Containers Are Not VMs! Which Base Container (Docker) Images Should We Use?

preview_player
Показать описание
Containers are not VMs. Stop treating them as such. Stop using Debian, Ubuntu, and other similar Linux distributions as your base container (Docker) images. Containers are NOT VMs.

#docker #container #kubernetes

▬▬▬▬▬▬ 🔗 Additional Info 🔗 ▬▬▬▬▬▬

▬▬▬▬▬▬ 💰 Sponsoships 💰 ▬▬▬▬▬▬

▬▬▬▬▬▬ 👋 Contact me 👋 ▬▬▬▬▬▬

▬▬▬▬▬▬ 🚀 Other Channels 🚀 ▬▬▬▬▬▬
  1. DevOps Toolkit
  2. devops
  3. devops toolkit
  4. review
  5. tutorial
  6. viktor farcic
Рекомендации по теме
Containers Are Not 0:13:34

Containers Are Not VMs! Which Base Container (Docker) Images Should We Use?

VMs vs. Containers: 0:02:57

VMs vs. Containers: When to Use Each

Docker vs VM: 0:13:40

Docker vs VM: What's the Difference, and Why You Care!

Virtual Machine (VM) 0:08:52

Virtual Machine (VM) vs Docker

Containers vs VMs: 0:08:08

Containers vs VMs: What's the difference?

Vms Vs Containers 0:00:17

Vms Vs Containers - Harsh Nagar - #docker #vmware #kubernetes #podman #virtualbox #windowshypervisor

Container vs VM: 0:13:42

Container vs VM: Hypervisor War is Over!

Containers VM Comparison 0:07:17

Containers VM Comparison

Scaf: Complete blueprint 1:12:31

Scaf: Complete blueprint for new Python Kubernetes projects - Talk Python to Me Ep. 496

Docker | Difference 0:06:27

Docker | Difference between VM & Docker containers | VM vs Docker COntainers |

Big Misconceptions about 0:07:02

Big Misconceptions about Bare Metal, Virtual Machines, and Containers

you need to 0:23:19

you need to learn Docker RIGHT NOW!! // Docker Containers 101

Containerization Explained 0:08:09

Containerization Explained

LXCs vs VMs 0:09:16

LXCs vs VMs - What Was My Rationale?

Docker Containers On 0:26:02

Docker Containers On Proxmox! (Two Different Ways - No VMs!)

VMs vs Docker 0:05:16

VMs vs Docker Containers in the Real World - Dive Into Docker

Containers vs VMs: 0:02:07

Containers vs VMs: What's the difference?

Cgroups, namespaces, and 0:54:25

Cgroups, namespaces, and beyond: what are containers made from?

forget containers, micro 0:01:00

forget containers, micro vms are the future!

Containers vs VMs: 0:04:05

Containers vs VMs: What's the difference?

Kubernetes vs. Docker: 0:08:04

Kubernetes vs. Docker: It's Not an Either/Or Question

Can I Turn 0:05:50

Can I Turn a VM into a Container?

What is a 0:06:23

What is a Container? And Container vs. VM

Virtual Machines vs 0:08:49

Virtual Machines vs Docker Containers - Dive Into Docker

Комментарии
Автор

What do you use as base container images?

DevOpsToolkit
Автор

I surely would love to learn more about ephemeral containers :)

hkupty
Автор

A demo on scratch image + ephemeral container to debug pod from scratch would be great. As tou proposed it 😊

teddybear
Автор

I'd definitely want to see a video on ephemeral containers!

mirceanton
Автор

Just stumbled across this, as always, great stuff Viktor! One nit: Wolfi images come in two variants, latest and latest-dev. The non "-dev" ones usually have no shell, package manager, etc. They are similar to distroless. ("-dev" tags have those tools).
Dislaimer: I work for Chainguard

ericsmalling
Автор

Great content as always Viktor.I would really to get more insights into emphermal containers :)

zygote
Автор

I agree that many image come more bloated than they should, BUT scratch should be used with care. Scrtach images literally have nothing in them, but a lot of apps expects some things to exicts in certain places, and if they don't things tend to get wacky. Namely when you create a image from scrath you need to make sure that you have a valid /etc/passwd, a /tmp directory, a valid /etc/localtime and a ca-certificates (this one is only needed if you app make TLS connections, but most will). That's the bare minimum, on top of that you need to put all your app¡s dependecies. And you have to keep in mind that whatever your throw to your image, you have the sole resposability to keep it up-to-date, which can be no fun at all, and a lot of work.

IMO the best you can do is just forget about all that and use Google's distroless. They have many flavours, do you have a statically linked app that have no depoendcies, not even libc? Use the static variant and you get basically what's an scratch image but with the must have that I commented earlier. What!? That you do need libc, and also libssl and openssl like 99.9% of the programs out there? Do not fret, just use the distrolless/base (or even /cc for libgcc support) mage and you are good to go (BTW, most of the time you should still use the "base" image for go apps, beacuase Go can use some libc functionality if present, giving slighly better performance and a behaviour more inline wiht the rest of apps). That you rather use Node or Java? Why of couse, just use the /nodexx or /javaxx images and you have everything you need. Python you say? Hmm, that's where it gets tricky, there is an /python3 image, you see. But I'm afraid that that's only experimental and using it on production is ill-advised. Ah, I must not forget to tell you that these images use glibc so no musl edgecases for you and if supply-chain security it's a must for you, you can easly check these images with cosing.

cazador
Автор

OMG, my head exploded. Where is your class to relearn all this stuff??? Good video, I would love to hear more!!!!

OldGmerDad
Автор

Big Thank you @DevopsToolkit. I would love to see a demo on ephemeral containers. ❤

pististech-hub
Автор

A video on ephemeral containers would be great to see. Also, configuring k8s probes with scratch images in painful and we can't use alpine images in production.

mondo
Автор

Yes! Let's see more about ephemeral containers

Justjames
Автор

Great insight for anyone who has drifted from the best practices. But most container based training videos don't focus on best practices either, as their objective to only successfully run their use cases limited to the video tutorials only. Having said that, how about a demo video on using scratch images for running binary application + ephemeral containers.

ferozekhanoa
Автор

What if some official approved containers use different distros as a base image? For instance, mysql uses debian, while mongodb uses ubuntu and I need both services in my network, so I will have extra overhead from both distros. Does it mean I should create my own containers for both services (from alpine) in sake of minimization?

Wector
Автор

Ephemeral container attachment, plz!! Awesome video btw!

nkodoko
Автор

Yes, please create video about ephemeral containers.

VladimirVyazmin
Автор

Universal Base Image (UBI) is a good choice if you like to go explore (free) mode then switch to enterprise mode with sla-backed support easily.

fenarRH
Автор

What tool/gui shows your registry/security scan/vulnerabilities? (THANKS!)

dougsellner
Автор

Definitely want to here more about ephemeral containers

brandonwood
Автор

That is very insightful. Does anyone have any experience with using nvidia CUDA drivers with scratch or alpine?

elmiguel
Автор

How do you avoid similar bloat in a VM, if running it using kubevirt or directly on hypervisor?

lamnot.