recommend a way of setting up a production docker host

[vikstrous]

The host needs to have as few things installed as possible and get auto-updated with new versions of openssh and maybe docker patch releases.

Also consider how logging and monitoring should be set up on the daemon

One should definitely set a limit to how many logs docker should keep

[joeblackwaslike]

On production baremetal I have had great success with Debian Jessie but found the default kernel atrocious with containers, but I fixed that. Also found out that debian's default kernel under KVM combined with aufs will cause regular kernel panics. I only learned this recently because I rarely ever use a VPS for anything.

I called it the kubernetes-kernel cuz it was a fork of an existing project with mods but its essentially just a container oriented modern kernel with all the cgroup and namespace goodies + realtime schedule + large tables. I didn't add aufs patches because the 4.x kernel has overlay2 built in and seems to outperform aufs in every way imaginable so why convolute things. (https://docs.docker.com/engine/userguide/storagedriver/overlayfs-driver/)

https://github.com/joeblackwaslike/kubernetes-kernel https://github.com/joeblackwaslike/kubernetes-kernel/releases for artifacts

I'm not expecting you to trust my build artifacts (but they are there and i didn't do anything fucky). Notes for building (most are covered in readme), I only modified the 4.4.41 config file, that's the default when using make kernel so you're al good but if you choose another version you should go through the history and diff the changes and apply those to your new new version. I wanted to keep it simple and I wasn't trying to verify whether all those changes were even supported by the older kernels.

This kernel takes a long time to build unless you fully utilize make -f $(nproc). I suggest doing the build on the server you're intending to use, if its 32core you will have a kernel quite quickly.

Because of that it not only times out on Travis CI builds (i think they only give it a 2 cores), but it runs out of disk space. They even upped my build time to 120mins but I still ran out of disk space at the end. Any suggestions on the disk space thing would be awesome, I assume there are a ton of modules being built that are unnecessary but I don't have the bandwidth or experience to know which one's would be problematic to remove.

[vikstrous]

Building your own kernels is really fun and I like doing it, but for this project I'd rather not reinvent the wheel. There are a lot of reasonable options to choose from. For example, I think the nixos kernel is great for docker. It has basically every feature enabled.