7 articles
Compare serverless (Lambda, Cloud Run) and containers (ECS, EKS, Fargate) on cold starts, pricing, scaling, vendor lock-in, and local development. Learn when to use each compute model.
End-to-end guide to deploying ML models -- from ONNX export and FastAPI serving to Kubernetes GPU workloads, canary deployments, and Prometheus monitoring.
Understand the Linux kernel features behind containers. Learn namespaces for PID, network, and mount isolation, cgroups for CPU and memory limits, and how to build a container by hand with unshare and nsenter.
Container images carry hundreds of dependencies you didn't write. Learn how to scan them with Trivy, Grype, Snyk, and Docker Scout, manage false positives, choose minimal base images, and automate dependency updates.
Harden Docker containers with minimal base images, non-root users, dropped capabilities, read-only filesystems, CVE scanning in CI, and Kubernetes Pod Security Standards.
Build in one stage, copy to a minimal runtime image. Practical multi-stage Dockerfile examples for Go, Node.js, and Python that cut image sizes by 10x or more.
Understand Docker's four network drivers -- bridge, host, overlay, and none. Learn how container DNS resolution works, when to use each driver, and how port mapping actually functions.
New articles delivered to your inbox. No spam.