<!-- CANARY: REQ=REQ-DOCS-001; FEATURE="Docs"; ASPECT=Documentation; STATUS=TESTED; OWNER=docs; UPDATED=2026-01-15 -->
<h2 id="container-technologies-for-geode" class="position-relative d-flex align-items-center group">
<span>Container Technologies for Geode</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="container-technologies-for-geode"
aria-haspopup="dialog"
aria-label="Share link: Container Technologies for Geode">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h2><div id="headingShareModal" class="heading-share-modal" role="dialog" aria-modal="true" aria-labelledby="headingShareTitle" hidden>
<div class="hsm-dialog" role="document">
<div class="hsm-header">
<h2 id="headingShareTitle" class="h6 mb-0 fw-bold">Share this section</h2>
<button type="button" class="hsm-close" aria-label="Close">
<i class="fa-solid fa-xmark"></i>
</button>
</div>
<div class="hsm-body">
<label for="headingShareInput" class="form-label small text-muted mb-1 text-uppercase fw-bold" style="font-size: 0.7rem; letter-spacing: 0.5px;">Permalink</label>
<div class="input-group mb-4 hsm-url-group">
<input id="headingShareInput" type="text" class="form-control font-monospace" readonly aria-readonly="true" style="font-size: 0.85rem;" />
<button class="btn btn-primary hsm-copy" type="button" aria-label="Copy" title="Copy">
<i class="fa-duotone fa-clipboard" aria-hidden="true"></i>
</button>
</div>
<div class="small fw-bold mb-2 text-muted text-uppercase" style="font-size: 0.7rem; letter-spacing: 0.5px;">Share via</div>
<div class="hsm-share-grid">
<a id="share-twitter" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-twitter me-2"></i>Twitter
</a>
<a id="share-linkedin" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-linkedin me-2"></i>LinkedIn
</a>
<a id="share-facebook" class="btn btn-outline-secondary w-100" target="_blank" rel="noopener noreferrer">
<i class="fa-brands fa-facebook me-2"></i>Facebook
</a>
</div>
</div>
</div>
</div>
<style>
.heading-share-modal {
position: fixed;
inset: 0;
display: flex;
justify-content: center;
align-items: center;
background: rgba(0, 0, 0, 0.6);
z-index: 1050;
padding: 1rem;
backdrop-filter: blur(4px);
-webkit-backdrop-filter: blur(4px);
}
.heading-share-modal[hidden] { display: none !important; }
.hsm-dialog {
max-width: 420px;
width: 100%;
background: var(--bs-body-bg, #fff);
color: var(--bs-body-color, #212529);
border: 1px solid var(--bs-border-color, rgba(0,0,0,0.1));
border-radius: 1rem;
box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25);
overflow: hidden;
animation: hsm-fade-in 0.2s ease-out;
}
@keyframes hsm-fade-in {
from { opacity: 0; transform: scale(0.95); }
to { opacity: 1; transform: scale(1); }
}
[data-bs-theme="dark"] .hsm-dialog {
background: #1e293b;
border-color: rgba(255,255,255,0.1);
color: #f8f9fa;
}
.hsm-header {
display: flex;
justify-content: space-between;
align-items: center;
padding: 1rem 1.5rem;
border-bottom: 1px solid var(--bs-border-color, rgba(0,0,0,0.1));
background: rgba(0,0,0,0.02);
}
[data-bs-theme="dark"] .hsm-header {
background: rgba(255,255,255,0.02);
border-color: rgba(255,255,255,0.1);
}
.hsm-close {
background: transparent;
border: none;
color: inherit;
opacity: 0.5;
padding: 0.25rem 0.5rem;
border-radius: 0.25rem;
font-size: 1.2rem;
line-height: 1;
transition: opacity 0.2s;
}
.hsm-close:hover {
opacity: 1;
}
.hsm-body {
padding: 1.5rem;
}
.hsm-url-group {
display: flex !important;
align-items: stretch;
}
.hsm-url-group .form-control {
flex: 1;
min-width: 0;
margin: 0;
background: var(--bs-secondary-bg, #f8f9fa);
border-color: var(--bs-border-color, #dee2e6);
border-top-right-radius: 0;
border-bottom-right-radius: 0;
height: 42px;
}
.hsm-url-group .btn {
flex: 0 0 auto;
margin: 0;
margin-left: -1px;
border-top-left-radius: 0;
border-bottom-left-radius: 0;
height: 42px;
display: flex;
align-items: center;
justify-content: center;
padding: 0 1.25rem;
z-index: 2;
}
[data-bs-theme="dark"] .hsm-url-group .form-control {
background: #0f172a;
border-color: #334155;
color: #e2e8f0;
}
.hsm-share-grid {
display: flex;
flex-direction: column;
gap: 0.5rem;
}
.hsm-share-grid .btn {
display: flex;
align-items: center;
justify-content: center;
font-size: 0.9rem;
padding: 0.6rem;
border-color: var(--bs-border-color);
width: 100%;
}
[data-bs-theme="dark"] .hsm-share-grid .btn {
color: #e2e8f0;
border-color: #475569;
}
[data-bs-theme="dark"] .hsm-share-grid .btn:hover {
background: #334155;
border-color: #cbd5e1;
}
</style>
<script>
(function(){
const modal = document.getElementById('headingShareModal');
if(!modal) return;
const input = modal.querySelector('#headingShareInput');
const copyBtn = modal.querySelector('.hsm-copy');
const twitter = modal.querySelector('#share-twitter');
const linkedin = modal.querySelector('#share-linkedin');
const facebook = modal.querySelector('#share-facebook');
const closeBtn = modal.querySelector('.hsm-close');
let lastFocus=null;
let trapBound=false;
function buildUrl(id){ return window.location.origin + window.location.pathname + '#' + id; }
function isOpen(){ return !modal.hasAttribute('hidden'); }
function hydrate(id){
const url=buildUrl(id);
input.value=url;
const enc=encodeURIComponent(url);
const text=encodeURIComponent(document.title);
if(twitter) twitter.href=`https://twitter.com/intent/tweet?url=${enc}&text=${text}`;
if(linkedin) linkedin.href=`https://www.linkedin.com/sharing/share-offsite/?url=${enc}`;
if(facebook) facebook.href=`https://www.facebook.com/sharer/sharer.php?u=${enc}`;
}
function openModal(id){
lastFocus=document.activeElement;
hydrate(id);
if(!isOpen()){
modal.removeAttribute('hidden');
}
requestAnimationFrame(()=>{ input.focus(); });
trapFocus();
}
function closeModal(){
if(!isOpen()) return;
modal.setAttribute('hidden','');
if(lastFocus && typeof lastFocus.focus==='function') lastFocus.focus();
}
function copyCurrent(){
try{ navigator.clipboard.writeText(input.value).then(()=>feedback(true),()=>fallback()); }
catch(e){ fallback(); }
}
function fallback(){ input.select(); try{ document.execCommand('copy'); feedback(true);}catch(e){ feedback(false);} }
function feedback(ok){ if(!copyBtn) return; const icon=copyBtn.querySelector('i'); if(!icon) return; const prev=copyBtn.getAttribute('data-prev')||icon.className; if(!copyBtn.getAttribute('data-prev')) copyBtn.setAttribute('data-prev',prev); icon.className= ok ? 'fa-duotone fa-clipboard-check':'fa-duotone fa-circle-exclamation'; setTimeout(()=>{ icon.className=prev; },1800); }
function handleShareClick(e){ e.preventDefault(); const btn=e.currentTarget; const id=btn.getAttribute('data-share-target'); if(id) openModal(id); }
function bindShareButtons(){
document.querySelectorAll('.h-share').forEach(btn=>{
if(!btn.dataset.hShareBound){ btn.addEventListener('click', handleShareClick); btn.dataset.hShareBound='1'; }
});
}
bindShareButtons();
if(document.readyState==='loading'){
document.addEventListener('DOMContentLoaded', bindShareButtons);
} else {
requestAnimationFrame(bindShareButtons);
