[View] the operation and maintenance, Docker is the gospel

【Editor's note】 Here my attitude is more conservative, what the environment for what to do what. Not to say that there is something new to be used.

Inadvertently see a student published on the Docker view , I could not help but want to say a few words. As a research / application Docker fast one year of developers, upstairs classmates question a few words it:

1. The first question, base image has a bug, business image how to do?

In general, Docker's base image can be made small enough to contain only the most basic system software and applications (and of course it can do it all). For example, for C programs, base image requires only one glibc The In addition, the basic system software bug probability itself is relatively small. But if there is, such as some time ago glibc loopholes, I can think of two options: First, business image repair their own, upgrade a glibc is a very easy thing. Second, base image repair, business image re-build, because Docker has Dockerfile, so, based on the new base image to rebuild the business image almost no need to modify.

Moreover, because Docker uses hierarchical mirroring, so the level of the mirror is generally not too deep, to a certain time, you need to do image compression, so, in Docker, building a mirror is a very simple and happy thing, because you need a Makefile (Dockerfile) just fine.

2. Network problems

Docker (container technology) can be almost completely reused in XEN / KVM and other virtual machine technology used in the virtual network technology, bridge, veth, VXLAN and so on. . . Even SR-IOV is no problem. We have fully used XEN's virtual network model in our business. . .

3. Disk IO

Cgroup itself has provided a wealth of IO throttle function, but Docker itself is not directly used, but through the Cgroup interface, it is easy to achieve. We have used in actual business. This is not to mention the weak issue is not weak.


To say that, Docker is just a user state shell, the core of the surgery (namespace, cgroup) are achieved in the kernel. Even if Docker does not support disk quota, through the file system, such as XFS, LVM, etc. can be easily achieved. We are in the actual business through XFS quota to achieve disk space quota.

Finally, talk about my understanding of Docker

Docker biggest innovation is image, image is the development, testing, operation and maintenance between the standard, operation and maintenance no longer care about the development of delivery in the end is C, C + +, or go, is the tar package, or a folder, all things Standardized by image. Standardization is a prerequisite for productivity. . .

Personally feel that the technical staff should have awe of the new technology, in the absence of in-depth research and practice under the premise of a new technology jump on the conclusion, it is unwise.

Here cited from http://weibo.com/p/1001603840009324085358 , if any offense please forgive.

Heads up! This alert needs your attention, but it's not super important.