Orchestrating Chaos: Selecting a Captain for Your Container Ship
Let's be honest: running docker run on your laptop is easy. It feels like magic. But taking that containerized application and spreading it across ten nodes while maintaining high availability, service discovery, and persistent storage? that is where the magic dies and the headaches begin.
We are closing out 2015 with a massive shift in how we manage infrastructure. The "pet vs. cattle" analogy is no longer just a slide in a conference deck; it is a reality we face every time a node goes dark at 3 AM. With the recent release of Kubernetes 1.1 and the maturing of Docker Swarm, the choice isn't getting easier. It's getting more political.
I have spent the last month migrating a high-traffic Magento cluster from a monolithic bare-metal setup to a containerized environment. Here is the raw data on what works, what breaks, and why the underlying hardware (yes, even virtualized) matters more than the YAML files you write.
The Contenders: Swarm vs. The Google Giant
Right now, if you are looking to orchestrate containers, you generally look at three options: Apache Mesos (if you are Twitter), Docker Swarm (if you want simplicity), or Kubernetes (if you want to be Google).
1. Docker Swarm: The Native Son
Swarm is attractive because it speaks the Docker API. If you know Docker, you know Swarm. It treats a cluster of Docker hosts as a single virtual Docker host. This is fantastic for teams that are already comfortable with docker-compose.
However, Swarm is still finding its footing regarding advanced scheduling. It is great for "spread this across nodes," but less robust when you need complex self-healing logic compared to its rival.
Here is a typical setup using docker-machine to provision a Swarm manager on a CoolVDS instance. Note the simplicity:
docker-machine create -d generic
--generic-ip-address=185.x.x.x
--generic-ssh-key ~/.ssh/id_rsa
--swarm --swarm-master
--swarm-discovery token://<cluster_id>
swarm-master2. Kubernetes 1.1: The Heavy Artillery
Kubernetes (K8s) 1.1 was released last month (November 2015), and it brings significant performance improvements. But let's not mince words: it is complex. You aren't just running containers; you are managing Pods, ReplicationControllers, Services, and Ingress resources.
K8s introduces a steep learning curve, but the payoff is granular control. In our tests, K8s handled node failure significantly better than Swarm. When we hard-killed a CoolVDS node running a K8s worker, the master rescheduled the pods to healthy nodes within seconds.
A basic Replication Controller in Kubernetes 1.1 looks like this. Notice we aren't using "Deployments" yet as that API is still in beta/extensions:
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx-controller
spec:
replicas: 3
selector:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.9
ports:
- containerPort: 80The Networking Nightmare
The hardest part of 2015-era containerization isn't starting the container; it's making them talk to each other across different hosts without exposing everything to the public internet.
Docker's default bridge networking is fine for single hosts, but for multi-host, you need an overlay network. We have been experimenting heavily with Flannel and Weave. Flannel creates an overlay mesh that gives every container a unique IP. It works, but it adds encapsulation overhead.
Pro Tip: If you are using Flannel on KVM-based VPS (like CoolVDS), ensure your MTU settings are correct. The VXLAN header adds 50 bytes. If your host interface is 1500, set your Docker MTU to 1450. Failure to do this results in dropped packets and phantom connection timeouts that will ruin your weekend.
Check your interface MTU on the host:
ip addr show eth0 | grep mtuIf you see dropped packets in ifconfig, you likely have an MTU mismatch between the overlay and the physical interface.
Persistence: Where Data Goes to Die
Containers are ephemeral. Your database cannot be. This is where many DevOps engineers fail. They spin up a MySQL container, restart it, and lose the data. Do not do this.
In 2015, reliable distributed storage for containers is still the "wild west." Tools like Flocker are trying to solve volume migration, but for production right now, I recommend host-mapping. Pin your database containers to specific nodes using label selectors and map the volume to the host's high-speed storage.
# Inside your pod definition or docker command
volumes:
- hostPath:
path: /var/lib/mysql
name: mysql-persistent-storageThis is where your infrastructure choice becomes critical. If you are host-mapping database files, the underlying disk I/O of your VPS provider is the bottleneck. We benchmarked CoolVDS NVMe storage against standard SSD VPS providers in Oslo. The difference in IOPS for MySQL 5.6 writes was nearly 4x. When you have multiple containers fighting for disk access, NVMe isn't a luxury; it is a requirement.
The "Safe Harbor" Fallout and Norwegian Data
We cannot talk about infrastructure in Europe right now without mentioning the legal elephant in the room. In October, the CJEU invalidated the Safe Harbor agreement (Schrems I). If you are storing customer data, relying on US-based cloud providers has just become a massive legal risk.
The Norwegian Data Protection Authority (Datatilsynet) is strict. Hosting your Kubernetes cluster on VPS Norway infrastructure ensures you remain compliant with the Personal Data Act (Personopplysningsloven). Latency to the Oslo Internet Exchange (NIX) is just a bonus; data sovereignty is the real asset here.
The Verdict: Keep It Simple (Initially)
If you are a team of two managing five microservices, stick with Docker Compose or a simple Swarm setup. It is manageable and effective.
However, if you are building a platform meant to scale, bite the bullet and learn Kubernetes 1.1. The ecosystem is growing fast. The initial configuration pain (setting up etcd, the API server, the scheduler) is high, but the stability is unmatched.
But remember: an orchestrator is only as good as the nodes it commands. You can have the most beautiful Kubernetes YAML in the world, but if your underlying VPS has noisy neighbors or high I/O latency, your application will feel slow.
Don't let I/O wait times kill your orchestration efforts. Deploy your cluster on CoolVDS KVM instances with dedicated resources and local NVMe storage. Spin up a test node in Oslo today and see the difference raw performance makes.