Docker on BvBeJ的小站

Docker on BvBeJ的小站https://www.bvbej.com/tags/docker/Recent content in Docker on BvBeJ的小站Hugozh-CNWed, 27 May 2026 00:00:00 +0000Docker Rootless 模式：落地路径与限制https://www.bvbej.com/posts/docker-rootless-mode-practice/Wed, 27 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-rootless-mode-practice/最小权限运行可以提升安全性，但要评估网络和存储差异Docker 镜像保留策略：存储成本与回滚能力平衡https://www.bvbej.com/posts/docker-image-retention-policy/Sun, 24 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-image-retention-policy/保留太少影响回滚，保留太多拖垮仓库成本Docker Compose 可观测性套件：本地联调模板https://www.bvbej.com/posts/docker-compose-observability-stack/Thu, 21 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-compose-observability-stack/把日志、指标、追踪一次拉起，能显著提高问题定位效率Docker Buildx 多架构构建：x86 与 ARM 一次产出https://www.bvbej.com/posts/docker-multi-arch-buildx/Mon, 18 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-multi-arch-buildx/多架构交付的关键是可复现构建与缓存复用Docker Registry Mirror：拉取加速与稳定性https://www.bvbej.com/posts/docker-registry-mirror-acceleration/Fri, 15 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-registry-mirror-acceleration/镜像拉取链路优化是大规模 CI 的基础能力容器运行时隔离权衡：runc、gVisor、Kata 的场景选择https://www.bvbej.com/posts/container-runtime-isolation-tradeoff/Thu, 14 May 2026 00:00:00 +0000https://www.bvbej.com/posts/container-runtime-isolation-tradeoff/隔离强度越高越安全吗？答案取决于威胁模型和性能预算。Docker 运行时安全：Seccomp 与 AppArmor 基线https://www.bvbej.com/posts/docker-runtime-security-profiles/Tue, 12 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-runtime-security-profiles/镜像安全只是第一层，运行时策略才是最后防线Docker Layer 缓存治理：CI 时间控制实战https://www.bvbej.com/posts/docker-layer-cache-governance/Sat, 09 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-layer-cache-governance/缓存不是越多越好，关键是可命中、可清理、可观测Monorepo Docker 构建缓存：减少无效重建https://www.bvbej.com/posts/docker-monorepo-build-cache/Tue, 05 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-monorepo-build-cache/仓库越大越要控制构建上下文，否则 CI 时间会持续恶化Docker 供应链安全落地：从 SBOM 到 SLSA 的最小可行路径https://www.bvbej.com/posts/docker-supply-chain-slsa-practice/Sun, 03 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-supply-chain-slsa-practice/安全不是扫描报告，而是可追溯、可验证、可阻断的发布链路。Docker 供应链安全：SBOM 与镜像签名落地https://www.bvbej.com/posts/docker-sbom-signing-pipeline/Sat, 02 May 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-sbom-signing-pipeline/镜像安全要从构建阶段开始，把可追溯和可验证做进流水线Docker Compose：本地与线上环境一致性实践https://www.bvbej.com/posts/docker-compose-devprod-parity/Tue, 28 Apr 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-compose-devprod-parity/本地能跑不代表线上稳定，关键是环境契约是否一致Docker + BuildKit：CI 构建提速实战https://www.bvbej.com/posts/docker-buildkit-ci-acceleration/Sat, 25 Apr 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-buildkit-ci-acceleration/同样的 Dockerfile，为什么有人 2 分钟构建完，有人要 15 分钟Docker BuildKit 提速：缓存策略的正确打开方式https://www.bvbej.com/posts/docker-buildkit-cache-strategy/Tue, 21 Apr 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-buildkit-cache-strategy/利用分层与缓存挂载，让镜像构建从分钟级降到秒级Docker 镜像安全与瘦身：从能跑到适合上线https://www.bvbej.com/posts/docker-image-security-hardening/Thu, 16 Apr 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-image-security-hardening/镜像优化不只是减小体积，真正上线时还要关心攻击面、权限模型和供应链风险Docker 多阶段构建：让你的镜像小而美https://www.bvbej.com/posts/docker-multi-stage-build/Wed, 15 Apr 2026 00:00:00 +0000https://www.bvbej.com/posts/docker-multi-stage-build/用多阶段构建把 Go 镜像从 800MB 压到 8MB，还顺带优化构建速度