In light of the recent COVID-19 pandemic - OPTASY would like to offer DRUPAL website support for any Healthcare, Government, Education and Non-Profit Organization(s) with critical crisis communication websites or organizations directly providing relief. Stay Safe and Stay Well.

Should I Use Docker in Production Environment? Is It Safe? 

Should I Use Docker in Production Environment? Is It Safe? 

by RADU SIMILEANU on Aug 31 2018

“Should I use Docker in production?” 

Are you "torn” between:

Docker's superpower as a container platform and all the security concerns related to the Docker model?

“Seduced” by the names of all those giant companies — Twitter, Google, Amazon, eBay, Netflix —  who're already using Docker containers in production? Yet, still skeptical and hesitant to run them in production environment considering all the signaled data management issues?                    

Now, instead of letting this question turn into a “haunting” dilemma, you'd better dug for some answers. Find out:

 

  • whether Docker is right for your own unique project, as well
  • how a container infrastructure works (compared to a traditional environment) 
  • what it takes to use Docker in production
  • which are the common misconceptions and issues with Docker in production

     

And, most of all: based on your own use case, should you be running Docker in production environment or not?

 

1. The One Question to Ask Yourself: “What Will I Do with Docker in Production?”

Before asking yourself:

 “Should I be using Docker in production? How safe is it?”

… you'd better answer one critical question:

“What will I do with Docker in production?”

And toying with the thought of using Docker containers does require a reevaluation of your system's whole infrastructure. From the ground up:

 

  • How will you monitor Docker containers in production?
  • How will things be deployed?
  • How will backups be performed?
  • What about updates? How will they be handled?

     

Also, while giving yourself some realistic and straightforward answers to all these questions, try to consider different attack vectors, as well:

 

  • What services will your Docker containers get access to?
  • Are you able to restrict their access to the host system?
  • And what kind of “privileges” will they get?

     

  

So many things to clarify before you can ask yourself:

“Should I use Docker in production?” 

 

2. Container Infrastructure vs Traditional Environments

How does a Docker container infrastructure work?

It's critical that you fully understand what sets it apart from a traditional environment before you can assess whether it's safe for production usage in your project or not.

Unlike traditional environments, where a sysadmin would normally run upgrades and restart services, in container infrastructures, containers are read-only, immutable... elements.

In other words: security upgrades won't happen inside your Docker containers; for these upgrades to run, you'll need to redeploy newly upgraded versions of your containers.

Note: since developers can push containers to your platform, you should define and enforce custom policies to limit the no. of privileges assigned to each one of the containers in your infrastructure.

 

3. 2 Most Common Misconceptions about Using Docker in Production

Since it hit the systems scene (2002) and quickly “stole the show”, Docker's generated a lot of misconceptions. And probably the most common one (that all the other ones stem from) is that:

"Docker's ridiculously easy to use; it's a “one size fits all projects/use cases/infrastructures...” type of technology."

Well, not quite...

Now, let's “bust some Docker-related myths” once and for all:

 

3.1. Running Docker in Multi-Host Production Environments Is (So) Simple

It's almost grown into a universal truth that:

Using Docker even in a multi-host production environment is... nothing but a child's play.

It is technically possible, indeed, yet, it's far from simple!

Before running Docker in a multi-host network —  in a robust and safe way, I mean —  you need to consider and to put in place the proper management of a whole lot of variables:

 

  • orchestrating container deploys with no downtime at all
  • managing container logs
  • ensuring that the private image repository's 100% secure
  • managing container logs
  • properly handling all container deploy roll-backs

     

And the list is almost a never-ending one...

See? Sure, big companies manage to use Docker in multi-host production environments and to successfully handle all the above variables, yet the process's anything but trivial.

 

3.2. It's OK to Blindly Jump into Docker, No Matter The Infrastructure

Tempted to go from “Should I use Docker in production?” to “I should/can definitely use it straight away!”?

And this is yet another misconception that has grown out of the general idea that using Docker requires zero preparations; zero planning and evaluation of your current infrastructure.

That it's conveniently easy to use and it fits all use cases.

Wrong! 

You need to take a whole lot of aspects into account before using Docker in production:

It requires a robust, stable foundation/infrastructure!

In other words, if your current system does not have:

 

  • an automated system setup 
  • a fully secured least-privilege type of access
  • automated deploys
  • easy-to-be-restored and 100% secure database backups
  • and more

     

... you should reconsider using Docker in production ASAP. Or at least postpone your plan till you've filled in all those cracks in your systems' infrastructure...

