Docker: The Good, the Bad & the Hype

Avishai Ish-Shalom (@nukemberg)

Agenda

What is this docker thing
What is it good for
What is it not good for
How do we use it in real life
AMA

What is this Docker thing

Demotime!

Architecture

Namespaces

Limit visibility & access
Per process, inherited
Independent
e.g. chroot, network, PID

CGROUPS

Resource accounting & capping
Control multiprocess behaviours
e.g. cpu, mem, freezer

CoW storage

Layered images
Per container layer
Fast provisioning
Runtime overhead

Images

Layered
Bundle entire filesystem
Include metadata

API

Run container
Map ports, volumes, etc
Control container lifecycle

The Good

Convergence

Decouple servers from apps
Run multiple services on machine
Deploy on any server

Avg DC utilization: 7-15% (!!)

Isolation

Performance isolation
Data isolation
Operational isolation
Process isolation

Efficient

Small RAM footprint
Small disk footprint
Fast provisioning
Native IO

Universal packages

Distro independent
Self contained

App wrapper

Map ports
Configuration files
Redirect output
Data volumes

The Bad

Incompatible

New interface - contained process group

PID namespace init
Memory limit behavior
Hostnames
Port mapping

Shared kernel

Not fully isolated
DoS and QoS issues
Container can kill entire server
Kernel modules
Sometimes we need different kernel

The Ugly

CoW storage

No quota (except DM)
Performance issues

OOM behaviour

No limit
Swap
OOM-killer
Block

No other choice really

Networking/volumes

Multihost networking in 1.9
Volume drivers in 1.9
Performance, debugging
Very young

Ever seen someone

Brace yourself for

docker pull ahmed-hacker/elk-really-good && \
 docker run elk-really-good:latest

curl $URL | sudo sh

Da Faq is it good for?

12 factor apps

Stateless
Self contained
Non-legacy

One-off jobs

OK if killed
Stateless
Retry safe

Don't try this at home

Statefull apps

Databases
Queues

Various issues:

Hostnames
IO performance
OOM

Microservices dev env

How many 16GB ES containers can you put on one 24GB machine?

What happens when you need 100 distributed services.... with data?

Keep it real

Docker in da wild

Few companies rely on docker in production

Use grids or plan to
Many issues reported

Production setup

Use updated kernel
Prefer DM
Eco-system
cAdvisor
Run on cloud grid if possible
Run stateless apps

Docker: The Good, the Bad & the Hype

Agenda

What is this Docker thing

Demotime!

Architecture

Namespaces

CGROUPS

CoW storage

Images

API

The Good

Convergence

Isolation

Efficient

Universal packages

App wrapper

The Bad

Incompatible

Shared kernel

The Ugly

CoW storage

OOM behaviour

Networking/volumes

Ever seen someone

Brace yourself for

Da Faq is it good for?

12 factor apps

One-off jobs

Don't try this at home

Statefull apps

Microservices dev env

Keep it real

Docker in da wild

Few companies rely on docker in production

Production setup

I'm sure u have questions