This blog post was inspired by a post on facebook by an ex-colleague – I know it’s going to be controversial, so please leave comments here instead of trying to hold a conversation on Twitter etc – 140 characters is never enough to add context to an argument! 🙂
I keep looking at containers and the more I read about them and experiment with them the more I think they’re a solution in search of a problem.
I see why they are so attractive to developers (use Packer/Dockerfile to build a contained environment for your app and then let Ops worry about how it gets executed) but security still is a massive concern and linking Docker containers together appears to be more of a headache than it’s worth!
I also have concerns about HA/Fault Tolerance when it comes to containers – to me, the whole point of SOA and Micro-services is that you can split your infra across multiple nodes/PaaS platforms and Docker and CoreOS seem to encourage an Anti-Pattern that involves running large numbers of containers on infrastructure that scales vertically with the workload.
ClusterHQ have even had to write wrappers around Docker to make it easy to migrate (http://thenewstack.io/flocker-a-nascent-docker-service-for-making-containers-portable-data-and-all/).
With the arrival of tools such as Packer and Terraform, the ability of most modern languages to run in isolated environments (Python Virtual Envs, Ruby Bundles, “Omnibus Installers”, GO Binaries etc.) and the fact that if all else fails, there is still CHROOT, I struggle to understand why these containers are needed.
Packaging is a solved problem in the open-source community – You can easily turn an existing isolated environment into a single DEB/RPM package and deploy using the OS-provided tooling which provide version management, upgrades, downgrades, install, uninstall and just about everything else that Dockerd provides with the added bonus that you get full integration with the vast majority of Configuration Management tooling that is already in use.
I’m happy to be persuaded otherwise, and this may just be a prejudice because I’m getting old, however for me image-based deploys went the way of the Dodo somewhere around 2003 when we all realised that Norton Ghost was a waste of time! 🙂
I totally get why for Developers this is seen as a Good Thing ™ however you still need somewhere to deploy these containers so you still need an ops team (even if that’s outsourced to Heroku or someone similar).
The best way to get the most out of your platform is for you to use the skills and knowledge that you have with the technologies that you trust. The best way to make sure that your systems stay online is for your Developers and Operations Engineers to talk to each other – you can’t solve people problems with technology!
Edit 2: I’ve updated some of this post to clarify my knowledge of containers based on twitter conversations, my sentiment remains… 😉