[ale] Behind on your "Container Skills"
Damon L Chesser
damon at damtek.com
Mon Jan 8 12:47:50 EST 2018
To the best of my knowledge, this IS best practices.
Damon
On 01/08/2018 12:38 PM, Jerald Sheets via Ale wrote:
> You solve this by only allowing an internal “hub” where you place
> “blessed” container images. Done.
>
> We blackhole docker hub internally, and there is no ingress to serving
> nodes from the outside. In short, if you want something inside, it
> has to go through a vetting process, and then I have to put it onto
> the internal hub. Outside of that, nothing goes on a serving node
> that isn’t explicitly blessed on an almost file-by-file basis.
>
> Docker is and can be secure. The problem is that most Systems folks
> are too lazy to build the infrastructure to make it so.
>
> —j
>
>
>> On Jan 8, 2018, at 12:05 PM, Jim Kinney via Ale <ale at ale.org
>> <mailto:ale at ale.org>> wrote:
>>
>> Devs LOVE containers. SysAdmins hate them. They are difficult to
>> manage for updates (toss and rebuild) and most devs pull
>> latest-greatest libs even though they are all right from git repo and
>> not checked for problems. None of the security checks that exist for
>> vm control work for containers and they leak like screen door on a
>> submarine.
>>
>> Good for development. Should be barred from production use.
>>
>> On January 8, 2018 11:34:07 AM EST, DJ-Pfulio via Ale <ale at ale.org
>> <mailto:ale at ale.org>> wrote:
>>
>> From the article, seems most enterprises still use VMs and real hardware
>> for their production loads. Containers are mostly used for development
>> needs, not production.
>>
>> https://www.theregister.co.uk/2018/01/08/container_shock_not_everybody_is_doing_it/
>>
>> ------------------------------------------------------------------------
>>
>> Ale mailing list
>> Ale at ale.org <mailto:Ale at ale.org>
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>> --
>> Sent from my Android device with K-9 Mail. All tyopes are thumb
>> related and reflect authenticity.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org <mailto:Ale at ale.org>
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20180108/9fe15a2f/attachment.html>
More information about the Ale
mailing list