Little talk on Docker

Docker is undoubtedly the most popular technology in the circle. Alibaba also switched its services to Docker on a large scale this year. So let's talk about Docker together:

1. What changes do you think Docker can bring about?
2. What problems have you encountered while using Docker?
3. What do you want to know most about Alibaba’s large-scale use of Docker?

[What changes do you think Docker can bring about?]
(1) More smooth implementation of microservices architecture. After services are micronized, the pain points of fine-gritted and high-frequency upgrading and O&M from massive microservices can be solved. This has provided an industry-wide uniform standard for platform transparency and O&M automation.
(2) Maximum resource utilization of IT infrastructure

[What problems have you encountered during usage of Docker?]
(1) Service visibility issue of the container network, especially when a part of applications are containerized while others are non-containerized.
(2) Management of stateful containers, and persistence and sharing of container data.
(3) Lightweight collection and monitoring schemes of container logs.
(4) The service registration addresses of Dubbo-based applications in the cluster are container IP addresses, such as 172.17.0.2, that are invisible to the internet.
(Out of the cluster, it is feasible by running the --net=host command. But in a cluster, how can I use an internet address for the Dubbo application service registration? Please shed some light for me.)

[What do you want to know most about Alibaba's large-scale use of Docker?]
(1) Will Alibaba's container cluster management be based on Swarm, K8S, Mesos or some cluster manager self-developed by Alibaba?
(2) When will Alibaba Cloud support Docker 1.12? Currently it only supports V1.11, right?

The container technology is nothing new, and LXC or similar products have been available since long ago. Images are not a new concept, either. The OS images for various VMs have long been available. What's great about Docker is that it uses a new idea to integrate the two, catalyzing a qualitative change. Traditional VM images are just basic images, while Docker images are basic images and applications, with the complete dependency stack from the topmost layer to the bottommost underlying system libraries for an application. With such a complete dependency stack, coupled with the isolation feature of the container technology, we can set up an application anywhere with the behavior consistency ensured, as long as the kernel version is higher than the lowest version required by Docker. This integration brings on a new O&M model on the basis of which a prosperous ecosystem is sparked.

The advantages of Docker on O&M can be comparable with the Java language:
1.        Java can be run everywhere after one compilation, while Docker achieves one-time building (image) and universal running (the entire application and its dependencies).
2.        Java's JVM blocks off differences between different OS, while Docker's Daemon blocks off differences between different released OS versions and server environments;
3.        Java's bytecode can be run in any JDK environment, with consistent behavior, while Docker's images can be run in any Daemon environment, with consistent behavior. Both have clearly-defined self-sufficient internal formats.
4.        Java saves developers' programming and compiling efforts for different OS. They only need to program and compile in one JDK environment, and a JAR package applicable to any JDK environment can be delivered; Docker saves developers' effort in packaging different distributions for different OS. They only need to complete the packaging and debugging in one Daemon environment, and an image applicable to any Daemon environment can be delivered. The Java microservices architecture that went viral recently adopts one JAR package for one application, and Tomcat is also packaged in the JAR. It can be run in any JDK environment. While in the past, apart from the JDK, the web container is also needed; from the delivery of the WAR package, to the delivery of the JAR containing the web container, the developer actually used to package all the dependency stacks on the JVM. This is obviously referring to the Docker ideology in the world of Java. The JAR packages of microservices are the images on JVM. Docker images further package all the dependency stacks on the kernel. The developer has to deliver an image containing all the dependency stacks from delivering a code package. We can see that the partial-to-overall delivery is a trend. Packaging all the dependency stacks enables the portability, consistency and stability for application distribution and re-organization, greatly reducing the cost of reuse and improving the efficiency of reuse.

