How a Terraform + Salt + Kubernetes GitOps infrastructure enabled a zero downtime hosting provider switch

The switch It has been a busy weekend: I switched the hosting provider of my whole cloud infrastructure from DigitalOcean to Hetzner. If you are reading this it means that the switch is completed and you are being served by the Hetzner cloud. The interesting fact about the switch is that I managed to complete … Continue reading How a Terraform + Salt + Kubernetes GitOps infrastructure enabled a zero downtime hosting provider switch

TLS-terminated Bitlbee with custom protocols

Five years ago I started a small GitHub project aimed to run Bitlbee seamlessly in a container. Why Bitlbee? Back in the day, I was relying heavily on IRC for my daily communications and the plethora of other protocols that were starting to get traction was too much: I wanted to have a bridge between … Continue reading TLS-terminated Bitlbee with custom protocols

Startup order in Docker containers

Motivation I recently dealt with an application that is comprised of multiple services running in containers. Even though every part of this application is correctly split into each separated microservice, the independence of each service is not enforced. This lack of independence has several drawbacks, one of which is that containers must be started by … Continue reading Startup order in Docker containers

Send an email from a Docker container through an external MTA with ssmtp

I packaged a standard application (think of it as a standard PHP or <insert your preferred framework here>) into a Docker container. So far, it was working flawlessly, but then a problem arose: send an email from the Docker container (the event is triggered within the container). As you may know, a good Docker container … Continue reading Send an email from a Docker container through an external MTA with ssmtp

Preventing Docker from manipulating iptables rules

By default, Docker manipulates iptables rules to provide network isolation: Chain FORWARD (policy DROP) target prot opt source destination DOCKER all — 0.0.0.0/0 0.0.0.0/0 […] Chain DOCKER (1 references) target prot opt source destination I don’t mind having my iptables rules for forwarding manipulated, but there is a caveat: when you expose a container (with … Continue reading Preventing Docker from manipulating iptables rules

Automatically update your Docker base images with watchtower

I’m an avid user of Docker containers, using base images pulled from the public registry DockedHub. As you may know, Docker containers are based on Docked base images, e.g. I run postgres containers that are based on Postgres base image. It occurs that base images could get updated by their respective author (in our case Postgres team) and pushed to DockerHub. … Continue reading Automatically update your Docker base images with watchtower

Reverse engineer a Docker run command from an existing container

During my usual backup routine, I wanted to gather how a Docker container I started a while ago was run, especially the docker run command; this is required in case I need to re-run that container and I want to preserve the options (e.g. env variables, ports, etc.). Let’s make an example. I run a … Continue reading Reverse engineer a Docker run command from an existing container

Playing with Docker: tips and tricks to write effective Dockerfiles

Recently I have been playing with Docker containers, and I am sure you already know what Docker is. In this post I will describe what I have learnt while using Docker containers and preparing Dockerfiles. What is Docker? In a few words: Docker is a software to manage and run Linux containers in which you … Continue reading Playing with Docker: tips and tricks to write effective Dockerfiles