Docker: The Good, the Bad & the Hype

Avishai Ish-Shalom (@nukemberg)

Agenda

  • What is this docker thing
  • What is it good for
  • What is it not good for
  • How do we use it in real life
  • AMA

What is this Docker thing

Demotime!

Architecture

Namespaces

  • Limit visibility & access
  • Per process, inherited
  • Independent
  • e.g. chroot, network, PID

CGROUPS

  • Resource accounting & capping
  • Control multiprocess behaviours
  • e.g. cpu, mem, freezer

CoW storage

  • Layered images
  • Per container layer
  • Fast provisioning
  • Runtime overhead

Images

  • Layered
  • Bundle entire filesystem
  • Include metadata

API

  • Run container
  • Map ports, volumes, etc
  • Control container lifecycle

The Good

Convergence

  • Decouple servers from apps
  • Run multiple services on machine
  • Deploy on any server 

Avg DC utilization: 7-15% (!!) 

Isolation

  • Performance isolation
  • Data isolation
  • Operational isolation
  • Process isolation

Efficient

  • Small RAM footprint
  • Small disk footprint
  • Fast provisioning
  • Native IO

Universal packages

  • Distro independent
  • Self contained

App wrapper

  • Map ports
  • Configuration files
  • Redirect output
  • Data volumes

The Bad

Incompatible

New interface - contained process group

  • PID namespace init
  • Memory limit behavior
  • Hostnames
  • Port mapping

Shared kernel

  • Not fully isolated
  • DoS and QoS issues
  • Container can kill entire server
  • Kernel modules
  • Sometimes we need different kernel

The Ugly

CoW storage

  • No quota (except DM)
  • Performance issues

OOM behaviour

  • No limit
  • Swap
  • OOM-killer
  • Block

No other choice really

Networking/volumes

  • Multihost networking in 1.9
  • Volume drivers in 1.9
  • Performance, debugging
  • Very young

Ever seen someone

Brace yourself for

docker pull ahmed-hacker/elk-really-good && \
 docker run elk-really-good:latest
curl $URL | sudo sh

Da Faq is it good for?

12 factor apps

  • Stateless
  • Self contained
  • Non-legacy

One-off jobs

  • OK if killed
  • Stateless
  • Retry safe

Don't try this at home

Statefull apps

  • Databases
  • Queues

 

Various issues:

  • Hostnames
  • IO performance
  • OOM

Microservices dev env

How many 16GB ES containers can you put on one 24GB machine?

 

What happens when you need 100 distributed services.... with data?

Keep it real

Docker in da wild

Few companies rely on docker in production

  • Use grids or plan to
  • Many issues reported

Production setup

  • Use updated kernel
  • Prefer DM
  • Eco-system
  • cAdvisor
  • Run on cloud grid if possible
  • Run stateless apps

I'm sure u have questions

Docker: The Good, the Bad & the Hype

By Avishai Ish-Shalom

Made with Slides.com

Docker: The Good, the Bad & the Hype

  • 3,307

More from Avishai Ish-Shalom