The emergence and prevalence of Docker are also comparable with those of the Java language. Just like the positioning of Java in the programming field, the prevalence of Docker can be attributed to several factors:
1.        Blocking underlying details of virtualization - Just like Java's blocking the underlying details of the language running environment (OS), Docker blocks the underlying details of resource virtualization to users and stands out among numerous virtualization solutions.
2.        Standardization - Just like Java's series of standards and regulations that have defined the borders and interactions of various fields in perfect order, enabling them to evolve respectively and assemble quickly, Docker defines O&M roles and application stack in perfect order through the container, image and repository standards, enabling various layers in the application stack to evolve respectively and assembly quickly following a uniform principle. As a result, it becomes recognized and sought after quickly.
3.        Application-oriented O&M (AOO) - Just like Java’s object-oriented programming which agrees with the OOP trend emancipating the productive forces of advanced languages and the demand of the internet a decade ago, Docker's AOO model also highly fits into the cloud computing wave and PaaS demand today. The objects that Java targets are available in many programming languages. On the contrary, Docker's AOO philosophy is unique and leads the way. We can see from the lasting vitality of Java that although Docker was just born, the several factors will surely inject permanent vitality to it. The world will be Docker's and no application can be exempt from Docker. Technical developers should embrace Docker with an open mindset.

All in all, it is for the convenience of O&M so that engineers don't need to face various component loss issues or incorrect versions.
In the past, the case used to be:
I want to make clothes. First, the tailor has to measure me. The cost is super high. Second, the tailor has many rulers, easy to cause incorrect versions. Third, the tailor is often changed, and as a result, the halfway-done clothes may be hard to be perfectly completed as originally designed. At last, the tailor only has these several types of fabric, and they just look terrible.
While now the case is:
Uniform design with several standard sizes available. Large-scale production is possible and buyers can select their proper sizes and then try them on.

1. What changes do you think Docker can bring about?
Docker provides consistent interfaces for processes running in the container, simplifying the O&M.
2. What problems have you encountered during usage of Docker?
Could you clarify whether the current Docker1.12 conflicts with the firewalld service on CentOS7? I see errors reported saying some links do not exist when starting the firewalld service.
In addition, ports exposed by the container seem not controlled by the firewalld. For example, run the command -p 80:80 when a Tombat image is started. The access is through although the firewall hasn't opened Port 80.
3. What do you want to know most about Alibaba's large-scale use of Docker?
How do data volume containers share data across hosts? Or how are application container and its data volume container bound to the same Docker host?

I am running my site in the Docker container and I want to share some of my ideas.
1. What changes do you think Docker can bring about?
No restrictions from the environment. When Docker is deployed on a single server, it can cope with multiple languages. There will be many interlaced issues and it takes complicated measures to uniform the so-called paths, calls and environment configurations. It requires profound experience in Linux and configuration code for various environments, and this is a long period.
What Docker brings is a solution to the urgent needs of non-O&M engineers, including development environment debugging, usage of multi-language environments, quick change of environment, multi-environment isolation, demo testing, official launch, quick load balancing and multi-availability issues.
2. What problems have you encountered while using Docker?
The processing of public images is a little effort-taking.
I am not familiar with public Dockerfile processing and need to learn about it.
The issue of pulling various foreign sources at Docker establishment remains and its solution is more complicated. No direct intervention is available, and we can only solve the issue in Dockerfile.
Some operations on the applications must be variational and through restarting the container. Data of direct operations in the container cannot survive.
The linking between various containers is confusing. I am still at sea about how to relate a newly-added container to a few already linked containers.  
3. What do you want to know most about Alibaba’s large-scale use of Docker?
I am eager to understand all of it's usage situations. Others’ cases are my experience.

Alibaba has set up its own Docker image repository Docker Hub and Docker Registry. The storage of Registry has been directly replaced by Alibaba Cloud OSS which is more reliable than native local storage. In addition, we established a set of multi-region, multi-layer and multi-level-cache distributed image distribution network for Alibaba’s server rooms across the nation and the world at large. Leveraging P2P chain-type distribution technology and Docker Registry mirrors, the pressure on the service end servers, storage and bandwidth is dispersed. This has played an important role in the large-scale expansion of actual Singles‘ Day promotions.