docker
watch -n2 'docker ps --format=json --no-trunc | jq "select(.Image|startswith(\"dast.\")) | .ID,.Mounts"'
docker images --format json | jq -scr '.[] | select (.Repository=="python") | .Repository+":"+.Tag'
some refs:
- multi services https://docs.docker.com/config/containers/multi-service_container/#use-a-process-manager
tuning
Allocate IP pools
/etc/docker/daemon.json
... "bip": "10.216.0.1/17", "fixed-cidr": "10.216.0.1/17", "default-address-pools": [ {"base": "10.216.128.0/17", "size": 24} ], ...
Enable userns-remap:
/etc/docker/daemon.json
"userns-remap": "default"
/etc/subuid, /etc/subgid
dockremap:231072:65536
When the process in the container should control other containers:
ls -l /var/run/docker*.sock
srw-rw---- 1 231072 231072 0 ... /var/run/docker_alt.sock srw-rw---- 1 root docker 0 ... /var/run/docker.sock
"hosts": ["unix:///var/run/docker.sock", "unix:///var/run/docker_alt.sock"]
в /etc/docker/daemon.jsonExecStartPost=chown 231072:231072 /var/run/docker_alt.sock
в /etc/systemd/system/docker.service.d/override.conf