Taking full advantage of containers isn't as simple as installing Docker and firing up containerized applications.
You also need to revamp your approach to monitoring, security and more.
Containers are not just an extension of technologies that you've worked with in the past.
They're a whole new game.
Many of the tools and processes that worked with older technologies, like virtual machines, just don't work in containerized environments.
What to Change when You Adopt Containers
That's why, as you make the migration to containers, you should also reformulate your approach to the following:
- Monitoring. Legacy monitoring tools can't look inside containers. Container platforms themselves offer only very basic monitoring tools (such as the Docker stats command). In order to monitor containerized environments effectively, you need a new toolset that is container-aware.
- Networking. Containers use overlay networks that sit on top of your legacy network infrastructure. Mapping and managing networks in containerized environments requires tools and methodologies that are designed for the unique challenges of overlay networking.
- Persistent storage. You can't store data permanently inside a container. You need to export the data to a shared directory on the host server or use a software-defined storage system to provide containers with a persistent location for storing data.
- Security. Traditional security paradigms center around defending endpoints and network perimeters using tools like firewalls. However, a containerized application has so many more layers and moving parts that endpoint-centric security doesn't work well. You should instead focusing on securing each layer of the stack that forms your containers, from the container runtime and images to the host operating system.
- Provisioning. You may be able to provision and orchestrate clusters of virtual servers manually. In a rapidly changing containerized environment, however, it's simply not feasible to provision resources by hand. You need to use an automated provisioning tool like Swarm or Kubernetes.
The operations surrounding the processes above have to be revamped in order to work in a containerized environment.
This doesn't mean you have to discard your traditional tool set entirely.
Some legacy tools can be modified to work with containers.
But in other cases, such as when it comes to provisioning and monitoring, few legacy tools work with containers.
You need new tools as well as a new methodology.