Containerization

Containerization enables reproducible, portable, and resource-efficient systems.
I develop and operate container-based environments in which applications, databases, and services are clearly isolated, versioned, and automatically deployed.
I use Docker and Docker Compose as the basis for service-oriented structures—from single instances to complex multi-service stacks.
For me, containers are not a replacement for virtualization, but rather a complement: they bring speed and scalability to existing infrastructures without losing transparency and control.

Comeli dragon in work clothes in front of a network of colored connections representing containerization with Docker and Docker Compose

Architecture &
Structure

I design container environments to remain secure, modular, and maintainable. The goal is a consistent structure with clear roles for images, volumes, networks, and services.

  • Multi-service stacks with Docker Compose
  • Structured image creation (Dockerfile, multi-stage builds)
  • Use of official and tested base images
  • Clear separation of configuration, data, and code
  • Integration of environment variables, secrets, and certificates

Operation &
Automation

I convert container deployments into automated processes to make rollouts, updates, and recovery traceable.

  • Automated builds and deployments via Ansible or GitLab CI/CD
  • Versioned Compose files and rollback-capable configurations
  • Automated service restarts and Watchtower-based updates
  • Documented start-up and recovery processes

Security &
Isolation

Containers offer a lot of freedom – I consistently secure them to prevent misconfigurations or privilege escalation.

  • Use of rootless Docker and namespaces
  • Integration of SELinux/AppArmor and Seccomp policies
  • Control over capabilities and network access
  • Regular image scans and automated security checks

Logging, Monitoring & Debugging

Transparency in operation is crucial.

I integrate all containers into existing monitoring and logging systems to centrally record runtime, resources, and status.

  • Prometheus Node / cAdvisor / Docker Exporter
  • Grafana dashboards for container metrics
  • Loki and Journalctl for log collection and analysis
  • Script-based checks and Alertmanager notifications

Integration & Migration

Containerization is often the intermediate step between classic and cloud-native architecture.

I support the migration of monolithic applications to container structures or Kubernetes workloads.

  • Containerization of existing web and database services
  • Use of persistent volumes for stateful services
  • Preparation for Kubernetes deployments (Helm / Kustomize)
  • Integration into CI/CD or GitOps processes

Resourcemanagement & optimization

Continuous monitoring and benchmarking enable bottlenecks to be identified early on and systematically eliminated.

  • CPU limits and cgroups configuration for controlled process load
  • Memory tuning, swapping avoidance, and garbage collection optimization
  • Network optimization (SR-IOV, VirtIO, jumbo frames, QoS)
  • Container storage tuning (OverlayFS, volume performance, I/O scheduler)
  • Benchmarking with FIO, iperf, cadvisor, and Prometheus metrics
  • Analysis and reporting of resource utilization for capacity planning
The Comeli dragon is teaching at the blackboard at ComelioCademy.

Trainings

You can find specific trainings and current topics in the Comelio GmbH training catalog.
Available in-house at your company, as a webinar, or as an open training—designed to meet different requirements.

View trainings

Frequently asked questions about Containerization

In this FAQ, you will find the topics that come up most frequently in consultations and training sessions. Each answer is kept brief and refers to further content where necessary. Can’t find your question? Feel free to contact me.

Comeli dragon leans against a ‘FAQ’ sign and answers questions about Containerization.

Docker or Podman – which should I use?

Both are OCI-compatible. Docker+Compose scores points with its ecosystem and simple orchestration; Podman is daemonless and rootless-first. Integrations (CI, scanners, registries) and operating standards are decisive factors. In many setups: Docker (rootless) + Compose, clearly versioned and controlled via Ansible/CI.

Compose or Kubernetes?

Compose: one host, manageable stacks, rapid iteration. Kubernetes: multi-host HA, policies, self-healing, GitOps. Practice: start clean with Compose (volumes/secrets/health checks), keep artifacts/configs K8s-ready (Helm/Kustomize), migrate later in a controlled manner.

How do I make containers secure and ready for production?

Non-root, user namespaces, capabilities drop all, read-only root FS, seccomp/AppArmor/SELinux profiles, minimal/distroless images. Supply chain: SBOM & scans (e.g., Trivy/Grype), signing (cosign), regular rotations. Centralize logs/metrics and automate updates.