Our great sponsors
-
Moby
Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
As discussed extensively in https://github.com/moby/moby/issues/22054, which is linked from the OP: this doesn't actually help, because Docker (by default) bypasses your existing firewall rules.
-
With apt2ostree[1] we use lockfiles to allow us to version control the exact versions that were used to build a container. This makes updating the versions explicit and controlled, and building the containers functionally reproducible - albeit not byte-for-byte reproducible.
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
Docker's behavior is unintutivie but makes sense given how container networking works. If you use UFW read https://github.com/chaifeng/ufw-docker and follow the guide.
Then configuring firewall rules to containers is as easy as
- name: Open HTTPS -
rkt (and many other container solutions) was introduced after docker was released and became popular... they even mentioned docker's shortcomings as a motivation for the project creation [0]. It had all the same problems as other replacement software: there were plenty of bugs and missing features, documentation was limited, and there are no community to help you (the announcement explicitly mentions "prototype quality release"). None of those would be fatal if it was significantly better than docker, but it was not -- it was basically the same functionality. So almost no one made the switch. It is closed now [1]
And why "rkt"? There were much better alternative container runtimes. For example Sylabs Singularity [2] -- container-as-a-file, instant mounting, etc... I wish more people knew about it.
[0] https://web.archive.org/web/20141201181834/https://coreos.co...
[1] https://github.com/rkt/rkt#warning-end-of-project-warning
-
singularity
SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and secure. (by sylabs)
rkt (and many other container solutions) was introduced after docker was released and became popular... they even mentioned docker's shortcomings as a motivation for the project creation [0]. It had all the same problems as other replacement software: there were plenty of bugs and missing features, documentation was limited, and there are no community to help you (the announcement explicitly mentions "prototype quality release"). None of those would be fatal if it was significantly better than docker, but it was not -- it was basically the same functionality. So almost no one made the switch. It is closed now [1]
And why "rkt"? There were much better alternative container runtimes. For example Sylabs Singularity [2] -- container-as-a-file, instant mounting, etc... I wish more people knew about it.
[0] https://web.archive.org/web/20141201181834/https://coreos.co...
[1] https://github.com/rkt/rkt#warning-end-of-project-warning
-
InfluxDB
Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.
