Docker Caveats - What You Should Know About Running Docker In Production

Edit: It seems Hitler Downfall Parodies are too hot to handle in this forum, so I have removed the one embedded in the linked blog post and added a summary of ‘Running Docker in Production’

Whats the next step for production after server containerization?

Docker Caveats - What You Should Know About Running Docker In Production

We can’t deny Linux Containers are a very powerful concept combining clever Linux kernel features and Docker’s open source tools make containers easily accessible to developers of any background.

Issues such as: improper usage of the technology and unpleasant surprises due to a poor understanding of the underlying features enabling the technology.

Summary:

Isolation

Containers should not be used without ensuring that reliability and redundancy of every resource is incorporated into the overall design of your infrastructure.

Image Security

Let’s think about Containers in the context of Sandwiches. You can pick up a sandwich. You can look at it, you can tell basically what’s going on inside. Are there tomatoes? Lettuce? Ham? Turkey? It’s not that hard. There can be things hiding, but for the most part you can get the big details. This is just like a container. Fedora? Red Hat? Ubuntu? It has httpd, great. What about a shell? systemd? Cool. There can be scary bits hidden in there too. Someone decided to replace /bin/sh with a python script? That’s just like hiding the olives under the lettuce. What sort of monster would do such a thing!

Docker Defaults

If your Linux Kernel > 2.6.x - you need to disable the userland-proxy on the Docker daemon in favor of Hairpin NAT!

In general, careful study of the docker defaults is required to ensure the optimal configuration for your environment and use-case. Things such as selecting the appropriate Copy-on-Write Filesystem are all covered in the Docker docs.

Containers vs VMs

Containers provide significant advantages over Virtual Machines for the use of “Application Packaging” due to the fact that they take a short time to build, are moved around easily and can start and stop very quickly compared to VMs.

The approach used by the newer Docker clients integrates more deeply with the host operating system which greatly streamlines the developer experience on non-Linux operating systems.

Distribution & Deployment

The community has been adopting slim Application containers, using minimal Linux distributions such as Alpine - which is now being used for all the Official docker images and statically compiled binaries that only rely on the kernel they are built for.

The concept of Container Pods encourage the decomposition of applications into even smaller modular, focused, cooperating containers. The isolation provided by containers are sufficient to allow the design of reusable components which lead to more reliable, more scalable and faster to build services than applications built from monolithic containers. We believe these concepts require a change in mindset of what it means to build applications for the cloud.

Yes this ‘downfall’ version was made by a Jewish guy:

Avishai Ish-Shalom is a co-founder of Fewbytes, an Israel based consultancy firm, with almost a decade of experience in IT systems and web operations.

@Nigel Feel free to explain.

@chrisfostertv I am so shocked by that revelation.

Anyway, I can foresee this thread heading for the off-topic cliff (where it belongs), with no lack of lemmings to help it along, so I think I’ll get back to my self-training…

Do we need another topic in #off-topic let us know

My comment was deleted by a moderator because it offended some unnamed person. Looks like others can express their erroneous opinions but I’m disallowed from replying, and accused of off-topicality to boot. Deletion for off-topicality is fair enough, but in that case such rules should be applied objectively, and delete all off-topic messages in the thread. Ditto for “offensiveness” since many people of German descent find the constant Hollywood slander very offensive.

How about just prohibiting discussion of WWII from a thread it has nothing to do with?

I’m certainly shocked that you are shocked, so much so…that I’ve edited the post to facilitate you self education.

1. Do you actually use Docker?

2. Considering the source, someone who has some politically-motivated, self-serving belief system to promote by repetition, then no, I’ll be looking elsewhere for useful information on Docker.

Not in ‘production’ as is the subject of this article, I’ve been playing with docker locally for the last couple of years with a view to running vaults on a hosted server.

Well, if Docker Saigon is a nefarious community of docker users, then I dont blame you.

Docker Saigon is the community of Docker users in Ho Chi Minh City, Vietnam

A rhetorical distraction, you know who I’m referring to, someone with an axe to grind.

Regarding Docker, I don’t believe a word you say.

@chrisfostertv,

I don’t quite understand what is going on with the other comments but the parody IS hilarious! - I have seen so many different parodies of that scene (as well as the original of course) and they have all been pretty clever.

Also, thanks for the tip in the notes about Alpine - that was also really interesting! (it has kept me up all night again - just when I thought I might get back to a “normal” sleep cycle . .) - I am now going to move my Java Chatbot container from Fedora to Alpine.