Docker and containerization bring a new way of building and deploying software. The new technology makes development more dynamic, distributed, faster, and more capable of handling failures at every step. However, to reap these benefits, you need a completely different toolset than traditional servers or virtual machines. As you begin your journey with Docker, you may be wondering which are the top Docker tools used today, and how you can leverage them. Let’s take a tour of the top Docker tools, by category.
Docker is the standard container runtime, and you can easily spin up a container locally on your laptop using the Docker CLI. However, to run Docker containers at scale, you need a container orchestrator. This is a management layer for Docker containers and is essential to run containers in production.
This is the most popular container orchestrator today and is supported by almost every container vendor. It organizes containers into a collection of pods and has powerful features for deployment, load balancing, security, and more.
Docker’s default orchestration tool, Swarm, is simpler to use than Kubernetes and is well integrated into the Docker workflow. With the rising popularity of Kubernetes, Swarm has now added support for Kubernetes, and has conceded the orchestration throne to Kubernetes.
Mesos has its own container orchestration tool called Marathon. With the dominance of Kubernetes, Marathon is taking a back seat as its parent company, Mesosphere, shifts focus to give users the choice of Kubernetes.
Coming from the AWS Stable, Amazon Elastic Container Service is one of the early container services. It has been slow to adopt Kubernetes, but has finally jumped on the Kubernetes bandwagon this past year. It runs containers inside EC2 instances and has deep integration with the wider AWS platform. It’s been the most recent vendor to embrace Kubernetes support, announcing their EKS service for Kubernetes management.
Google Container Engine (GKE), the container service from Google Cloud is the most deeply integrated with Kubernetes among the CaaS platforms. It is the first to bring upstream Kubernetes releases into its platform and is a great choice if Kubernetes is your priority.
Azure Container Engine (AKE), Microsoft’s container service has deep integration with the Azure platform and is taking significant steps to be the best place to manage Kubernetes. It has hired Brendan Burns, Kubernetes' co-founder to help with this mission.
Other CaaS Services
There are numerous other CaaS platforms with a focus on simplifying Kubernetes management. Some of them are Pivotal Container Service (PKS), Platform9, Heptio, Kismatic, StackPoint, and Giant Swarm, to name a few.
Security is the first priority when running containers in production. However, there isn’t a single do-it-all tool, instead, you need to use a combination of tools.
Kernel Security Tools
Docker has borrowed core Linux kernel security features like namespaces, cgroups, apparmor, SELinux, and SecComp. These features provide the first and most foundational layer of security for containers.
Securing network connections is essential for containers. This is achieved by Calico, a tool that creates micro-firewalls around each containerized service and provides granular security controls.
Coming from the house of HashiCorp, creators of the popular Terraform scheduler, Vault is a secrets management tool for containers. Vault stores and encrypts secret data on physical storage and requires multiple keys to access and read the secrets. Vault simplifies secrets management and makes it more powerful.
In production, containers need to be shielded from outside attacks and internal configuration lapses. This kind of threat detection is done using a proactive security tool like Aqua Security. It is able to track every part of the container stack and leverages machine learning to spot threats at any stage.
Containerized applications are typically based on the microservices architecture. In these systems, networking plays a key role in performance of the applications.
Linkerd provides a service mesh to connect microservices to one another. Its goal is to provide a uniform layer of communication.
Istio provides APIs and operates a layer above Linkerd. Together, they provide a powerful and feature-rich networking solution for containerized applications.
Service discovery, load balancing, and security are important criteria for container networking, and Weave brings all this together in a single package. It secures communication over the network using encryption, isolation, and segmentation. It provides a ‘micro DNS’ at each node and helps make service discovery easy.
Flannel is a Layer 3 overlay network for Kubernetes. Flannel is a powerful tool for connecting hosts within Kubernetes by allocating a subnet for each host. In so doing, it controls how traffic flows between the hosts.
Keeping track of changes and events as they occur is an important part of running containers in production. Fortunately, the Docker ecosystem has a range of monitoring tools to choose from.
Prometheus is by far the most popular monitoring tool for Kubernetes. It focuses on capturing and analyzing time-series data in real-time. It can be integrated with other tools like Kibana for visualization.
A vendor tool, Pagerduty has become essential to many DevOps teams that want to be alerted in real-time of downtimes, errors, attacks, and more. Its mature routing system ensures the right people are informed of anything going wrong with the system as soon as it happens.
Datadog is a container runtime monitoring tool that focuses on live reporting of performance data. It can identify parts of a Kubernetes stack automatically and, with its powerful visualizations, makes monitoring Kubernetes simple.
Slack enables integration with other tools and streams events to a live chat stream for the entire team to view. It makes troubleshooting and collaboration among team members faster and simpler.
Logs give you the real picture of what’s happening with your containerized applications and infrastructure. They are vital for managing containers in production.
The Elastic Stack
The Elastic stack is primarily powered by Elasticsearch, the full-text database engine that can query large quantities of unstructured data in real-time. It is bolstered by Kibana, an open source visualization tool. Together, they bring deep visibility into container logs without breaking the bank.
A logging service provider, Sumo Logic takes the pain out of log analysis with easy setup and a maintenance-free logging service. It can capture logs from Kubernetes or any other container tool via API integration.