notes Mirantis Container Runtime(MCR) and Multi-stage Docker

  

Mirantis Container Runtime(MCR) –

✓ Mirantis Container Runtime(MCR) formerly known as the Docker Engine (Enterprise), is a secure

container runtime that provides a base for the Mirantis Kubernetes Engine and Container Cloud.

✓ MCR provides increased security using the Mirantis Secure Registry, incorporated with Content Trust

and FIPS 140-2 encryption.

✓ The Mirantis Container Runtime(MCR) installation has been made easy with the introduction of an

automation script. Although there are still circumstances where you are required to perform a manual

installation. For example, installing Mirantis Container Runtime(MCR) to prepare a server/node to be

added to an existing Mirantis Kubernetes Engine cluster that originally wasn’t managed by Mirantis

Container Cloud.

✓ Features MCR-

 

• Intrinsic Security: It is secure by default. Containers are deployed with restricted host access, end-

to-end encryption, secure mutual TLS authentication, and cryptographic node identity.

 

• Multiple Operating Systems and Infrastructures: It is certified to run on multiple operating systems

that include RHEL, Ubuntu, CentOS, and Windows systems.

• Certified Plugins: There are certified plugins that let you extend the functionality of Mirantis

Container Runtime(MCR). They include; Calico, Kubernetes ingress solutions like Istio e.t.c

• Enforce Signed Images: Proper digital signing of images is required to validate the container

provenance before they are deployed. This prevents users from using images from unknown

sources.

 

Multi-stage Docker-

✓ Multi-stage Docker builds let you write Dockerfiles with multiple FROM statements. This

means you can create images which derive from several bases, which can help cut the size of

your final build.

✓ Docker images are created by selecting a base image using the FROM statement. You then

add layers to that image by adding commands to your Dockerfile.

✓ With multi-stage builds, you can split your Dockerfile into multiple sections. Each stage has

its own FROM statement so you can involve more than one image in your builds. Stages are

built sequentially and can reference their predecessors, so you can copy the output of one

layer into the next.

Advantages of Multi-Stage Builds

Multi-stage builds let you create complex build routines with a single Dockerfile. Prior to their introduction, it

was common for complex projects to use multiple Dockerfiles, one for each stage of their build. These then

needed to be orchestrated by manually written shell scripts.

With multi-stage builds, our entire build system can be contained in a single file. You don’t need any wrapper

 

scripts to take your project from raw codebase to final application image. A regular docker build -t my-

image:latest . is sufficient.

 

This simplification also provides opportunities to improve the efficiency of your images. Docker images can

become large, especially if you’re using a language runtime as your base.

Take the official golang image: it’s close to 300MB. Traditionally, you might copy your Go source into the image

and use it to compile your binary. You’d then copy your binary back to your host machine before starting another

build. This one would use a Dockerfile with a lightweight base image such as alpine (about 10MB). You’d add

your binary back in, resulting in a much smaller image than if you’d used the original golang base to run your

containers.