And going from bare metal to Docker is usually easier than the other way round.Ģ.) I have my DBs on an SSD (Samsung 860QVO, but any decent consumer SSD will do just fine), that helps a lot. Think of: how do I open a shell in a container to troubleshoot? How do I mount/backup the volumes in a way that I can still access my data without the Container running? Where do the logs go? There are obviously solutions to all of this, but I recommend looking them up before shit hits the fan. Sidenote: I think a lot of people who recommend it know just enough Docker to hang themselves. Install and update is way easier, but Docker still has its own culprits. If you want to fire and forget I'd recommend Docker on bare metal. Write your own Ansible Playbooks (or use comparable tools like Puppet, Terraform, etc.) and become a real system administrator. If you want to learn and improve your skills and understanding on the topic I'd recommend bare metal or VM - no Docker. It purely depends on what you are aming for. Long story short: overhead will not be an issue for you. a smartphone chip from 2013 and 2GB RAM) and it works just good enough for me and my girlfriend - but that is all I need anyway. I have been running it for years on an Odroid HC-2 (Exynos 5422, i.e. On the other hand an i7-4770 is plenty for NC. Not an issue most of the time, but it may cause weird corner-cases. You may also end up with more NAT layers than you actually want to have. You would be running paravirtualization (Docker) on top of real virtualization (VM). Also, this is purely my (selfhosting OwnCloud/Nextcloud since more than 10 years, for a living I am a software developer and use Docker/Kubernetes on a daily basis) opinion, so take it with a lot of salt.ġ.) Running Docker in a VM seems overkill to me. If you want to learn (and admittedly fail more often) and select the apps you are running carefully: choose bare metal first. So TL DR: if you want to brag how many apps you can run without actually knowing what you are doing: choose Docker. At that point bare-metal isn't an option anymore, but pure Docker isn't either: Kubernetes (or Swarm if you like not-quite-yet-but-as-good-as dead software) is a must. I've been self-hosting on bare metal for over 10 years now and I never found myself in dependency hell.Ĭontainer really start to shine when you need to scale horizontally (i.e. "ease of use" is the second side of the "I barely know what I'm doing" coin. There are solutions like Ansible that allow to streamline the process. I also think admins should be able to deploy the applications they run without needing docker. At this point you not only trust your linux distro and the Nextcloud team (which you need to trust anyway), but also every provider of every base image Nextcloud uses. If I build them myself, I still need to find a patched base image, or patch it myself - on every single container image. If I containerize everything by using images I don't build myself I need to a) find out which container even uses OpenSSLv3 b) wait for them to be patched, c) update them and d) hope it doesn't slip in again on the next update. Reboot to make sure the library is reloaded and we are done. Take the current OpenSSL vulnerabiliy as example: running bare metal means I'll have to look up the security advisory for my distro and update one package. The more important disadvantage - especially when not building the images yourself - is increased dependency on third parties and reduced observability. a lot of Python thingies) and it is hard to give a one size fits all number here. The amount of duplicated libraries will heavily depend on the types of deployment (e.g. So instead of having one C stdlib, one C++ stdlib, one libssl, and so on in RAM you'll have one per container (that needs it). because each image loads its own set of shared libraries.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |