https://falcao.org/tags/containers/Recent content in Containers on Danilo Falcão da SilvaHugoen-usFri, 22 May 2026 10:00:00 -0300https://falcao.org/posts/open-source-sast-dast-sca-2026/Fri, 22 May 2026 10:00:00 -0300https://falcao.org/posts/open-source-sast-dast-sca-2026/<p>I don&rsquo;t pay for Snyk. Not because it&rsquo;s bad — it&rsquo;s a genuinely good product — but because there is a free stack that catches the vast majority of the same issues directly in CI, and the remaining gap hasn&rsquo;t been worth roughly <strong>$600 per developer per year</strong> to close. On a team of fifteen engineers, that&rsquo;s the price of a small EC2 fleet you actually need.</p> <p>This post is about the open-source security tooling I actually wire into pipelines: <strong>Trivy</strong> for containers, dependencies and IaC, <strong>Semgrep</strong> for application code, <strong>Nuclei</strong> and <strong>OWASP ZAP</strong> for the live app, and a few honourable mentions. It&rsquo;s not an exhaustive catalogue. It&rsquo;s the stack I keep coming back to.</p>https://falcao.org/posts/rancher-platform-vs-lens/Wed, 20 May 2026 21:15:00 -0300https://falcao.org/posts/rancher-platform-vs-lens/<p>You&rsquo;ll see this comparison on r/kubernetes every couple of months, phrased as if it&rsquo;s a real choice: <strong>Rancher or Lens?</strong> The framing is wrong. They occupy different layers of the stack. Asking which one &ldquo;wins&rdquo; is like asking whether VS Code beats Kubernetes.</p> <p>But the question keeps coming up — usually from someone who has Lens installed, has heard about Rancher, and is trying to figure out whether they should swap. So let me lay out what each one actually is, where they overlap, where they don&rsquo;t, and which one earns a place in a serious on-prem setup.</p>https://falcao.org/posts/rke2-on-prem-kubernetes/Tue, 19 May 2026 12:30:00 -0300https://falcao.org/posts/rke2-on-prem-kubernetes/<p>Most of the Kubernetes conversation in 2026 happens around managed services — <strong>EKS</strong>, <strong>GKE</strong>, <strong>AKS</strong> — and most of the rest happens around <strong>K3s</strong> for edge and homelab. Somewhere in the middle, on the hardware that lives in a rack in a datacenter you can drive to, there&rsquo;s a Kubernetes story that nobody talks about loudly enough.</p> <p>That story is <strong>RKE2</strong> — the Rancher Kubernetes Engine 2, SUSE&rsquo;s hardened, security-focused, single-binary distribution designed for on-premises production. I&rsquo;ve been running it for two years across two different employers and one home lab, and it&rsquo;s the rare piece of infrastructure that gets more impressive the longer you live with it.</p>https://falcao.org/posts/distrobox-toolbx-podman-docker/Tue, 19 May 2026 10:30:00 -0300https://falcao.org/posts/distrobox-toolbx-podman-docker/<blockquote> <p><em>&ldquo;What would you give and what would you keep?&rdquo;</em> — <strong>Mase</strong>, <em>From Scratch</em> (Double Up, 1999)</p> </blockquote> <p>Mase asked it about rewinding your whole life and starting over. I ask it every time someone on my team picks a development container stack. Because the moment you decide to let a container <em>be</em> your workstation — not just hold a service, but hold your editor, your shell, your language toolchains, your AUR packages on top of a Fedora host — you&rsquo;re making a series of small, ugly trade-offs. <strong>What would you give up from your bare-metal workflow, and what would you keep?</strong></p>