不应该使用Docker的7种情况
Docker是改变游戏规则的人。 但这不是万能的解决方案。 (Docker is a game-changer. But it is not a one-size-fits-all solution.)
There are many good things about Docker. It packs, ships, and runs applications as a lightweight, portable, and self-sufficient containerization tool. Docker is great for businesses of all sizes. When you are working on a piece of code in a small team, it eliminates the “but it works on my machine” problem. Meanwhile, enterprises can use Docker to build Agile software delivery pipelines to ship new features faster and more securely.
Docker有很多好处。 它打包,运送和运行应用程序,是一种轻巧,可移植且自给自足的容器化工具。 Docker非常适合各种规模的企业。 当您在一个小型团队中编写一段代码时,它消除了“但在我的机器上有效”的问题。 同时,企业可以使用Docker构建敏捷的软件交付管道,以更快,更安全地发布新功能。
With its built-in containerization system, Docker is an excellent tool for cloud computing. In turn, Docker Swarm advances clusterization and decentralized design. Sounds too good to be true, right? Well, there are still several cases when not to use Docker. Here are seven of them.
凭借其内置的容器化系统,Docker是用于云计算的出色工具。 反过来,Docker Swarm促进了集群化和分散式设计。 听起来好得令人难以置信,对吧? 嗯,仍然有几种情况不使用Docker。 这是其中的七个。
Let's go through these one by one.
让我们一一讲解。
如果需要提高速度,请不要使用Docker (Do Not Use Docker if You Need to Boost Speed)
Docker containers are smaller and require fewer resources than a virtual machine with a server and a database. At the same time, Docker will use as much system resources as the host’s kernel scheduler will allow. You should not expect Docker to speed up an application in any way.
与具有服务器和数据库的虚拟机相比,Docker容器更小且所需资源更少。 同时,Docker将使用主机内核调度程序所允许的尽可能多的系统资源。 您不应期望Docker以任何方式加速应用程序。
What is more, Docker might even make it slower. If you are working with it, you should set limits on how much memory, CPU, or block IO the container can use. Otherwise, if the kernel detects that the host machine’s memory is running too low to perform important system functions, it could start killing important processes. If the wrong process is killed (including the Docker itself), the system will be unstable.
而且,Docker甚至可能使其变慢。 如果要使用它,则应设置容器可以使用的内存,CPU或块IO的限制。 否则,如果内核检测到主机的内存运行不足,无法执行重要的系统功能,则它可能会开始杀死重要的进程。 如果杀死了错误的进程(包括Docker本身),系统将变得不稳定。
Unfortunately, Docker’s memory adjustments – the out-of-memory priority on the Docker daemon – do not solve this issue. By contrast, an additional layer between an application and the operating system could also result in speed reduction. Yet, this decrease will be insignificant. Docker containers are not fully isolated and do not contain a complete operating system like any virtual machine.
不幸的是,Docker的内存调整(即Docker守护程序的内存不足优先级)无法解决此问题。 相比之下,应用程序和操作系统之间的附加层也可能导致速度降低。 然而,这种下降将是微不足道的。 Docker容器不是完全隔离的,并且不像任何虚拟机一样包含完整的操作系统。
如果您优先考虑安全性,请不要使用Docker (Do Not Use Docker if You Prioritize Security)
The greatest Docker security advantage is that it breaks the app into smaller parts. If the security of one part is compromised, the rest of them will not be affected.
Docker最大的安全优势是将应用程序分成了较小的部分。 如果一部分的安全性受到损害,则其余部分将不受影响。
However, while isolated processes in containers promise improved security, all containers share access to a single host operating system. You risk running Docker containers with incomplete isolation. Any malicious code can get access to your computer memory.
但是,尽管容器中的隔离进程保证了更高的安全性,但所有容器都共享对单个主机操作系统的访问。 您冒着运行不完全隔离的Docker容器的风险。 任何恶意代码都可以访问您的计算机内存。
There is a popular practice to run a lot of containers in a single environment. This is how you make your app predisposed to the Resource Abuse type of attacks unless you limit the resource container capabilities. For maximum efficiency and isolation, each container should address one specific area of concern.
