Docker

Docker Model Runner and Open WebUI: Local AI Infrastructure That DevOps Teams Can Actually Operate

Local AI stopped being a weekend toy when developer workstations started handling private code, tickets, logs, and architecture notes. Docker Model Runner plus Open WebUI is interesting because it wraps...

Cleber Rodrigues

Kubernetes v1.36 User Namespaces GA: Rootless Isolation That Actually Changes Risk

Kubernetes v1.36 promotes User Namespaces to GA, and the important field is only two words: hostUsers: false. That setting lets a pod run with user namespace isolation so UID 0...

Cleber Rodrigues

Docker Hub KICS and Trivy Compromise: CI/CD Supply-Chain Response Playbook

On April 23, 2026, Docker published details on two Docker Hub supply-chain compromises that hit common security scanners: Trivy first, then Checkmarx KICS. The KICS incident was especially uncomfortable for...

Cleber Rodrigues

Docker Hardened Images in 2026: What They Solve, What They Don’t, and How to Roll Them Out

Docker’s April 14, 2026 update on Hardened Images included a few numbers that are hard to ignore: more than 500,000 daily pulls, more than 25,000 continuously patched OS-level artifacts, and...

Cleber Rodrigues

Amazon ECR Pull Through Cache: Referrer Discovery and Sync

Image supply-chain security usually breaks in the dullest place possible: the registry stores the image, but the signature or SBOM lives somewhere else. Amazon ECR fixed that split in April...

Cleber Rodrigues

Docker Sandboxes and MicroVMs: A Practical Security Model for Local AI and Untrusted Code

Docker’s March 2026 security push is not subtle. The company said over a quarter of production code is now AI-authored, and that developers using agents are merging roughly 60% more...

Cleber Rodrigues

MiniStack: LocalStack Went Paid, Here Is the Free Replacement

LocalStack built something genuinely useful. A local emulator for AWS services that let you test Lambdas, S3 buckets, SQS queues, and DynamoDB tables without touching a real AWS account. For...

Cleber Rodrigues

Docker Multi-Stage Builds: Smaller Images and Faster CI Pipelines

A Node.js application shipped as a Docker image with all development dependencies included: node_modules with Jest, ESLint, TypeScript compiler, and hundreds of transitive dev dependencies baked in. The image weighs...

Cleber Rodrigues

Docker in 2026: Containers, BuildKit, and the Modern OCI Ecosystem

Containers are not new anymore. Docker turned twelve this year, and the developers who once called it revolutionary now just call it Tuesday. Yet the fundamentals behind containers are more...

Cleber Rodrigues

How to Configure Docker Rotate Log on Amazon Linux 2

A growing e-commerce company needed to manage logs from its Docker containers on Amazon Linux 2. With thousands of orders processed daily, server logs grew quickly and became hard to...

Cleber Rodrigues

Deep Dive on Docker Compose – Deploying WordPress

Let’s talk about running multiple Docker containers together. Specifically, I’ll show you how to spin up a WordPress site with a database backing it, using Docker Compose.

Cleber Rodrigues

Spotify in Docker Container

I like keeping my system clean. Too many installed packages, too many dependencies I’ll never use again – that kind of thing bugs me. So when I realized I could...

Cleber Rodrigues

Archive of posts with category 'Docker'

Local AI stopped being a weekend toy when developer workstations started handling private code, tickets, logs, and architecture notes. Docker Model Runner plus Open WebUI is interesting because it wraps...

Kubernetes v1.36 promotes User Namespaces to GA, and the important field is only two words: hostUsers: false. That setting lets a pod run with user namespace isolation so UID 0...

On April 23, 2026, Docker published details on two Docker Hub supply-chain compromises that hit common security scanners: Trivy first, then Checkmarx KICS. The KICS incident was especially uncomfortable for...

Docker’s April 14, 2026 update on Hardened Images included a few numbers that are hard to ignore: more than 500,000 daily pulls, more than 25,000 continuously patched OS-level artifacts, and...

Image supply-chain security usually breaks in the dullest place possible: the registry stores the image, but the signature or SBOM lives somewhere else. Amazon ECR fixed that split in April...

Docker’s March 2026 security push is not subtle. The company said over a quarter of production code is now AI-authored, and that developers using agents are merging roughly 60% more...

LocalStack built something genuinely useful. A local emulator for AWS services that let you test Lambdas, S3 buckets, SQS queues, and DynamoDB tables without touching a real AWS account. For...

A Node.js application shipped as a Docker image with all development dependencies included: node_modules with Jest, ESLint, TypeScript compiler, and hundreds of transitive dev dependencies baked in. The image weighs...

Containers are not new anymore. Docker turned twelve this year, and the developers who once called it revolutionary now just call it Tuesday. Yet the fundamentals behind containers are more...

A growing e-commerce company needed to manage logs from its Docker containers on Amazon Linux 2. With thousands of orders processed daily, server logs grew quickly and became hard to...

Let’s talk about running multiple Docker containers together. Specifically, I’ll show you how to spin up a WordPress site with a database backing it, using Docker Compose.

I like keeping my system clean. Too many installed packages, too many dependencies I’ll never use again – that kind of thing bugs me. So when I realized I could...