Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 1 year ago.
Improve this question
I am trying to create my docker swarm environment and my goal is to have all the best security practice related to docker swarm.
I am not really able to find everything I want about swarm security on topics like :
Authentification,
Encryption,
Users and Groups,
Files permission,
Logs,
Among others.
Do any of you have nice ressources where I can find all the information ?
Thanks in advance
Docker swarm is just an orchestration tool, in order to get a secure cluster running you just need to follow the best practices regarding Docker itself (for example, do not run containers as root user).
Check out docker secrets https://docs.docker.com/engine/swarm/secrets/ to keep secrets out of the config yaml files.
You've asked a very broad question and most of the things you mentioned are dependant on the application running in Docker.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed yesterday.
Improve this question
One of web tools we intend to use requires docker for installation. Due to limitation in resources, however, the only way for us to deploy this tool is on a shared university php webserver with an associated MySQL database. My question is, can you somehow convert or even "compile" this docker-dependent tool to get some simple package, similar, for instance, to Wordpress? Indeed, as per my understanding, Wordpress development does require docker, while the final package for Wordpress installation does not.
Is this operation of docker-removal possible and is there a standardised workflow? The tool in question is located in the following repository.
I have tried to install the tool as is, being blocked by the lack of admin privileges and the absence of docker on the described university webserver. I have experience in setting up Wordpress, I would expect for my tool of interest to have a more sophisticated installation process (compared to the current 3 steps) without docker and, for instance, to also require manual connection to an SQL-database.
Please excuse me for my limited understanding and layman terms, I am sadly not coming from a computer science background.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I am tring to use Docker to hold my blog website. But before coding, I know the k8s from the web.
I am totally green with web, so it confused me that is it a good idea to hold my blog in k8s? The infometion from web tell me that k8s > Docker. I do not know is it a really a good idea or not? I have try to learn the k8s for 2 days, and know what is the cluster, services and pods and so on. But it sound not make my work easy...
Should I go on to learn the k8s or it is just a bad idea and I should turn around to just learn how to learn Docker?
Thanks.
It depends on your need for high availability and performance for your blog and how many machines you are willing to use to host your blog.
What I read from your "new-ness" to the web you do not need to go there yet. Docker is probably enough for.
First get familiar with docker / containers and then with K8S.
If you also want to learn Docker this might be a good resource (https://docker-from-scratch.ivonet.nl/) ... shameless plug 😄
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
As I currently have a private server, which runs docker. Is it okay to have multiple containers running (for example 3 diffrent websites, znc server, some nodejs projects that i had containerized). Or should i run those containers per dockerhost?
As always it depends on your needs. It seems that you are hosting some private projects conveniently in docker containers. It's perfectly fine to run them on a single host. As long as you don't encounter any performance problems I would actually encourage you to stick with it. Because splitting them up means more administrative tasks. Maybe you can use that saved time somewhere else. Don't get me wrong. If you want to dive deeper into container orchestration with for example
Kubernetes you should actually do it. Because that's the next logical step to production grade hosting with techniques many successful companies use.
Security Concerns
File system, process, and memory isolation are core features of docker. But there could be very rare cases, e.g. the recent meltdown and spectre vulnerabilities, where one container is able to read data from an adjacent one on the same host.
So if you wanted to be completely sure and extremely high data security is your goal, you would need to deploy your containers on different virtual machines. One per instance.
Performance
If a container does nothing it won't consume much RAM/CPU/disk I/O at all. I have seen places running up to hundred containers on a single host. This means it actually depends on hardware and your running applications.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
I was going through Puppet and comparing it with Docker.
I came to know that Puppet is used for configuration management for scalable infrastructure. New VM's setup can be done with same configuration easily etc.
Seems that Docker is also capable of all these though in a different way.
Is docker replacing the configuration management tools like puppet, chef etc?
Please help me to understand.
Thanks in advance.
Unsure of if this question belongs here or not, but never the less, here is some source material that probable explains it better than me: http://cloudify.co/2014/10/30/Docker-cloud-orchestration-configuration-management.html
Docker operates in a different manner than Chef or Puppet. Docker is (with limited exceptions) a static system. Chef et. al. are dynamic in nature. If you seek to change a fleet of Docker provisioned services you would create a new Docker container, push it out and blow away your old ones.
Chef et. al. instead check frequently for state changes and when they occur they pull those changes down and converge. This leaves room for having parts of the server automated and some not (if its a difficult to manage portion, for instance, or for emergency repairs).
Of the two Docker is the stronger model in my opinion but even then you should have some well defined CM to create your docker images, such as serverless Chef, Ansible or other.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I'm searching for a main difference between OpenShift V3 and V2.
Is OpenShift V2 working like this?: https://www.openshift.com/walkthrough/how-it-works
And how are Docker and Kubernetes working in V3?
Can someone give me a clear explanation about the build-up of OpenShift V2 and V3
This is a rather broadly asked question, so I will (and can) answer only in a rather broad manner.
There are a lot of key concepts that have changed. These are the most important ones and you'll need some time to get into it, but they are a big improvement to OpenShift v2.:
Cartridges vs. Docker Containers
Gears vs. Kubernetes Pods
Broker vs. Kubernetes Master
Release of Red Hat Enterprise Linux Atomic
Host
When you'll study the links below you will understand, that (really exaggerated) OpenShift v3 has basically nothing to do with v2 besides the name, the logo and the PaaS focus. But it's still a great tool and IMO has set new standards in the PaaS-world. (No, I don't work for RedHat ;)
What's New:
https://docs.openshift.com/enterprise/3.0/whats_new/overview.html
https://docs.openshift.com/enterprise/3.0/architecture/overview.html
For starters; Docker & Kubernetes:
https://blog.openshift.com/openshift-v3-platform-combines-docker-kubernetes-atomic-and-more/
Pretty new:
Creating a Kubernetes Cluster to Run Docker Formatted Container Images
EDIT 2016_06_30:
Sorry for necro'ing this old post, but I wanted to add this quick, fun and very informative video about Kubernetes: https://youtu.be/4ht22ReBjno