I can’t seem to wrap my head around (Docker) containers and especially their maintenance.
As I understand it, containers contain a stripped-down OS that shares some resources with the host?
Or is it more like a closed-off part of the file system?
Anyway, when I have several containers running on a host system,
Do I need to keep them all updated separately? If so, how?
Or is it enough to update the host system, and not worry about the containers?
I also dont get how to update docker containers and where to save config files. The idea is that the containers are stateless so they can be recreated whenever you like.
But there are no automatic updates?? You need a random “watchtower” container that does that.
Also, they are supposed to give easy security, buf NGINX runs as root? There is a rootless variant
No automatic updates is a feature not a bug.
(Not an expert, but use it some) Configs: most of the time you mount a directory that’s specifically set up for (that/a) container, and that’s persistent on the host. When you spin up its replacement, it has the same mapping.
Automatic updates - from what I remember, yeah, you can even just (depending on needed uptime) schedule a cron job to pull the new image, kill the existing, and start up the new, and if it doesn’t start then you roll back to the previous.
Security - there used to be a debate over it (don’t remember current SOTA) in theory both are pretty safe but the rootless gives more security with some tradeoffs.
Okay mounting a directory for configs makes sense
I guess the idea/hope is that they can’t break out of their container.