}
document.addEventListener('click', function(e){
const shareBtn=e.target.closest && e.target.closest('.h-share');
if(shareBtn && !shareBtn.dataset.hShareBound){ handleShareClick.call(shareBtn, e); }
}, true);
document.addEventListener('click', e=>{
if(e.target===modal) closeModal();
if(e.target.closest && e.target.closest('.hsm-close')){ e.preventDefault(); closeModal(); }
if(copyBtn && (e.target===copyBtn || (e.target.closest && e.target.closest('.hsm-copy')))) { e.preventDefault(); copyCurrent(); }
});
document.addEventListener('keydown', e=>{ if(e.key==='Escape' && isOpen()) closeModal(); });
function trapFocus(){
if(trapBound) return;
trapBound=true;
modal.addEventListener('keydown', f=>{ if(f.key==='Tab' && isOpen()){ const focusable=[...modal.querySelectorAll('a[href],button,input,textarea,select,[tabindex]:not([tabindex="-1"])')].filter(el=>!el.hasAttribute('disabled')); if(!focusable.length) return; const first=focusable[0]; const last=focusable[focusable.length-1]; if(f.shiftKey && document.activeElement===first){ f.preventDefault(); last.focus(); } else if(!f.shiftKey && document.activeElement===last){ f.preventDefault(); first.focus(); } } });
}
if(closeBtn) closeBtn.addEventListener('click', e=>{ e.preventDefault(); closeModal(); });
})();
</script><p>Container technology has revolutionized application deployment by providing lightweight, portable, and consistent runtime environments. Containers package applications with their dependencies, ensuring identical behavior across development laptops, testing environments, and production clusters. This comprehensive guide explores container technologies for Geode graph database deployments, covering Docker, Podman, security hardening, image optimization, and production-ready patterns.</p>
<h3 id="why-containers-matter-for-database-deployments" class="position-relative d-flex align-items-center group">
<span>Why Containers Matter for Database Deployments</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="why-containers-matter-for-database-deployments"
aria-haspopup="dialog"
aria-label="Share link: Why Containers Matter for Database Deployments">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><p>Traditional database deployments face numerous challenges: dependency conflicts between applications, environment-specific configuration drift, slow provisioning of new database instances, difficult horizontal scaling, and complex disaster recovery procedures. Containers solve these problems through isolation, portability, and automation.</p>
<p>For Geode deployments, containers provide critical advantages including consistent runtime environments eliminating “works on my machine” issues, rapid provisioning of new database instances in seconds rather than hours, simplified horizontal scaling through container orchestration, portable deployments across cloud providers and on-premises infrastructure, simplified dependency management with bundled runtime requirements, and easy version management with immutable container images.</p>
<p>Modern container runtimes like Docker and Podman implement the Open Container Initiative (OCI) specifications, ensuring interoperability. Whether you build containers with Docker, run them with Podman, and orchestrate with Kubernetes, the underlying standards enable seamless integration.</p>
<h3 id="container-architecture-fundamentals" class="position-relative d-flex align-items-center group">
<span>Container Architecture Fundamentals</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="container-architecture-fundamentals"
aria-haspopup="dialog"
aria-label="Share link: Container Architecture Fundamentals">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><p>Understanding container architecture helps you build efficient, secure Geode deployments.</p>
<p><strong>Container Images</strong>: Immutable templates containing the application, runtime dependencies, libraries, and configuration. Images consist of layered filesystems—each Dockerfile instruction creates a new layer. Layers are cached and shared between images to minimize storage and transfer time.</p>
<p><strong>Container Instances</strong>: Running processes isolated from the host system through Linux namespaces (PID, network, mount, UTS, IPC) and cgroups (CPU, memory, I/O limits). Each container instance is created from an image and can have unique runtime configuration.</p>
<p><strong>Container Registries</strong>: Centralized repositories for storing and distributing container images. Public registries like Docker Hub provide pre-built images. Private registries (Harbor, AWS ECR, Azure ACR, Google GCR) secure proprietary images with access controls and vulnerability scanning.</p>
<p><strong>Storage Volumes</strong>: Persistent data storage that survives container restarts and recreation. Volumes decouple data from container lifecycle, enabling database persistence. Bind mounts allow containers to access host filesystem paths for configuration files.</p>
<p><strong>Networking</strong>: Containers communicate through virtual networks. Bridge networks connect containers on the same host. Overlay networks enable multi-host container communication. Port mapping exposes container services to external clients.</p>
<h3 id="docker-deployment" class="position-relative d-flex align-items-center group">
<span>Docker Deployment</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="docker-deployment"
aria-haspopup="dialog"
aria-label="Share link: Docker Deployment">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="official-geode-image" class="position-relative d-flex align-items-center group">
<span>Official Geode Image</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="official-geode-image"
aria-haspopup="dialog"
aria-label="Share link: Official Geode Image">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Pull latest image</span>
</span></span><span class="line"><span class="cl">docker pull codepros/geode:latest
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Pull specific version</span>
</span></span><span class="line"><span class="cl">docker pull codepros/geode:v0.2.18
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Run container</span>
</span></span><span class="line"><span class="cl">docker run -d <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --name geode <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> -p 3141:3141 <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> -v geode-data:/var/lib/geode <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> codepros/geode:v0.2.18
</span></span></code></pre></div>
<h4 id="geode-dockerfile" class="position-relative d-flex align-items-center group">
<span>Geode Dockerfile</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="geode-dockerfile"
aria-haspopup="dialog"
