Shulou(Shulou.com)06/02 Report--

For most teams, Docker is primarily adopted to allow developers to iterate faster and shorten release cycles, which is very beneficial for development environments, but for production environments, running multiple Docker containers on the same server can lead to security vulnerabilities. In fact, almost all of the talk about running Docker in production revolves around separating the development environment from the production environment: orchestration and security.

In production, Docker is sometimes used as a container to receive public network traffic, and sometimes it is used to handle asynchronous background jobs from loads. Regardless of the purpose, the main difference between running Docker in production environment and running in other environments is that it needs to pay more attention to its security and stability. Docker production environments are difficult to manage and simplify the workflow from development to production, but at the same time add complexity to security and orchestration. All teams running Docker in production make one or more compromises on traditional security best practices. If you can't trust the code running inside the container, you'll have to choose a container-to-virtual machine topology. For many teams, the benefits of running Docker in production far outweigh the security and orchestration issues it poses.

What not to Docker? Don't expect to run everything in Docker containers. Herok-style "twelve elements" apps are the easiest to Docker because they do not maintain state. In an ideal microservices environment, containers can be started and stopped in milliseconds without affecting the health of the cluster or the state of the application. Docker is also not suitable for any application that needs to dynamically adjust CPU and memory requirements. The code to allow dynamic tuning is complete, but it is unclear when it will be ready for use in a normal production environment. Currently, adjusting the CPU and memory limits of a container requires stopping and restarting the container. Also, do not use Docker when optimizing applications with high network throughput requirements, because Docker uses iptables to complete NAT translation from host IP to container IP. It is feasible to improve network performance by disabling Docker NAT, but this is an advanced use scenario, and few teams will do this in production environments.

Docker is best used by pre-packaging application code into a Docker image, which typically contains all application code, runtime dependencies, and system requirements, while configuration files containing database credentials and other sensitive information are typically added at runtime rather than built into the image. Some teams build Docker images manually on development machines, push them to an image repository, and pull them from the repository to a production host. This is a simple use case that works, but is not ideal from a workflow and security perspective. A more common example of a production environment is the use of a continuous integration/continuous delivery system to automatically build new images whenever changes occur to application code or Dockerfile files.

In recent years, technology has developed rapidly. From physical servers to virtual servers, from virtual servers to cloud computing with PaaS environment, Docker images can be easily used in the current environment regardless of whether a new architecture is adopted. To use Docker, there is no need to immediately migrate from a single application to a service-oriented architecture. There are many ways to integrate Docker at different levels. The following are common scenarios for Docker:

。Use mirror-based deployment instead of regular code deployment systems;

。Securely run legacy and new applications on the same server;

。Step-by-step migration to a service-oriented architecture using a tool chain;

。Manage horizontal scaling and resiliency on cloud or bare metal;

。Ensure consistency from development environment to rehearsal environment to production environment;

。Simplifying machine setup and consistency for developers;

Migrating an application's daemons to a Docker cluster while leaving the web server and database server unchanged is a common example of getting started with Docker. Another example is migrating parts of an application to Restful Api to run in Docker, where the front-end uses Nginx proxies to route communication between legacy services and Docker clusters. By using such techniques, teams can gradually and seamlessly migrate from monolithic applications to service-oriented architectures. Today's applications often require dozens of third-party libraries to accelerate feature development or connect to third-party SaaS and database services. Every library can create bugs or get users stuck in version dependencies, and with frequent library changes, there is a lot of pressure to keep working code deployed on the infrastructure without causing failure. Docker's valuable image philosophy allows technical teams to deploy working code, whether monolithic, service-oriented, or a hybrid of both, in a way that is testable, repeatable, documented, and consistent for each deployment because the code and its dependencies are bundled in the same image, and once an image is built, it can be deployed to any number of servers running Docker daemons. Another common Docker use case is deploying a single container across environments, where the typical code path is from development to preview to production, and containers provide a consistent, testable environment for the entire code path. As a developer, the Docker model allows debugging code that is identical to the production environment on their PC, and developers can easily download, run, and debug problematic production environment images without prior modifications to the local development environment.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.