Docker in Production: A History of Failure I recently encountered a blog post about the troubles of usage of docker in a production environment. I have done some study into the meaning of using docker in a production environment and while it is very easy to get lost in the hype, glamour and overall excitement, the bottom line is that this post resonated well with me and my recent forays into the world of containers. I think the TL;DR of his blog post is:

  • The docker ecosystem is still buggy
  • there is a large dependency on features existing in recent kernels, but no backporting
  • Docker has a real issue with backward compatibility, changing APIs and feature support between versions, making it impossible to rely on in a production environment
  • Docker is often used wrong (it was designed for stateless processes not full applications) and thus a lot of issues crop up in production

==Docker has serious security issues and choice of this platform should be very carefully weighted against its benefits. This is basically a system, running as root, running other software as root - with loose updates and support==

I agree with the examples he provided and i would suggest reading the entire piece for anyone delving into this world. i do believe they are onto something with their environment - but i am hesitant to deploy production systems with the current issues and low maintainability.

Guy Barnhart-Magen
Security Research Manager, Platform Security Division, Intel