I've been using CoreOS as an internal Docker PaaS, and have had a few thoughts.
-
While sub-optimal, there is a need to map in network storage to containers.
For example, Jenkins stores its configuration on the file system. As CoreOS containers can and should be portable around the cluster, unless you're using some kind of distributed storage your Jenkins configs will disappear periodically.
-
Almost everything else should be ephemeral. You should replace CoreOS machines with fresh images periodically. Rather than perform maintenance and cleanup of the CoreOS hosts, just replace them. This is not only convenient, but tests failover constantly.
-
Map in ephemeral storage for apps to use as temporary/scratch disk.
-
Corollary: databases that do their own replication can use scratch disk instead of network storage
-
Leverage etcd for service discovery
- Ports should forward between containers, and containers should always connect to
localhostwhen accessing services. This must work across physical hosts. Ideally connections are tunneled such that the actual outgoing TCP socket is persistent. - The networking layer of docker should be able to chaos/latency monkey its containers
- introduce latencies
- cause connection failures
- partition networks
- Native support for mapping in network storage e.g.
-v 192.168.0.4/myapp:/storagevia NFS or a more robust distributed file system