| 1 |
On Wednesday, February 25, 2015 22:11:55 Alex Efros wrote: |
| 2 |
> What is recommended way to update Docker containers with |
| 3 |
Gentoo? |
| 4 |
|
| 5 |
docker pull ${NEW_IMAGE} |
| 6 |
|
| 7 |
Somewhat sarcastic but actually true. I don't recommend running |
| 8 |
production applications inside of Gentoo based containers. |
| 9 |
|
| 10 |
I highly recommend making containers as small as possible. That |
| 11 |
means using statically linked executables and removing all |
| 12 |
traces of what we know as a distribution. Production containers |
| 13 |
should not be based on Gentoo images. |
| 14 |
|
| 15 |
I see the Gentoo docker images as bases for testing Gentoo |
| 16 |
itself which includes making Gentoo an appropriate environment |
| 17 |
for running the docker daemon. |
| 18 |
|
| 19 |
I'm sure this *opinion* won't be popular but I feel it's the |
| 20 |
right way to go with containerization. |
| 21 |
|
| 22 |
This would still necessitate rebuilding your containers to get |
| 23 |
security updates but you could do that in response to CVEs or |
| 24 |
other problems in your application without worrying about being |
| 25 |
on the bleeding edge. |
| 26 |
|
| 27 |
If you haven't seen gentoo-bb you should check it out. |
| 28 |
|
| 29 |
Regards, |
| 30 |
|
| 31 |
-- |
| 32 |
Alex Brandt |
| 33 |
Cloud Evangelist for Rackspace and Developer for Gentoo |
| 34 |
http://blog.alunduil.com |
Archives