Learning from
Docker in Production

Building the section.io
Reverse Proxy service

What is
Production-Ready?

  • Stable
  • Well-instrumented
  • Automatable
  • Scalable
  • Securable

Isolatable?

  • Process identifiers (PIDs)
  • User identifiers (UIDs)
  • Disk space
  • Inter-container communication (ICC)

fs.inotify.​max_user_watches

kernel.pid_max

Log Management

  • Shipping
  • Rotation

Container UID 0

  • root
  • Shocker

docker events

and

ip netns exec

Thank you

Jason Stangroome

  • @jstangroome
  • https://section.io