Roller coasters. They’re awesome right? That exhilarating feeling that you’re out of control careering upside down into open space but constantly reassured by the steel and harness that’s the difference between thrill and death, I love them.
I’ve sat at Container Camp today and I’ve decided that containers are like riding a roller coaster, except nothing is keeping you in the car other than the tightness of your grip. I wouldn’t ride a coaster with no safety harness and I won’t be running containers for serious work, here’s why…
I came to the Container Camp event to get exactly what I have received – a non-commercial representation of capability, pros, cons and honest opinion that strips out the hype of a market searching for “The Next Big Thing (TM)”. But I was surprised at just how different reality is from expectation, I think a lot of this is to do with Docker’s pointless quest to call itself “production ready”. It seems like they’re almost under pressure from the developer community to pass the milestone so that those developers can dismiss Ops concerns about its stability and limitations and force an agenda to use it everywhere.
Developer: “We need you to build out a new production environment so we can use containers for our app“
Operator: “We’ve looked at this but I’m a little concerned about maturity for failover and how we can ensure network management“
Developer: “Well Docker say its production ready, just read the docs and make it happen“
As an advocate of DevOps, I hope the conversation above never happens, but I can totally see it playing out. Its reckless to label Docker production ready when so many of the elements other than the host that runs containers are woefully unprepared for life running production workloads, here are some notable examples:
In the first talk by Jérôme Petazzoni of Docker, he talked at length on the number of options for container linking (simply getting consistent variables into containers at runtime). He graded them all and gave only one A-grade – to the piece of code that is months old and completely unproven. The best way to reinforce that Docker is not production ready is to have a guy from Docker on stage telling us to use experimental techniques to solve basic container management requirements.
Docker’s networking implementation is a mess, I would hate to be responsible for a production network of containers with even moderate levels of tiering and access control. Its overly nested and difficult to track, audit or enforce any real policies that a conscientious organisation could stand by. Chris Swan put it best when he conceded that networking in containers is only truly resolved when we remove the constraints that IPv4 is imposing on address space and move to a native IPv6 implementation.
Clustering and Availability
The final element is the maturity of the container management space – this is where the real scale will come from with tools like Kubernetes, Fleet and others enabling the abstraction of management of many individual hosts in favour of a scheduling capability that spreads containers over a farm of hosts. Whilst this code is well battle tested in places like Google, I think there’s an awful lot of work to do in order to get consensus on best practices for implementation and features that will make concepts like anti-affinity and host evacuation much more intelligent and accessible.
Its probably worth pointing out at this point that I love containers and think Docker is one of the most innovative pieces of technology to hit the market since x86 architecture. I am being hard on containers because I want them to succeed and not rest cosily on a “production-ready” badge that will leave the rest of us scrambling to solve the really hard problems. They also owe it to the developer community, who have had their productivity fundamentally changed by containers and concepts like Dockerfiles to be more transparent about the changes involved in moving from a single host development environment to a multi-host production environment where there are many more obligations to manage, monitor and collect information.
So Docker, congratulations on being production ready, you’ve built an awesome roller coaster. I’d like to come to Container Camp 2015 and learn more about the harness you’ve built to keep us all on this wild ride, until then I leave production examples to people that have an iron grip on your technology.
PS – for the avoidance of doubt, I also wholeheartedly endorse the Container Camp event, without it I wouldn’t have the context to make this opinion possible.