aria-label="Share link: Geode Dockerfile">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-dockerfile" data-lang="dockerfile"><span class="line"><span class="cl"><span class="k">FROM</span><span class="s"> debian:bookworm-slim</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="c"># Install runtime dependencies</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">RUN</span> apt-get update <span class="o">&&</span> apt-get install -y <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> ca-certificates <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> <span class="o">&&</span> rm -rf /var/lib/apt/lists/*<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="c"># Create geode user</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">RUN</span> useradd -r -s /bin/false geode<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="c"># Copy binary</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">COPY</span> --chown<span class="o">=</span>geode:geode geode /usr/local/bin/geode<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">RUN</span> chmod +x /usr/local/bin/geode<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="c"># Create data directory</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">RUN</span> mkdir -p /var/lib/geode <span class="o">&&</span> chown geode:geode /var/lib/geode<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">USER</span><span class="s"> geode</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">EXPOSE</span><span class="s"> 3141/udp 9090/tcp</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">VOLUME</span> <span class="p">[</span><span class="s2">"/var/lib/geode"</span><span class="p">]</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">HEALTHCHECK --interval=30s --timeout=10s </span>--start-period<span class="o">=</span>40s --retries<span class="o">=</span><span class="m">3</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> CMD <span class="o">[</span><span class="s2">"/usr/local/bin/geode"</span>, <span class="s2">"ping"</span><span class="o">]</span> <span class="o">||</span> <span class="nb">exit</span> <span class="m">1</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">ENTRYPOINT</span> <span class="p">[</span><span class="s2">"/usr/local/bin/geode"</span><span class="p">]</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">CMD</span> <span class="p">[</span><span class="s2">"serve"</span><span class="p">,</span> <span class="s2">"--listen"</span><span class="p">,</span> <span class="s2">"0.0.0.0:3141"</span><span class="p">,</span> <span class="s2">"--data"</span><span class="p">,</span> <span class="s2">"/var/lib/geode"</span><span class="p">]</span><span class="err">
</span></span></span></code></pre></div>
<h4 id="docker-compose" class="position-relative d-flex align-items-center group">
<span>Docker Compose</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="docker-compose"
aria-haspopup="dialog"
aria-label="Share link: Docker Compose">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s1">'3.8'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">services</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">codepros/geode:v0.2.18</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">container_name</span><span class="p">:</span><span class="w"> </span><span class="l">geode</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"3141:3141"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"9090:9090"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-data:/var/lib/geode</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">./geode.yaml:/etc/geode/geode.yaml:ro</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">environment</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">GEODE_LOG_LEVEL=info</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">GEODE_MAX_CONNECTIONS=1000</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">restart</span><span class="p">:</span><span class="w"> </span><span class="l">unless-stopped</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">healthcheck</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">test</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="s2">"/usr/local/bin/geode"</span><span class="p">,</span><span class="w"> </span><span class="s2">"ping"</span><span class="p">]</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">interval</span><span class="p">:</span><span class="w"> </span><span class="l">30s</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">timeout</span><span class="p">:</span><span class="w"> </span><span class="l">10s</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">retries</span><span class="p">:</span><span class="w"> </span><span class="m">3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">start_period</span><span class="p">:</span><span class="w"> </span><span class="l">40s</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">networks</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-network</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode-data</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">driver</span><span class="p">:</span><span class="w"> </span><span class="l">local</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">networks</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode-network</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">driver</span><span class="p">:</span><span class="w"> </span><span class="l">bridge</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="container-optimization" class="position-relative d-flex align-items-center group">
<span>Container Optimization</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="container-optimization"
aria-haspopup="dialog"
aria-label="Share link: Container Optimization">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="multi-stage-build" class="position-relative d-flex align-items-center group">
<span>Multi-Stage Build</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="multi-stage-build"
aria-haspopup="dialog"
aria-label="Share link: Multi-Stage Build">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-dockerfile" data-lang="dockerfile"><span class="line"><span class="cl"><span class="c"># Build stage</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">FROM</span><span class="s"> golang:1.24-alpine AS builder</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">WORKDIR</span><span class="s"> /build</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">COPY</span> geode/ .<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">RUN</span> zig build -Doptimize<span class="o">=</span>ReleaseSafe<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="c"># Runtime stage</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">FROM</span><span class="s"> debian:bookworm-slim</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">RUN</span> apt-get update <span class="o">&&</span> apt-get install -y <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> ca-certificates <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> <span class="o">&&</span> rm -rf /var/lib/apt/lists/*<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">COPY</span> --from<span class="o">=</span>builder /build/zig-out/bin/geode /usr/local/bin/geode<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">RUN</span> useradd -r -s /bin/false geode <span class="o">&&</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> mkdir -p /var/lib/geode <span class="o">&&</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> chown geode:geode /var/lib/geode<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">USER</span><span class="s"> geode</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">EXPOSE</span><span class="s"> 3141/udp 9090/tcp</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">VOLUME</span> <span class="p">[</span><span class="s2">"/var/lib/geode"</span><span class="p">]</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">ENTRYPOINT</span> <span class="p">[</span><span class="s2">"/usr/local/bin/geode"</span><span class="p">]</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">CMD</span> <span class="p">[</span><span class="s2">"serve"</span><span class="p">,</span> <span class="s2">"--listen"</span><span class="p">,</span> <span class="s2">"0.0.0.0:3141"</span><span class="p">,</span> <span class="s2">"--data"</span><span class="p">,</span> <span class="s2">"/var/lib/geode"</span><span class="p">]</span><span class="err">
</span></span></span></code></pre></div>
<h4 id="image-size-optimization" class="position-relative d-flex align-items-center group">
<span>Image Size Optimization</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="image-size-optimization"
aria-haspopup="dialog"
aria-label="Share link: Image Size Optimization">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-dockerfile" data-lang="dockerfile"><span class="line"><span class="cl"><span class="c"># Use distroless for minimal image</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">FROM</span><span class="s"> gcr.io/distroless/base-debian12</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">COPY</span> --chown<span class="o">=</span>nonroot:nonroot geode /usr/local/bin/geode<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">COPY</span> --chown<span class="o">=</span>nonroot:nonroot --chmod<span class="o">=</span><span class="m">755</span> /data /var/lib/geode<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">USER</span><span class="s"> nonroot</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">EXPOSE</span><span class="s"> 3141/udp 9090/tcp</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">ENTRYPOINT</span> <span class="p">[</span><span class="s2">"/usr/local/bin/geode"</span><span class="p">]</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">CMD</span> <span class="p">[</span><span class="s2">"serve"</span><span class="p">,</span> <span class="s2">"--listen"</span><span class="p">,</span> <span class="s2">"0.0.0.0:3141"</span><span class="p">]</span><span class="err">
</span></span></span></code></pre></div>
<h3 id="security-best-practices" class="position-relative d-flex align-items-center group">
<span>Security Best Practices</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="security-best-practices"
aria-haspopup="dialog"
aria-label="Share link: Security Best Practices">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="non-root-user" class="position-relative d-flex align-items-center group">
<span>Non-Root User</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="non-root-user"
aria-haspopup="dialog"
aria-label="Share link: Non-Root User">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-dockerfile" data-lang="dockerfile"><span class="line"><span class="cl"><span class="c"># Always run as non-root</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">USER</span><span class="s"> geode</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="c"># Or use numeric UID</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">USER</span><span class="s"> 1000:1000</span><span class="err">
</span></span></span></code></pre></div>
<h4 id="read-only-filesystem" class="position-relative d-flex align-items-center group">
<span>Read-Only Filesystem</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="read-only-filesystem"
aria-haspopup="dialog"
aria-label="Share link: Read-Only Filesystem">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">docker run -d <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --name geode <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --read-only <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --tmpfs /tmp:rw,noexec,nosuid,size<span class="o">=</span>100m <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> -v geode-data:/var/lib/geode <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> codepros/geode:v0.2.18
</span></span></code></pre></div>
<h4 id="resource-limits" class="position-relative d-flex align-items-center group">
<span>Resource Limits</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="resource-limits"
aria-haspopup="dialog"
aria-label="Share link: Resource Limits">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">docker run -d <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --name geode <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --memory<span class="o">=</span>16g <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --memory-swap<span class="o">=</span>16g <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --cpus<span class="o">=</span><span class="m">8</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --pids-limit<span class="o">=</span><span class="m">4096</span> <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> codepros/geode:v0.2.18
</span></span></code></pre></div>
<h3 id="advanced-container-patterns" class="position-relative d-flex align-items-center group">
<span>Advanced Container Patterns</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="advanced-container-patterns"
aria-haspopup="dialog"
aria-label="Share link: Advanced Container Patterns">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="sidecar-pattern" class="position-relative d-flex align-items-center group">
<span>Sidecar Pattern</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="sidecar-pattern"
aria-haspopup="dialog"
