Edit: It seems Hitler Downfall Parodies are too hot to handle in this forum, so I have removed the one embedded in the linked blog post and added a summary of ‘Running Docker in Production’
Whats the next step for production after server containerization?
Docker Caveats - What You Should Know About Running Docker In Production
We can’t deny Linux Containers are a very powerful concept combining clever Linux kernel features and Docker’s open source tools make containers easily accessible to developers of any background.
Issues such as: improper usage of the technology and unpleasant surprises due to a poor understanding of the underlying features enabling the technology.
Summary:
Isolation
Containers should not be used without ensuring that reliability and redundancy of every resource is incorporated into the overall design of your infrastructure.
Image Security
Let’s think about Containers in the context of Sandwiches. You can pick up a sandwich. You can look at it, you can tell basically what’s going on inside. Are there tomatoes? Lettuce? Ham? Turkey? It’s not that hard. There can be things hiding, but for the most part you can get the big details. This is just like a container. Fedora? Red Hat? Ubuntu? It has httpd, great. What about a shell? systemd? Cool. There can be scary bits hidden in there too. Someone decided to replace /bin/sh with a python script? That’s just like hiding the olives under the lettuce. What sort of monster would do such a thing!
Docker Defaults
If your Linux Kernel > 2.6.x - you need to disable the userland-proxy on the Docker daemon in favor of Hairpin NAT!
In general, careful study of the docker defaults is required to ensure the optimal configuration for your environment and use-case. Things such as selecting the appropriate Copy-on-Write Filesystem are all covered in the Docker docs.
Containers vs VMs
Containers provide significant advantages over Virtual Machines for the use of “Application Packaging” due to the fact that they take a short time to build, are moved around easily and can start and stop very quickly compared to VMs.
The approach used by the newer Docker clients integrates more deeply with the host operating system which greatly streamlines the developer experience on non-Linux operating systems.
Distribution & Deployment
The community has been adopting slim Application containers, using minimal Linux distributions such as Alpine - which is now being used for all the Official docker images and statically compiled binaries that only rely on the kernel they are built for.
The concept of Container Pods encourage the decomposition of applications into even smaller modular, focused, cooperating containers. The isolation provided by containers are sufficient to allow the design of reusable components which lead to more reliable, more scalable and faster to build services than applications built from monolithic containers. We believe these concepts require a change in mindset of what it means to build applications for the cloud.