I can’t seem to wrap my head around (Docker) containers and especially their maintenance.
As I understand it, containers contain a stripped-down OS that shares some resources with the host?
Or is it more like a closed-off part of the file system?
Anyway, when I have several containers running on a host system,
Do I need to keep them all updated separately? If so, how?
Or is it enough to update the host system, and not worry about the containers?
(Not an expert, but use it some) Configs: most of the time you mount a directory that’s specifically set up for (that/a) container, and that’s persistent on the host. When you spin up its replacement, it has the same mapping.
Automatic updates - from what I remember, yeah, you can even just (depending on needed uptime) schedule a cron job to pull the new image, kill the existing, and start up the new, and if it doesn’t start then you roll back to the previous.
Security - there used to be a debate over it (don’t remember current SOTA) in theory both are pretty safe but the rootless gives more security with some tradeoffs.
Okay mounting a directory for configs makes sense