FAQ about Container Solution
Written by
Updated at March 14, 2025
How do I perform auto updates based on immutable tags?
Updating a Docker container will not work with tags that persist from version to version. We recommend using a new tag for each Docker image.
Getting started
Using tags that persist from version to version has multiple disadvantages:
- When an issue occurs, finding its source is difficult if multiple identical VMs have the same tag but various code.
- A VM cluster can be heterogeneous, e.g., if one VM has restarted and updated a Docker image.
- It is difficult to distinguish between Docker image versions on a VM.
Unable to create a Docker container. Why is that?
Warning
The Docker Compose specification does not support the build instruction: Make sure to build a Docker image beforehand. In addition, the Docker Compose spec should not contain any links to other files, as the VM does not get these.
- Make sure the Docker image name is correct.
- Make sure the service account linked to the VM has the
container-registry.images.pullerpermissions for the appropriate Docker image. - Make sure the VM has internet access.
- You can also view log errors by running the
sudo journalctl -eu yc-container-daemoncommand on the VM.
How can I close a port for public access and leave it accessible within the network?
- When using a standard Container Optimized Image, i.e., one Docker container configured using parameters, all ports that are open in the container will also be open on the host.
- If you need other network settings for Docker containers, you can employ them using a Container Optimized Image with the Docker Compose spec.
- To make your Docker container port open on the host while disabling internet access, you can use security groups.