Switching to a Container-based Application Architecture? Not So Fast
November 03, 2021

Jayne Groll
DevOps Institute

Container technology, such as Docker and CoreOS, have become an increasingly popular step in DevOps journeys. Containers are lightweight and portable, making them easier on organizations' resources. Containers can benefit cloud environments in a variety of ways, but that does not mean they are perfect for every situation. Software teams must manage a container's life cycle, including provisioning, deployment, scaling (up and down), networking, load balancing and more. The maintenance and implementation of container technology can be tedious and, therefore, there are situations where containers simply are not a good idea.

I asked top industry experts — DevOps Institute Ambassadors— to share their thoughts on when you may not want to use containers. Here's what landed at the top of the list:

Anshul Lalit

head of technology and transformation, Kongsberg Digital

"Containers are perfect for deploying an application with many dependencies that the end-user does not need to touch. However, containers might not be the best option if the application is very lightweight, and it's not essential for users to quickly update the application with each new version. For example, I would recommend for a monolith lift-and-shift to use a simple VM to avoid disruption.

In addition, it is vital to understand the limitations and differences between using a container and using another technology stack. Some use cases where you may avoid containers are:

If you need to use a special driver, capability or incompatible software with the standard container kernel.

If you need to change the kernel configuration, use a custom kernel, add other software or run commands that interfere with a container's standard configuration.

If you need to work with files that are incompatible with a container. For example, if you need to access a file system or a database not available in a container.

Also, as a general guideline, I highly recommend The Twelve-Factor App methodology for building modern software-as-a-service (SaaS) apps. It just makes your product life easier, predictable and covers all bases."

Supratip Banerjee

solutions architect, Principal Global Services

"If security is a priority, maybe Docker is not the best solution.

The most significant security benefit of Docker is that it divides the software into smaller pieces. If the security of one component is jeopardized, others are unaffected. While separated processes in containers offer greater security, all containers have access to the same host operating system. You face the risk of operating Docker containers with insufficient isolation. Any malicious malware has the ability to gain access to your computer's memory.

It is common practice to operate a large number of containers in a single environment. Unless you limit the resource container capabilities, this is how you make your app vulnerable to resource abuse attacks. Each container should handle one specific area of concern for optimal efficiency and isolation.

Another issue is that Docker's default setup does not namespace users. Namespaces allow software resources to use other resources only if they are in the same namespace."

Parveen Arora

co-founder and director, VVnT SeQuor

"If you're doing a project(s) related to "lift and shift" of your applications, you may be better off with a simple VM deployment to experience the least amount of disruption. However, if you're creating a new application from scratch, you're probably better off starting with containers."

Vishnu Vasudevan

head of product engineering and development, Opsera

"If you're running a monolithic application, people assume that switching from monolithic to container-based microservices is like flipping a switch, but that's not the case. Understanding the application needs to happen first and deciding to make it containerized is only viable if your team has the right skills for converting a monolithic application into a containerized application. If you do not have the skills within the application team running the monolith, they are likely going to fail. Whoever is building the application needs to know best practices for container orchestration. They need to analyze and recommend whether or not this application fits in the wheelhouse of containerization. Do not try to move everything to containers because it's the popular thing to do or your competitors are doing it. It has to be solely based on the merit of the application, not based on the merit of the person pushing to move to containers."

Join DevOps Institute for SKILup Day: Container Orchestration, for how-to sessions to expand your container knowledge.

Jayne Groll is CEO of DevOps Institute
Share this

Industry News

August 08, 2022

Contrast Security announced that software composition analysis (SCA) is now available for free in CodeSec.

CodeSec offers free application security testing and SCA in a single, developer-friendly interface.

The new SCA feature will enable developers to easily identify vulnerable third-party libraries quickly and accurately, getting secure code moving in minutes.

August 08, 2022

CloudBees announced Anuj Kapur as President and CEO.

August 08, 2022

ShiftLeft named Stuart McClure as CEO.

August 04, 2022

Cribl announced a new partnership with SentinelOne. The partnership enables SentinelOne customers to leverage Cribl's observability product suite to streamline cybersecurity triage, optimize data collection, and provide security teams control of their data.

August 04, 2022

Seemplicity partnered with Checkmarx. The partnership will see the Checkmarx One Platform integrated within Seemplicity's Productivity Platform, allowing joint customers to simplify the entire find-to-fix lifecycle and ultimately accelerate the time to remediation of vulnerabilities found throughout the software development lifecycle (SDLC).

August 04, 2022

Rafay Systems announced new capabilities that empower enterprise platform teams to provide developer self-service for faster application deployments with the necessary guardrails enterprises require.

August 03, 2022

Armory announced the availability of its CD Self-Hosted and Managed 2.28 product release.

August 03, 2022

mabl announced the release of enhanced branching capabilities that enable software development teams to easily create test branches, compare different versions of tests, and resolve conflicts in parallel with development and at the rapid pace of CI/CD.

August 03, 2022

Appdome announced the immediate availability of ThreatScope, a Mobile Security Operations Center (SOC) that's fully integrated inside the Appdome DevSecOps build system.

August 02, 2022

Traceable AI announced the addition of extended Berkeley Packet Filter (eBPF) data to its platform.

August 02, 2022

Harness announced the general availability of Harness Security Testing Orchestration (STO).

August 02, 2022

LambdaTest announced the availability of HyperExecute, a lightning-quick intelligent test orchestration platform, in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure.

August 01, 2022

Retool announced major updates to its free plan for developers, which now allows teams of up to five users to build unlimited apps.

August 01, 2022

Hazelcast announced the beta release of a new serverless offering under its Viridian cloud portfolio.

Hazelcast Viridian Serverless enables companies to take immediate action on real-time data by speeding app development, simplifying provisioning, and enabling flexible and robust integration of real-time data into applications.

August 01, 2022

Exadel announced the recent acquisition of software engineering company Motion Software, which specializes in blockchain, AI, analytics, healthcare, and eLearning, and is the creator of a remote work platform that enables tech companies to engage with top digital talent worldwide.