Containers let you freeze and restart an exact copy of a system that you plan to deploy, including the operating system and configuration files. This makes debugging easy and testing a snap, and it even changes the way that deploys and rollbacks happen in IT operations.
Container packages are not only complete, but they are also small and efficient enough to download and run in seconds. Cluster managers provide the load balancing and scale to ensure uptime even during a rollout.
Once you decide to use containers (or expand their use to a different area), you'll face a new challenge. The very growth and expansion in container technology brings a large set of choices, including which standards to use, how to store the old versions and deploy new images, and how to manage containers in production.
So how do you assemble the right mix of products and services to build, run, and manage containers efficiently? To answer that question, TechBeacon reviewed a range of container technologies, from architecture to cluster management, storage, security, and even training and support. Here are the essential tools every team should consider.
Container runtimes
Docker was the first major open-source container offering, and quickly emerged as a de facto standard. Now Kubernetes is evolving as the new standard for clusters and cluster management.
Kubernetes initially supported Docker and rkt (or "rocket") through custom code. But now, with the creation of the Container Runtime Interface (CRI), you have many ways to store virtual machines and at the same time communicate through that interface.
Docker
The first and still most popular container technology, Docker's open-source containerization engine works with most of the products that follow, as well as many open-source tools.
Docker Enterprise
This set of extensions not only adds features to Docker, but also makes it possible for Docker (the company) to add commercial support. If you need a support matrix to know exactly which versions of what software are supported—and a phone number to call if things go wrong—then Docker Enterprise might be for you.
CRI-O
The first implementation of the Container Runtime Interface, CRI-O is an incredibly lightweight, open-source reference implementation.
rktlet
The aforementioned rkt, redesigned and retooled to use the CRI as rktlet, now has a set of supported tools and community to rival Docker.
containerd
A project of the Cloud Native Computing Foundation, containerd was an early container format. More recently the developers of containerd built a CRI plugin that lets Kubernetes run containerd in the same way it runs rktlet or CRI-O.
Microsoft Containers
Positioned as an alternative to Linux, Microsoft Containers can support Windows containers under very specific circumstances. They generally run in a true virtual machine and not in a cluster manager like Kubernetes.
Cluster management and deployment
Once the team can create images and pass them around in development, comes the hard part: running and supporting containers in production. That means registering artifacts, deploying them to production as a system, and managing servers and collections of servers. The latter includes a collection of servers in the cloud, known as a "cluster."
Cluster management tools manage workloads, including moving instances from one virtual host to another based on load, and allocate resources such as CPU and memory.
Kubernetes
While there is no standard for cluster management, the Kubernetes open-source cluster manager, originally developed by Google, is far and away the most popular. Supported by Amazon's AWS, Google's Cloud Engine (GCE) and Microsoft's Azure Container service, Kubernetes is relatively portable, which helps prevent vendor lock-in.
Kubernetes can even run on a private cloud: OpenStack. Microsoft, Amazon, and Google all provide container services that run Kubernetes—with commercial support options available.
Istio and Envoy
Where Kubernetes provides load balancing and scalability, by default it assumes that the same service will run the same version number and that all services can talk to one another. Kubernetes does not provide the tools to debug services that call services—sometimes called "observability."
Envoy and Istio are open-source service mesh technologies that add a layer to provide security and observability. They can encrypt traffic inside of the cluster while observing it. Developed by Lyft, Envoy was the first service mesh for Kubernetes. Istio includes Envoy, sits on top of it, and adds several plugins, dashboards, and other features to extend it.
Apache Mesos
A tool for abstracting computing resources, Apache Mesos can run both Docker and rkt images side by side in the same cluster. DC/OS is a platform built on Mesos that functions as a data center operating system.
Docker Swarm
Docker's free product for cluster management, Swarm runs from the command line and comes bundled with Docker 1.12 and higher. Swarm does not support autoscaling or load balancing natively, but third-party extensions provide this functionality.
Docker Datacenter
More than just a commercial alternative to Kubernetes, Docker Datacenter is designed as a drop-in replacement that lets you containerize your entire data center, and it includes commercial support. The tool has LDAP integration and a web-based dashboard with control panel, registry, monitoring, logging, and continuous integration.
Of course, Docker Datacenter embraces and extends Docker's free, open-source products: Docker and Swarm. The tool adds the load balancing and scaling that Swarm is missing. And, of course, it works with Docker Enterprise.
Storage containers
Containers are designed to be interchangeable, like currency. That works exceptionally well for web services and microservices that can scale on demand. Storage and databases, on the other hand, need persistent locations to house data, or at least a standard interface layer. Organizations that want to move to an all-container infrastructure need storage, and companies now meet that demand.
BlockBridge
BlockBridge, the "elastic storage platform" company, offers storage as a container using Docker, with support for Kubernetes, OpenStack, and software-defined secure storage.
EMC / libstorage
The EMC / libstorage system offers a code library to provide container storage that's free and open.
Docker plugins for storage
EMC, NetApp, and others have created plugins to support storage, which Docker Inc. makes available for download.
Container security
Single sign-on, LDAP integration, auditing, intrusion detection and prevention, and vulnerability scanning—all are pain points for organizations moving to containers. Even traditional devices and software can be hard, if not impossible, to configure on container clusters. Fortunately, a handful of vendors is working to address this need.
