Best of ContainersDecember 2025

  1. 1
    Article
    Avatar of selfhstselfh.st·24w

    dockcheck: A CLI Tool for Updating Container Images

    dockcheck is a CLI tool that checks for Docker container image updates without pulling images first. It supports parallel processing, automatic updates, exclusion filters, and notifications via multiple channels (Matrix, Telegram). Configuration is handled through flags or a config file, with Docker Compose labels for fine-grained control. The tool can be scheduled via cron for automated update workflows, with options to delay updates until releases stabilize. Community contributions have added integrations for Prometheus, Zabbix, Unraid, and Synology DSM.

  2. 2
    Article
    Avatar of colkgirlCode Like A Girl·25w

    CKAD Certified! A Guide to Passing the Exam

    A personal account of preparing for and passing the Certified Kubernetes Application Developer (CKAD) exam. Covers a structured 45-day preparation timeline using KodeKloud's Udemy course, mock tests from killer.sh, and hands-on practice exercises. Emphasizes the practical, hands-on nature of the exam with 17 questions in 2 hours, importance of mastering Kubernetes documentation, time management strategies, and exam day logistics. Includes specific tips like using copy-paste to avoid errors, flagging difficult questions, and understanding partial scoring.

  3. 3
    Article
    Avatar of cloudnativenowCloud Native Now·21w

    Best of 2025: Hardening Kubernetes Security with DevSecOps Practices

    Kubernetes security requires a fundamental shift from traditional perimeter-based approaches to DevSecOps practices. The article explores common security pitfalls including misconfigurations, runtime blind spots, and under-secured internal APIs. Key strategies include automation throughout the development lifecycle, policy-as-code enforcement using tools like OPA Gatekeeper, runtime security monitoring, and risk-based vulnerability prioritization. Success depends on cultural transformation with executive support, blameless postmortems, and shared responsibility. Emerging trends like GitOps for security management, eBPF for deeper observability, and AI-enhanced threat detection promise to further strengthen cloud-native security postures.

  4. 4
    Article
    Avatar of cncfCNCF·24w

    Lima v2.0: New features for secure AI workflows

    Lima v2.0 introduces plugin infrastructure, GPU acceleration via krunkit, and Model Context Protocol (MCP) tools for sandboxing AI agents. The release expands Lima's focus beyond containers to include secure AI workflows by running agents inside VMs to isolate them from direct host access. New features include progress flags, simplified mount syntax, environment variable propagation, UDP port forwarding, and multi-user support. The plugin system enables third-party extensions for hypervisors, CLI commands, and URL schemes.

See all Containers archives