Docker Misconceptions

It seems to me that a lot of the &quot;Docker isn&#x27;t good for production&quot; stuff boils down to &quot;Docker is a base layer that&#x27;s not sufficient for production, and you need other tooling around it.&quot;<p>Like, if you&#x27;re using Docker in conjunction with AWS&#x27;s suite of tools (Elastic Beanstalk, CloudWatch, etc.), a lot of these concerns are taken care of, you know?<p>So Docker doesn&#x27;t solve everything, but it can be part of the solution.

I have this sinking feeling that a lot of what is happening with Docker as a specific tool is going to be replaced in 4 or 5 years with unikernels.<p>My hope is that the orchestration&#x2F;scheduling tools (mesos, kubernetes, etc.) mature in such a way that the switch from Docker to unikernels is largely transparent to most people.

Given the amount of money Docker, Inc. has raised (&gt;50M, three series rounds, etc.), I somewhat cynically think that this buzz about Docker may just be the result of a lot of marketing money.<p>I&#x27;m not really comfortable with such widespread adoption of a tool that is primarily a VC baby--NPM is setting itself up to fail (I think) in a similar fashion.<p>I do hope I&#x27;m wrong.

&quot;Misconception: You should have only one process per Docker container!&quot;<p>as soon as you start treating docker images as anything other that isolated statically compiled executables, you&#x27;re not going to get the best out of docker.<p>if you are bundling inits, crons and companion apps into a single container then you need to stop, go back and either re-factor your code, or go to Full on VMs,<p>why?<p>because the networking is terrible. There are three great advantages to using real VMs over containers:<p>o Networking<p>o Isolation<p>o hot migration and resource allocation<p>Networking:<p>every instance of a service can have its own IP, and can be trivially tied to DNS automatically. scoped service discovery that&#x27;s only sortof just possible now. however it uses immature tools with limited professional experience to back them up. DNS, DHCP with subdomains means images can be dropped in without any hard work<p>Isolation:<p>Its far harder to break out of a VM than it is a container. Especially if you are dealing with persistent storage and need to allow a container to write outside of its own chroot.<p>Hot migration:<p>This is killer. Hardware fails. having a cluster that automatically migrates around contention <i>and</i> hardware failure, without the app having to worry is worth many thousands of man hours. Yes making your own clustering system is fun, but its really quite hard to do well. Why bother when the hypervisor can do it for you?<p>There are three things going for docker:<p>Configuration library:<p>There is a rich library of prebuilt images<p>Baked in fudges:<p>You can bake in your dirty hack into the container, so long as you script it into your build job, its repeatable.<p>Speed:<p>yes there is less overhead. but lets be honest, how often have you hit up against VM speed issues that were down to your machine using too much CPU&#x2F;memory? (if you&#x27;re on AWS, no, you&#x27;ve not. AWS is dogshit slow, and expensive.)<p>Everything else, like immutable builds, easy dev environments et al, can be achieved already, and without much work.

This post is a year old. Many of it&#x27;s points are still valid, but others are not. For example, orchestration has been simplified with hosted services like Tutum and Cloud66.<p>I do however agree that not everything is ready to be containerized, but we are starting to get close.

I didn&#x27;t even notice this was posted a year ago until I got to the bottom (though I did feel some tools&#x2F;ideas were left out which was explained by the date). That said by and large this is a really good resource and as someone who is going all-in with docker on a side project it was a very useful read!

Interesting, while the OP says they like Docker, they pretty much recommend against using Docker for the things&#x2F;purposes that most Docker hype recommends it for.

A lot of these articles are correct. I would agree that Docker probably isn&#x27;t ready for production. But containers provide a TON of benefits, and you should absolutely be thinking about how to containerize your applications now. Just because it&#x27;s not currently ready for production doesn&#x27;t mean you shouldn&#x27;t start getting ready to move to a container solution. The ecosystem will mature, companies will offer solutions for these problems, and it will eventually be ready for production. When it is ready, you should be too.<p>The big problem that Docker solves is the dependency problem. Specifically, it ties multiple levels of dependencies together with application code in a way that makes no assumptions about your environment and how well-maintained it is. It means that your CI system can test on the exact same versions of binaries -- and every dependency down to the kernel level -- that you will run on your production systems.<p>Many bigger companies will have multiple Yum&#x2F;Apt&#x2F;Maven&#x2F;Git repositories, and with Docker, it doesn&#x27;t matter. Whatever is built into the container is what gets run. Most importantly it puts control of those things into the hands of the development team, not the system administration team. It allows you to more cleanly separate your infrastructure ops from your application engineering&#x2F;devops, which is the prime benefit IMO because those two groups have never worked together well.