aria-label="Share link: Sidecar Pattern">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Deploy helper containers alongside Geode for additional functionality:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># docker-compose with sidecars</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s1">'3.8'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">services</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">codepros/geode:v0.2.18</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">container_name</span><span class="p">:</span><span class="w"> </span><span class="l">geode-main</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-data:/var/lib/geode</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">prometheus-exporter</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">prom/node-exporter</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">container_name</span><span class="p">:</span><span class="w"> </span><span class="l">geode-exporter</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">network_mode</span><span class="p">:</span><span class="w"> </span><span class="s2">"service:geode"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">depends_on</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">log-shipper</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">fluent/fluent-bit</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">container_name</span><span class="p">:</span><span class="w"> </span><span class="l">geode-logs</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">/var/log/geode:/var/log/geode:ro</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">depends_on</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="init-containers" class="position-relative d-flex align-items-center group">
<span>Init Containers</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="init-containers"
aria-haspopup="dialog"
aria-label="Share link: Init Containers">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Run initialization tasks before starting Geode:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-dockerfile" data-lang="dockerfile"><span class="line"><span class="cl"><span class="c"># init-container.dockerfile</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">FROM</span><span class="s"> alpine:latest</span><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">RUN</span> apk add --no-cache aws-cli<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">COPY</span> init-geode.sh /init-geode.sh<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">RUN</span> chmod +x /init-geode.sh<span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err">
</span></span></span><span class="line"><span class="cl"><span class="err"></span><span class="k">ENTRYPOINT</span> <span class="p">[</span><span class="s2">"/init-geode.sh"</span><span class="p">]</span><span class="err">
</span></span></span></code></pre></div><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># init-geode.sh</span>
</span></span><span class="line"><span class="cl"><span class="c1">#!/bin/sh</span>
</span></span><span class="line"><span class="cl"><span class="nb">set</span> -e
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Download configuration from S3</span>
</span></span><span class="line"><span class="cl">aws s3 cp s3://config-bucket/geode.yaml /config/geode.yaml
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Initialize data directory</span>
</span></span><span class="line"><span class="cl">mkdir -p /var/lib/geode
</span></span><span class="line"><span class="cl">chown -R geode:geode /var/lib/geode
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Check connectivity</span>
</span></span><span class="line"><span class="cl">ping -c <span class="m">3</span> backup-server.example.com
</span></span></code></pre></div>
<h3 id="container-registry-management" class="position-relative d-flex align-items-center group">
<span>Container Registry Management</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="container-registry-management"
aria-haspopup="dialog"
aria-label="Share link: Container Registry Management">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="private-registry-setup" class="position-relative d-flex align-items-center group">
<span>Private Registry Setup</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="private-registry-setup"
aria-haspopup="dialog"
aria-label="Share link: Private Registry Setup">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Deploy a private registry for proprietary Geode images:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># registry docker-compose.yml</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s1">'3.8'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">services</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">registry</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">registry:2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"5000:5000"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">environment</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">REGISTRY_STORAGE_S3_ACCESSKEY</span><span class="p">:</span><span class="w"> </span><span class="l">${AWS_ACCESS_KEY_ID}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">REGISTRY_STORAGE_S3_SECRETKEY</span><span class="p">:</span><span class="w"> </span><span class="l">${AWS_SECRET_ACCESS_KEY}</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">REGISTRY_STORAGE_S3_BUCKET</span><span class="p">:</span><span class="w"> </span><span class="l">my-docker-registry</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">REGISTRY_STORAGE_S3_REGION</span><span class="p">:</span><span class="w"> </span><span class="l">us-east-1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">./auth:/auth</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">./certs:/certs</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">/bin/sh</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- -<span class="l">c</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="p">|</span><span class="sd">
</span></span></span><span class="line"><span class="cl"><span class="sd"> cat > /etc/docker/registry/config.yml <<EOF
</span></span></span><span class="line"><span class="cl"><span class="sd"> version: 0.1
</span></span></span><span class="line"><span class="cl"><span class="sd"> storage:
</span></span></span><span class="line"><span class="cl"><span class="sd"> s3:
</span></span></span><span class="line"><span class="cl"><span class="sd"> accesskey: ${AWS_ACCESS_KEY_ID}
</span></span></span><span class="line"><span class="cl"><span class="sd"> secretkey: ${AWS_SECRET_ACCESS_KEY}
</span></span></span><span class="line"><span class="cl"><span class="sd"> region: us-east-1
</span></span></span><span class="line"><span class="cl"><span class="sd"> bucket: my-docker-registry
</span></span></span><span class="line"><span class="cl"><span class="sd"> auth:
</span></span></span><span class="line"><span class="cl"><span class="sd"> htpasswd:
</span></span></span><span class="line"><span class="cl"><span class="sd"> realm: Registry Realm
</span></span></span><span class="line"><span class="cl"><span class="sd"> path: /auth/htpasswd
</span></span></span><span class="line"><span class="cl"><span class="sd"> http:
</span></span></span><span class="line"><span class="cl"><span class="sd"> addr: :5000
</span></span></span><span class="line"><span class="cl"><span class="sd"> tls:
</span></span></span><span class="line"><span class="cl"><span class="sd"> certificate: /certs/domain.crt
</span></span></span><span class="line"><span class="cl"><span class="sd"> key: /certs/domain.key
