[ale] Behind on your "Container Skills"

Damon L Chesser damon at damtek.com
Mon Jan 8 12:47:50 EST 2018 

To the best of my knowledge, this IS best practices.


Damon


On 01/08/2018 12:38 PM, Jerald Sheets via Ale wrote:
> You solve this by only allowing an internal “hub” where you place 
> “blessed” container images.  Done.
>
> We blackhole docker hub internally, and there is no ingress to serving 
> nodes from the outside.  In short, if you want something inside, it 
> has to go through a vetting process, and then I have to put it onto 
> the internal hub.  Outside of that, nothing goes on a serving node 
> that isn’t explicitly blessed on an almost file-by-file basis.
>
> Docker is and can be secure.  The problem is that most Systems folks 
> are too lazy to build the infrastructure to make it so.
>
> —j
>
>
>> On Jan 8, 2018, at 12:05 PM, Jim Kinney via Ale <ale at ale.org 
>> <mailto:ale at ale.org>> wrote:
>>
>> Devs LOVE containers. SysAdmins hate them. They are difficult to 
>> manage for updates (toss and rebuild) and most devs pull 
>> latest-greatest libs even though they are all right from git repo and 
>> not checked for problems. None of the security checks that exist for 
>> vm control work for containers and they leak like screen door on a 
>> submarine.
>>
>> Good for development. Should be barred from production use.
>>
>> On January 8, 2018 11:34:07 AM EST, DJ-Pfulio via Ale <ale at ale.org 
>> <mailto:ale at ale.org>> wrote:
>>
>>      From the article, seems most enterprises still use VMs and real hardware
>>     for their production loads.  Containers are mostly used for development
>>     needs, not production.
>>
>>     https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/
>>
>>     ------------------------------------------------------------------------
>>
>>     Ale mailing list
>>     Ale at ale.org <mailto:Ale at ale.org>
>>     http://mail.ale.org/mailman/listinfo/ale
>>     See JOBS, ANNOUNCE and SCHOOLS lists at
>>     http://mail.ale.org/mailman/listinfo
>>
>>
>> -- 
>> Sent from my Android device with K-9 Mail. All tyopes are thumb 
>> related and reflect authenticity.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org <mailto:Ale at ale.org>
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20180108/9fe15a2f/attachment.html>

More information about the Ale mailing list