![]() ![]() Running Docker inside LXC is a great deployment method, but the default overlay2 driver doesn’t work. The container sees a single filesystem, but in reality it’s multiple stitched together. This creates a single filesystem, compiled from multiple layers without duplicating files. ![]() Docker refers to this as overlay2 (which is its default storage driver). On a normal system, Docker transparently merges the required layers together with a Union filesystem (similar to MergerFS, if you’ve heard of it). It’s possible to access individual layers though, so don’t go adding extra layers to delete secrets in a futile attempt at security. Each layer contains only the files which changed from the previous layer, which allows layers to be shared between containers, reducing download size and disk usage. In your Dockerfile, each new RUN, COPY or ADD line creates a new layer (so do the others, but not ones which affect the filesystem). Docker containers (like onions) have layers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |