Local tests with Docker have proven fruitful enough to set up a labs instance for further experimentation. Below are some questions I hope we can answer following the spike.
Apparent benefits and open questions
- Efficient caching of build dependencies through native Docker image caching
- What would be the storage requirement here and can we easily set up a central cache?
- What kinds of dependencies can be easily cached? (system packages vs. system packages + composer/gem/pip/etc.)
- Simplification of CI infrastructure
- Pre-provisioned slaves should require far fewer dependencies
- CloudBees Docker plugin is well maintained and simple to employ (there's a JJB wrapper, too)
- What are the benefits and drawbacks of provided base Dockerfiles/images vs. simply defering to the repo?
- Lighter weight isolation
- Is Docker isolation sufficient?
- Should Security weigh in?
- What's the attack surface look like? Better/worse than nodepool instances?
- What's the overhead between builds?
- How many executors can we support per instance?
- How well can we clean-up?
- Is Docker isolation sufficient?