[using docker] 读书笔记 4

1) It’s important to set the USER statement in all your Dockerfiles (or change user within any ENTRYPOINT / CMD scripts). If you don’t do this, your processes will be running as root within the container. As UIDs are the same within a container and on the host, should an attacker manage to break the container, they will have root access to the host machine.

2) 查看container 的CPU, 内存, 网络使用情况
docker stats $(docker inspect -f {{.Name}} $(docker ps -q))

3) cAdvisor aggregates and processes various stats and also makes these available through a REST API, for further processing and storage.

标签: none