Many people eventually decided to use Docker to solve the problem. Docker has many advantages, such as:
Integration - Packages operating systems, library versions, configuration files, applications, and more in containers. This ensures that the images that QA tests will carry the same behavior to the production environment.
Lightweight - The memory footprint is minimal and memory is only allocated for the main process.
Fast reading - One-click startup is as fast as starting a common linux process.
Despite this, many users still regard the container as a common virtual machine and forget about an important feature of the container:
Discard after use
Because of this feature, some users need to change their concept of containers. In order to make better use of the value of Docker containers, there are some things that should never be done:
Do not store data containers in a container that may be interrupted, replaced, or destroyed. Version 1.0 applications running in containers are easily replaced by version 1.1 without affecting data or losing data. Therefore, if you need to store data, store it in a volume. In this case, you should also pay attention to whether the two containers will write data on the same volume, which will result in damage. Make sure the application is suitable for writing shared datastores.
Don't send applications in two parts Some people think of containers as virtual machines, so most of them would think that the application should be deployed to an existing running container. This may be true in the development phase where continuous deployment and debugging are required; however, for QA and production continuous delivery (CD) channels, the application should be part of the mirroring. Remember: The container is fleeting.
Do not create large mirror images Large size mirrors are difficult to allocate. Make sure to use only the required files and libraries to run the application. Do not install unnecessary packets or run yum update. These operations will download a large number of files to the new mirror layer.
Do not use single-layer mirroring To effectively use a multi-tier file system, always create your own basic mirroring layer for the operating system, then create a layer for the user name definition, create a layer for the runtime installation, create a layer for the configuration, and finally Create a layer for the application. This will make it easier to re-create, manage, and distribute images.
Do not create a mirror from a running container In other words, do not use the "docker commit" command to create a mirror. This mirroring method cannot be copied, so it should be completely avoided. Always use the Dockerfile or any other fully copyable S21 (from source to mirror) method so that if stored in the source control repository (GIT), you can track changes to the Dockerfile.
Don't just use the "Latest" tab The latest tab is like a Maven user's "SNAPSHOT". Containers have the basic feature of a multi-tiered file system, so we encourage the use of tags. I believe that nobody would like to suddenly discover that the application cannot be run because the parent layer (FROM in the Dockerfile) is replaced by the new version after a few months of mirroring has been built. (The new version cannot be backward compatible or retrieved from the build cache. "What's wrong with the latest version?" Such an accident? You should also avoid using the "Latest Version" label when deploying containers during production because you cannot track the currently running image version.
Do not run more than one process in a single container The container works best when running only one process (the HTTP daemon, the application server, the database), but if you run more than one process, you will encounter when managing and retrieving logs and updating processes individually. To a lot of trouble.
Do not store certificates and use environment variables in the image. Do not hard-code any username/password in the image. Use environment variables to retrieve information from outside the container. Postgres mirroring is an excellent interpretation of this principle.
Do not run the process with root privileges. By default, the Docker container runs with root user privileges. (...) As Docker technology matures, more and more security default options are available. Currently, root is required for other users. More dangerous, and not all environments can use root. Mirror should use the USER directive to specify a non-root user for the operation of the container." (From the "Guidance for Docker Image Authors")
Do not rely on IP addresses Each container has its own internal IP address. If you start then stop the container, the internal IP address may change. If your application or microservice needs to communicate with another container, use environment variables to pass the appropriate hostname and port between the containers.
Monitoring Containers Docker monitoring has received more and more attention from developers and monitors Docker's method in real time. Cloudinsight is recommended here. Unlike some monitoring methods that require scripting themselves, Cloudinsight is a free SaaS service that monitors Docker with a single key and has a great visual interface. In addition, Cloudinsight also supports the monitoring of multiple operating systems, databases, etc., and can integrate the performance data of all monitored system infrastructure components.
Obey this eleven, you are Docker master
Stainless Steel Wire Rope,Ss 304 Welding Filler Wire,Stainless Tig Wire Rope,304 Stainless Steel Wire Rope
ShenZhen Haofa Metal Precision Parts Technology Co., Ltd. , https://www.haofametal.com