This is just a quick blog post. I’ve seen a bunch of questions on docker-py’s issue tracker about how to extract a container image using docker-py and get_archive (a.k.a. docker export).

Keep reading

Keep reading

So I got asked about this topic after my DevConf 2016 talk: there is a solution available on internets which describes how one can use two dockerfiles to build an image. Whole article can be found here.

What I didn’t like about the solution is that the first image outputs whole build artifact as a tarball to standard output. To me that’s a bit hacky. Since docker 1.8 you can cp files and directories between containers and host. Let’s try to do that!

All of this is because of build secrets. It may happen that you need to authenticate with an external service when building a docker image. In order to do that, you need to have a secret available during build. That’s a problem. This key may leak into a final image (whether via docker history or will be available directly in some layer).

Here’s a solution!

Split your build process into two steps, each step represents its own dockerfile.

1. Authenticate with external service in order to fetch sources (use private SSH key to authenticate with GitHub so you can clone a repo) and build the project.

2. Get build artifacts from step 1 and install them.

Keep reading

After my yesterday talk at DevConf 2016 I got asked about some tips and tricks how to write Dockerfiles. I know we have plenty of resources for that in Red Hat, Fedora and Project Atomic. So, here we go!

Keep reading

Keep reading

I’ve just managed to dockerize chromium. The package itself is taken from spot’s copr repo. Jessie Frazelle’s blog post helped me a lot!

It looks like this:

Keep reading