I am still on the journey to wholesale container acceptance, but I have been finding more and more use-cases that are delightfully solved by them. My favorite so far is a WordPress hosting platform with some shared infrastructure (web server, caching reverse proxy, and database) but each PHP-FPM instance jailed in its own container. This lets me:
* easily chroot PHP (this is surprisingly difficult otherwise)
* restrict MariaDB access by IP address
* constrain the resource consumption of each application as necessary (i.e. to prevent an out-of-control PHP script from swamping the box)
* independently determine each application's PHP version
And because each managed application is (basically) a Docker image and a Caddyfile, it's easily extensible to non-PHP things. I can feel the lightbulb flickering but I'm not yet at full k8s awareness. The shared infrastructure isn't containerized, but it could easily be, and it's all running on one VM, but it could be distributed across multiple.
Containers don't solve the common problems, they just give you more tools to work with. With databases, for example, you still need to figure out whether each application gets its own database instance? schema? user?, a replication strategy, a failover strategy, a backup strategy, etc. You can use either a bind-mounted host directory or a shared-storage volume for the backing store, just like always, or a newfangled data volume container.
I am more comfortable sharing a database instance between multiple schemas and users because I can do IP-specific grants, but if I wanted to do one per application, I could do that too!
* easily chroot PHP (this is surprisingly difficult otherwise)
* restrict MariaDB access by IP address
* constrain the resource consumption of each application as necessary (i.e. to prevent an out-of-control PHP script from swamping the box)
* independently determine each application's PHP version
And because each managed application is (basically) a Docker image and a Caddyfile, it's easily extensible to non-PHP things. I can feel the lightbulb flickering but I'm not yet at full k8s awareness. The shared infrastructure isn't containerized, but it could easily be, and it's all running on one VM, but it could be distributed across multiple.
Containers don't solve the common problems, they just give you more tools to work with. With databases, for example, you still need to figure out whether each application gets its own database instance? schema? user?, a replication strategy, a failover strategy, a backup strategy, etc. You can use either a bind-mounted host directory or a shared-storage volume for the backing store, just like always, or a newfangled data volume container.
I am more comfortable sharing a database instance between multiple schemas and users because I can do IP-specific grants, but if I wanted to do one per application, I could do that too!