I’ll start:

When I was first learning to use Docker, I didn’t realize that most tutorials that include a database don’t configure the database to persist. Imagine my surprise when I couldn’t figure out why the database kept getting wiped!

  • @[email protected]English
    121 year ago
    • Docker swarm does not respect its own compose spec, exposes services on all interfaces and bypasses firewall rules [1], [2]
    • 1 million SLOC daemon running as root [1]
    • Buggy network implementation, sometimes requires restarting the daemon to release bridges [1]
    • Requires frequent rebuilds to keep up to date with security patches [1] [2] [3]
    • No proper support for external config files/templating, not possible to do graceful reloads, requires full restarts/downtime for simple configuration changes [1]
    • Buggy NAT implementation [1]
    • Buggy overlay network implementation, causes TCP resets [1]
    • No support for PID limits/fork bomb protection [1], no support for I/O limits [2]
    • No sane/safe garbage collection mechanism, docker system prune --all deletes all unused volumes - including named volumes which are unused because the container/swarm service that uses them is stopped at that particular moment for whatever reason. Eats disk space like mad [1] [2]
    • Requires heavy tooling if you’re serious about it (CI, container scanning tools, highly-available registry…) [1], Docker development and infrastructure is fully controlled by Docker Inc. [1] [2] [3] [4] [5] [6]