I’ll start:
When I was first learning to use Docker, I didn’t realize that most tutorials that include a database don’t configure the database to persist. Imagine my surprise when I couldn’t figure out why the database kept getting wiped!
You are viewing a single thread.
View all comments 1 point
*
- Docker swarm does not respect its own compose spec, exposes services on all interfaces and bypasses firewall rules [1], [2]
- 1 million SLOC daemon running as root [1]
- Buggy network implementation, sometimes requires restarting the daemon to release bridges [1]
- Requires frequent rebuilds to keep up to date with security patches [1] [2] [3]
- No proper support for external config files/templating, not possible to do graceful reloads, requires full restarts/downtime for simple configuration changes [1]
- Buggy NAT implementation [1]
- Buggy overlay network implementation, causes TCP resets [1]
- No support for PID limits/fork bomb protection [1], no support for I/O limits [2]
- No sane/safe garbage collection mechanism,
docker system prune --all
deletes all unused volumes - including named volumes which are unused because the container/swarm service that uses them is stopped at that particular moment for whatever reason. Eats disk space like mad [1] [2] - Requires heavy tooling if you’re serious about it (CI, container scanning tools, highly-available registry…) [1], Docker development and infrastructure is fully controlled by Docker Inc. [1] [2] [3] [4] [5] [6]