If you work in the field of technology you have probably heard of Docker, an open source project that automates the deployment of applications within software containers. To understand the concept better, it is important to first understand what a container is.
A container is a tool manager, that is simplified, light in memory, unalterable and fast. These features allow solving the problem of how to make the software work reliably when moving from one environment to another.
One of the advantages of containers is that as they contain services, it is possible to run several containers inside the same machine. They can be configured as desired, and when they are taken to another place they work exactly the same.
What is Docker?
Docker has become a synonym for container technology because it has been the most successful example, however, the container concept has been around for many years. In the classic version, you had to configure everything for an operating system, but now you simply load the dependencies to a Docker container, and they can be portable.
This tool packages, supplies and executes containers independent of the operating system. In addition, it helps not to waste time configuring the environment and the dependencies of the system, because it can be easily deployed.
Mistakes when using Docker
Here are some explanations of some practices that should be avoided when using Docker containers:
- Do not store data inside a container: If it is necessary to store data, do it in a volume, which serves to store information and keep the container intact. You should also be careful if two containers write data in the same volume, as they could cause damage. Do not forget that a container has to be quite transparent.
- Do not handle credentials: Send the credentials by environment variables and do not write them inside the container.
- Do not send your application in two parts or more: Each container must have a unique service, and it has to fulfill a single function. It is not advisable to assign more than one task or divide it into more containers.
- Do not create large images: A large image will be more difficult to distribute. For better functioning, we advise you to have loose containers according to the technology or application you have. Also, consider that it is not good to run unnecessary updates in the container.
- Do not create images from running containers: Do not use Docker to generate more Docker, and do not try to create something new based on an old image or a template.
- Do not use only the latest tag: The labels are recommended due to the use of the layers in the containers. This will provide an orderly process in the growth of the container. On the other hand, if the latest tag is updated all the time, it will not have any historical record since everything will be overwritten.
- Do not execute more than one process in a single container: Each container must have one task assigned with a single purpose.
- Do not run processes as root users: The root is the superuser. For security, the use of root users is not recommended, since an incorrect command can erase a database. Because of this, it is better to opt for restricted permissions and have regular users.
- Do not trust IP addresses: We recommend that you enter all container options within the same network so you can work together. If your application or microservice needs to communicate with another container, use environment variables to pass the correct host name and port from one container to another.
Recommendations
- At the beginning it is not advisable to implement Docker 100%. A better option is to do it gradually. This way you can progress in an orderly and controlled manner.
- In Docker Hub there are several template files that are dockerized. We advise you to take them as a starting point in new projects or to take advantage of the existing configurations; simply download and upload them.
- We advise you not to run more than one service at a time in a container.
- The container must be "ephemeral", this means that it can be stopped, destroyed, then built and replaced with a minimum and absolute configuration.
- If you have more than one image, it is recommended to use Docker-Compose.
- We recommend using environment variables to store credentials, sensitive and / or enduring information.