Questions and answers about Container Solution
Written by
Updated at December 12, 2023
How do I perform auto updates based on immutable tags?
Updating a Docker container will not work with tags that persist from version to version. We recommend using a new tag for each Docker image.
Getting started
There is a number of disadvantages of using tags that persist from version to version:
- When a problem occurs, it is difficult to find its source if multiple identical VMs have the same tag but different code.
- A cluster of multiple VMs can be heterogeneous, for example, if one VM restarts and updates a Docker image.
- It is difficult to distinguish between Docker image versions on a VM.
I cannot create a Docker container. Why is that?
Warning
The Docker Compose specification does not support build
instructions, so make sure to build a Docker image in advance. In addition, the Docker Compose specification should not contain any links to other files: they are not delivered to the VM.
- Check that the Docker image name is correct.
- Make sure the service account linked to the VM has the
container-registry.images.puller
rights to the appropriate Docker image. - Check that the VM has internet access.
- You can also view logs by running the
sudo journalctl -u yc-container-daemon
command on the VM.
How can I close a port for public access and leave it accessible within the network?
- If you use a standard Container Optimized Image (one Docker container configured by parameters), all ports that are open in the container will also be open on the host.
- If you need other network settings for Docker containers, you can configure them using a Container Optimized Image with the Docker Compose specification.
- To make your Docker container's port open on the host but disable access to it from the internet, you can use security groups.