35 articles
Benchmarked comparison of rootful and rootless Docker covering startup time, storage I/O, networking overhead, and container density, plus rootless Podman as an alternative for security-sensitive production workloads.
Pi-hole bare metal serves DNS at 0.4ms vs Docker bridge at 0.6ms. With host network mode the gap nearly closes. Picks for Pi 5, mini-PCs, and homelab stacks.
Real benchmarks of Docker Swarm overhead vs bare metal covering CPU, memory, disk I/O, overlay vs host networking latency, routing mesh, cold start speed vs Kubernetes, and production tuning recommendations.
End-to-end guide to deploying ML models -- from ONNX export and FastAPI serving to Kubernetes GPU workloads, canary deployments, and Prometheus monitoring.
Understand the Linux kernel features behind containers. Learn namespaces for PID, network, and mount isolation, cgroups for CPU and memory limits, and how to build a container by hand with unshare and nsenter.
Container images carry hundreds of dependencies you didn't write. Learn how to scan them with Trivy, Grype, Snyk, and Docker Scout, manage false positives, choose minimal base images, and automate dependency updates.
Harden Docker containers with minimal base images, non-root users, dropped capabilities, read-only filesystems, CVE scanning in CI, and Kubernetes Pod Security Standards.
Build in one stage, copy to a minimal runtime image. Practical multi-stage Dockerfile examples for Go, Node.js, and Python that cut image sizes by 10x or more.
Understand Docker's four network drivers -- bridge, host, overlay, and none. Learn how container DNS resolution works, when to use each driver, and how port mapping actually functions.
New articles delivered to your inbox. No spam.