 

4. Choosing the Right Path From Test Environment to Production Environment

The very first step to take for “leveling up” from running Docker in your test environment to using it in production is: choosing the right path.

This can be either:

 

  • predetermined by your own project's particularities (project-specific constraints such as a specific cloud service or datacenter) 
  • DIY
  • a rented cloud service
  • a pre-made platform

     

Choose your path wisely!

 

5. 3 Key Aspects to Take into Account For a Smooth Production Usage of Docker

 

5.1. The Docker Engine: Tweaking Its Default Settings Is a Must

As I've been trying to stress out here:

Running Docker in production does require certain preparations and considerations.

For instance, once you install the Docker engine to your distribution of choice (Ubuntu or Red Hat or... another one), you shouldn't stick to its default settings.

They're not suitable for production usage!

Therefore, it will require some tweaking so that your Docker engine can handle the load once in production environment.

Moreover, your engine will be in charge of running the containers and nothing more. When it comes to:

 

  • cleaning up containers
  • … volumes
  • … logs

     

these are all your configuration's responsibility.

And 2 more words of caution/pieces of advice:

 

  • keep in mind to check the graph driver (go for Overlay2 if it's the latest version of kernel that you're using)
  • keep both your Docker engine and the kernel safely up-to-date 

     

5.2. A Well-Built CI/CD Pipeline Can Save Your Life

And it's just partly an exaggeration...

For once you run your Docker containers in production and you need to handle a complex infrastructure of services, having a reliable pipeline in place can do wonders.

In short: if you don't automate the process of moving your containers across all the 3 stages of production — build phase, test phase, deployment phase — you'll go nuts...

Tip: remember to script everything; also, to version control each and every script and configuration.

 

5.3. Security: Handle It Properly, Right from the Testing Environment

In other words: no matter how tempted you might be to overlook this aspect once you finally have Docker running properly in production, don't underrate the security issue.

Moreover, you should give it due consideration right from the testing environment...

Once you deploy your Docker containers in production environment, be 101% cautious and vigilant to detect any network vulnerabilities threatening your data.

 

6. “Should I Use Docker in Production?” Is It Safe? Is It Efficient?

Back to our initial question:

“Is it safe to run Docker in production environment?”

My answer to you is:

It is, as long as you take into account all the above-mentioned technical aspects and variables and as long as you adopt the best practices for using Docker in production.

Meaning:

 

  • applying updates
  • running your CI tests
  • automating... everything
  • closely monitoring your Docker containers once in production
  • using the available tools
  • running only current versions
  • running only one process per container 
  • “supercharging” your orchestration tool with all the appropriate security measures (Kubernetes, Swarm, Titus, DCOS etc.) 
  • etc.

     

In short: Docker is only as safe as its users' implemented safety measures.

Technically, it can be used in production. 

When it comes to safety, Docker's come a (really) long way since its early days. 

With:

 

... Docker's once glaring security flaws (e.g. less isolation of containers as compared to virtual machines) now seem like a bad memory from its old “experimenty” stage.

Yet, to your “Should I use Docker in production?” type of question I can only answer:

“You should, if you don't do it blindly and you commit yourself to following the best practices”

 

7. In Conclusion...

If I was to sum up, into a “shortlist of commandments”, all the recommendations, words of caution, clarifications, and explanations here-above, it would go something like this:

 

  1. don't jump blindly into Docker; take your time to think through all the involved aspects
  2. keep in mind that it's far more unlikely for an attacker to exploit an insecure Docker container in your system than to... tap into social engineering for getting his hands on the password
  3. Docker's an extremely powerful tool, so running it on top of an unstable infrastructure is pretty much like driving a sports car on a pothole-riddled road
Development

We do Web development

Go to our Web development page!

Visit page!

