Our great sponsors
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
So one thing that I didn't read here is how it works with environment variables.
Imagine you launch a container with FOOD=fries and DRINK=beer. The container doesn't set defaults for those variables, it does have one for DESSERT=ice-cream.
The container runs with FOOD=fries, DRINK=beer & DESSERT=ice-cream. An update comes along, and the container now has a default for DRINK=wine and switches to DESSERT=creme-brulee.
You update the container. What do you expect to happen with DRINK & DESSERT? DRINK remains beer, fine we chose that. But DESSERT also remains ice-cream, even though we didn't explicitly say that. The problem is that Docker (well, the surrounding tooling) cannot distinguish between your input and the container's default. They all get set in the `env` section of the container.
So you update the container and end up with FOOD=fries, DRINK=beer & DESSERT=ice-cream.
I get around this with using ansible with the Docker collection from the community [0]. This has a separate input and when it recreates the container it only takes into account the environment variables I set, and doesn't provide the other ones, so they become the container's default.
Many containers have things like PYTHON_VERSION=3.11.1 PYTHON_PIP_VERSION=22.3.1 PYTHON_SETUPTOOLS_VERSION=65.5.1 PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/66030fa03382b4914d4c4d08... PYTHON_GET_PIP_SHA256=1e501cf004eac1b7eb1f97266d28f995ae835d30250bec7f8850562703067dc6 in there.
PS: How do I get Podman 4 on Ubuntu?
[0] https://docs.ansible.com/ansible/latest/collections/communit...
I guess it would all depend on the scale.
For my home servers which just run personal things (like a kanban board as a todo list) I just use watchtower[0]. This requires mounting the docker socket into this container, which is not ideal.
In a production environment, id expect pinning of the docker sha and setting docker tags as immutable. Some software projects exist to scan for updates and draft PRs automatically for changes (I can't remember the name of the software but it begins with R).
I got somewhat excited about podman a couple months ago, and then learned that there are painful shenanigans between required versions and the (ancient?) one that is available in the Ubuntu 22.10 package manager [1].
It seemed great until I tried to launch an existing Postgres container that required a more recent Podman version.
The Podman installation page [2] makes some effort to explain alternate installation steps, but doesn't make it clear why, or how far back you'll be.
Not complaining here, just giving folks a heads up.
Despite these issues, it does look like a great project.