一种流行的做法是在单个环境中运行许多容器。 除非您限制资源容器的功能,否则这将使您的应用容易受到资源滥用类型的攻击。 为了获得最大的效率和隔离度,每个容器应解决一个特定的关注领域。
Another issue is Docker’s default configuration – users are not namespaced. Namespaces let software resources use other resources only if they belong to a specific namespace.
另一个问题是Docker的默认配置–用户没有命名空间。 命名空间仅在软件资源属于特定命名空间时才允许它们使用其他资源。
Running applications with Docker implies running the Docker daemon with root privileges. Any processes that break out of Docker container will have the same privileges on the host as it did in the container. Running your processes inside the containers as a non-privileged user cannot guarantee security. It depends on the capabilities you add or remove. To mitigate the risks of Docker container breakout, you should not download ready-to-use containers from untrusted sources.
使用Docker运行应用程序意味着要以root特权运行Docker守护程序。 脱离Docker容器的任何进程在主机上都将具有与在容器中相同的特权。 以非特权用户身份在容器内运行进程不能保证安全性。 这取决于您添加或删除的功能。 为了减轻Docker容器突破的风险,您不应从不受信任的来源下载现成的容器。
如果您开发桌面GUI应用程序,请不要使用Docker (Do Not Use Docker if You Develop a Desktop GUI Application)
Docker does not suit applications that require rich UI. Docker is mainly intended for isolated containers with console-based applications. GUI-based applications are not a priority, their support will rely on the specific case and application. Windows containers are based on either Nano or Core Server – it does not allow users to start up a GUI-based interface or a Docker RDP server in the Docker container.
Docker不适合需要丰富UI的应用程序。 Docker主要用于具有基于控制台的应用程序的隔离容器。 基于GUI的应用程序不是优先事项,它们的支持将取决于特定的情况和应用程序。 Windows容器基于Nano或Core Server –它不允许用户在Docker容器中启动基于GUI的界面或Docker RDP服务器。
Yet, you can still run GUI-based applications developed with Python and the QT framework in a Linux container. Also, you can use X11 forwarding, but this solution is somewhat awkward.
但是,您仍然可以在Linux容器中运行使用Python和QT框架开发的基于GUI的应用程序 。 另外,您可以使用X11转发,但是此解决方案有些尴尬。
如果要简化开发和调试,请不要使用Docker (Do Not Use Docker if You Want to Light Up Development and Debugging)
Docker was created by developers and for developers. It provides environment stability: a container on the development machine will work exactly the same on staging, production, or any other environment. This eliminates the problem of various program versioning in different environments.
Docker是由开发人员和为开发人员创建的。 它提供了环境稳定性:开发机器上的容器在登台,生产或任何其他环境下都可以完全相同地工作。 这消除了在不同环境中进行各种程序版本控制的问题。
With Docker’s help, you can easily add a new dependency to your application. No developer on your team will need to repeat this manipulation on their machine. Everything will be up and running in the container and distributed to the entire team.
在Docker的帮助下,您可以轻松地向应用程序添加新的依赖项。 您的团队中的任何开发人员都无需在计算机上重复此操作。 一切将在容器中启动并运行,并分发给整个团队。
At the same time, you have to do some extra setup to code your app in Docker. Moreover, with Docker debugging, you have to configure logs output and set up debugging ports. You may also need to map ports for your applications and services in containers. So, if you have a complicated and tedious deployment process, Docker will help you out a lot. If you have a simple app, it just adds unnecessary complexity.
同时,您必须做一些额外的设置才能在Docker中编写应用程序代码。 此外,使用Docker调试,您必须配置日志输出并设置调试端口。 您可能还需要在容器中映射应用程序和服务的端口。 因此,如果您有一个复杂而乏味的部署过程,Docker将为您提供很多帮助。 如果您有一个简单的应用程序,它只会增加不必要的复杂性。
如果需要使用其他操作系统或内核,请不要使用Docker (Do Not Use Docker if You Need to Use Different Operating Systems or Kernels)
With virtual machines, the hypervisor can abstract an entire device. You can use Microsoft Azure to run both instances of Windows Server and Linux Server at the same time. Docker image, however, requires the same operating system it was created for.
