re: Top ten most popular docker images each contain at least 30 vulnerabilities VIEW POST

TOP OF THREAD FULL DISCUSSION
re: IMHO, Docker is for dev, not as a production server. It could but it is not the objective neither it's worth (unless the developers want to rush so...
 

Hi Jorge,

Thanks for chiming in :-)

I actually don't share the same thought about containers used only for dev. The growth of Docker and containers in general has been tremendous over the past 5 years and it is expected to further grow into 2020 in tens of percents.

Even if we were to think that containers are only used for development, you'd still be at a risk of using a malicious docker container from the registry, that would spin up on your development machine and who knows what it does. That's however a less-likely scenario, but points out the interest in keeping things secure, whether they are running locally or not.

I am curious - if not docker, how are you orchestrating and managing your services?

 

Let's say we are running a hosting service, then docker is a no go.

However, let's say we are running our own service, then why we need to dockerize?.

Let's say we have 20 projects running on the same machine. We don't need docker for that. Now, let's say we are running an old version of the language/framework/sdk and we are unable to migrate. The solution is easy: add a new machine and use the old machine for legacy code and only if we are unable to run two instances on the same machine. But, what if we have 20 projects runnings 20 different configurations... sheesh! what's a mess! it's time to fire who decided that!. But, what if one instance is unsafe?. Since when is it an option?. If yes then we could run under a root-less service, even Windows Server could do that.

For example Google, Google doesn't use the technology of Docker in the same way we use Docker. Google uses it (Borg) for deploy but everything else is the host machine. i.e. Google uses Kubernetes without Docker.

Now, let's say we don't have docker. How to deploy?. XCopy.

Let's say we are running a hosting service, then docker is a no go.

You mean you are running a shared hosted environment?
Probably so. However if you take a look at Zeit's now. You could think of that as shared hosting environment too, and they support serving your apps through container technology.

Let's say we have 20 projects running on the same machine. We don't need docker for that.

You don't "need", but perhaps it solves you some problems.

But, what if we have 20 projects runnings 20 different configurations... sheesh! what's a mess!

Why a mess? if you have 20 difference projects, and each of their own configuration, why is that a message?

I'm not entirely sure on the point you are trying to make with regards to the validity of docker or not. To be clear though, I didn't specifically refer to the Docker engine technology but to container technology in general.

Why a mess? if you have 20 difference projects, and each of their own configuration, why is that a message?

When I talk about different configuration then I talk about a different version of language and database, everything else is usually contained into the project (such as library). If it is the case then how the CTO/architect allowed it?.

code of conduct - report abuse