Twistlock
You build Docker images out of components, such as an operating system, a web server, or a content management system. The problem is that unpatched or outdated software on an image could harbor security risks. Twistlock's vulnerability scanner addresses that by comparing images against a database of known threats. This is an automated audit against a database that's constantly updated. Other core features include more classic intrusion detection, and regulatory compliance systems.
Aqua Container Security
Like Twistlock, Aqua focuses on the ability to create, monitor, and enforce policy for containers, along with integration with continuous integration (CI), running security checks on every build.
StackRox
Co-founded by Sameer Bhalotra, a former security executive at Google and senior director for cybersecurity in the Executive Office of the President of the United States, StackRox provides Kubernetes cluster discovery. The software examines an entire cluster, comparing how the running containers behave compared to a company's security policies. StackRox allows those policies to be documented and evaluated automatically in code.
Aporeto
Aporeto encrypts every workload between containers, providing authentication and authorization. The software also allows you to define security policy programmatically, and to ensure it is enforced.
Operating systems
Most Linux operating system distributions are based on convenience and include big, preinstalled packages, just in case the user might want them. Docker, in contrast, is designed for lightweight virtualization—to run as many identical machines as possible with the least amount of overhead in terms of memory, disk, and CPU.
In response, vendors have developed container-optimized builds that attempt to balance the capabilities teams might need in a Linux distribution with the minimalism that containers demand. Here are a few of the most popular ones, along with some non-Linux options.
Alpine Linux
If you create a Docker image and do not specify an operating system, you'll be using Alpine Linux. That means a great number of sample and test Docker containers use it. It might be good to get to know the strengths and weaknesses of the operating system, which is bare-bones but small, fast, and relatively secure.
RancherOS
Containing only the Linux kernel and Docker itself, the RancherOS system image fits into just 22MB of disk space. RancherOS eliminates systemd, the service management system built into most versions of Linux, instead starting the Docker Daemon itself as the init, or bootstrap, system.
CoreOS Container Linux
Designed to work with CoreOS Linux tools and systems, CoreOS Container Linux is preconfigured to run Linux containers. It also comes with automatic updates turned on; operating systems update themselves without any handling.
Ubuntu Core
Canonical, the parent company of Ubuntu Linux, claims that Ubuntu is the most common OS for containers. Within the Ubuntu distribution is Core, the small, secure release designed for Internet of Things devices and containers. Core is designed to have high performance, a small footprint, and transactional updates, ensuring that updates that fail roll back successfully. Of course, using Ubuntu Core means you can purchase support from Canonical.
Red Hat Atomic Host
Organizations that run Red Hat Enterprise and want to use containers will want to have their hosts run the Red Hat Atomic Host operating system. These tools will let you host Linux containers in a minimal version of Red Hat Enterprise Linux.
Microsoft Nano Server
Nano Server is a small, remotely administered, command-line operating system based on Windows Server 2016. Designed to run solely as a container, Nano brings native container capability to Windows Server. Windows Pro 10 Enterprise is another Microsoft operating system that can host Windows containers.
VMware Photon
Weighing in at 220MB on disk, Photon is a larger container operating system than some others, although it's still only about one-hundredth the size of the latest version of Windows. This Linux container host is designed to integrate with VMware's vSphere virtualization products.
Container events and sources for support
Once you've committed to containers, the hardest part will be implementing and supporting them. From conferences to support forums to commercial support, here are the resources you need.
Cloud Native Computing Foundation
Once companies like IBM, Lyft, and Google launch an open-source technology, they need someone to take it over and maintain it. That's where the CNCF comes in, providing maintenance and governance for projects such as Kubernetes, Envoy, and containerd. CNFC also organizes events.
DockerCon
This is the event to attend if your company is pursuing an all-Docker architecture, with the support of Docker Datacenter, Swarm, and other products from Docker's business partners. DockerCon 2019, which concluded on May 2, had 11 tracks, ranging from lightning talks to hands-on workshops, vendor presentations, and case studies.
KubeCon+CloudNative Con
The premier event of the CNCF, KubeCon+CloudnativeCon events are held on multiple continents each year. In 2019, locations include Barcelona, Spain, and China.
StackOverflow
The largest, most popular online Q&A site for programmers, StackOverflow offers plenty of information on deploying your applications in containers. It also does so without intrusive ads or insisting you register to get the information.
Docker Community Site
Docker's curated community site provides Docker-centric information and forums.
Go forth and containerize
While the concept behind containers is simple, the devil, as they say, is in the details. If your technical team uses containers strictly for builds and testing, your decisions are limited to choosing the correct operating system and container type. But once the system is creating an image for every build, why stop there?
Today, tools such as Kubernetes allow a production cluster built out of containers, with autoscale. Because the standards are open and every major cloud provider supports Kubernetes, using it for cluster management can prevent vendor lock-in.
That's our concise list of resources container resources, but we welcome yours. What did we miss? Feel free to add your tips and suggestions to this list by posting them below.
Keep learning
Choose the right ESM tool for your needs. Get up to speed with the our Buyer's Guide to Enterprise Service Management Tools
What will the next generation of enterprise service management tools look like? TechBeacon's Guide to Optimizing Enterprise Service Management offers the insights.
Discover more about IT Operations Monitoring with TechBeacon's Guide.
What's the best way to get your robotic process automation project off the ground? Find out how to choose the right tools—and the right project.
Ready to advance up the IT career ladder? TechBeacon's Careers Topic Center provides expert advice you need to prepare for your next move.