Recommended Stories

4 Key Things to Know When Optimizing Your Drupal Website for Mobile
  Approaching a mobile-first strategy for your Drupal website is imperative. Since 52% of all website traffic comes from mobile devices, businesses that want to strive must ensure that they optimize their site for mobile.  Why is mobile optimization important? A website designed for desktop use can be non-functional on a phone or tablet. Building a mobile-friendly site that looks good regardless of how users access it is no longer optional for companies that want to deliver high-quality digital experiences.  "If I were to start Drupal from scratch today, I'd build it for mobile experiences first and desktop experience second." - Dries Buytaert, founder and lead developer of the Drupal CMS There are plenty of benefits and competitive advantages of implementing a mobile-first approach to your Drupal website. We'll name a few: Positively impacts search ranking Improves loading times Increases visibility across all devices Enhancing mobile performance for Drupal websites is not rocket science, but if you're a rookie in web development, hiring a Drupal developer to help you implement some of the steps highlighted in this article may be the safest strategy.  Without further ado, let's start to learn how you can optimize your Drupal website for mobile use.   1. First things first: you need a mobile menu.  Start your mobile optimization journey by installing a mobile menu that enables navigation links to be displayed accurately on narrow screens.  A popular style for mobile menus is the 'hamburger' icon. This type of menu is substituted by a symbol with three horizontal lines when the screen narrows to a particular width. When clicked on, the icon displays the mobile-friendly main menu of the Drupal website. Want to use this type of menu? Start by installing the Responsive Menus module and download the tar.gz.file.  In your dashboard, open the Extend tab and select the Install New Module button.  Lastly, use the file browser to upload the tar.gz file. You should now be ready to use the module to customize and style your website's menu.  Remember that you can also hire Drupal developers at any stage of your optimization process to help you streamline your operations.    2. Don't ignore code minification.  One of the top priorities for mobile site functionality is quick loading times. As CSS or HTML files can get bulky, removing unnecessary elements from your website's code can help it render more fastly.  There are a few steps for successfully minifying your code: Install the Minify module  Download the tar.gz file and unarchive it Move the resulting folder into your website's Drupal modules section.  Enable the module from your dashboard You also have the option to enable the minify module to start working automatically. This will assist your Drupal website in loading quicker on mobile devices and thus improving the user experience.    3. Browser cache implementation for mobile-friendly Drupal websites. The next step in optimizing your Drupal site for mobile is to implement browser caching, which allows a user's browser to store data, so it doesn't have to repeatedly download the same files.  This reduces latency if, for example, your site has an extensive background image. The browser caching allows the picture to be stored on each visitor's device, so it doesn't have to be downloaded every time the user visits your site.  Browser caching is a built-in tool in Drupal, and although you can configure it in your control panel, we recommend that you consult the official guide before doing it or hire a Drupal developer to help you.    4. Consider image optimization.  Websites that contain many large image files can have longer loading times on mobiles. You don't want that if your goal is to provide high-quality experiences for your mobile users. Therefore, you can start optimizing your images to accelerate your site's performance. How can you reduce the size of your photos without jeopardizing their quality? It's actually easy. Drupal's ImageAPI Optimize module helps you manage your images before uploading them onto the website.  You only have to download the module's tar.gz file, install, and enable it in your dashboard. To automatically optimize your images for mobile devices, make sure to select ImageAPI Optimize as the default toolkit.  When creating responsive images, the amount of space an image fills on the screen is significant. Drupal lets you use @media rules to modify images depending on each user's screen size. This high level of personalization is allowed by the Breakpoint and Responsive Images modules.    Why Drupal 9 might be the best option for a mobile-first approach The latest version of Drupal provides optimized modules and features for mobile devices that enhance the user experience and address modern customers' needs.  Among the key benefits of Drupal 9 for mobile optimization are: Improved speed of content delivery Responsive design for various screen's widths  Editing content on mobile is easier  In conclusion, if you want to deliver high-quality, personalized user web experiences in the modern era, optimizing your website for mobile devices is a must. Optasy can help you build a mobile-first approach that satisfies the need for speed and high functionality that today's mobile users expect.  Image credit: deeptuts on Pixabay... Read more
Raluca Olariu / Feb 22'2021
10 Best Headless CMS in 2020, That Cover Most of Your Requirements (Part 2)