使用虚拟机,管理程序可以抽象整个设备。 您可以使用Microsoft Azure同时运行Windows Server和Linux Server的两个实例。 但是,Docker映像需要与创建该映像相同的操作系统。
There is a large database of Docker container images – Docker Hub. Yet, if an image was created on Linux Ubuntu, it will run only on the exact same Ubuntu.
有一个大型的Docker容器映像数据库-Docker Hub。 但是,如果映像是在Linux Ubuntu上创建的,则它将只能在完全相同的Ubuntu上运行。
If an app is developed on Windows, but the production runs on Linux, you will not be able to use Docker effectively. Sometimes, it is easier to set up a server if you have several static apps.
如果应用程序是在Windows上开发的,而生产在Linux上运行,则您将无法有效使用Docker。 有时,如果您有多个静态应用程序,则设置服务器会更容易。
如果您要存储大量有价值的数据,请不要使用Docker (Do Not Use Docker if You Have a Lot of Valuable Data to Store)
By design, all Docker files are created inside a container and stored on a writable container layer. It may be difficult to retrieve the data out of the container if a different process needs it. Also, the writable layer of a container is connected to the host machine which the container is running on. If you need to move the data elsewhere, you cannot do it easily. More than that, all the data stored inside a container will be lost forever once the container shuts down.
根据设计,所有Docker文件都在容器内创建,并存储在可写容器层上。 如果需要不同的过程,则可能很难从容器中检索数据。 而且,容器的可写层连接到运行容器的主机。 如果您需要将数据移动到其他位置,则无法轻松完成。 不仅如此,一旦容器关闭,存储在容器中的所有数据将永远丢失。
You have to think of ways to save your data somewhere else first. To keep data safe in Docker, you need to employ an additional tool – Docker Data Volumes. Yet, this solution is still quite clumsy and needs to be improved.
您必须首先考虑将数据保存在其他地方的方法。 为了确保Docker中数据的安全,您需要使用其他工具-Docker Data Volumes。 但是,该解决方案仍然很笨拙,需要改进。
如果您正在寻找最容易管理的技术,请不要使用Docker (Do Not Use Docker if You Are Looking for The Easiest Technology to Manage)
Being introduced in 2012, Docker is still a new technology. As a developer, you might have to update Docker versions regularly. Unfortunately, backward compatibility is not guaranteed. Moreover, the documentation is falling behind the advancement of the technology. As a developer, you will have to figure some things out yourself.
Docker在2012年推出,仍然是一项新技术。 作为开发人员,您可能需要定期更新Docker版本。 不幸的是,不能保证向后兼容。 而且,文档落后于技术的进步。 作为开发人员,您将必须自己弄清楚一些事情。
In addition, the monitoring options that Docker offers are quite poor. You can get a quick insight into some simple statistics. Yet, if you want to see some advanced monitoring features, Docker has nothing to offer.
另外,Docker提供的监视选项非常差。 您可以快速了解一些简单的统计信息。 但是,如果您想查看一些高级监视功能,则Docker无所提供。
Also, in the case of a large and complex application, the implementation of Docker comes at a cost. Building and maintaining communication between numerous containers on numerous servers will take a lot of time and effort. Yet, there is a helpful tool, which makes it easier to work with multi-container Docker apps, – Docker Compose. Docker Compose defines services, networks, and volumes in a single YAML file.
同样,在大型而复杂的应用程序中,Docker的实现需要付出一定的代价。 在众多服务器上的众多容器之间建立和维护通信将需要大量时间和精力。 但是,有一个有用的工具,它使使用多容器Docker应用程序(Docker Compose)更加容易。 Docker Compose在单个YAML文件中定义服务,网络和卷。
Nonetheless, the Docker ecosystem is quite fractured – not all the supporting container products work well with one another. Each product is backed by a certain company or community. The heated competition between those results in product incompatibility.
但是,Docker生态系统非常脆弱-并非所有支持容器的产品都能很好地协同工作。 每个产品都由某个公司或社区提供支持。 这些之间的激烈竞争导致产品不兼容。
总结 (To Wrap Up)
KeenEthics professionals enjoy working with Docker and often use it for app development. Despite some drawbacks, you can easily use it to run and manage apps side by side in isolated containers.
