this post was submitted on 10 Feb 2025
40 points (97.6% liked)

Explain Like I'm Five

14968 readers
8 users here now

Simplifying Complexity, One Answer at a Time!

Rules

  1. Be respectful and inclusive.
  2. No harassment, hate speech, or trolling.
  3. Engage in constructive discussions.
  4. Share relevant content.
  5. Follow guidelines and moderators' instructions.
  6. Use appropriate language and tone.
  7. Report violations.
  8. Foster a continuous learning environment.

founded 2 years ago
MODERATORS
Rikudou_Sage
[email protected]
sabbah
AradFort
Don_Dickle
40
ELI5: Docker containers (feddit.org)
submitted 1 week ago by [email protected] to c/explainlikeimfive
20 comments fedilink hide all child comments
 

I can't seem to wrap my head around (Docker) containers and especially their maintenance.
As I understand it, containers contain a stripped-down OS that shares some resources with the host?
Or is it more like a closed-off part of the file system?

Anyway, when I have several containers running on a host system,
Do I need to keep them all updated separately? If so, how?
Or is it enough to update the host system, and not worry about the containers?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 week ago* (last edited 1 week ago) (3 children)

I also dont get how to update docker containers and where to save config files. The idea is that the containers are stateless so they can be recreated whenever you like.

But there are no automatic updates?? You need a random "watchtower" container that does that.

Also, they are supposed to give easy security, buf NGINX runs as root? There is a rootless variant

[–] roofuskit 5 points 1 week ago

No automatic updates is a feature not a bug.

[–] [email protected] 3 points 1 week ago

Also, they are supposed to give easy security, buf NGINX runs as root? There is a rootless variant

I guess the idea/hope is that they can't break out of their container.

[–] Mbourgon 3 points 1 week ago (1 children)

(Not an expert, but use it some) Configs: most of the time you mount a directory that’s specifically set up for (that/a) container, and that’s persistent on the host. When you spin up its replacement, it has the same mapping.

Automatic updates - from what I remember, yeah, you can even just (depending on needed uptime) schedule a cron job to pull the new image, kill the existing, and start up the new, and if it doesn’t start then you roll back to the previous.

Security - there used to be a debate over it (don’t remember current SOTA) in theory both are pretty safe but the rootless gives more security with some tradeoffs.

[–] [email protected] 2 points 1 week ago

Okay mounting a directory for configs makes sense