[lug] A few docker questions...

Bear Giles bgiles at coyotesong.com
Sat Jan 25 14:54:08 MST 2020 

No, knowing that smart people find it difficult to use and unreliable is
helpful. It bumps the "what do I really need?" factor up since this is for
a development environment and we have more flexibility than we would in a
production environment. I still need to bang on it enough to defend taking
a step back but it's a lot easier to cut it without an exhaustive effort.

For instance with DNS it would be nice to have the docker image visible to
the local network but it's not unreasonable to use the host's DNS server
(dnsmasq) for that - the host can see the docker container and use it as an
upstream source. As you pointed out I can use nginx to forward the
http/https traffic.

On Sat, Jan 25, 2020 at 10:30 AM Rob Nagler <nagler at bivio.biz> wrote:

> Sounds complicated.
>
> We use --network=host almost exclusively. A lot of things don't work with
> overlay networks. In our case, MPI. Every time I talk to people about how
> they managing MPI (or other parallelization tools) they always say "we use
> host networking". This may be an aside for you, but we've found that by
> using host networking, things just work, and the Docker daemon is
> restartable.
>
> I have never gotten "classic" or "modern" Docker swarm to work reliably.
> It sets up fine, but here are bugs, especially with overlay networks. Those
> bugs get fixed slowly afaict, and with k8s taking over orchestration, I
> wouldn't bet on swarm having a long life. I don't like k8s, just saying
> that the vast majority of people who do orchestration, do.
>
> We orchestrate ourselves. I find Docker compose and k8s to be difficult to
> understand. Rather than fighting the tool, we use systemd to start most
> containers with docker run, which is easily testable from a shell. I also
> find tools like docker.py to be a disaster, because they are almost always
> behind the option curve of the Go client. Also when you use these wrappers,
> they are harder to test. The Go client has a clear and well-documented
> interface that is easy to prototype with.
>
> As far as 0.0.0.0 goes, that seems irrelevant to host networking. We use
> nginx (native, not dockerized) to proxy 443 and 80 to containers. Nginx is
> reliable, easy to configure, and handles TLS termination.
>
> Perhaps not the answer you were looking for, sorry.
>
> Rob
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20200125/7cde9904/attachment.html>

More information about the LUG mailing list