KeenEthics专业人员喜欢与Docker合作,并经常将其用于应用程序开发。 尽管存在一些缺点,您仍可以轻松地使用它在隔离的容器中并行运行和管理应用程序。
Installing an app can be as simple as running a single command – <docker run>. Docker also provides a clean and original isolation environment for each test, making it an important and useful tool for automation testing.
安装应用程序就像运行单个命令-<docker run>一样简单。 Docker还为每个测试提供了一个干净原始的隔离环境,使其成为自动化测试的重要且有用的工具。
Docker features offer benefits in terms of dependency management and security. Augmented with such useful tools as Docker Hub, Docker Swarm, and Docker Compose, Docker is a popular and user-friendly solution.
Docker功能在依赖项管理和安全性方面提供了好处。 借助Docker Hub,Docker Swarm和Docker Compose等有用工具的增强,Docker是一种流行且用户友好的解决方案。
Despite all the benefits of Docker, you should not use it to containerize each and every application you develop.
尽管有Docker的所有优点,但您不应使用它来容器化您开发的每个应用程序。
Remember: Docker is a game-changer. But it is not a one-size-fits-all solution.
切记:Docker是改变游戏规则的人。 但这不是万能的解决方案。
Docker is not the only such a tool in the market either. The alternatives of Docker are rkt, pronounced as ‘rocket’, Linux Containers, or OpenVZ. Each of these with its advantages and disadvantages is quite similar to Docker. The growing popularity and use rates of Docker are caused only by the decision of businesses to adopt it.
Docker也不是市场上唯一的此类工具。 Docker的替代产品是rkt (发音为'rocket'), Linux容器或OpenVZ 。 每个优点和缺点都与Docker非常相似。 Docker的日益普及和使用率的提高仅是由企业决定采用它引起的。
Before jumping to conclusions as for should you use Docker or not, research the project requirements. Talk to your teammates or peers and let them help you decide when to use Docker, when not to use containers, and whether it is one of those Docker use cases.
在就是否应该使用Docker得出结论之前,请研究项目需求。 与您的队友或同事交谈,让他们帮助您确定何时使用Docker,何时不使用容器以及它是否是这些Docker用例之一。
Whether you like it or not, this technology has a future. There are some developers and development agencies that hate Docker and try to eliminate it from all their ongoing projects. At the same time, there are specialists who containerize everything they can because they see Docker as a panacea. Perhaps, you should not join either camp. Stay impartial, stay objective, and make a decision depending on a particular situation.
无论您是否喜欢,这项技术都有前途。 有一些开发人员和开发机构讨厌Docker,并试图从所有正在进行的项目中消除它。 同时,有一些专家将所有内容打包在一起,因为他们将Docker视为灵丹妙药。 也许,您不应该加入任何一个阵营。 保持公正,保持客观并根据特定情况做出决定。
您对Docker项目有想法吗? (Do you have an idea for a Docker project?)
My company KeenEthics is a team of experienced web application developers. In case you need a free estimate of a similar project, feel free to get in touch.
我的公司KeenEthics是一个由经验丰富的Web应用程序开发人员组成的团队。 如果您需要对类似项目的免费估算,请随时与我们联系 。
You can read more of similar articles on my Keen Blog. Allow me to suggest you read Why to Refactor Your Code? or Software Development Models Explained: Outsourcing vs Outstaffing, Fixed Price vs Time & Material?
您可以在我的Keen博客上阅读更多类似的文章。 请允许我建议您阅读为什么重构代码? 或解释的软件开发模型:外包还是人手配置,固定价格还是时间和材料?
聚苯乙烯 (P.S.)
Also, I would like to say "thank you" to Alex Pletnov for coauthoring this article as well as the readers for making it to the end!
另外,我还要感谢Alex Pletnov与他人合着这篇文章,并感谢读者们对本文的结尾!
The original article posted on KeenEthics blog can be found here: 7 Cases When Not to Use Docker.
可以在以下位置找到发布在KeenEthics博客上的原始文章: 不使用Docker的7种情况 。
翻译自: https://www.freecodecamp.org/news/7-cases-when-not-to-use-docker/