An introduction to Clear Containers

Posted May 22, 2015 16:36 UTC (Fri) by Cyberax (✭ supporter ✭, #52523)
In reply to: An introduction to Clear Containers by niner
Parent article: An introduction to Clear Containers

> So we don't update containers, we re-create them with updated templates. But how _are_ these templates updated?
Using "docker build" command ( https://docs.docker.com/reference/builder/ ) or its equivalent.

> Where do the security updates to the templates come from?
The usual repositories and software installation channels.

> How does an admin know that a template needs updating?
Using the usual channels. For example, just like with real machines, an admin might periodically try to do 'apt-get update; apt-get upgrade' with only security updates repository turned on a test container.

An introduction to Clear Containers

Posted May 24, 2015 3:16 UTC (Sun) by misc (subscriber, #73730) [Link]

Provided of course that you verify that the dockerfile do not suddenly start to do a curl | bash or this kind of stuff, as we tend to see on the docker registry and all across the place. Or pip install, etc.

And of course, provided the containers do not requires schema change or any kind of upgrade to the DB or any data store ( storage that you also likely need to handle, potentially with containers too, if possible, in a shared cluster way, which open all kind of fun problems ). That's problems that can be solved, but that's not as easy as people seems to imply.

( there is a few others issues to solve, like logging of containers, proper isolation, and the inherent dependencies on the kernel host which make practice != theory ). Secret distribution is also a interesting one, so how do you give your wordpress containers access to the mysql db somewhere in a clean way. ( again, doable and not a insanely hard issue, but requires a bit more than just the vanilla docker and a workflow that is well defined )