[using docker] 读书笔记 4

  1. It’s important to set the USER statement in all your Dockerfiles (or change user within any ENTRYPOINT / CMD scripts). If you don’t do this, your processes will be running as root within the container. As UIDs are the same within a container and on the host, should an attacker manage to break the container, they will have root access to the host machine.

  2. 查看container 的CPU, 内存, 网络使用情况
    docker stats $(docker inspect -f {{.Name}} $(docker ps -q))

  3. cAdvisor aggregates and processes various stats and also makes these available through a REST API, for further processing and storage.

标签: none