It’s so easy, why bother? But I have each service in a separate small Debian VM to avoid conflicts. This avoids conflicts, enforces limits, and gives kernel separation. The real kernel isn’t running anything public.
Containers are often used as a way to not have to keep things up to date, or install properly. Don’t have to be, but often are. Also, not have a separate kernel means you aren’t protected from things like the recent exploits when you allow things uploaded to run. Maintaining Debian Stable is easy really. Love me some Debian. 😀
It’s so easy, why bother? But I have each service in a separate small Debian VM to avoid conflicts. This avoids conflicts, enforces limits, and gives kernel separation. The real kernel isn’t running anything public.
Because of all the other reasons containers are great. Mainly, avoiding maintaining a fleet of VMs…
Containers are often used as a way to not have to keep things up to date, or install properly. Don’t have to be, but often are. Also, not have a separate kernel means you aren’t protected from things like the recent exploits when you allow things uploaded to run. Maintaining Debian Stable is easy really. Love me some Debian. 😀
That’s misusing containers. You do you.