On June 27th I presented a webinar on “Docker for the SysAdmin”. The webinar was driven by a common scenario I’m seeing: A sysadmin is sitting at her desk minding her own business when a developer walks in and says “here’s the the new app, it’s in a Docker image. Please deploy it ASAP”. This session is designed to help provides some guidance on how sysadmins should think about managing Dockerized applications in production.
In any case, I was a bit long-winded (as usual), and didn’t have time to answer all the Q&A during the webinar (and there were quite a few).
So, as promised, here are all the questions from that session, along with my answers. If you need more info, hit me up on Twitter: @mikegcoleman
Q: I am planning an application deployment and want to use Docker. What cloud would you recommend at the moment? I have GCP, Azure, AWS under my belt. 1) TCO 2) Performance ?
A: Answering that would require me to understand your application on a pretty deep level, so I can’t really provide a specific response. I will say that if you choose one cloud provider today, and realize that you’d like to change course down the road, Docker makes that much simpler since your Dockerized workloads will move easily between different cloud providers. So, figure out what your technical and business drivers are, choose the best provider based on those, and if you need to adjust later you’ll be in good shape.
Q: What’s the max size of a container?
A: There is no maximum size per se. Containers can use all the resources of a given node (physical or virtual) if you want them to. However, if you don’t, you can set but minimum and maximum values for CPU and memory.
Q: Is it possible to run an Ubuntu container in a Windows host running Docker Engine?
A: Natively, no. You can always run a Linux VM on a Windows host to run Linux-based containers. At DockerCon Microsoft announced that they will be bringing native Linux containers to Windows in the future, so stay tuned for more information on that.
Q: Can DDC now run both Linux & Windows workloads? If not yet, then is this in the roadmap of the tool?
A: This functionality will be coming to Docker Enterprise Edition / Docker Data Center in the very near future.
Q: Does Docker have a tool for scanning images similar to Black Duck?
A: Yes. Docker Enterprise Edition Advanced includes Docker Security Scanning. This features allows you to instruct Docker Trusted Registry to scan images for known vulnerabilities and exploits.
Q: Is the hypervisor still recommended, to allow the hosts to be clustered? Or is that not truly needed? (Can I cluster it using something more native to Docker? (Swarm perhaps)?
A: Whether or not you want to run containers on bare metal or in a VM is a decision you should make based on several factors. There is no cut and dried answer. You need to look at factors such as costs, performance, leveraging existing skillsets, disaster recovery, etc – and then decide what makes the most sense. Regardless, you can build swarm mode clusters that include both physical and virtual machines.
Q: Is the secure communication between the hosts TLS 1.2?
A: Yes, TLS 1.2.
Q: I have to start testing DDC. Is there a test version? Do Docker for Azure / AWS use DDC under the hood?
A: Yes, you can get a 30 day trial of Docker Enterprise Edition from the Docker Store. Docker for Azure and Docker for AWS can deploy DDC (it’s not really under the hood as DDC is installed onto the AWS or Azure infrastructure).
Q: Is the Visualizer, part of Docker Datacenter?
A: No, it’s a demo app that you can grab from our Docker Samples GitHub.
Q: When a node stops and a workload is moved, does the storage move with it?
A: At this time volumes do not follow containers when they are migrated. However, there are a number of 3rd party plug-ins that can help with this scenario.
Q: Is there way to update the base image, which is used to build the application?
A: You would need to rebuild those applications once the base image is updated.
Q: If the client wants the setup in their data center to have no connectivity, how should DDC be set up? How does DTR get the updates for the images? And how do we install DDC?
A: For an air gapped installation, follow these instructions. Additionally, you can load the security scanning database for Docker Trusted Registry from a file.
Q: How do you use Chef/Puppet with Docker to manage the images?
A: I would actually advocate for integrating Dockerfiles into your existing source code management practices vs. trying to use any config management tool to manage images.
Helpful links to get started