Stop Living Dangerously on :latest Docker
Using :latest in production is a ticking time bomb. Pin your Docker image versions or watch a surprise update break everything at 2 AM.
All the articles with the tag "devops".
Using :latest in production is a ticking time bomb. Pin your Docker image versions or watch a surprise update break everything at 2 AM.
Zabbix is enterprise-grade monitoring that you can self-host — agents, templates, triggers, and dashboards for your entire home lab.
Write bash scripts that don't silently fail — set -euo pipefail, error handling, input validation, and logging patterns for production scripts.
Containers share the kernel; VMs have their own. Understand the isolation trade-offs, overhead differences, and when to use which.
Decode the postgresql:// connection string — host, port, database, SSL mode, and the gotchas that cause connection refused at deploy time.
Three inner-loop dev tools for Kubernetes — Garden, Tilt, and Skaffold. Which one actually makes K8s development bearable? Honest comparison, no fluff.
Docker Compose Watch syncs your code into running containers without rebuilds. Here's how to set it up and why your dev loop is about to get a lot less painful.
Build container images without writing a single Dockerfile — ko for Go, Jib for Java, Paketo Buildpacks for everything else. Real benchmarks, real tradeoffs.
Cosign keyless signing uses GitHub OIDC + Fulcio + Rekor to sign container images without managing private keys. Here's how it actually works and why you want it.
Orchestrating multi-image Docker builds: docker buildx bake vs compose build, matrix targets, multi-arch, caching, and when each one actually wins.
nerdctl is the containerd-native docker CLI replacement — when it's a drop-in, when it's not, and why you'd bother switching at all.
Trivy, Grype, and Docker Scout go head-to-head on speed, CVE coverage, CI integration, and cost. Pick the right scanner for your home lab or pipeline.