[Swlug] Docker, containers, oh my!

Matt Willsher matt at monki.org.uk
Fri Apr 21 11:01:18 UTC 2017


HI James,

Welcome to the list :)


> On 21 Apr 2017, at 11:41, James Tancock via Swlug <swlug at mailman.lug.org.uk> wrote:
> 
> 
> Hi all,
> 
> Just to address your original message Matt - I’ve been using containers/Docker myself for 3+ years and in my current workplace (Moneyhub) we’ve been using containers in prod for over 2 years now. Has it made things easier? Definitely. We no longer have to worry about any state across vms or physical machines. We know that if it has a container runtime (Docker) on it, then we can deploy to it. It’s allowed us to give up using configuration management tools, which I’ve always found to be fickle beasts when they go wrong! But there’s definitely a cost. The barrier to entry is higher. Docker is a pretty unreliable product, every minor release tends to break something critical. And like you said, managing persistent storage is still a problem.

It’s good to hear a success story for Docker. What you say there echoes a lot of what I’ve read around about Docker. One of the big appeals to me was getting away from config management tools for the reasons you say. Do you find Docker takes quite a bit of babysitting? It seems that it’s a system that needs a fair bit of attention day to day. How do you manage patching and make sure the base containers are secure?

> I don’t see what the problem with using containers in prod is though - Google have been doing it for nearly 10 years now. So have many others. So as a concept its obviously battle tested!

Google have a level of scale and expertise to hand that others just can’t match. Same goes for Netflix. It feels to me that Docker in the mid-small end presents risks that the bigger sized orgs aren’t faced by. It’s unclear what Google containers really look like. My guess is that it’s lower level (cgroups, namespaces as building blocks) than Docker, and that their software is written very much in mind, something transitioning organisations won’t be in a position to do. 

> I agree with you on rkt though. It’s a much simpler proposition, far more unix like. Not like Docker with its client/server, ever changing api between the two, and not knowing which process is actually running your container. We’re hoping to have moved all of our containers to rkt soon!

Interesting. What OS are you running Docker on and what do you plan to run rkt under? Will you use Kubernetes?

Matt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/swlug/attachments/20170421/0393a846/attachment.html>


More information about the Swlug mailing list