On Tue, 30 Oct 2018 at 07:28, Ben Cooksley <bcooks...@kde.org> wrote: > Sorry, Docker might be a wonderful way to test applications, but it's > totally unsuitable for production workloads.
That's a bold claim. At Zalando we have 10,000s of microservices in production and each one of them is running inside a Docker container. this has been our deployment vector for years We are far from alone in this. > First, the contents of that Docker image can be confirmed how exactly? You build the image yourself, sign it and upload to your own private registry. > Second, it's impossible for Sysadmin to delegate management of a > Docker container to anyone. There are third party tools to support this and Docker itself supports delegation of signing and deployment. Each team at Zalando has full autonomy to start/stop/update/deploy and reassign their running services (and therefore the container). This is handled by an open source tech we have released called STUPS: https://stups.io/ Sadly, this is AWS-centric, but I am sure there are other solutions that solve the same problem. Openstack? > This means if anything goes wrong with it a Sysadmin would have to be > the one to take a look Genuine comment: Unless you are doing devops, when *anything* goes wrong I would expect the sysadmin to be the first to react. If you /are/ doing devops, then of course it is the deploying team who reacts. -- Paul J. Adams PhD MIEEE MBCS CITP GPG: 07DD 0812 Paul James Adams
