Container image vulnerabilities in production are a silent time bomb. Learn how to secure your AKS deployments with image scanning, registry policies, and hardening practices.
https://daily-devops.net/posts/container-registry-image-security-aks/
#azure #kubernetes #security #docker #devops
They Said Self-Hosting Was Hard!
https://tilvids.com/w/6zE2BMnB363p1pJmWxcaYH
Handy little thing to make a note of for #NodeJS fans on the #ARM platform.
So in NodeJS v24, official builds for ARMv7 (32-bit ARM) are being dropped, going forward they'll only officially build for AMD64 (aka x86-64), ARM64 (aka aarch64) and a few other platforms.
At work, we have a _lot_ of Kunbus Revolution Pis that were deployed with a 32-bit OS. Some are Raspberry Pi CM4S-based, and run an `aarch64` kernel with a `armv7` userland, but many are CM3-based, with a 32-bit kernel to boot.
`aarch64` NodeJS might work on the former, but just won't work on the latter.
We use the #AlpineLinux-based official NodeJS #Docker containers for their size. Obviously, we can't do that on ARMv7 anymore, so what's the solution?
Turns out, AlpineLinux ships `nodejs` version 24 in their package repositories, for `armv7` and lots of other platforms that NodeJS officially doesn't build for.
A workable Dockerfile is as simple as:
```
FROM alpine:3.23.3 as nodejs
RUN apk add --no-cache nodejs npm
FROM nodejs AS build
RUN … your usual build steps installing compilers and whatever else you need…
FROM nodejs AS release
COPY --from=build /path/in/src /path/in/dest
```
That makes a compact but workable image containing NodeJS v24, on ARMv7 or anything else you might need.
Why this pattern? By adding the `apk add` step you create a minimal container that _just_ contains NodeJS and npm, nothing else. In the second step, you can install build dependencies you might need, compilers, etc… build extension modules… then in the third, you copy out the compiled `node_modules` and your application into the container you release.
This keeps things small and efficient. (Well, relatively efficient anyway.)
Minko Gechev (@mgechev)
AI 에이전트 스킬을 위한 '유닛 테스트' 개념의 Skill Eval이 소개되었습니다. Docker로 격리된 벤치마크와 결정론적 검사 및 LLM 기반 채점이 결합되어 에이전트 스킬의 회귀를 사전에 잡아내도록 설계되었습니다.
https://x.com/mgechev/status/2029214837255913727
#skilleval #benchmarking #docker #agent #evaluation
Choosing the best way to run LLMs locally? Compare Ollama, vLLM, LM Studio, LocalAI and 8+ tools by API support, hardware compatibility, tool calling, and production readiness.
#LLM #AI #Ollama #vllm #Privacy #Open Source #Self-Hosting #Docker #API #Machine Learning #RAG
Running containers as root in production? 😬 Luke walks through a complete container security hardening checklist for #dotnet on Azure Container Apps—from build to runtime policy.
https://luke.geek.nz/azure/container-security-hardening-checklist/
#azure #security #docker #devops
Lazy Docker Simplifies Container Management Through Terminal Interface
Lazy Docker is a new tool that simplifies managing Docker containers using a simple terminal interface. Learn how it helps users.
#LazyDocker, #Docker, #ContainerManagement, #DevOps, #Terminal
https://newsletter.tf/lazy-docker-terminal-container-management/
When a container fails, the first place most teams look is docker logs.
But Docker logs alone can leave important blind spots around security, performance, and infrastructure context.
Our latest blog explains:
• What Docker logs capture
• Key commands every team should know
• Where Docker logging falls short
• Best practices for centralized log management
Read more:
https://graylog.org/post/centralizing-docker-logs-for-observability-and-security
#Docker #DevOps #Logging #Observability #Security
Learn what Docker logs capture, their limitations, and best practices for centralizing and analyzing them for better observability and security.
Read the blog:
graylog.org/post/central...
#Docker #DevOps #Observability
Centralizing Docker Logs for O...
Managing Docker containers is now easier with Lazy Docker, a new tool that gives you a dashboard right in your terminal. This is a big help for many users.
#LazyDocker, #Docker, #ContainerManagement, #DevOps, #Terminal
https://newsletter.tf/lazy-docker-terminal-container-management/
Ich habe mir jetzt mal in meinem #Nextcloud #Docker Container zusätzlich noch #Redis installiert. Denn ich hatte die letzten Tage das Gefühl, dass in meinem #NAS ein wildes Tier sitzt und ein bis zwei Stunden am Tag neue Rillen in die Platte fräst