Mike writes...

Hey guys, love the show.  

I'm a longtime linux user and administrator, but I have to admit I have fallen a little behind on the whole container craze.  I'm very comfortable with VMs, and they always made logical sense to me.  

You have a virtual disk image, probably something with some metadata in it, and they get run as full-fledged systems.  Something about the whole "docker run X" and it just magically happens without specifying any parameters just struck me a creepy.  Regardless, I have used them a little bit, inside a firewall for LAN services, but I'm wondering if there are best practices that either of you use.  

For instance, when you're running multiple containers, with persistence, where would you put the compose file?  Do you have any tips for organizing container volumes on ZFS?

I've looked around and haven't found any good articles, just lots of run "docker-compose up" and magic happens, which is disconcerting in a production environment to me.

Also, speaking of production, not sure if you saw it, but Newsblur recently got bit by an apparent "feature" of docker where it inserts itself in front of any locally configured iptables rules (link below), do you have recommendations for how to secure a docker machine in production in light of this?