is docker scalable? 5 big docker myths explodeded
TRANSCRIPT
sendachi.com
Docker:5 Big Myths Exploded
Matt SaundersPrincipal ConsultantSendachi
sendachi.com
Sendachi
• Formed in 2016
• Merging Clutch (US) and Contino (UK)
• VC Funded Services Company
• Docker Premier Partner
sendachi.com
Sendachi
• Enterprise Focus
• DevOps & Continuous Delivery
• Containerisation & Virtualisation
• Microservices
• Security, Reliability & Resilience
• Cloud Architecture
sendachi.com
The Case for Docker
sendachi.com
Docker Adoption
5.6 million pulls/day$1 billion valuation
2 billion + pulls to date
sendachi.com
Docker Adoption
sendachi.com
Docker Adoption
sendachi.com
Containerisation Benefits (1/2)
• Container abstraction layer
• Platform Portability
• Resilience with Clustering
• Provenance and Traceability
sendachi.com
Containerisation Benefits (2/2)
• Environment Consistency
• Improved Compute Density
• Multi-Tenancy
• Remove the Virtualisation Tax
sendachi.com
Container Abstraction Layer
• Common point of entry for containers
• Run diverse technology stacks
• HTTP with RESTful Interfaces work well
• Microservices
• 12 Factor Applications
sendachi.com
Platform Portability
• Move applications easily between servers
• Private and public cloud
• Everything is contained
sendachi.com
Resilience with Clustering
• Higher-order clustering options
• Built specifically for Docker
• Docker Swarm itself is a containerised application
sendachi.com
Provenance and Traceability
• Container builds can be automated
• Cryptographic signing available
• Docker registry comms are encrypted
• Proof that the image is as-built
sendachi.com
Environment Consistency
• Applications run purely inside containers
• Environment information stored outside containers
• The same unaltered container runs in all environments
• Environmental drift is minimised
sendachi.com
Improved Compute Density
• Applications can be limited by memory and CPU
• Pre-allocation of resources isn’t necessary
• Intelligent scheduling of workloads with Swarm
• Run larger Docker host servers without virtualisation
sendachi.com
Multi-Tenancy
• Docker containers are insulated from each other
• Containers can’t interfere or interact with each other
• Enables greater density
sendachi.com
Remove the Virtualisation Tax
• Docker machine can run on bare metal
• Swarm orchestration optimally places containers
• Swarm will replace containers on failed nodes
• Any need for virtualisation?
sendachi.com
Docker is Insecure
Myth 1
sendachi.com
Docker is Insecure
• Don’t run as root
• User namespaces
• Capabilities
• Use AppArmor, SELinux and friends
sendachi.com
Docker is Insecure
sendachi.com
Docker is Insecure
sendachi.com
Docker is Inappropriate for
Enterprises
Myth 2
sendachi.com
Docker in the Enterprise
• Docker will lose your data
sendachi.com
Docker in the Enterprise
• Use volume mounts
• Store data on your resilient storage
sendachi.com
Docker in the Enterprise
• No-one knows what’s in your containers
sendachi.com
Docker in the Enterprise
• Use version control and CI
• Use Docker Notary
• Sign your images
• Scan containers at build-time
sendachi.com
Docker in the Enterprise
sendachi.com
Docker in the Enterprise
• Goldman Sachs
• Swisscom
• New York Times
• ING
• BBC
sendachi.com
Docker Containers are unusably large
Myth 3
sendachi.com
Containers are too big
• Full OS images can be > 1 Gb
• Laden container with app > 2 Gb
sendachi.com
Containers are too big
sendachi.com
Containers are too big
• Don’t embed large OSes in containers
• Not gonna need it
• Work with Security people
sendachi.com
Containers are too big
• Host locally
• Docker Trusted Registry
• Hosts your images
• Fine-grained RBAC
• Cryptographic signing
sendachi.com
Docker Needs Microservices
Myth 4
sendachi.com
Docker and Microservices
• Run a staged move to Docker
• Run your monolith in a container
sendachi.com
Docker and Microservices
• Run a staged move to Docker
• Run your monolith in a container
sendachi.com
Docker and Microservices
• Get some benefits
• Faster startup times
• Move app between environments
sendachi.com
Docker and Microservices
• Start breaking up the monolith
• Slice bits of the edges
• Make microservices
sendachi.com
Docker and Microservices
sendachi.com
Docker and Microservices
• Manage Microservice-based architectures
• Gradual transformation
sendachi.com
Docker only works in the Cloud
Myth 5
sendachi.com
Docker in the Cloud
• Run Docker Engine on your own hosts
• Reduce the VM tax with larger instances
• Leverage existing hardware investment
• Use existing firewalls and loadbalancers
sendachi.com
Docker doesn’t work on Windows
Myth 6
sendachi.com
Docker on Windows
• Docker Toolbox now runs natively
• Docker Engine runs on Server 2016 TP5
• Run Windows Docker containers
• Still early days
sendachi.com
Docker on Windows
• Docker Toolbox now runs natively
• Docker Engine runs on Windows
Server 2016 TP5
sendachi.com
Docker on Windows
• Windows Nano Server
sendachi.com
That’s all the myths
Myth 7
sendachi.com
More Myths
• Containers can’t be orchestrated at scale
• Containers are just small VMs
• Enterprise IT and containers are incompatible
• Docker isn’t being used in production