Date: Tue, 4 Apr 2023 12:22:49 +1000 From: Tim Preston <tim@timpreston.net> To: Paul Mather <paul@gromit.dlib.vt.edu>, John Levine <johnl@iecc.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org>, tomek@cedro.info Subject: Re: Docker Message-ID: <078a1cf8-7ae2-c593-615b-f5f37fa2b3eb@timpreston.net> In-Reply-To: <8E16D624-2655-4A10-844A-93E4F63E9859@gromit.dlib.vt.edu> References: <20230329053443.6ADA6B6AFED5@dhcp-8e64.meeting.ietf.org> <8E16D624-2655-4A10-844A-93E4F63E9859@gromit.dlib.vt.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. --------------AZUAt09J05l0S7q1FLmj63aF Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit It can be done, with a bit of manual tinkering. Here is a gist which explains how to run Docker in a CentOS 8 VM (under bhyve). https://gist.github.com/tehpeh/7e5329d295eca9539e6462f36b6ce9c0 It's a bit out of date but the general idea would be the same for CentOS stream, Alpine etc: install Docker, enable the service, open firewall/networking, nfs mount a local directory. This is pretty much what Docker for Mac does. If you're looking for the Docker hub image repository equivalent for FreeBSD, take a look at Bastille templates or Potluck (https://potluck.honeyguide.net/). However, and this is only my personal opinion, a pre-baked container image repository is a bad idea. Apart from the security issues and recent drama around Docker shutting down free accounts, container images are often set up with default parameters not useful in a production environment (or even your specific dev environment) and are built against a particular kernel version, so may not run as expected on a different kernel version. Again, only my opinion, but you're much better off building your own, private, images targeting the particular OS/Kernel version you use in dev/staging/production. In summary, prefer Dockerfiles over pre-built images. I think the conversation we really need to have is not about copying Docker, but instead how do we consistently create, run, and scale jails across multiple FreeBSD hosts easily. Tim On 2/4/23 02:54, Paul Mather wrote: > On Mar 29, 2023, at 1:34 AM, John Levine<johnl@iecc.com> wrote: > >> It appears that Tomek CEDRO<tomek@cedro.info> said: >>> if there are lots of images for linux docker, and docker is linux only >>> solution, there is no reason to talk about it on bsd or even offer some >>> sort of images of bsd for linux right? >> Docker runs on MacOS with a linux emulation layer. FreeBSD already has >> some linux emulation so in principle one could do the same thing, but >> it'd be a lot of work for dubious benefit. > > I disagree it would be of dubious benefit. MacOS is a Tier 1 platform in the Docker ecosystem. Using Docker Desktop on macOS makes using Docker and Kubernetes for development work very easy on that platform, meaning you can stay in the environment you prefer. MacOS is not Linux, but the implementation on there is to use a shim Linux VM via the built-in macOS hypervisor (which, IIRC, is a derivative of bhyve). > > It would be great if the same thing could be done on FreeBSD. It would be beneficial if there was a supported docker machine driver for bhyve on FreeBSD. Right now, I believe the road to running Linux containers on FreeBSD is to use the VirtualBox docker machine driver, which is a bit heavyweight (in terms of added dependencies) for my liking. It would be nice if bhyve could be used to run the shim Linux VM. > > Other than that, much of the tooling to run Docker and Kubernetes is already in ports. But, those (e.g., in the case of Kubernetes) need to point to non-FreeBSD systems that are running the actual containers, pods, etc. It would be nice to be able to do it all on FreeBSD, at least for development and kicking-the-tyres purposes. > > Cheers, > > Paul. > --------------AZUAt09J05l0S7q1FLmj63aF Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 7bit <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> </head> <body> It can be done, with a bit of manual tinkering.<br> <br> Here is a gist which explains how to run Docker in a CentOS 8 VM (under bhyve). <br> <br> <a class="moz-txt-link-freetext" href="https://gist.github.com/tehpeh/7e5329d295eca9539e6462f36b6ce9c0">https://gist.github.com/tehpeh/7e5329d295eca9539e6462f36b6ce9c0</a><br>; <br> It's a bit out of date but the general idea would be the same for CentOS stream, Alpine etc: install Docker, enable the service, open firewall/networking, nfs mount a local directory. This is pretty much what Docker for Mac does.<br> <br> If you're looking for the Docker hub image repository equivalent for FreeBSD, take a look at Bastille templates or Potluck (<a class="moz-txt-link-freetext" href="https://potluck.honeyguide.net/">https://potluck.honeyguide.net/</a>).<br>; <br> However, and this is only my personal opinion, a pre-baked container image repository is a bad idea. Apart from the security issues and recent drama around Docker shutting down free accounts, container images are often set up with default parameters not useful in a production environment (or even your specific dev environment) and are built against a particular kernel version, so may not run as expected on a different kernel version.<br> <br> Again, only my opinion, but you're much better off building your own, private, images targeting the particular OS/Kernel version you use in dev/staging/production. In summary, prefer Dockerfiles over pre-built images.<br> <br> I think the conversation we really need to have is not about copying Docker, but instead how do we consistently create, run, and scale jails across multiple FreeBSD hosts easily.<br> <br> Tim<br> <br> <br> <div class="moz-cite-prefix">On 2/4/23 02:54, Paul Mather wrote:<br> </div> <blockquote type="cite" cite="mid:8E16D624-2655-4A10-844A-93E4F63E9859@gromit.dlib.vt.edu"> <pre class="moz-quote-pre" wrap="">On Mar 29, 2023, at 1:34 AM, John Levine <a class="moz-txt-link-rfc2396E" href="mailto:johnl@iecc.com"><johnl@iecc.com></a> wrote: </pre> <blockquote type="cite"> <pre class="moz-quote-pre" wrap="">It appears that Tomek CEDRO <a class="moz-txt-link-rfc2396E" href="mailto:tomek@cedro.info"><tomek@cedro.info></a> said: </pre> <blockquote type="cite"> <pre class="moz-quote-pre" wrap="">if there are lots of images for linux docker, and docker is linux only solution, there is no reason to talk about it on bsd or even offer some sort of images of bsd for linux right? </pre> </blockquote> <pre class="moz-quote-pre" wrap=""> Docker runs on MacOS with a linux emulation layer. FreeBSD already has some linux emulation so in principle one could do the same thing, but it'd be a lot of work for dubious benefit. </pre> </blockquote> <pre class="moz-quote-pre" wrap=""> I disagree it would be of dubious benefit. MacOS is a Tier 1 platform in the Docker ecosystem. Using Docker Desktop on macOS makes using Docker and Kubernetes for development work very easy on that platform, meaning you can stay in the environment you prefer. MacOS is not Linux, but the implementation on there is to use a shim Linux VM via the built-in macOS hypervisor (which, IIRC, is a derivative of bhyve). It would be great if the same thing could be done on FreeBSD. It would be beneficial if there was a supported docker machine driver for bhyve on FreeBSD. Right now, I believe the road to running Linux containers on FreeBSD is to use the VirtualBox docker machine driver, which is a bit heavyweight (in terms of added dependencies) for my liking. It would be nice if bhyve could be used to run the shim Linux VM. Other than that, much of the tooling to run Docker and Kubernetes is already in ports. But, those (e.g., in the case of Kubernetes) need to point to non-FreeBSD systems that are running the actual containers, pods, etc. It would be nice to be able to do it all on FreeBSD, at least for development and kicking-the-tyres purposes. Cheers, Paul. </pre> </blockquote> <br> </body> </html> --------------AZUAt09J05l0S7q1FLmj63aF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?078a1cf8-7ae2-c593-615b-f5f37fa2b3eb>