sendachi.com

Docker:5 Big Myths Exploded

Matt SaundersPrincipal ConsultantSendachi

sendachi.com

Sendachi

• Formed in 2016

• Merging Clutch (US) and Contino (UK)

• VC Funded Services Company

• Docker Premier Partner

sendachi.com

Sendachi

• Enterprise Focus

• DevOps & Continuous Delivery

• Containerisation & Virtualisation

• Microservices

• Security, Reliability & Resilience

• Cloud Architecture

sendachi.com

The Case for Docker

sendachi.com

Docker Adoption

5.6 million pulls/day$1 billion valuation

2 billion + pulls to date

sendachi.com

Docker Adoption

sendachi.com

Docker Adoption

sendachi.com

Containerisation Benefits (1/2)

• Container abstraction layer

• Platform Portability

• Resilience with Clustering

• Provenance and Traceability

sendachi.com

Containerisation Benefits (2/2)

• Environment Consistency

• Improved Compute Density

• Multi-Tenancy

• Remove the Virtualisation Tax

sendachi.com

Container Abstraction Layer

• Common point of entry for containers

• Run diverse technology stacks

• HTTP with RESTful Interfaces work well

• Microservices

• 12 Factor Applications

sendachi.com

Platform Portability

• Move applications easily between servers

• Private and public cloud

• Everything is contained

sendachi.com

Resilience with Clustering

• Higher-order clustering options

• Built specifically for Docker

• Docker Swarm itself is a containerised application

sendachi.com

Provenance and Traceability

• Container builds can be automated

• Cryptographic signing available

• Docker registry comms are encrypted

• Proof that the image is as-built

sendachi.com

Environment Consistency

• Applications run purely inside containers

• Environment information stored outside containers

• The same unaltered container runs in all environments

• Environmental drift is minimised

sendachi.com

Improved Compute Density

• Applications can be limited by memory and CPU

• Pre-allocation of resources isn’t necessary

• Intelligent scheduling of workloads with Swarm

• Run larger Docker host servers without virtualisation

sendachi.com

Multi-Tenancy

• Docker containers are insulated from each other

• Containers can’t interfere or interact with each other

• Enables greater density

sendachi.com

Remove the Virtualisation Tax

• Docker machine can run on bare metal

• Swarm orchestration optimally places containers

• Swarm will replace containers on failed nodes

• Any need for virtualisation?

sendachi.com

Docker is Insecure

Myth 1

sendachi.com

Docker is Insecure

• Don’t run as root

• User namespaces

• Capabilities

• Use AppArmor, SELinux and friends

sendachi.com

Docker is Insecure

sendachi.com

Docker is Insecure

sendachi.com

Docker is Inappropriate for

Enterprises

Myth 2

sendachi.com

Docker in the Enterprise

• Docker will lose your data

sendachi.com

Docker in the Enterprise

• Use volume mounts

• Store data on your resilient storage

sendachi.com

Docker in the Enterprise

• No-one knows what’s in your containers

sendachi.com

Docker in the Enterprise

• Use version control and CI

• Use Docker Notary

• Sign your images

• Scan containers at build-time

sendachi.com

Docker in the Enterprise

sendachi.com

Docker in the Enterprise

• Goldman Sachs

• Swisscom

• New York Times

• ING

• BBC

sendachi.com

Docker Containers are unusably large

Myth 3

sendachi.com

Containers are too big

• Full OS images can be > 1 Gb

• Laden container with app > 2 Gb

sendachi.com

Containers are too big

sendachi.com

Containers are too big

• Don’t embed large OSes in containers

• Not gonna need it

• Work with Security people

sendachi.com

Containers are too big

• Host locally

• Docker Trusted Registry

• Hosts your images

• Fine-grained RBAC

• Cryptographic signing

sendachi.com

Docker Needs Microservices

Myth 4

sendachi.com

Docker and Microservices

• Run a staged move to Docker

• Run your monolith in a container

sendachi.com

Docker and Microservices

• Run a staged move to Docker

• Run your monolith in a container

sendachi.com

Docker and Microservices

• Get some benefits

• Faster startup times

• Move app between environments

sendachi.com

Docker and Microservices

• Start breaking up the monolith

• Slice bits of the edges

• Make microservices

sendachi.com

Docker and Microservices

sendachi.com

Docker and Microservices

• Manage Microservice-based architectures

• Gradual transformation

sendachi.com

Docker only works in the Cloud

Myth 5

sendachi.com

Docker in the Cloud

• Run Docker Engine on your own hosts

• Reduce the VM tax with larger instances

• Leverage existing hardware investment

• Use existing firewalls and loadbalancers

sendachi.com

Docker doesn’t work on Windows

Myth 6

sendachi.com

Docker on Windows

• Docker Toolbox now runs natively

• Docker Engine runs on Server 2016 TP5

• Run Windows Docker containers

• Still early days

sendachi.com

Docker on Windows

• Docker Toolbox now runs natively

• Docker Engine runs on Windows

Server 2016 TP5

sendachi.com

Docker on Windows

• Windows Nano Server

sendachi.com

That’s all the myths

Myth 7

sendachi.com

More Myths

• Containers can’t be orchestrated at scale

• Containers are just small VMs

• Enterprise IT and containers are incompatible

• Docker isn’t being used in production

sendachi.com

Thanks!

Matt SaundersPrincipal Consultant@cm6051matt.saunders@sendachi.com

Sendachi@dangerousisgoodsendachi.com