PyGrunn: docker do’s and don’ts - Maarten Brugman

Tags: pygrunn

(One of my summaries of a talk at the 2017 PyGrunn conference).

They started using docker with much enthousiasm, but some things went wrong.

Many people use the pet/cattle analogy. Servers used to be pets: lovingly cared for and raised. With docker you can see it as cattle: something wrong, just grab a new one.

Of course they started out by treating their dockers as lovingly maintained pets. Manual changes and then re-saving the image…

  • Don’t install stuff inside a running container. Put it in the Dockerfile.

  • Don’t pull from version control into containers. Instead build a container that contains your app.

  • Don’t keep containers running for a long time without security updates. Build a fresh one regularly.

  • Don’t just expose ports as for instance 8000:8000, as docker exposes them on 0.0.0.0 by default, so also on all your server’s external interfaces. The basic “ufw” won’t work, as Docker opens up those ports with iptables anyway. So explicitly open them up on 127.0.0.1.

The most important “Do”:

  • Learn how to set up your containers as cattle!!! They are disposable. They should be created and disposed off without a second thought.

You can use containers as a light-weight VM. It is not the default docker approach, but you can use a docker that includes a database and logging. It can start up much quicker than lots of separate containers.

Containers can make it easier to move to cloud providers. He works for a company that needs to install lots of (geographical) dependencies onto their servers. That is sometimes a problem. With docker, you can make sure all dependencies are in your Docker and you can use a random docker-supporting cloud provider.

Docker supports the “open container initiative” (OCI) to make it more portable. There are docker alternatives.

Summary: containers are great. They do have a learning curve. Using them as cattle (instead of pets) is best. And… use docker-compose or another orchestration tool.

https://abload.de/img/screenshot2017-05-08ahqa6h.png

Photo explanation: just a nice unrelated picture from the my work-in-progress german model railway

Dutch note: python+django programmeren in hartje Utrecht bij de oude gracht? Watersector, dus veel data en geo. Leuk! Nelen&Schuurmans is op zoek. Stuur mij maar een mailtje, want de vacaturetekst staat nog niet online :-)

 
vanrees.org logo

Reinout van Rees

My name is Reinout van Rees and I program in Python, I live in the Netherlands, I cycle recumbent bikes and I have a model railway.

Weblog feeds

Most of my website content is in my weblog. You can keep up to date by subscribing to the automatic feeds (for instance with Google reader):