Images #2
Comments
|
That is interesting. Not sure how far I want to support that, from a security perspective with Docker. Do we really want to give root access out? |
Oh, right, they do grant root, which would probably be a bad idea. Weird. This is totally out-of-scope for our initial sprint here, by the way, I just didn't want to lose the idea. |
|
💡 I wonder if we could build our container to run as non-root, but set up a virtualenv (for Python) so users could use Hmm, I bet multyvac hardcodes the root user in the ssh call, though. |
|
As discussed in chat, we could use an image that includes FROM progrium/busybox
MAINTAINER Yaser Martinez Palenzuela
RUN opkg-install bash bzip2
ADD conda_install.sh /root/conda_install.sh
#ADD Miniconda3-3.7.3-Linux-x86_64.sh /root/miniconda3/Miniconda3-3.7.3-Linux-x86_64.sh
RUN ["bash", "/root/conda_install.sh"]
ENV PATH /root/miniconda3/bin:$PATHSide note about this image: We can't actually use busybox though, as it doesn't have the ability to add users (unless you build busybox with it). Also, making a minimized base image in a multi-tenant system doesn't make sense because then everyone is building the same layers, resulting in more space rather than less. After installing numpy, scipy, ipython-notebook, scikit-learn there were 12304 files created or modified. The image ended up being 674.6 MB without even installing the rest of the scipy stack and that's only for Python 3. Across hundreds of users that 100*674.6MB of changes instead of just the 1 base layer shared across. |
|
We should call these "images" to be more familiar to Docker users who aren't familiar with multyvac, but accept "layer" as an alias so we maintain multyvac compatibility. |
Multyvac has a feature called a layer, which sounds an awful lot like a
docker runfollowed by adocker commit.The text was updated successfully, but these errors were encountered: