Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Recheck dockerignore and tmpfs mounts #11

Open
mattaereal opened this issue Jan 18, 2025 · 1 comment
Open

Recheck dockerignore and tmpfs mounts #11

mattaereal opened this issue Jan 18, 2025 · 1 comment
Assignees
@mattaereal
Labels
enhancement New feature or request good first issue Good for newcomers question Further information is requested

Comments

@mattaereal
Copy link
Contributor

Do a little more research on how to improve the usage of dockerignore. Right now, it is being used to ignore everything but motd.

Also, is it better to mount a type tmpfs workspace rather than a volume of source=none to disable auto-mounting?
Basically:
"type=tmpfs,target=/workspace",
versus
`"source=none,target=/workspace,type=volume".

oi-mini output

Comparing tmpfs and Volume with source=none

1. Persistence

  • tmpfs: Non-persistent. Data is lost once the container stops.
  • Volume (source=none): Non-persistent by default unless explicitly backed by persistent storage. However, Docker might still manage it on disk, meaning data could persist beyond container restarts depending on how Docker handles anonymous volumes.

2. Performance

  • tmpfs: Faster I/O since it's in-memory. Ideal for operations requiring high-speed access.
  • Volume (source=none): Slower compared to tmpfs as it relies on disk I/O.

3. Security

  • tmpfs: More secure for sensitive data as it's stored in memory and not written to disk. However, it's still susceptible to attacks that can access the container's memory.
  • Volume (source=none): Less secure for sensitive data since it's stored on disk, even if Docker manages it. Disk data can potentially be accessed if the host is compromised.

4. Resource Utilization

  • tmpfs: Consumes RAM, which is limited. Large or numerous tmpfs mounts can exhaust memory resources.
  • Volume (source=none): Consumes disk space, which is generally more abundant than RAM but can lead to storage bloat if not managed.

5. Flexibility and Management

  • tmpfs: Simpler to set up for ephemeral storage needs. Managed entirely within Docker's memory management.
  • Volume (source=none): Offers more flexibility if you later decide to manage persistence or backup strategies, though it's initially intended for non-persistent use.

Practical Recommendations

Use tmpfs When:

  • Ephemeral Workspace: You need a temporary workspace that doesn't persist after the container stops.
  • High Performance: Your applications require fast read/write operations.
  • Security Concerns: You prefer not to have workspace data written to disk.
  • Limited Data Size: The workspace data fits comfortably within available RAM.
@mattaereal mattaereal added enhancement New feature or request good first issue Good for newcomers question Further information is requested labels Jan 18, 2025
@mattaereal mattaereal self-assigned this Jan 18, 2025
@mattaereal
Copy link
Contributor Author

Answered myself, but leaving this as a reminder to change it later!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mattaereal mattaereal

Labels
enhancement New feature or request good first issue Good for newcomers question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mattaereal