If you think docker/container are for security, you’re doing it wrong.
Sure it’s for security… securing my host systems, you goomba. You devs being heve hoed out of my deployment and migration is one of the greatest releases ever, next fo busting a nut. Keep your filthy containers and VMs. Stay outta my host systems.
I’m a computer custodian and I absolutely hate the devs. They are maniacs. Harumph.
Docker is not rootless. Is only safe as long as the container (or those web devs) doesn’t use nsenter or anything similar to get root access outside of it ;)
Wrong again, though it is a fairly recent feature and as an answer to Podman and to meet OCI standards.
A container in a container…
Eight years old and still hits home for the most part. Nowadays though, what I get is mostly “we’re moving to Azure” from clients that have no business in the cloud. Some environments are just not possible to move to a cloud environment without a redesign from scratch.
I’m feeling attacked.
Not a dev-ops guys, just how useful /useless is docker?
In my experience, very, but it’s also not magic. Being able to package an application with its environment and ship it to any machine that can run Docker is great but it doesn’t solve the fact that modern deployment architecture can become extremely complicated, and Docker adds another component that needs configuration and debugging to an already complicated stack.
Honestly? Pretty fucking awesome if you get it configured correctly. I don’t think it’s super useful for production (I prefer chef/vagrant) but for dev boxes it’s incredible at producing consistent environments even on different OSes and architectures.
Anything that makes it less painful for a dev to destroy and rebuild an environment that’s corrupt or even just a bit spooky pays for itself almost immediately.
I don’t think it’s super useful for production (I prefer chef/vagrant)
Yeah!
Docker and OCI get abused a lot to thoughtlessly ship a copy of the developer’s laptop into production.
Life is so much simpler after taking the time to build thoughtful correct recipes in an orchestration tool.
Anything that makes it less painful for a dev to destroy and rebuild an environment that’s corrupt or even just a bit spooky pays for itself almost immediately.
Exactly. The learning curve is mean, but it’s worth it quickly as soon as the first mystery bug dies in a rebuild fire.
