What are the differences between DockerHub and GitHub? Can DockerHub replace GitHub or is it only for the Images? If yes, how it is different from Nexus and other binary management tools?
Smells like homework :)
They're entirely though for different purposes. GitHub is mainly though for code management, and DockerHub is though for container build, management and distribution (although not very reliable at the moment).
GitHub, indeed, went ahead of that mainly purpose of code management and now offers plenty of interesting features, but it will never be able to substitute DockerHub.
Regarding the opposite (DockerHub replacing GitHub), it is not possible at all because of the previously explained purposes. Perhaps you are thinking about some specific feature both offer, but at the moment it's definitely not something that is going to happen.
There are alternatives to DockerHub for container images distribution and building, and, by experience, far better. The only thing that makes DockerHub interesting at the moment is that it's the simplest and more intuitive platform for managing the whole process of distributing an image. Also, it's managed by Docker inc. itself, so everyone has to deal with it, tangentially or not.
If you feel like I did not get your point, feel free to comment and i'll edit this post!
See ya through the interwebz
Related
I'm trying to create an assignment for students to do that contains the following :
A docker image with issues that have to be scanned and remedied. (using an opensource scanner in kubernetes)
(Maybe) A sample attack scenario that can exploit those vulnerabilities.
The problem arises when I try to find a suitable vulnerable image or create one. I cannot find a base of security issues at all. I really bend my back thinking of a suitable phrase in Google but everything leads merely to some blog posts about how-to scan an image.
I expected a database that might contain multiple sec issues and what causes them. I'd also expect some way to discern which are the most popular ones.
Do you have the source I require ?
Maybe you can just offer me 3-4 common security issues that are good to know and educational when having your first brush with docker ? (And how to create those issues ?)
The whole situation would have been probably easier if I myself would have been an expert in the field, but the thing I do is also my assignment as a student. (So as students we design assignments for each other. )
Looks like you are looking for the Container security hardening and Kubernetes security options maybe.
You can use some tools like
kubesec - Security risk analysis for Kubernetes resources
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open-source packages
Trivy - vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
If you are looking for some questions you can set like, this is CKS (Certified Kubernetes Security) exam question
There are a number of pods/container running in the "spectacle" namespace.
Identify and delete the pods which have CRITICAL vulnerabilities.
For this trivy opensource tools comes into the picture to scan the image that you will be using in the deployment of Kubernetes or docker
trivy image --severity CRITICAL nginx:1.16 (Image running in container)
List of few questions you can create lab out of it : https://github.com/moabukar/CKS-Exercises-Certified-Kubernetes-Security-Specialist/tree/main/7-mock-exam-questions
Iām just browsing through the docs+code and I have a quick question: do you see Wolkenkit, or any of its components, working in a serverless environment? either now or in the future
Short answer
Unfortunately no.
Long answer
Unfortunately no, if we are talking about now. wolkenkit is very strict in separating your domain code from the technical infrastructure code that is required to run your domain code. Right now this technical infrastructure code is focused on making use of Docker containers, as this allows you to work not only in the cloud, but also locally, or in a classic data-center, or ā¦ you name it š
Of course it would be technically feasible and reasonable, to have another type of runtime in the future, that does not make use of Docker containers, but instead would work with some kind of FaaS solution. As the native web (the company behind wolkenkit) is a small company, we need to decide what to focus on, and unfortunately, at least right now this is not on the roadmap for the close future. I do not say that this will never be done ā it just will take time. Maybe also someone else comes up with such a runtime and enhances the wolkenkit ecosystem.
So, to cut a long story short, if now, then the answer is no. If we're talking about the future, the answer is possible, but without an ETA.
PS: I am one of the developers of wolkenkit, so please take my answer with a grain of salt.
Want to know if waeve products are in sync with what docker is to offer.
Should i go with Native networking of Docker or with weave or both; (given that the docker networking space is constantly changing)
Please let me know the tradeoffs.
Weaveworks products are continuously improved to work with bleeding edge versions of Docker and Kubernetes, as per the various GitHub repositories.
Your question about "native Docker network" vs. "Weave Net" is a rather broad, and for it to be answered properly, you would need to share more details about what you want to achieve exactly.
Feel free to detail your use case here so that the community can benefit from it, or if you do not want to do so publicly, to reach out to someone from Weaveworks on Slack.
