Docker DevOps on data containers and networking
Tue 28 Jun 2016
Matt Saunders is a Principal DevOps Consultant, and also among the most senior engineers at Contino, with a background in both enterprise and start-up worlds. Matt is also co-organiser of the London DevOps meet-up—a group with over 3,000 members which meets monthly.
What does Docker have in mind for the future regarding data containers, and how does it answer criticism that data containers are inadvisable in replicable systems?
Docker now advises that persistent data is stored in named volumes, and recent and future innovation revolves around making this more reliable and fault-tolerant. I believe a lot of the criticism aimed at data containers is that they are not immediately portable between hosts – and this means that data stored in data containers created with stock Docker can only exist on one host. Plugins such as Flocker, Convoy and GlusterFS are however available to allow Docker volumes to be hosted reliably on clustered file storage since Docker 1.9.
What innovations are in development for Docker’s networking model, which has occasionally been singled out as in need of enhancement?
Docker 1.12 brings with it many improvements, including substantial work to make bringing up entire application stacks with dedicated networking in a seamless manner. Docker networking also now benefits from plugins, opening up the possibility to use third-party networking plugins. Docker 1.12 also improves network security; allowing network stacks to be built that span multiple Docker hosts to give isolation to applications using software defined networking. Load-balancing is significantly better in Docker 1.12; indeed it is a major feature of this new release coming imminently.
With the recent launch of Docker Security Scanning, have you seen an impact for enterprise cloud users? What is Docker’s stance on security?
One of the biggest concerns among enterprise users is the flip-side of one of Docker’s biggest benefits. The ability to lock-in all application dependencies into a container image at build-time provides the agility to move containers around between environments at-will, but of course at the expense of transparency.
Docker Security Scanning mitigates this by assessing the contents of container images on the Docker Hub against known vulnerabilities, and enterprise cloud users with private repos on the Docker Hub are now benefiting from this technology. We are looking forward to this feature becoming available to Docker Data Centre users – as many Enterprises concerned about security are running Docker Trusted Registry in their own private clouds, rather than using the central Docker Hub.
Security is a number one priority for Docker – and releases of Docker over the past year or so have seen significant improvements in this area, leading to the release of Docker Content Trust last year. This allows Docker-based installations to play nice with existing security policies in more seamless method than before.
Like other emerging technologies, how can IT teams look at proving ROI?
Return on Investment of containers can be measured in multiple ways – the easy ones are the benefits of being able to remove or minimise the virtualisation layer and stop wasting so much spare capacity – this is relatively easy to measure. Other benefits of Docker can be measured in increased velocity of software delivery, as containerisation enables code to be tested and promoted to production faster, increasing agility and speed of software delivery.
Have you noted any specific industries that are more willing to embrace containers?
Containerisation works well with Web applications, so online commerce operations are leading the charge here. But not to the exclusion of other industries – anyone with an interest in delivering software more effectively is doing it.
What are the most common mistakes for companies in the initial stages of adopting container technology?
Companies often try to re-implement their virtualisation tier in containers, which conveys some of the benefits of containerisation technology but doesn’t really exploit it to the full. This leads to fat containers and missing the majority of the benefits of the technique.
When is Docker not the right choice?
Support for Docker on stacks other than Linux is limited right now.
Windows support is in its early stages but there should be significant advances this year. In addition, Docker may not be the right choice for an organisation that is not willing to embrace the change that such a transformative technology requires – the model of building software containers can be quite different to what people are used to and this can be quite an organisational challenge.