
  • Prod images should contain the compiled code and the runtime, nothing else.
  • All stage images should look the same.
  • Use Container registry as a source of truth for images. Never build images in prod machines. Always build somewhere else and push to the registry.
  • Also don’t depend on git hashes, container images should be the new language between devs and ops
  • Secrets and Configs should be fetched during runtime instead of build time (ConfigMaps, Consul, Vault …)
  • Dockerfiles should not do too much: Multistage builds are a good solution.
look ma, a footer