[ale] Behind on your "Container Skills"

Ted W. ted-lists at xy0.org
Thu Jan 25 23:38:37 EST 2018


> On Mon, Jan 08, 2018 at 01:09:36PM -0500, DJ-Pfulio via Ale wrote:
> 
> Certainly a few people here are using containers. There are over 1100+
> other members, lurking.
> 
> Questions:
> a) Containers or not?
> b) If yes, production or not?
> 
> My answers:
> a) I have a few toy containers; none running now.
> b) Zero in production.

I am sorry to all of those who have come to the conclusion that
containers are inherently bad. I believe they (Docker in particular)
gets that reputation from many of the half baked "tutorials" due to it's
low barrier to entry as well as it's often poor documentation due to
Docker's current rapid rate of development.

It's just like any other application, if you deploy it to production
with the default settings, you're going to have a bad time. You don't
have to run containers as root just like you don't have to run Apache as
root. Set USER in your Dockerfile or pass the -u flag to your run
command. You don't have to run containers from sketchy third parties,
just like you wouldn't trust sketchy repositories. Any sysadmin
concerned about security should already be mirroring repositories
internally and controlling how patches are rolled out. Do the same thing
with your containers. Sinkhole Dockerhub and Quay and setup a local
image repository.

The tools are different but the concepts are the same.

a) Containers or not?
Yes. We've had Docker in production for a while and are currently
rolling out Kubernetes with production ramp up scheduled to start this
quarter.

b) If yes, production or not?
Yes. Currently serving internal "production" (stuff that isn't customer
facing but no less critical to the business). Customer facing production
roll out beginning this quarter.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20180126/c288fb70/attachment.sig>


More information about the Ale mailing list