[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /tech/ - 36072



File: 1491042798456.png (59.35 KB, 300x252, docker-facebook-share.png)

No.36072

I'm kinda wondering about docker in a prod env right now

I want to give all my docker containers public IPv6 addresses and say fuarrrk ipv4 all together, and host a soykafton of services off a single debian machine (possibly a cluster in the future)

any docker enthusiasts wanna give me some reading materials/advice?

  No.36074

Do you mean 'prod' as in a business environment?

If you're intending to run containers for a business at any kind of scale, you'll want to think about platforms for container orchestration, and automation. Also where you're running the workload (i.e. on-prem/private cloud vs public cloud) is important.

Maybe look into Kubernetes and something like Ansible/Puppet/Chef/Salt for the automation component?

If you're interested in the infrastructure side of setting something like this up, then this podcast is worth a listen: http://packetpushers.net/podcast/podcasts/datanauts-72-kubernetes-openstack-infrastructure-automation/

  No.36077

I'm a bit off-topic, but...

Caution. Docker is a container for universal deployment for your programs and services, but it is not FreeBSD jail or OpenVZ virtualization or any types of sandbox, you should NEVER use Docker as a security isolation tool. Otherwise it's alright.

btw, You may use a PaX / grsecurity Linux kernel to harden your Docker and kernel space against various attacks.

  No.36083

>host a soykafton of services off a single debian machine
This is exactly what I'm using docker for. I selfhost alotta webservices like Nextcloud, Searx, Rocketchat and a couple databases. Using Nginx I then reverse proxy the containers virtual IP to a subdomain for which I also generate a LE certificate. It's super comfy. I couldn't really imagine doing all this without docker.

Using docker really helped me keep my Debian VPS clean. One thing I'm not sure of is the performance impact. If there was one, I didn't really notice it, though that might just be because my VPS has plenty of memory and cores. Overall Docker is a great tool.

  No.36089

>>36077
Does it provide enough isolation that I can give my sister access to a container and not worry about her fuarrrking things up while she learns Linux