Is Docker ready for production?

Is Docker ready for production?
Boyd Hemphill
Boyd Hemphill, Director of Infrastructure Services at Kasasa. DevOps and Agile practitioner.
Written Jul 2, 2015
It’s called “production” because it produces money for the company. So, the answer is, of course: “It depends.”

Docker is on the bleeding edge of technology today. It is also one of the most compelling technologies of the last decade in terms of its disruption to software development, operations, systems architecture, testing and compliance practices. Docker itself is only two years old. Would you use a database tech that had only been around two years? What about an operating system? Here are some facts about Docker today, but don’t let them necessarily discourage you:
Upgrades can, and do sometimes break applications.
There are still some rather large missing pieces around persistence, networking and identity management.
There is an immature ecosystem of tools out there for supporting Dockerized applications in production
Further, from an ecosystem standpoint there are critical elements still missing or very immature:

Monitoring - This is something of a Docker issue as well as a full spectrum of metrics is only now coming on line for the currently line of tools to incorporate. (e.g. New Relic, Zabbix, Data Dog)
Logging - Companies that have sophisticated log strategies around customer usage behaviors and patterns find the STDOUT and STDERR paradigm to be far to limiting. Again the very recent addition of facilities such as syslog mean that the ecosystem will now be able to develop this sophistication (e.g. Splunk, Sumologic, Logstash)

The question becomes, “For what use cases is Docker ready for production in my company?”

Greenfield Startup

If you are in a small company working on finding the right combination of customer segment, product and growth engine then Docker makes really good sense.

Starting with Docker means you will think about your infrastructure and your application more holistically. This translates directly into better agility at the technology level. So when your business team comes to you and says, we are moving from B2C to B2B, your ability to pivot the technology in that direction will be enhanced.

Remember that when you give a developer access to the Docker daemon they have root on that machine. In a start up like the one hypothesized here, something like identity management is usually not a consideration. For larger organizations, however, this is simply not acceptable.

I believe Docker should be considered as a first choice in these situations. The question should be, “Why are we not using Docker?”

Enterprise

Consider a large company with a number of business units. Docker is a very interesting proposition for such a company, but that use should be more judicious. Done well, an Enterprise could create a lasting competitive advantage is a market by Dockerizing key applications.

Is Docker ready for production in a system that might produce $4 billion in revenue? Consider the same identity issue that we glossed over at our greenfield startup above. It is now a huge security issue.

Docker announced identity management as part of Project Orca at Dockercon 2015 in June. While certainly not yet ready for production operations, companies such as StackEngine Home Page have solved this problem already with API, CLI and GUI interfaces to a pool of Docker hosts. This both segments access appropriately for a large corporation and provides the “single pane of glass” necessary for operations teams to function with reasonable proficiency.

Any answer of “Docker-all-the-things” in an Enterprise environment is specious at best and destructive at its worst. An enterprise must ask itself what it wants to Dockerize first and why. I wrote a lengthy post aggregating some of my on-site experiences here: Legacy Applications - Choosing Success.

Further, a company of enterprise size and complexity will effectively resist the necessary innovations caused by Docker adoption. This is described beautifully in The Innovator’s Dilemma: The Revolutionary Book That Will Change the Way You Do Business: Clayton M. Christensen: 8601300047348: Amazon.com: Books (Try the audiobook version if your reading time is sparse.)

The TL;DR is that the organization, through one or more of its thought leaders, must identify an application based on the criteria:

Need for improvement
Measurability of said improvement
Risk to the business in radically changing the system
Risk tolerance of the team/customers currently using the system (often characterized as “early adopters”)

From a technical perspective, these companies should be looking for an application that they can use to “get wise” about one of the current shortcomings in Docker.

For example if they can choose an application that has complex networking needs, then the team doing the work can learn what it means to work with nascent Docker networking. Such learning should be built into the expected outcomes of any sort of Dockerization effort.

Christensen argues effectively that it may be necessary to actually spin out a separate organization for the purpose of the innovation as IBM did with its desktop business.

As an exception, I have seen one Enterprise business unit start with, “We will save 30% on infrastructure costs in 2015 by using Docker to achieve better density.” This particular company, however has a known public reputation for being able to innovate at scale.

So, if you are in an Enterprise, Docker is ready for you to evaluate in the right circumstances, but you will have to identify opportunities for that evaluation based on corporate culture. The question is, “Can we find the right place to use Docker in production?”

Small Company

Small companies with existing applications are generally far more able to accept the risk of change to an existing production system.

We have seen a number of companies in the 60 to 400 person range make the switch to Docker for a specific reason.

In one Austin company they decided that Docker could save a substantial sum on their AWS bill by allowing for more process density. Rather than rewriting the existing monolithic application, they instead, “Jammed the whole thing into a container and called different execution paths.”

In this case they were able reduce their cloud spend as they expected. However, they encountered another problem. With a 90% density, when a sudden load spike occurred, they did not have the usual spare capacity “laying around” to provide them a long runway for scaling up.

What this meant is that they needed a new form of capacity planning and management. This presents and important question, “Is your organization ready to run Docker in production?”

The outcome of the capacity planning surprise was the need for a scheduling layer that was able to bring up hosts in addition to extra Docker containers for capacity. This, of course, leads to another important question, “Is the Docker ecosystem of tools ready for you to operate Docker in a production environment?”

Summary

Docker is only ready for production if operations at your company is able to support it, and their are ecosystem tools to match your needs for the system that is producing your money.

Should you be experimenting with Docker? Yes, absolutely! And from that experimentation you will be able to find the right use cases.

Best of luck on the journey!