[lug] A few docker questions...

[Rob Nagler]

Sounds complicated.

We use --network=host almost exclusively. A lot of things don't work with
overlay networks. In our case, MPI. Every time I talk to people about how
they managing MPI (or other parallelization tools) they always say "we use
host networking". This may be an aside for you, but we've found that by
using host networking, things just work, and the Docker daemon is
restartable.

I have never gotten "classic" or "modern" Docker swarm to work reliably. It
sets up fine, but here are bugs, especially with overlay networks. Those
bugs get fixed slowly afaict, and with k8s taking over orchestration, I
wouldn't bet on swarm having a long life. I don't like k8s, just saying
that the vast majority of people who do orchestration, do.

We orchestrate ourselves. I find Docker compose and k8s to be difficult to
understand. Rather than fighting the tool, we use systemd to start most
containers with docker run, which is easily testable from a shell. I also
find tools like docker.py to be a disaster, because they are almost always
behind the option curve of the Go client. Also when you use these wrappers,
they are harder to test. The Go client has a clear and well-documented
interface that is easy to prototype with.

As far as 0.0.0.0 goes, that seems irrelevant to host networking. We use
nginx (native, not dockerized) to proxy 443 and 80 to containers. Nginx is
reliable, easy to configure, and handles TLS termination.

Perhaps not the answer you were looking for, sorry.

Rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20200125/a18a664d/attachment.html>