| 1 |
Hi! |
| 2 |
|
| 3 |
What is recommended way to update Docker containers with Gentoo? |
| 4 |
|
| 5 |
I mean, each container is supposed to be small and unique, having |
| 6 |
installed only packages needed for app which will run in this container. |
| 7 |
So, with 100 different apps we may have 100 different containers with |
| 8 |
Gentoo, each with custom set of packages, and even same packages may be |
| 9 |
built with different USE-flags or using different versions - that's the |
| 10 |
main point of Docker, provide each app with environment it needs. |
| 11 |
|
| 12 |
But Gentoo release updates every few hours, some of them are important |
| 13 |
security updates, so at a glance it looks like we'll have to rebuild and |
| 14 |
restart all containers every few hours/days, and we'll have to compile all |
| 15 |
packages multiple times - once per each container - which isn't acceptable |
| 16 |
at all because of too much CPU resources needed (but it should be possible |
| 17 |
to mitigate this by using binary packages in cases when USE flags match |
| 18 |
and ccache to speedup other cases). |
| 19 |
|
| 20 |
Am I missing something, or only way to keep Docker containers secure is |
| 21 |
rebuild all containers each time I run `emerge --sync && emerge -uDN world` |
| 22 |
on host? |
| 23 |
|
| 24 |
-- |
| 25 |
WBR, Alex. |
Archives