devcontainer icon indicating copy to clipboard operation
devcontainer copied to clipboard
verified publisher icon theredguild

Recheck dockerignore and tmpfs mounts

Open mattaereal opened this issue 1 year ago • 1 comments

Do a little more research on how to improve the usage of dockerignore. Right now, it is being used to ignore everything but motd.

Also, is it better to mount a type tmpfs workspace rather than a volume of source=none to disable auto-mounting? Basically: "type=tmpfs,target=/workspace", versus `"source=none,target=/workspace,type=volume".

oi-mini output

Comparing tmpfs and Volume with source=none

1. Persistence

  • tmpfs: Non-persistent. Data is lost once the container stops.
  • Volume (source=none): Non-persistent by default unless explicitly backed by persistent storage. However, Docker might still manage it on disk, meaning data could persist beyond container restarts depending on how Docker handles anonymous volumes.

2. Performance

  • tmpfs: Faster I/O since it's in-memory. Ideal for operations requiring high-speed access.
  • Volume (source=none): Slower compared to tmpfs as it relies on disk I/O.

3. Security

  • tmpfs: More secure for sensitive data as it's stored in memory and not written to disk. However, it's still susceptible to attacks that can access the container's memory.
  • Volume (source=none): Less secure for sensitive data since it's stored on disk, even if Docker manages it. Disk data can potentially be accessed if the host is compromised.

4. Resource Utilization

  • tmpfs: Consumes RAM, which is limited. Large or numerous tmpfs mounts can exhaust memory resources.
  • Volume (source=none): Consumes disk space, which is generally more abundant than RAM but can lead to storage bloat if not managed.

5. Flexibility and Management

  • tmpfs: Simpler to set up for ephemeral storage needs. Managed entirely within Docker's memory management.
  • Volume (source=none): Offers more flexibility if you later decide to manage persistence or backup strategies, though it's initially intended for non-persistent use.

Practical Recommendations

Use tmpfs When:

  • Ephemeral Workspace: You need a temporary workspace that doesn't persist after the container stops.
  • High Performance: Your applications require fast read/write operations.
  • Security Concerns: You prefer not to have workspace data written to disk.
  • Limited Data Size: The workspace data fits comfortably within available RAM.

mattaereal avatar Jan 18 '25 00:01 mattaereal

Answered myself, but leaving this as a reminder to change it later!

mattaereal avatar Jan 18 '25 00:01 mattaereal