first of all, you can build and upload docker image to registry.

1
2
3
4

docker login
docker build -t <username>/<imagename>:<tag> -f <dockerfile> <resource_path>
docker push <username>/<imagename>:<tag>

you can upload to docker.io or microk8s provided local registry.

https://microk8s.io/docs/registry-built-in

1
2
3
4

# for microk8s the registry address is localhost:32000
docker tag <imagename> <registry_addr>/<imagename>
docker push <registry_addr>/<imagename>

you can also build image with minikube:

1
2

minikube image build -t <imagename> -f <dockerfile_path> <resource_path>

load image exported with docker save <image>:<tag>

1
2
3
4
5
6
7
8
9

# ref: https://minikube.sigs.k8s.io/docs/commands/image/
# remember to set a tag to the image imported
# or set the imagePullPolicy to Never
# ref: https://iximiuz.com/en/posts/kubernetes-kind-load-docker-image/
minikube image load <image_filepath>/<docker_image_name>
microk8s images import <image_filepath>
microk8s ctr image import <image_filepath>
k3s ctr image import <image_filepath>

https://blog.scottlowe.org/2020/01/25/manually-loading-container-images-with-containerd/

https://docs.k3s.io/installation/registry-mirror#pushing-images

you can also configure k8s to use docker as container runtime instead.

https://github.com/canonical/microk8s/issues/287

https://docs.k3s.io/advanced#using-docker-as-the-container-runtime

The default directory after starting parrotsec container is the filesystem root directory, which cannot run msfconsole. Change to home directory using cd and run metasploit afterwards.

1
2

docker run --rm -it -w /root parrotsec/security

Symlinked files are not working properly from the start. Taking msfconsole for example, when running container from image parrotsec/security, it will get stuck if we immediately execute msfconsole once logged in, but we can mitigate the problem by first change into the directory where msfconsole really locates, then execute it from there.

1
2
3
4
5
6
7
8
9
10

docker run --rm -it parrotsec/security
# it will stuck
msfconsole
# note the following will also stuck
/usr/share/metasploit-framework/msfconsole
# instead let's first change directory
cd /usr/share/metasploit-framework
# then invoke the binary
./msfconsole

on termux you use proot-distro for installing kali and blackarch linux.

install via apt install proot-distro

use podman over docker, since we do not need gpu here, and want faster pulling speed.

recent version of podman requires extra layer of domain/index specification before searching and pulling images.

1
2
3

podman search docker.io/kali
podman pull docker.io/kalilinux/kali-rolling

if you want to run network scanning commands like nmap, you would grant the container sufficient permissions:

1
2

podman run --cap-add=NET_RAW --cap-add=NET_ADMIN --rm -it docker.io/parrotsec/security

metasploitable2, parrot linux also have docker images. more cybersecurity/ctf related images to be found.

run this query in search engines:

1
2

site:github.com cybersecurity docker images

https://github.com/VaultSEC/osint

https://github.com/PberAcademy/Dockerimages

on ubuntu you use docker for pulling kali and blackarch linux images. latest images are pushed to docker hub.

1
2
3
4
5

sudo docker pull kalilinux/kali-rolling
# kali-rolling does not contain all packages
# run inside container: apt update && apt install -y kali-linux-headless
sudo docker pull blackarchlinux/blackarch

it is always recommend to update and upgrade the blackarch you installed.

even if you configure /etc/docker/daemon.json like this (note: you still need to do this):

1
2
3
4

{ "registry-mirrors":
["https://mirror.baidubce.com"]
}

it is not fully working until:

1
2

sudo -E docker pull mirror.baidubce.com/significantgravitas/auto-gpt

Docker container storage quota

--storage-opt is supported only for overlay over xfs with ‘pquota’ mount option.

change data-root to somewhere else in /etc/docker/daemon.json

edit /etc/fstab and add our xfs block on new line (find uuid using blkid)

1
2

docker run --storage-opt size=10M --rm -it alpine

when using devmapper make sure size is greater than 10G (default)

1
2

docker run --storage-opt size=11G --r'm -it alpine

zfs, vfs (not a unionfs, but for testing) storage drivers also supports disk quota. you may use it by changing data-root to the related storage device.