Shulou(Shulou.com)05/31 Report--

This article mainly explains "what are the top ten problems of Docker". Interested friends might as well take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "what are the top ten problems of Docker?"

1. What is the most suitable scenario for containers?

In a production environment, the ideal type of application most suitable for containerized deployment should be micro-service. Microservice is a focused task that represents only a small portion of the entire application. Because the microservice focuses on a single task, it can scale independently of the rest of the application. In addition, because microservices are highly cohesive and loosely coupled, they can be deployed and distributed independently of each other.

In addition, using container infrastructure to build micro-services can realize its advantages faster and better. As long as externally oriented API does not break application compatibility, software developers can quickly iterate and improve the entire microservices without affecting the microservices of other developers. However, most traditional enterprise applications do not conform to the micro-service architecture, so not all enterprises are suitable for using micro-services.

two。 What are the key factors to consider when deploying a container?

(1) UI interface management and API

Manage the user interface UI, including those API-based graphical UI (that is, external systems directly use API to access the system).

(2) Image repository

Public image repositories, such as container image repositories provided by Docker Hub for public management. Many container management systems provide private image repositories where enterprise organizations can manage their own images.

(3) scheduling and scheduling

The orchestration layer enables the container to run in the desired state and provides the ability to scroll updates and rollback. Of course, Kubernetes has become the actual standard for container orchestration.

(4) Container runtime

When the container is running, you can let the cluster node obtain the container image in the image repository, generate the correct file structure to run the container on the host, interact with network and storage plug-ins, and create and start and stop the container.

(5) Safety control

Security policies are enforced through security components, including secret key management, security scanning, image signing, network isolation and encryption, and role-based access control (RBAC).

(6) continuous monitoring

The monitor can provide visualization capabilities at cluster nodes, containers, and micro-service levels.

(7) DevOps workflow

DevOps is not important for container deployment, but they are often used together, for example, tools such as DevOps tools, CI/CD pipeline tools, and container image generators need to work together.

3. Is it possible to run containers in Windows and VMware environments?

Windows container ecosystem is not mature enough to be widely used in production environment. Windows containers lack the support of container orchestration tools. For example, the latest version of Kubernetes software only provides beta support for Windows containers. In addition, very few Windows applications are supported by the container. Windows server support for authentication, security, and networking is also very limited. Several existing components are either in the "beta" version or in the "preview" version. Of course, despite these limitations, Windows containers can also be used for specific scenarios, such as internal development, through which agility, portability, and cost advantages can be gained.

VMware's vSphere integrates the Docker engine with vSphere, providing a way for containers to run in lightweight VM. In addition, VMware provides container management portals and private repositories for securely storing images.

4. Should you choose CaaS, Kubernetes, or BYO container management solution

There are a variety of products on the market that allow enterprises to deploy containers on a large scale. These products provide different levels of abstraction for application developers. The most abstract product is Container as a Service (CaaS), which used to be mostly PaaS products, such as Cloud Foundry and OpenShift. These CaaS products abstract infrastructure details from developers and provide application tools in a structured manner. The BYO container management solution, on the other hand, provides minimal abstraction and maximum flexibility, but adds complexity.

BYO: try to avoid using BYO, except in rare cases. Because very few organizations have the ability to achieve it. For organizations that want to BYO, you can choose to integrate some fast-moving open source products.

Kubernetes: at least conceptually knowledgeable and hands-on, choosing a relatively flexible K8S distribution is a viable option. Some CaaS products provide options for developer tools, as well as options for developers to use container choreography and scheduling components more directly.

PaaS: if you are new to microservice development, use the services provided by PaaS.

5. Will container technology be less secure than virtual machine technology (VM)?

Container technology itself is not unsafe. In fact, in order to prevent attacks due to the destruction of other containers, each application and user in the container are isolated from each other. So it is critical to ensure the integrity of the shared host OS kernel and to ensure that containers are isolated from each other on the host. In addition, communication between containers needs to be monitored and protected, and traditional security tools are mostly ineffective in this respect.

When using container technology, the following three points are recommended:

Use a hardened operating system, usually a "thin client operating system", which limits the attack surface and complements it with a strict and automated patch management system.

Control measures are taken during the construction and operation phase of the container, such as scanning the software during the software development life cycle to detect vulnerabilities as early as possible.

Through the use of fine-grained container security tools to proactively detect and monitor abnormal behavior, container security products such as Ivy Honeycomb can provide container and server-level security visualization and help prevent malicious application traffic.

6. Can the container handle sensitive data and applications?

By focusing on container security for container deployment, combined with existing security tools such as encryption, containers can be used to handle sensitive data and applications. In addition, you can also use the solutions of some container security vendors to ensure the security of containers, such as Tengyun secure container solutions. Of course, for this approach to be successful, the security team must participate in the process of deploying containers for sensitive data as soon as possible.

7. Is the container suitable for COTS applications?

Nowadays, more and more software vendors regard containerized deployment as an option of their products. Some vendors adopt the agile development model to satisfy containerized deployment, including it as part of their software writing, testing, and delivery. These applications are reconstructed as micro-services of natural adaptive containers. However, there are also vendors who reluctantly provide container deployment for fear that they will lose the market if they do not provide containerized deployment capabilities, in which case most COTS are not suitable for containers because these applications may still be integral in nature, or the applications may not have independent extensible properties. In addition, if the enterprise itself does not have an existing container infrastructure to manage, the container deployment of COTS applications may not be suitable for the enterprise.

In the vast majority of cases, you should avoid encapsulating COTS applications without explicit support from the vendor to avoid errors.

8. What is the relationship between Foundry, OpenShift and other products and containers

Cloud Foundry is an application PaaS platform that supports multiple frameworks, languages, runtime environments, cloud platforms and application services, enabling developers to deploy and expand applications in seconds without worrying about any infrastructure problems. Therefore, it is also a relatively fixed container framework. This is described because it is pre-configured to facilitate installation and maintenance.

OpenShift is Red Hat's cloud development platform as a service (PaaS) that enables developers to create, test, and run their applications and deploy them to the cloud. OpenShift supports a wide range of programming languages and frameworks, such as Java, Ruby, and PHP. In addition, it also provides a variety of integrated development tools such as Eclipse integration,JBoss Developer Studio and Jenkins.

When evaluating PaaS products for container scenarios, enterprises need to focus on the scope of services they provide to distinguish whether they support container scenarios or whether they need custom configuration or third-party component services to support container scenarios.

9. Should the application be refactored to better support containers?

In production, containers will be most helpful if you deploy containers to support flexible workloads for micro-services. Therefore, whether or not to ReFactor the application to support containerized deployment depends on whether the enterprise organization plans to use containers during the development, testing, production, and so on.

In addition, when enterprises decide to ReFactor applications to better support containers, they should first ReFactor stateless applications, such as the front end of web applications, into micro-services so that they can support the use of containers. In addition, enterprises can build new applications through the micro-service architecture to avoid future refactoring.

10. What is the effect of deploying CCS in the public cloud?

The trend that cloud IaaS service providers provide fully managed services without dealing with virtual machines or underlying infrastructure is now being applied to containers, such as AWS Fargate, which provides managed container services that abstract the underlying infrastructure so that developers can focus on the tasks that need to be performed rather than the number of instances in the Kubernetes cluster.

At this point, I believe you have a deeper understanding of "what are the top ten problems of Docker". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.