</span></span></span><span class="line"><span class="cl"><span class="sd"> EOF
</span></span></span><span class="line"><span class="cl"><span class="sd"> /entrypoint.sh /etc/docker/registry/config.yml</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="image-scanning" class="position-relative d-flex align-items-center group">
<span>Image Scanning</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="image-scanning"
aria-haspopup="dialog"
aria-label="Share link: Image Scanning">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Scan images for vulnerabilities before deployment:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Scan with Trivy</span>
</span></span><span class="line"><span class="cl">docker run --rm <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> -v /var/run/docker.sock:/var/run/docker.sock <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> aquasec/trivy image codepros/geode:v0.2.18
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Scan with Clair</span>
</span></span><span class="line"><span class="cl">docker run -d --name clair-db postgres:13
</span></span><span class="line"><span class="cl">docker run -d --name clair <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> --link clair-db:postgres <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> quay.io/coreos/clair:latest
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl">clairctl analyze codepros/geode:v0.2.18
</span></span></code></pre></div>
<h3 id="production-deployment-patterns" class="position-relative d-flex align-items-center group">
<span>Production Deployment Patterns</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="production-deployment-patterns"
aria-haspopup="dialog"
aria-label="Share link: Production Deployment Patterns">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="high-availability-configuration" class="position-relative d-flex align-items-center group">
<span>High-Availability Configuration</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="high-availability-configuration"
aria-haspopup="dialog"
aria-label="Share link: High-Availability Configuration">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># ha-deployment.yml</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s1">'3.8'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">services</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode-1</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">codepros/geode:v0.2.18</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostname</span><span class="p">:</span><span class="w"> </span><span class="l">geode-1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">networks</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-cluster</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-data-1:/var/lib/geode</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">deploy</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">placement</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">constraints</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">node.labels.zone == us-east-1a</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode-2</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">codepros/geode:v0.2.18</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostname</span><span class="p">:</span><span class="w"> </span><span class="l">geode-2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">networks</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-cluster</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-data-2:/var/lib/geode</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">deploy</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">placement</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">constraints</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">node.labels.zone == us-east-1b</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode-3</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">codepros/geode:v0.2.18</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">hostname</span><span class="p">:</span><span class="w"> </span><span class="l">geode-3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">networks</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-cluster</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-data-3:/var/lib/geode</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">deploy</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">replicas</span><span class="p">:</span><span class="w"> </span><span class="m">1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">placement</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">constraints</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">node.labels.zone == us-east-1c</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">haproxy</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">haproxy:2.8</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"3141:3141"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">networks</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-cluster</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">depends_on</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-1</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-2</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">geode-3</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">networks</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode-cluster</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">driver</span><span class="p">:</span><span class="w"> </span><span class="l">overlay</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">attachable</span><span class="p">:</span><span class="w"> </span><span class="kc">true</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode-data-1</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode-data-2</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">geode-data-3</span><span class="p">:</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="blue-green-deployment" class="position-relative d-flex align-items-center group">
<span>Blue-Green Deployment</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="blue-green-deployment"
aria-haspopup="dialog"
aria-label="Share link: Blue-Green Deployment">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><p>Implement zero-downtime updates:</p>
<div class="highlight"><pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="cp">#!/bin/bash
</span></span></span><span class="line"><span class="cl"><span class="cp"></span><span class="c1"># blue-green-deploy.sh</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Deploy green environment</span>
</span></span><span class="line"><span class="cl">docker-compose -f docker-compose.green.yml up -d
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Wait for health checks</span>
