Description The CleanStart Ruby image provides a production-ready, security-hardened container optimized for enterprise environments. Built on a minimal base OS with comprehensive security hardening, this image delivers reliable application execution with advanced security features.
Key Features Core capabilities and strengths of this runtime container
Production-ready container deployment Enterprise-grade security hardening Comprehensive monitoring and logging Multi-architecture support Common Use Cases Typical scenarios where this runtime container excels
Production application deployment Microservices architecture implementation Development and testing environments Enterprise workload containerization Pull Commands Download the runtime container images
docker pull cleanstart/ruby:latestdocker pull cleanstart/ruby:latest-devInteractive Development Start interactive session for development
bash docker run -d --name ruby-prod \\
--read-only \\
--security-opt=no-new-privileges \\
--user 1000:1000 \\
cleanstart/ruby:latestRun Hello World Execute a simple Hello World program
bash docker run -it --name ruby-test cleanstart/ruby:latest-devMount Workspace Run container with local workspace mounted
bash docker run --rm -v $(pwd):/app -w /app cleanstart/ruby:latest-dev python --versionApplication Server Run application with port forwarding
bash docker run -d --name ruby-app \
-p 8000:8000 \
-v $(pwd):/app \
-w /app \
cleanstart/ruby:latestEnvironment Variables Configuration options available through environment variables
PATH System PATH configuration /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binSecurity Best Practices Recommended security configurations and practices
Use specific image tags for production (avoid latest) Configure resource limits: memory and CPU constraints Enable read-only root filesystem when possible Run containers with non-root user (--user 1000:1000) Use --security-opt=no-new-privileges flag Regularly update container images for security patches Implement proper network segmentation Monitor container metrics for anomalies Kubernetes Security Context Recommended security context for Kubernetes deployments
yaml securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']Documentation Resources Essential links and resources for further information