Ready to compare the features of 5 other best headless CMS in 2020? We've got them ready for you to just dive in and: survey the key reasons why you'd choose one over the other discover each one's main use cases narrow down your options … and pick the one that matches your requirements. What Is the Best Headless CMS in 2020? 5.6. Directus An open source tool for managing and delivering content across an entire network of platforms and devices. And here are some of the top reasons for choosing Directus: it provides your editorial team with an easy to use admin app for managing content it can be in the cloud or self-hosted it provides API for your development team to fetch content 5.7. Netlify CMS  One of your top 10 headless CMS options, an open source one, that you get to add to any static site generator of your choice. A React single-page application that provides you with an easy to use UI, playing the role of a… wrapper for your Git Workflow. Basically, when using Netlify CMS your content gets stored in your web app's git repository (as markdown files), close to your codebase.   "How does a Netlify CMS Gatsby setup work?"   It's pretty straightforward: You enter your content via that user-friendly interface, then Gatsby uses it to come up with the right pages for your web app. Why would you use it? it fits both large and small-sized projects, with fewer pages to create, to add content to, to edit, and to manage you get to review/preview your content and make changes in real-time, and even control entries status in editorial workflow mode it provides you with an easy-to-use UI, with just 3 tabs: workflow, media, and content you're free to use it with any static site generator you get to extend its functionality: add your own UI widgets, editor plugins, customized previews, etc. 5.8. GraphCMS     An API-first content management system, a GraphQL-native one, that allows you to distribute content across multiple digital platforms. And not just anyhow, but… within minutes. Your developer team gets to create content APIs in no time, whereas your content team gets all the tools they need for a smooth editor experience.   Source: capterra.com GraphCMS vs Contentful: Main Differences GraphCMS works best for enterprise and mid-market companies, enabling them to build highly scalable applications GraphQL is its underlying technology: an open source query language for APIs, that's been growing more and more popular among developers Contentful targets top global brands, helping them distribute digital content experiences across complex networks of markets and channels REST is its underlying technology: a programming paradigm for distributed systems And here are 2 good reasons for choosing GraphCMS as your go-to headless content management system:  you get a CMS that's client-side and JAMstack compatible you get to tap into the benefits of a JAMstack approach to development (JavaScript & Markup & API) 5.9. Cosmic A cloud-hosted headless content management system that provides you with both GraphQL and REST APIs. But what makes Cosmic one of the best headless CMS in 2020? Why choose the Cosmic Headless CMS?  it ships with features like content modeling, media management, localization, and webhooks it grants you a smooth editor experience with its WYSIWYG  editor, that you can use to incorporate (by embedding code) third-party services like Typeform and GitHub. it integrates smoothly with AWS, Slack, Algolia, Stripe, HubSpot 5.10. Kentico Kontent A cloud-based content delivery API that turns your structured content into content that's easy to be "consumed" by any device or digital platform that you might use as a front-end delivery layer.  Why would you choose it over other great options of headless CMS? you get an AI chatbot when using Kentico Kontent it provides webhooks and custom elements that make third-party integrations a lot smoother you get content management API enabling content consumption And we've come to… the END of the list of 10 best headless CMS in 2020. Which one checks the most features off your list? Now, if you're facing a "Headless Drupal 8 vs Contentful" dilemma, we're here to: help you identify the one that works best for your business and your requirements make your headless CMS-based project work Just drop us a line!   Image by tdfugere from Pixabay   ... Read more
Adriana Cacoveanu / Sep 26'2020
10 Best Headless CMS in 2020, That Cover Most of Your Requirements (Part 1)
Overwhelmed with options? Are you building your first (e-commerce) headless CMS and you don't know what headless CMS platform to choose?  What are the best headless CMS in 2020, so you can at least narrow down your choices and start... somewhere? Which system matches most of your feature requirements? Here's a top 10: 1. But First: What Is a Headless CMS, More Precisely? Relax, I won't bore you with too many details — we already have an in-depth post on the differences between headless and traditional CMS. So, if we were to sum up the concept in just a few words, we could say that: A headless content management system is an architecture where content is separated from the presentation layer (the client-side front-end). Meaning that you get to create, store, and edit "raw" content (with no design or layout) in the backend and deliver it wherever needed —wearable, mobile app, website — via API. In short, what you get in a headless architecture is: a database to store your content in a dashboard for editing your content Source: Zesty.io As for the "head" that serves your content to the end-user : you're free to build your own front-end, from the ground up … and even multiple front-ends, if needed, that will all use calls from the API to retrieve and display content 2. … Then What's a Decoupled CMS? Headless CMS vs decoupled CMS: what's the difference? And why headless over decoupled? The role that the API plays… That's what makes the difference (and why you'd want to go for a headless approach): If, in a decoupled architecture, the API plays the role of an intermediary between back-end and front end, in a headless architecture the API can be used by any of the front-end portions for pulling data. In other words, a decoupled CMS does come with a built-in front-end delivery layer, that you can rely on, but a headless approach is an API-driven content repository. Which gives you more flexibility for delivering content to any type of display layer. … to multiple "heads". You're free to distribute it wherever it needs to get displayed. 