With all the excitement and growth around containers and Docker you might wonder “why doesn’t everyone use it”? There are numerous benefits to use Docker such as an easy and quick way to create portable development environments and apps, doing builds in seconds, and providing a higher density of apps per host. That being said, there are some considerations why the benefits of Docker might not be worth the cost at this time for your organization. Here are 3 important high-level considerations before you jump all-in:
- Running Docker in Production
If you’re developing apps using Docker at some point you’ll need them to live in a production environment which is highly available for your customers. You’ll need to figure out how to solve difficult challenges like avoiding a single point of failure on a single underlying host OS and self-healing containers. You see a flood of various full or partial solutions such as DEIS, Mesos, Fleet, Docker’s recent Swarm, Google with Kubernetes, and AWS’s EC2 container service. This is effectively like creating cloud fabric for containers. Do you want to deal with this or go with something like Azure PaaS (Cloud services or Websites) which solves all of this already behind-the-scenes?
- Security and Compliance
Without getting into the depths of security and compliance, the fact is you will likely have many containers be on top of a physical host connected to the single underlying Docker engine and you will also need to rely on a likely changing ecosystem of supporting tools re: point 1. You are putting more trust in the security of Docker and other tools in the ecosystem which doesn’t likely have any compliance certifications at this time. Gartner “gives Docker security a thumbs up”, but is that enough for your organization or do you need various compliance certifications? Update 6/5: Containers on DockerHub vulnerability status and Sysadmin blog post
There are two questions to ask in this space:
1. Will my application even work on top of Docker?
Today we are still awaiting Docker containers on the next version Windows, but until then if you have an application which requires any underlying Windows components a Docker container will not work for your app. Regardless, there still is a slight possibility your app may not work – although this will likely become less and less and eventually a non-concern IMO.
2. If I have a problem in production, will I be able to quickly get to the root cause and resolve the problem?
This is going to be an ongoing trade-off you’ll have to make. With the rapidly evolving ecosystem as mentioned in point 1 combined with the added containerized layer you’ve created for your app it means it might be more challenging to get to root cause and resolution across your app code, Docker, the underlying host OS and HA ecosystem, and potentially even cloud provider issues (AWS, Azure, GCE, etc.).
If you’d like to hear a discussion about some of these considerations – hear it from my interview with Ben Armstrong, Principal PM at Microsoft. If you don’t want to watch the full 30 minutes, I’d jump to ~14:30 where we discuss some of these trade-offs. You can also download the video and find the full breakdown of what questions were asked at what time on the original post here.
To be clear, I’m not advocating to use Docker or not – I’m just trying to point out some key considerations you need to think about first. I’m confident that these considerations will evolve over time to be less of a blocker. Personally I like Docker, PaaS, and containerization and am excited for the future.