Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

about docker #763

Open
toyo2333 opened this issue Aug 20, 2024 · 1 comment
Open

about docker #763

toyo2333 opened this issue Aug 20, 2024 · 1 comment

Comments

@toyo2333
Copy link

I understand that the author has previously expressed multiple times that Docker deployment will not be supported (because the current deployment method is already simple enough).

However, I still want to explain from a user's perspective why we hope to have Docker support: One GoatCounter is indeed very simple, but when you have 10-20 GoatCounters with different installation methods, data storage, update methods, and backup methods, it’s not so simple anymore.

At this point, the benefits of using Docker Compose become apparent: consistency in data storage and program management. Let me share my example:

1、All my projects are deployed using Docker and are placed in one directory:

./my_project/
├── docker-compose.yml
├── service1
│   └── container-data
├── service2
│   ├── container-config
│   └── container-data
├── service3
│   ├── container-data
│   └── container-extensions
├── service4
│   └── container-data
├── service5
│   ├── container-config
│   └── container-data
├── service6
│   ├── container-data
│   └── container-data2
├── service7
│   └── container-data
├── service8
│   └── container-data
└── service9
    ├── container-config
    └── container-data
  • Therefore, all data files are mapped to container-data.
  • The update process is unified; I just need to run docker compose pull.
  • It is convenient for backups; I automatically back up the project directory daily. In case of an anomaly or failure, I can restore the production environment on any machine within 5 minutes using docker compose up.
    2、Purity: This approach leads to a "clean" file and data environment. Whether it’s installation or uninstallation, it can be done "gracefully."
    3、Security habits: Sometimes, applications or installation scripts from unknown sources can pose security risks. The Docker environment is secure in terms of both network usage and the file system.

I’m writing this mainly to explain the reasoning behind this request, nothing more.
@maruel
Copy link

maruel commented Sep 23, 2024

Have you looked at using override in systemd? See https://askubuntu.com/a/659268/1657026.
systemd supports both cgroups and namespace v2 to lock down the process' access.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maruel @toyo2333