How to use docker in both dev and production environment?

Question

We're currently using chef for both production and development environment. I like the concept of docker that launches isolated containers for different service roles. And I think it will work great when building a dev environment. I'm a bit unclear on how we should use it in production environment (or should i use it in production environment?).

In production, each service is already running on their dedicate server instances. I feel it's inefficient to run them inside a container instead of directly running on the host operating system.

On the other hand, if we only use docker in dev environment, we will end up writing 2 copies of system configurations, one in docker and one in chef, which isn't ideal either.

Any suggestions or advices would be appreciated.

Answer 1

Docker is actually pretty efficient - the overhead isn't that big, because it's not like a virtualization layer, it's just a container with its own namespace and FS. Deploying the same setup to production has several advantages:

1. You only need to test "once" - the exact same thing runs on production that you ran locally, and there's very little chance of configuration problems.
2. You can use the same exact cloud image for all your instance, which is your basic linux with docker - everything else is handled by Docker, so 90% of the need for Chef/Puppet is taken care of.
3. Keeping track of your configuration changes is arguably easier with docker, as there's basically no scripting involved, so again less need for other configuration management tools.
4. You can run multiple container of the same image on your production host, if you want to take advantage of multiple CPUs, and you don't need to worry about how these processes play well together, because each has its own FS, etc.

Answer 2

In production, each service is already running on their dedicate server instances. I feel it's inefficient to run them inside a container instead of directly running on the host operating system.

The advantage of docker in production is the ease of deployments. To keep performances at their best, install docker on each of your production machine and have each of these docker hosts run one container only. This way your apps will have access to the same amount of system resources as before.

In order to reduce the overhead that docker can induce there are a few tricks:

fast network

By default docker will create a new network stack for your containers, but if you use the --net=host option when running a new container then the container will use the docker host network stack instead. This will make you container have no overhead at all regarding network performances.

Also note that when using --net=host you don't need to publish ports with the -p docker run option and do not need to expose them either. Any listening port from your container processes will be accessible on the docker host ip.

fast file system

The docker container file system is the Union file system with is slow compared to non-layered file systems. To keep good disk performances, make sure the processes running in your container do their intensive read/write operations on a docker data volume. Data volumes aren't part of the container layered file system and will have the performance of your docker host file system.