“Should I use Docker in production?”
Are you "torn” between:
Docker's superpower as a container platform and all the security concerns related to the Docker model?
“Seduced” by the names of all those giant companies — Twitter, Google, Amazon, eBay, Netflix — who're already using Docker containers in production? Yet, still skeptical and hesitant to run them in production environment considering all the signaled data management issues?
Now, instead of letting this question turn into a “haunting” dilemma, you'd better dug for some answers. Find out:
whether Docker is right for your own unique project, as well
how a container infrastructure works (compared to a traditional environment)
what it takes to use Docker in production
which are the common misconceptions and issues with Docker in production
And, most of all: based on your own use case, should you be running Docker in production environment or not?
1. The One Question to Ask Yourself: “What Will I Do with Docker in Production?”
Before asking yourself:
“Should I be using Docker in production? How safe is it?”
… you'd better answer one critical question:
“What will I do with Docker in production?”
And toying with the thought of using Docker containers does require a reevaluation of your system's whole infrastructure. From the ground up:
How will you monitor Docker containers in production?
How will things be deployed?
How will backups be performed?
What about updates? How will they be handled?
Also, while giving yourself some realistic and straightforward answers to all these questions, try to consider different attack vectors, as well:
What services will your Docker containers get access to?
Are you able to restrict their access to the host system?
And what kind of “privileges” will they get?
So many things to clarify before you can ask yourself:
“Should I use Docker in production?”
2. Container Infrastructure vs Traditional Environments
How does a Docker container infrastructure work?
It's critical that you fully understand what sets it apart from a traditional environment before you can assess whether it's safe for production usage in your project or not.
Unlike traditional environments, where a sysadmin would normally run upgrades and restart services, in container infrastructures, containers are read-only, immutable... elements.
In other words: security upgrades won't happen inside your Docker containers; for these upgrades to run, you'll need to redeploy newly upgraded versions of your containers.
Note: since developers can push containers to your platform, you should define and enforce custom policies to limit the no. of privileges assigned to each one of the containers in your infrastructure.
3. 2 Most Common Misconceptions about Using Docker in Production
Since it hit the systems scene (2002) and quickly “stole the show”, Docker's generated a lot of misconceptions. And probably the most common one (that all the other ones stem from) is that:
"Docker's ridiculously easy to use; it's a “one size fits all projects/use cases/infrastructures...” type of technology."
Well, not quite...
Now, let's “bust some Docker-related myths” once and for all:
3.1. Running Docker in Multi-Host Production Environments Is (So) Simple
It's almost grown into a universal truth that:
Using Docker even in a multi-host production environment is... nothing but a child's play.
It is technically possible, indeed, yet, it's far from simple!
Before running Docker in a multi-host network — in a robust and safe way, I mean — you need to consider and to put in place the proper management of a whole lot of variables:
orchestrating container deploys with no downtime at all
managing container logs
ensuring that the private image repository's 100% secure
managing container logs
properly handling all container deploy roll-backs
And the list is almost a never-ending one...
See? Sure, big companies manage to use Docker in multi-host production environments and to successfully handle all the above variables, yet the process's anything but trivial.
3.2. It's OK to Blindly Jump into Docker, No Matter The Infrastructure
Tempted to go from “Should I use Docker in production?” to “I should/can definitely use it straight away!”?
And this is yet another misconception that has grown out of the general idea that using Docker requires zero preparations; zero planning and evaluation of your current infrastructure.
That it's conveniently easy to use and it fits all use cases.
You need to take a whole lot of aspects into account before using Docker in production:
It requires a robust, stable foundation/infrastructure!
In other words, if your current system does not have:
an automated system setup
a fully secured least-privilege type of access
easy-to-be-restored and 100% secure database backups
... you should reconsider using Docker in production ASAP. Or at least postpone your plan till you've filled in all those cracks in your systems' infrastructure...
4. Choosing the Right Path From Test Environment to Production Environment
The very first step to take for “leveling up” from running Docker in your test environment to using it in production is: choosing the right path.
This can be either:
predetermined by your own project's particularities (project-specific constraints such as a specific cloud service or datacenter)
a rented cloud service
a pre-made platform
Choose your path wisely!
5. 3 Key Aspects to Take into Account For a Smooth Production Usage of Docker
5.1. The Docker Engine: Tweaking Its Default Settings Is a Must
As I've been trying to stress out here:
Running Docker in production does require certain preparations and considerations.
For instance, once you install the Docker engine to your distribution of choice (Ubuntu or Red Hat or... another one), you shouldn't stick to its default settings.
They're not suitable for production usage!
Therefore, it will require some tweaking so that your Docker engine can handle the load once in production environment.
Moreover, your engine will be in charge of running the containers and nothing more. When it comes to:
cleaning up containers
… these are all your configuration's responsibility.
And 2 more words of caution/pieces of advice:
keep in mind to check the graph driver (go for Overlay2 if it's the latest version of kernel that you're using)
keep both your Docker engine and the kernel safely up-to-date
5.2. A Well-Built CI/CD Pipeline Can Save Your Life
And it's just partly an exaggeration...
For once you run your Docker containers in production and you need to handle a complex infrastructure of services, having a reliable pipeline in place can do wonders.
In short: if you don't automate the process of moving your containers across all the 3 stages of production — build phase, test phase, deployment phase — you'll go nuts...
Tip: remember to script everything; also, to version control each and every script and configuration.
5.3. Security: Handle It Properly, Right from the Testing Environment
In other words: no matter how tempted you might be to overlook this aspect once you finally have Docker running properly in production, don't underrate the security issue.
Moreover, you should give it due consideration right from the testing environment...
Once you deploy your Docker containers in production environment, be 101% cautious and vigilant to detect any network vulnerabilities threatening your data.
6. “Should I Use Docker in Production?” Is It Safe? Is It Efficient?
Back to our initial question:
“Is it safe to run Docker in production environment?”
My answer to you is:
It is, as long as you take into account all the above-mentioned technical aspects and variables and as long as you adopt the best practices for using Docker in production.
running your CI tests
closely monitoring your Docker containers once in production
using the available tools
running only current versions
running only one process per container
“supercharging” your orchestration tool with all the appropriate security measures (Kubernetes, Swarm, Titus, DCOS etc.)
In short: Docker is only as safe as its users' implemented safety measures.
Technically, it can be used in production.
When it comes to safety, Docker's come a (really) long way since its early days.
a whole set of best practices in place
appropriate powerful tools to use for securing it
... Docker's once glaring security flaws (e.g. less isolation of containers as compared to virtual machines) now seem like a bad memory from its old “experimenty” stage.
Yet, to your “Should I use Docker in production?” type of question I can only answer:
“You should, if you don't do it blindly and you commit yourself to following the best practices”
7. In Conclusion...
If I was to sum up, into a “shortlist of commandments”, all the recommendations, words of caution, clarifications, and explanations here-above, it would go something like this:
don't jump blindly into Docker; take your time to think through all the involved aspects
keep in mind that it's far more unlikely for an attacker to exploit an insecure Docker container in your system than to... tap into social engineering for getting his hands on the password
Docker's an extremely powerful tool, so running it on top of an unstable infrastructure is pretty much like driving a sports car on a pothole-riddled road