</span></span><span class="line"><span class="cl"><span class="k">for</span> i in <span class="o">{</span>1..30<span class="o">}</span><span class="p">;</span> <span class="k">do</span>
</span></span><span class="line"><span class="cl"> <span class="k">if</span> docker <span class="nb">exec</span> geode-green geode ping<span class="p">;</span> <span class="k">then</span>
</span></span><span class="line"><span class="cl"> <span class="nb">echo</span> <span class="s2">"Green environment healthy"</span>
</span></span><span class="line"><span class="cl"> <span class="nb">break</span>
</span></span><span class="line"><span class="cl"> <span class="k">fi</span>
</span></span><span class="line"><span class="cl"> sleep <span class="m">10</span>
</span></span><span class="line"><span class="cl"><span class="k">done</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Switch traffic to green</span>
</span></span><span class="line"><span class="cl">docker <span class="nb">exec</span> haproxy sh -c <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> <span class="s2">"echo 'set server geode-backend/blue-1 state maint' | socat stdio /var/run/haproxy.sock"</span>
</span></span><span class="line"><span class="cl">docker <span class="nb">exec</span> haproxy sh -c <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> <span class="s2">"echo 'set server geode-backend/green-1 state ready' | socat stdio /var/run/haproxy.sock"</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"><span class="c1"># Verify green is receiving traffic</span>
</span></span><span class="line"><span class="cl">sleep <span class="m">60</span>
</span></span><span class="line"><span class="cl"><span class="k">if</span> docker logs geode-green <span class="p">|</span> grep -q <span class="s2">"Queries processed"</span><span class="p">;</span> <span class="k">then</span>
</span></span><span class="line"><span class="cl"> <span class="nb">echo</span> <span class="s2">"Green deployment successful"</span>
</span></span><span class="line"><span class="cl">
</span></span><span class="line"><span class="cl"> <span class="c1"># Stop blue environment</span>
</span></span><span class="line"><span class="cl"> docker-compose -f docker-compose.blue.yml down
</span></span><span class="line"><span class="cl"><span class="k">else</span>
</span></span><span class="line"><span class="cl"> <span class="nb">echo</span> <span class="s2">"Green deployment failed, rolling back"</span>
</span></span><span class="line"><span class="cl"> <span class="c1"># Rollback to blue</span>
</span></span><span class="line"><span class="cl"> docker <span class="nb">exec</span> haproxy sh -c <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> <span class="s2">"echo 'set server geode-backend/blue-1 state ready' | socat stdio /var/run/haproxy.sock"</span>
</span></span><span class="line"><span class="cl"> docker <span class="nb">exec</span> haproxy sh -c <span class="se">\
</span></span></span><span class="line"><span class="cl"><span class="se"></span> <span class="s2">"echo 'set server geode-backend/green-1 state maint' | socat stdio /var/run/haproxy.sock"</span>
</span></span><span class="line"><span class="cl"><span class="k">fi</span>
</span></span></code></pre></div>
<h3 id="monitoring-and-observability" class="position-relative d-flex align-items-center group">
<span>Monitoring and Observability</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="monitoring-and-observability"
aria-haspopup="dialog"
aria-label="Share link: Monitoring and Observability">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3>
<h4 id="container-metrics-collection" class="position-relative d-flex align-items-center group">
<span>Container Metrics Collection</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="container-metrics-collection"
aria-haspopup="dialog"
aria-label="Share link: Container Metrics Collection">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># monitoring docker-compose.yml</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">version</span><span class="p">:</span><span class="w"> </span><span class="s1">'3.8'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">services</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">prometheus</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">prom/prometheus:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">./prometheus.yml:/etc/prometheus/prometheus.yml</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">prometheus-data:/prometheus</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"9090:9090"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">command</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s1">'--config.file=/etc/prometheus/prometheus.yml'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s1">'--storage.tsdb.path=/prometheus'</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">cadvisor</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">gcr.io/cadvisor/cadvisor:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">/:/rootfs:ro</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">/var/run:/var/run:ro</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">/sys:/sys:ro</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">/var/lib/docker/:/var/lib/docker:ro</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"8080:8080"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">grafana</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">grafana/grafana:latest</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"3000:3000"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">environment</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">GF_SECURITY_ADMIN_PASSWORD=admin</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">grafana-data:/var/lib/grafana</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">./grafana/dashboards:/etc/grafana/provisioning/dashboards</span><span class="w">
</span></span></span></code></pre></div>
<h4 id="log-aggregation" class="position-relative d-flex align-items-center group">
<span>Log Aggregation</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="log-aggregation"
aria-haspopup="dialog"
