Gartner is predicting growing container adoption by 2023, believe it or not. Are you sitting down? Data from its survey shows a surge in containerization of applications (and data). The percentage of organizations that have containerized more than half of their applications increased from 23 percent to 29 percent. Also, the number of organizations that have containerized fewer than 10 percent of their apps fell from 32 percent to 21 percent.
Containers are becoming systemic to cloud-based applications, and while it’s helpful to cite analysts’ surveys, all you need to do is to join a cloud development team to understand that containers are a popular way to do “cloud native” while also leveraging portability and scalability using container orchestration such as Kubernetes.
The trouble with containers is not containers themselves or use of container orchestration, it’s the design patterns being used. Containers are at their essence complex, layered, distributed applications. Although you can certainly lift and shift an application to a container—which, simply put, serves as a platform—in most cases that buys you very little. You’re not leveraging what containers can do unless you design specifically for containers as an architecture as well as a platform. Here are some tips:
First, learn to break containerized applications, either net new or existing, into pieces that are logically grouped around function. This does a few things. It allows you to place purpose-built code into a domain (such as database access), allowing for better troubleshooting and ops. It also means you can place that container in clusters that will provide the best performance for that container: tuned for better I/O performance, use of CPU, use of network, etc.
Second, logically group for security. Security is often an afterthought when building containerized applications; in many development projects I’ve been involved with it’s added last. The reality is that complex and distributed applications (most container-based applications) are difficult to secure. Also, considering that containers are basically platforms running on a platform, good security becomes even more difficult.
Again, put parts of the application that require specialized security and governance into their own domain, meaning a single container or managed cluster. Focus security only on the components of the application that need it. The application will perform better overall and security operations will be much easier and more effective.
Of course, there are a ton more architecture patterns to understand and use. Your choice depends on your applications, data, and the overall purpose of the system. That said, a little architectural forethought will make those systems much better.