0

I'm a little bit confused, GCP has this new feature Deploying Containers on VMs and Managed Instance Groups which is currently marked as an Alpha release of Containers on Compute Engine and you actually need to request to be whitelisted for this feature.

What I'm struggling with is to understand how is it different from simply choosing Container-Optimized OS in the list of OS images when creating a new CE instance and then running your docker container on that instance? What are the benefits of the new approach?

neilH
  • 3,320
  • 1
  • 17
  • 38
dmitryb
  • 281
  • 2
  • 12
  • It is managed service by Google. You don't need to manage it yourself. Why not GKE (Kubernetes) though? Why would you ever want to run a docker container on Google Compute's VM? – bartimar Nov 04 '17 at 16:15
  • @bartimar the only thing that seems to be managed when running containers on Compute Engine VMs is Container-Optimized OS? And I thought it's managed by Google in both cases. My app is one simple program, using GKE would be too much overhead as there is nothing to orchestrate here. I think using App Engine Flex is actually the best fit for me, I just trying to get a clear picture of all available options with their pros and cons. Thanks. – dmitryb Nov 04 '17 at 16:43
  • one simple program? What exactly? Why Docker container for it? If App Engine fits your use case, go for it :) least management from your side. – bartimar Nov 05 '17 at 10:52

1 Answers1

1

Container-Optimized OS images have a number of benefits if all you want to do is run containers on your Compute Engine instance.

  • There is less configuration involved as they come pre-installed and configured with Docker which will already be running as a service when the machine starts.
  • There is a tick box in the Console when creating a new Container-Optimized OS instance labelled "Deploy a container image to this VM instance". Checking this provides a method of deploying containers/adding images via the Console/Gui and adding settings for commands to be issued to the container, restart policies, environmental variables, host mounts and other mount paths. This essentially allows you to bring up a container at the same time you create your VM.
  • In general it's more secure as it has a smaller attack surface than a standard VM, as the OS has a smaller footprint. It also includes a 'locked down' firewall and other security settings.
  • Due to the fact the OS is based on Chromium OS project, and not a full Linux OS, it benefits from automatic updates and comes configured to automatically download weekly updates (a reboot is necessary to install these updates).

So if you want to run containers with minimal setup on a simple operating system with high security, Container-Optimized OS may be suitable.

It should also be said that there are some use cases where these images are not suitable. For example, if you require the flexibility of a full Linux OS (for example, Container-Optimized OS doesn't include a package manager) or if your containers depends on Linux/kernel modules that may not be available in Container-Optimized OS. It would also not be suitable if you wanted your image and OS application to be supported outside of Google Cloud Platform. You would be better off considering public images other than Container-Optimized OS images in these scenarios.

neilH
  • 3,320
  • 1
  • 17
  • 38