1 |
Hi! |
2 |
|
3 |
What is recommended way to update Docker containers with Gentoo? |
4 |
|
5 |
I mean, each container is supposed to be small and unique, having |
6 |
installed only packages needed for app which will run in this container. |
7 |
So, with 100 different apps we may have 100 different containers with |
8 |
Gentoo, each with custom set of packages, and even same packages may be |
9 |
built with different USE-flags or using different versions - that's the |
10 |
main point of Docker, provide each app with environment it needs. |
11 |
|
12 |
But Gentoo release updates every few hours, some of them are important |
13 |
security updates, so at a glance it looks like we'll have to rebuild and |
14 |
restart all containers every few hours/days, and we'll have to compile all |
15 |
packages multiple times - once per each container - which isn't acceptable |
16 |
at all because of too much CPU resources needed (but it should be possible |
17 |
to mitigate this by using binary packages in cases when USE flags match |
18 |
and ccache to speedup other cases). |
19 |
|
20 |
Am I missing something, or only way to keep Docker containers secure is |
21 |
rebuild all containers each time I run `emerge --sync && emerge -uDN world` |
22 |
on host? |
23 |
|
24 |
-- |
25 |
WBR, Alex. |