Idiomatic Docker usage?

docker

(Redundancy) #1

I’ve been asked to provide a production ready installation of Discourse on Amazon for my company.
I’d like to use AWS Elasicache to provide Redis, AWS ECS to manage containers, and RDS for the database (now that postgres is supported).

However, while I haven’t looked at Docker extensively for a while, I’m hitting a bit of a “does not compute” moment looking at the web_only sample - it looks like this is something design to run docker from the docker host, and what I need to do is to provide a service definition to ECS with things linked up, environment variables set and ready for multiple containers to run.

It seems like any Docker setup for Discourse uses the discourse/discourse image that has everything installed on it, even if you want just the web server - this means that there’s more to worry about in terms of image size, attack surface, and even the issue that your container is running multiple processes rather than just exiting if it crashes.

Perhaps I’m misunderstanding, but I was more expecting to see something like https://hub.docker.com/_/cassandra/ with documented environment variables, and maybe a Docker Compose file for bringing up all of the separate images together. Each Container should have one running “thing” in it, so that it can be managed from outside. It also seems like the bootstrap step bakes an Image that contains the email details, rather than leaving them outside of the image to make it reusable (pull and run). You really shouldn’t be putting SSHD on a docker image either, to my understanding.

Are there any plans to change how Discourse uses Docker to be more idiomatic and use official images like https://hub.docker.com/_/postgres/, now that standardized tools are available in the Docker ecosystem for describing multi-layer services, and certain behaviour is expected by all docker cluster management systems (Swarm / Kubernetes / ECS)?

From a sysadmin point of view, the current way that Discourse is set up really concerns me. It’s a snowflake that seems to be missing out on many of the advantages that Docker is supposed to provide.


(Rafael dos Santos Silva) #2

There is some discussion about this here:


(Matt Palmer) #3