Adrian Mouat

Adrian Mouat

Blog Posts

Running a Secure Registry on Kubernetes

Dec 9, 2016 by Adrian Mouat

Once your shiny new Kubernetes cluster is up-and-running, one of the first things you'll want to add is a local registry for storing private images. This is typically achieved using the official Kubernetes registry addon. Unfortunately, the official addon has a few shortcomings, especially with regards to security. In this post, I'll describe these shortcomings, how they can be addressed, and point to a tool we've built that can help when.

Read article »

Adding Self-signed Registry Certs to Docker & Docker for Mac

Nov 30, 2016 by Adrian Mouat

The Docker registry image has over 10 million pulls on Docker Hub, so it's safe to say that a lot of people out there are making use of it. When running a registry, it's essential to make sure your clients can access it easily and securely. If your registry isn't running on a public domain, you're probably using a self-signed certificate for this purpose. This post will look into some of the issues around accessing registries with self-signed.

Read article »

All Hail the New Docker Swarm

Jun 20, 2016 by Adrian Mouat

Unfortunately, I'm not able to attend DockerCon US this year, but I will be keeping up with the announcements. As part of the Docker Captains program, I was given a preview of Docker 1.12 including the new Swarm integration which is Docker's native clustering/orchestration solution (also known as SwarmKit, but that's really the repo/library name). And it's certainly a big change. In this post I'll try to highlight the changes and why they're.

Read article »

Using binpack with Docker Swarm

Dec 22, 2015 by Adrian Mouat

Docker Swarm - Docker's native clustering solution - ships with two main scheduling strategies, spread and binpack. The spread strategy will attempt to spread containers evenly across hosts, whereas the binpack strategy will place containers on the most-loaded host that still has enough resources to run the given containers. The advantage of spread is that should a host go down, the number of affected containers is minimized. The advantages.

Read article »

Running Docker Containers with Systemd

Apr 13, 2015 by Adrian Mouat

You can get by running Docker containers with shell scripts, or with Docker Compose (if you don't mind ignoring the "don't use in production" warnings), but for some use cases, it's preferable to take advantage of the host init system/process manager. It seems that every major distro is moving to systemd these days, so that's what I'll look at in this post.

Read article »