Using k8s kind "rootlessly" without Docker

So you probably already heard the news Docker Desktop is no longer free. While this mostly affect macOS and Windows users and I use Pop!_OS, I still would like to see if we can get by without Docker at all. I’ve been using nerdctl for quite awhile now and while nerdctl mostly fill my needs for docker CLI, I “kinda” need kind CLI to create test cluster for testing purpose. However kind still needs docker.

Docker Containers on the Desktop

Great idea. I never thought of Docker containers this way because I totally forgot that I can always mount the config to the container. This totally changes my dev environment setup. $ docker run -it \ -v /etc/localtime:/etc/localtime \ -v $HOME/.irssi:/home/user/.irssi \ # mounts irssi config in container --read-only \ # cool new feature in 1.5 --name irssi \ jess/irssi

Minimal Node.js docker container

Bitnami recently releases a prod version of their bitnami-docker-node with much smaller size due to stripping a bunch of unncessary stuff for runtime. If your app does not require compiling native modules, you can use it as is. No changes required. However, if you do need to compile native modules, you can still use their development image as builder and copy stuff over to prod image after. I try with one of my app and the final image size reduce from 333 MB down to just 56 MB 💪 !

Non-privileged containers FTW

FROM ubuntu:latest RUN useradd -u 10001 scratchuser FROM scratch COPY dosomething /dosomething COPY --from=0 /etc/passwd /etc/passwd USER scratchuser ENTRYPOINT ["/dosomething"] Quite innovative use of multi stage docker build. Of course, you can create a passwd file yourself but this one seems much rather interesting.

node-pre-gyp and CI

Note to self: When developing new feature for Node.js native module and using node-pre-gyp, make sure you pump version higher so that node-pre-gyp will not pull the prebuilt binary.

minideb - a small base image based on Debian

Selling points: Small The image is based on glibc for wide compatibility Using apt package manager for access to large number of packages Quicker security updates Even though there are many complaints about glibc, it’s still very widely-adopted. I would hate to debug building libraries with musl-libc. It’s just not worth it.

Using alpine as base Docker image

I recently updated all of my personal Dockerfiles that I have for multiple purposes to use alpine as base image. Prior this, I just use ubuntu as the base image and don’t have much care about built-images size. However, using Kubernetes, having small images size can make rolling out update speed much faster. Some tips for reducing Docker image size that I found during my research: Using smaller base image (alpine, busybox, etc.