With improved scalability and security on its cloud platform, Google has addressed two of the central IT concerns...
about using Docker containers in production.
Google has upgraded the security features around Google Container Registry with improved speed, authentication and vulnerability detection, while bringing Google Container Engine closer to its promise of containers at scale for more modern applications.
New horizontal pod autoscaling addresses inconsistencies in Container Engine performance for workloads with spiky utilization by allowing pods to scale up and down based on CPU usage. Other improvements include an HTTP load balancer and a re-architected networking system that reduces latency by up to 80%, Google said.
Autoscaling is probably the biggest upgrade for containers since Google first released Kubernetes, its open source container orchestration tool, said Dale Hopkins, chief architect at Vendasta Technologies in Saskatoon, Sask., which builds sales and marketing software for media companies.
"We started to use Kubernetes about a year ago, and realized it can't scale horizontally and said, 'Why bother?'" Hopkins said. "Before, it was a neat concept. But now, it's something we can use in production, and that's really exciting."
Vendasta has used Docker containers in production for about a year. The company was enthusiastic about Kubernetes and the potential for simplified management of Docker containers, but the challenge with the original version of the software was that it was built to support fixed resources.
Dale Hopkinschief architect at Vendasta Technologies
The company also wanted to take full advantage of the scalability of Google's cloud, but the previous iteration required Hopkins to manually scale the pods via Google Compute Engine VMs to ensure the applications were still running and going through health checks.
Uses were also restricted to workloads that required limited scaling, perhaps on a monthly or bimonthly basis. So, not only can Vendasta now save time by eliminating the manual procedures, it opens Container Engine to a broader set of workloads that require more regular scaling.
"It's going to be a big savings in terms of effort," Hopkins said.
Google continues to make incremental enhancements to Google Container Engine that make containers safer and perform well at massive scale, said Dave Bartoletti, principal analyst for Forrester Research Inc., in Cambridge, Mass. Like any orchestration product, Kubernetes becomes more valuable as users scale and coordinate the activities of hundreds or thousands of containers.
"This continues Google's mission to help every company run containers at scale the way Google does, and it reinforces the engineering commitment they have to containers and the Docker ecosystem," Bartoletti said.
Security beefed up for Google Container Registry
In terms of security features, customers can now push and pull Docker images to the Google registry using the latest Docker API for improved authentication and pull times that are up to 40% faster, according to Google.
Google also is partnering with Twistlock, a container security vendor in San Francisco that identifies and addresses vulnerabilities stored in a container registry or on a running container. Google customers can now scan images inside Container Registry for compliance purposes, detect and use automated responses for anomalies in a Container Engine cluster, and generate policy-violation reports from both services.
Those security upgrades are important for the DevOps model, particularly for enterprises that need greater operational assurances about their deployments, said Geoff Woollacott, principal analyst at Technology Business Research Inc., in Hampton, N.H.
"With containers, the focus is always on the freedom its gives developers, but you've got to remember the other part of DevOps," Woollacott said.
Trevor Jones is a news writer with TechTarget's data center and virtualization media group. Contact him at firstname.lastname@example.org
Five steps for moving applications to Docker containers
Docker bolsters container management features with Tutum buy
Kubernetes extends reach to OpenStack hybrid clouds