Nyefan

joined 1 year ago

What's the biggest docker footgun you've experienced? in c/devops@programming.dev

[–] Nyefan@programming.dev 2 points 1 year ago

Early in the history of docker, a lot of bits and bobs hadn't been worked out yet, and I had a bug land on my desk where a service was leaking memory until it crashed, but only when running in a container. Turns out, the jvm at the time just never collected in a container because the /proc directory was mounted from the host rather than the k8s scheduler. So it would only collect if it did not receive a second allocation request during the GC.

permalink
fedilink
source

What's the biggest docker footgun you've experienced? in c/devops@programming.dev

[–] Nyefan@programming.dev 7 points 1 year ago (1 children)

This is no longer true with buildkit - you can use the --secret to securely pass a secret in as an argument.

permalink
fedilink
source
context