Privileged containers have been the reason for many discussions. There are security minded people who would like to eliminate them as well as technical people who need the feature to drive containerization. I’d like to show you how to be a technical person running a privileged container but honour security considerations by dropping capabilities as soon as they are not required.
At DockerCon I had the opportunity to talk about creating a Windows container host from scratch and how to maintain it when updates are published by Microsoft and Docker. Special thanks go out to Stefan Scherer. I realized that the official documentation assumes that a suitable system is already running. Existing work is often based on packer and vagrant which rely on an unattended installation, waiting for the VM to be accessible using WinRM and then injecting commands to finish the setup. I’d like to present how this is done the Microsoft way.
On 10-10-2017 our very own conference x-celerate took place at the trade fair in Freiburg, Germany. With well over 100 attendees, the feedback proved it was a success in its first year.
When writing advanced functions in PowerShell, ShouldProcess enables a script to ask for confirmation and react to different settings of $ConfirmPreference. Unfortunately, the use of ShouldProcess is still somewhat obsure. Therefore, I have created template for this and added unit tests to proove it works correctly.
Once in a while you will decide to execute tasks in parallel to speed up the whole process. And you will quickly start exploring PowerShell jobs. Although they are easy to start off, they always spawn a new empty instance of PowerShell. This post provides an example how to work around this.
When using the USER directive in Dockerfile, all subsequent commands are forced to run as the specified user. This is a security feature to prevent processes from changing the configuration inside the container. But this is a nightmare when troubleshooting because you cannot make changes to the container trying to fix the issue at hand. Luckily, there is a way around this security feature when running containers on Windows.
Many of your may already be using pester to write unit tests for PowerShell functions. By default, pester only shows which tests have succeeded and which have failed. Fortunately, pester can also analyze the code coverage} of those tests - meaning it can tell you how much of your code was actually tested. In this post I will show you how to determine line and function coverage for your tests.
I am proud to announce that our third book about Hyper-V is now available. For this new edition we have taken the time to update most of the book with new information about Windows Server 2016. We have also added a new chapter about containerization using Docker.
I am proud to announce that Docker honours my community contributions by including me in the Docker Captains Program.
In an earlier post, I demonstrated how to use PowerShell Desired State Configuration (PSDSC) in containers. But I did not state clearly enough that PSDSC should be used in image builds but not during the runtime of a container. Let’s take a closer look why this makes sense.