aria-label="Share link: Log Aggregation">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h4><div class="highlight"><pre tabindex="0" class="chroma"><code class="language-yaml" data-lang="yaml"><span class="line"><span class="cl"><span class="c"># logging stack</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"></span><span class="nt">services</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">elasticsearch</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">docker.elastic.co/elasticsearch/elasticsearch:8.11.0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">environment</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">discovery.type=single-node</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">xpack.security.enabled=false</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">elasticsearch-data:/usr/share/elasticsearch/data</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">logstash</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">docker.elastic.co/logstash/logstash:8.11.0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">./logstash.conf:/usr/share/logstash/pipeline/logstash.conf</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">depends_on</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">elasticsearch</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">kibana</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">docker.elastic.co/kibana/kibana:8.11.0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ports</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="s2">"5601:5601"</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">environment</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">ELASTICSEARCH_HOSTS</span><span class="p">:</span><span class="w"> </span><span class="l">http://elasticsearch:9200</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">depends_on</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">elasticsearch</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">filebeat</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">image</span><span class="p">:</span><span class="w"> </span><span class="l">docker.elastic.co/beats/filebeat:8.11.0</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">user</span><span class="p">:</span><span class="w"> </span><span class="l">root</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">volumes</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">./filebeat.yml:/usr/share/filebeat/filebeat.yml:ro</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">/var/lib/docker/containers:/var/lib/docker/containers:ro</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">/var/run/docker.sock:/var/run/docker.sock:ro</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span><span class="nt">depends_on</span><span class="p">:</span><span class="w">
</span></span></span><span class="line"><span class="cl"><span class="w"> </span>- <span class="l">elasticsearch</span><span class="w">
</span></span></span></code></pre></div>
<h3 id="troubleshooting-container-issues" class="position-relative d-flex align-items-center group">
<span>Troubleshooting Container Issues</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="troubleshooting-container-issues"
aria-haspopup="dialog"
aria-label="Share link: Troubleshooting Container Issues">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><p><strong>Container Won’t Start</strong>: Check logs with <code>docker logs <container></code>. Verify image exists and is accessible. Ensure required ports aren’t already in use. Check resource limits (memory, CPU).</p>
<p><strong>Performance Degradation</strong>: Monitor container resource usage with <code>docker stats</code>. Check for CPU throttling or memory pressure. Verify disk I/O isn’t bottlenecked. Review network latency between containers.</p>
<p><strong>Networking Issues</strong>: Verify containers are on the same network with <code>docker network inspect</code>. Check firewall rules and security groups. Test connectivity with <code>docker exec <container> ping <target></code>. Review DNS resolution.</p>
<p><strong>Storage Problems</strong>: Check volume mounts with <code>docker inspect <container></code>. Verify filesystem permissions. Monitor disk usage with <code>docker system df</code>. Clean unused resources with <code>docker system prune</code>.</p>
<p><strong>Security Vulnerabilities</strong>: Regularly scan images for CVEs. Update base images and dependencies. Review and minimize container privileges. Implement image signing and verification.</p>
<h3 id="container-best-practices-summary" class="position-relative d-flex align-items-center group">
<span>Container Best Practices Summary</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="container-best-practices-summary"
aria-haspopup="dialog"
aria-label="Share link: Container Best Practices Summary">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><ol>
<li><strong>Use official base images</strong> from trusted sources</li>
<li><strong>Implement multi-stage builds</strong> to minimize image size</li>
<li><strong>Run as non-root user</strong> for security</li>
<li><strong>Set resource limits</strong> to prevent resource exhaustion</li>
<li><strong>Use health checks</strong> for automatic failure detection</li>
<li><strong>Implement logging</strong> to stdout/stderr for centralized aggregation</li>
<li><strong>Version images</strong> with semantic versioning tags</li>
<li><strong>Scan for vulnerabilities</strong> before deployment</li>
<li><strong>Use secrets management</strong> for sensitive configuration</li>
<li><strong>Implement graceful shutdown</strong> with SIGTERM handling</li>
</ol>
<h3 id="related-topics" class="position-relative d-flex align-items-center group">
<span>Related Topics</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="related-topics"
aria-haspopup="dialog"
aria-label="Share link: Related Topics">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><ul>
<li><strong><a
href="/tags/orchestration/"
>Orchestration</a>
</strong>: Kubernetes orchestration</li>
<li><strong><a
href="/tags/deployment/"
>Deployment</a>
</strong>: Deployment strategies</li>
<li><strong><a
href="/tags/cloud/"
>Cloud</a>
</strong>: Cloud deployments</li>
<li><strong><a
href="/tags/infrastructure/"
>Infrastructure</a>
</strong>: Infrastructure as Code</li>
<li><strong><a
href="/tags/monitoring/"
>Monitoring</a>
</strong>: Application monitoring</li>
<li><strong><a
href="/tags/security/"
>Security</a>
</strong>: Security best practices</li>
<li><strong><a
href="/tags/ci-cd/"
>CI/CD</a>
</strong>: Continuous integration and deployment</li>
</ul>
<h3 id="further-reading" class="position-relative d-flex align-items-center group">
<span>Further Reading</span>
<button type="button"
class="h-share btn btn-link p-0 text-decoration-none link-secondary opacity-50 hover-opacity-100 transition-all ms-1"
data-share-target="further-reading"
aria-haspopup="dialog"
aria-label="Share link: Further Reading">
<i class="fa-sharp-duotone fa-solid fa-share-nodes" aria-hidden="true" style="font-size: 0.8em;"></i>
<span class="visually-hidden">Share link</span>
</button>
</h3><ul>
<li><strong>Container Guide</strong>: <code>/docs/deployment/containers/</code></li>
<li><strong>Docker Best Practices</strong>: <code>/docs/deployment/docker-best-practices/</code></li>
<li><strong>Security Hardening</strong>: <code>/docs/security/container-security/</code></li>
<li><strong>Image Optimization</strong>: <code>/docs/optimization/container-images/</code></li>
<li><strong>Registry Management</strong>: <code>/docs/deployment/container-registries/</code></li>
<li><strong>Production Patterns</strong>: <code>/docs/deployment/container-patterns/</code></li>
</ul>
Related Articles
No articles found with this tag yet.
Back to Home