docker-hy · qzuw · Oct 14, 2023 · Oct 14, 2023 · Oct 16, 2023 · Oct 16, 2023
diff --git a/docs/getting-started.md b/docs/getting-started.md
@@ -88,10 +88,18 @@ Confirm that Docker installed correctly by opening a terminal and running `docke
 
 To avoid writing sudos you may consider [adding yourself to docker group](https://docs.docker.com/install/linux/linux-postinstall/)
 
-Keep in mind that if you do so, you can now run containers without sudo and containers give you super user access to the computer.
+Keep in mind that if you do so, you can now run containers without sudo and containers give you or anyone who gains access to your account super user access to the computer.
 
 :::
 
+### Rootless Docker
+
+Instead of above installation, on Linux you can run Docker as a non-root user. This requires that your system has [certain programs and configurations set up in advance](https://docs.docker.com/engine/security/rootless/#prerequisites) by the system administrator.
+
+If your system is set up correctly, you can possibly run locally available installation script dockerd-rootless-setuptool.sh or download it from [https://get.docker.com/rootless](https://get.docker.com/rootless). The script will inform you of any missing requirements if there are any.
+
+Do note that while running Docker rootless does limit some security risks to your system, it just adds one hurdle for potential malicious attacker (and in any case, system staying secure might not sound so great if you end up "only" losing your user data).
+
 ## Deadline
 
 The sign up for ECTS credits and the course ends 18.6.2023! After that course is locked and submissions can no longer be made or credits earned. As the certificate is received through submissions, you have to submit everything before the course ends. More details under completion and after each part.

diff --git a/docs/part-1/section-3.md b/docs/part-1/section-3.md
@@ -201,6 +201,12 @@ If you're now getting "/bin/sh: ./hello.sh: not found" and you're using Windows
 
 :::
 
+:::tip can't stat
+
+If you are running rootless docker and build process gives can't stat error, you may try removing old images. For more information, reading [this issue](https://github.com/docker/for-linux/issues/380) may be relevant.
+
+:::
+
 Now executing the application is as simple as running `docker run hello-docker`. Try it!
 
 During the build we see that there are multiple steps with hashes and intermediate containers. The steps here represent the layers so that each step is a new layer to the image.
@@ -357,7 +363,7 @@ Try `docker run devopsdockeruh/simple-web-service:alpine hello`. The application
 
 In this exercise create a Dockerfile and use FROM and CMD to create a brand new image that automatically runs `server`.
 
-The Docker documentation [CMD](https://docs.docker.com/engine/reference/builder/#cmd) says a bit indirectly that if a image has ENTRYPOINT defined, CMD is used to define it the default arguments.
+The Docker documentation [CMD](https://docs.docker.com/engine/reference/builder/#cmd) says a bit indirectly that if an image has ENTRYPOINT defined, CMD is used to define the default arguments for it.
 
 Tag the new image as "web-server"
 

diff --git a/docs/part-1/section-5.md b/docs/part-1/section-5.md
@@ -37,7 +37,7 @@ The details on how programs communicate are not detailed in this course. Courses
 
 - Sending messages: Programs can send messages to [URL](https://en.wikipedia.org/wiki/URL) addresses such as this: http://127.0.0.1:3000 where http is the [_protocol_](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol), 127.0.0.1 is a ip address, and 3000 is a [_port_](<https://en.wikipedia.org/wiki/Port_(computer_networking)>). Note the ip part could also be a [_hostname_](https://en.wikipedia.org/wiki/Hostname): 127.0.0.1 is also called [_localhost_](https://en.wikipedia.org/wiki/Localhost) so instead you could use http://localhost:3000.
 
-- Receiving messages: Programs can be assigned to listen to any available port. If a program is listening for traffic on port 3000, and a message is sent to that port, it will receive it (and possibly process it).
+- Receiving messages: Programs can be assigned to listen to any available port. If a program is listening for traffic on port 3000, and a message is sent to that port, it will receive it (and possibly process it). Port numbers below 1024 may be unavailable for users with normal privileges.
 
 The address _127.0.0.1_ and hostname _localhost_ are special ones, they refer to the machine or container itself, so if you are on a container and send message to _localhost_, the target is the same container. Similarly, if you are sending the request from outside of a container to _localhost_, the target is your machine.
 

diff --git a/docs/part-2/section-1.md b/docs/part-2/section-1.md
@@ -6,6 +6,12 @@ Even with a simple image, we've already been dealing with plenty of command line
 
 Next we will switch to a tool called [Docker Compose](https://docs.docker.com/compose/) to manage these. Docker Compose used to be a separate tool but now it is integrated to Docker and can be used like the rest of the Docker commands.
 
+:::tip Rootless Docker
+
+If you are using Docker without root privileges, your system might not have Docker Compose installed. If this is the case, you can [install it manually yourself](https://docs.docker.com/compose/install/linux/#install-the-plugin-manually).
+
+:::
+
 Docker Compose is designed to simplify running multi-container applications to using a single command.
 
 Assume that we are in the folder where we have our Dockerfile with the following content:

diff --git a/docs/part-3/section-5.md b/docs/part-3/section-5.md
@@ -8,9 +8,9 @@ In the scope of this course, we cannot go into how to use the tools in this sect
 
 **Docker swarm mode** is built into Docker. It turns a pool of Docker hosts into a single virtual host. You can read the feature highlights [here](https://docs.docker.com/engine/swarm/). You can run right away with `docker swarm`. Docker swarm mode is the lightest way of utilizing multiple hosts.
 
-**Kubernetes** is the de facto way of orchestrating your containers in large multi-host environments. The reason being it's customizability, large community and robust features. However the drawback is the higher learning curve compared to Docker swarm mode. You can read their introduction [here](https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/).
+**Kubernetes** is commonly default way of orchestrating your containers in large multi-host environments. The reason being it's customizability, large community and robust features. However the drawback is the higher learning curve compared to Docker swarm mode. You can read their introduction [here](https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/). Other similar technologies exist, for example Apache Mesos and HashiCorp Nomad.
 
-It is always good to remember that a singe tool is rarely an optimal solution for all the possible scenarios. In a 2-3 host environment for a hobby project the gains from Kubernetes might not be as large compared to a environment where you need to orchestrate hundreds of hosts with multiple containers each.
+It is always good to remember that a single tool is rarely an optimal solution for all the possible scenarios. In a 2-3 host environment for a hobby project the gains from Kubernetes might not be as large compared to a environment where you need to orchestrate hundreds of hosts with multiple containers each.
 
 You can get to know Kubernetes with [k3s](https://k3s.io/) a lightweight Kubernetes distribution which you can run inside containers with [k3d](https://github.com/rancher/k3d). This is a great way to get started as you don't have to worry about complicated setup or any credit limits that the cloud providers alvays have.