Finally, this spreadsheet was shared at some point on Kubernetes' Slack and attempts to give an overview of various container networking solutions, so this may be relevant.
However, beware potentially out-of-date information, keep in mind the "devil is in the details" so the reality may not be as simple as it would seem according to this document. All available solutions will have pros and cons, but will also be more suitable for some use-cases than others, so always, it is a question of trade-offs and YMMV.
I hope this helps.
Why should I consider using Rocket instead of Docker in our development pipeline. We would like to use docker to create testable containers, but now there is Rocket which pretends to know the same. If we would like to start containerization should we seriously consider Rocket as it seems it is still pretty new?
There is not much information about Rocket, so I'm no clear where it stays now in 2015.
UPDATE: from https://coreos.com/blog/app-container-and-the-open-container-project/
As we participate in OCP, our primary goals are as follows:
Users should be able to package their application once and have it work with any container runtime (like Docker, rkt, Kurma, or Jetpack)
The standard should fulfill the requirements of the most rigorous security and production environments
The standard should be vendor neutral and developed in the open
Rocket is officially dead: https://github.com/rkt/rkt/issues/4024
After acquisition by Red Hot new owner concentrates efforts on https://podman.io/
podman provides rootless containers. Something that Docker strove to get for a long time (according to the below comment, they finally managed).
As with most competitors both have their advantage and disandvantages.
Docker hub offers a public registry where docker images can be pushed and pulled with ease.
There is also now a free registry offered by GitLab! Its really good.
A core issue at the moment is security. Docker now scan their images for security flaws and report on the security status of each image.
With rocket image signatures are cross checked with the signature of the publisher to see if they have been tampered with. This affords a degree of confidence.
For a fuller discussion on security see https://bobcares.com/blog/docker-vs-rkt-rocket/
With regards standards, it seems that OCI (Open Container Initiative) has been adopted by the big players and will pave the way forward for containerisation standatisation.
Below is one example of several I've found recently.
$bower search angular-ui-bootstrap
Search results:
angular-ui-bootstrap git://github.com/angular-ui/bootstrap.git
angular-ui-bootstrap-bower git://github.com/angular-ui/bootstrap-bower
angular-ui-bootstrap3 git://github.com/kkruit/angular-ui-bootstrap3-bower.git
angular-ui-bootstrap-complete git://github.com/datapad/bower-angular-ui-bootstrap-complete.git
The first entry seems to be the "official" bower repo with documentation and a license file, while the others appear to be someone's personal repo that contains some parts of the "official" repo minus the license, readme, documentation, etc...
The last one appears to be some shell script that operates on an "official" repo clone.
If people want to do this for themselves, I don't really care, but how does crap like this end up in the bower list? When I do a bower search, I'd like to find a pretty clear winner, but as it is I have to go digging thru which of these entries is the right one, and in the current case of Bootstrap 2/3 changeover it requires even more scrutiny.
The whole point of yeoman and bower is to make it easier to get things up and running quicker, but the pool of bower repos is polluted such that the signal to noise ratio is far to the right and into the noise category. Is there no requirement imposed on those that create bower repos?
Is there some reason this is being done?
Is there some reason this is being done?
Repos like Bower are self managed by the community, that's the only way you can provide a free service like that at scale, but each of those repos serves a role, if only for one person because if someone wants to register their package they can do so.
Perhaps most importantly I don't think Bower is positioned as a discovery tool, but a deployment tool first, which grants a level of discovery as a bonus but the main focus is on providing a consistent way to roll out packages, so in time I'm sure the additional features will mature too, but right now it's still early days and the project acknowledges that looking over the info at http://bower.io
With this specific case, the two official repos serve two purposes:
angular-ui-bootstrap Gives you everything, which you need if you want to modify template files or need just subsets of the code.
angular-ui-bootstrap-bower Gives you just the specific files you need to run everything as is, without any manual steps.
So there's a bit of a choice, and it might not be as clear as it could be, but that's the solution several repos I've seen have started to adopt. If you browse the search online, you also get the addition of download counts and github repo stars which gives a clear indication of which of the choices is most popular.
I totally agree it can be a pain, but I don't see any alternative that can scale as a community based project, but I'm sure in time people will get better at preparing their packages for distribution and take more consideration in the early design phases to facilitate that more cleanly.