3. Why Choose a Headless CMS? Top 9 Benefits Before I "divulge" the best headless CMS in 2020 to you, here's a shortlist of the key advantages of using a headless CMS software: you get to engage your customers with personalized content across an entire network of digital channels, at different stages in their journey you can deliver richer digital experience, tailored to each channel you gain platform independence you're free to choose your technology of choice you benefit from cross-platform support you get to manage your content from a central location and distribute it to multiple platforms/IoT-connected devices, in a universal format you're free to manage all your platforms from one interface your development team gets to choose the development framework of their choice, integrate new technologies and, overall… innovate you're free to redesign as often as you need to, without the dread of re-implementing your entire CMS from the ground up     4. … And When Should You Use It? 5 Best Use Cases  How do you know for sure that you need to adopt this approach? You know it because your scenario describes one of the following use cases for headless CMS: you're building a site using a technology you're familiar with you're building a website with a static site generator you're building a JS-based website or web app you're building a native mobile app you're building an e-commerce site and you know that the commerce platform you're using won't… cut the mustard as a CMS; or you need to enrich product info in your online store 5. What Are the Best Headless CMS in 2020? Top 10 "Which CMS should I use?" you wonder. "The one that meets most of your requirements…" So, you should start by pinning them down. What features are you looking for in a CMS? Maybe you need a system that should: be straightforward and easy to use for the marketers/non-technical people in your team be built on… Node be highly customizable and editable for your content team to be able to change overlay text, logo, background video/image be simple to set up integrate easily with Gatsby support multi-site setups not be tied up to (just) one specific database provide ease of content entry and rich-text support provide a granular permission system provide native support for content types What are the features that your project couldn't live without? Now, with that list of "mandatory" features at hand, just drill down through your top headless CMS options in 2020. Here they are: 5.1. Storyblok A purely headless CMS that ships with a visual editor, as well. Why would you go for Storyblok? What makes it one of the best headless CMS in 2020? it provides the experience of a page builder for all those non-technical users in your team: editors get to manage content via a more user-friendly interface it grants your developers easy access to the APIs they need 5.2. Prismic Its major selling point? It allows you to choose your own language, framework, technology… And these are the 3 good reasons to go with Prismic as your headless CMS: it allows you to model your content schema and to add your content you're free to choose whatever framework that meets your feature needs: React, Vue, Next, Nuxt, Node, Gatsby… you're free to choose either GraphQL or RESTful API to query content 5.3. Drupal 8 Headless CMS   Another great option is to exploit Drupal's headless capabilities and pair them with the JavaScript framework of your choice. Here are some of the best reasons why you'd use a Drupal 8 API-first architecture: Drupal's a mature and enterprise-level headless solution backed by a wide community, used by more than 1 million sites globally; you get to tap into its massive module collection and even create new custom ones to extend your website's functionality its JSON:API follows the JSON:API specification; developers in your team can start using the API even if they're not experts in working with Drupal you get to load your GraphQl schemas straight from your Drupal content repository; there's a specialized module for this: the GraphQL module you get to use all of  Drupal's famed features (granular access to content, processes, workflows, modules, etc.) right away; you get them out-of-the-box since the REST API is… rooted deep into Drupal 5.4. Strapi, One of the Best headless CMS for Gatsby. It's an open-source Node.js headless CMS, a "host it yourself" one, that allows you to build Node.js apps in… minutes. Why would you use it? because it generates available RESTful API or uses GraphQL shortly after installation, making data available via customizable API because it allows your developers to invest all their resources in writing reusable app logic (instead of having to use some of that time to build an infrastructure) because it's fully JavaScript because it supports plugins that extend the platform's functionality because it's open-source: you'll find the entire codebase on GitHub  5.5. Contentful  Looking for a platform-agnostic solution? A… content delivery network that would enable your development team to manage and distribute (and reuse) content to multiple channels? Then this is the API-driven headless CMS you're looking for. Here are 6 other reasons why you'd want to put Contentful on your shortlist: consistent APIs easy to set up you're free to create your own models easy to use: ships with a robust, non-technical, user-friendly UI you get to add custom plugins quick and easy you get to set your own schemas to get displayed the way you want them to, across different apps Good to know! There's even a Shopify extension available. What it does is connect your online store to your content, stored in Contentful. And if you'll need help with building, fine-tuning, and integrating your content hub, we're ready to tweak Contentful to your needs.  END of Part 1! Stay tuned, for there are 5 more candidates for the title of "the best headless CMS in 2020" waiting in line.  Image by Couleur from Pixabay ... Read more
Adriana Cacoveanu / Sep 25'2020