[Nottingham] Docker Blocker Shocker (with apologies to El Reg)

[martin at stupids.org]

On Thu, May 17, 2018 at 09:59:47AM +0100, Jason Irwin via Nottingham wrote:
> OK, so Docker. Yeah, that systemd powered sexiness (or abhorrence, opinions differ).
> 
> I'm just starting to play around with it and was wondering what other people used to manage their configs, swarms etc.
> So far I've tried docker on the CLI (which does work, but won't be acceptable), Cockpit with cockpit-docker (probably a bit too simplistic), Portainer (better, but I can't see how to invoke compose etc).

I've used CoreOS Container Linux for years and am very happy with it.
These days, At work I use it together with kubernetes, which is also
fairly solid now (I wouldn't have used it in production a couple of years ago)

> Do people use on-premise repositories, or a secret stash on DockerHub?

A mix of on-prem, dockerhub and quay.io, where possible keeping things
open for both Freedom reasons and cost reasons.

> What about CI, pushing latest to QA/Preview/Production etc?

Currently we're doing a big mix of things. CI is mostly circleci. One 
interesting thig we use is an in-house app that deploys based on changes 
to kubernetes manifests in a git repo.  So to deploy to version 1.2.3 of an
app to production, we update the manifest, create a pull request and whoever
merges it is effectively deploying.  This has the nice property that the git
history is an audit trail of deployments.

> Any other tips for monitoriing, security etc gratefully received.
> 
> Huge topic area, I know, but there's quite a lot of janky info I'm having to wade through as well.
> A few pointers/links would help.

These things really depend on what you are doing, and at what scale etc.

-- 
Martin.