Those of us who are old enough can remember a day when 软件 was delivered primarily by physical media. The spread of broadb和 internet 和 smartphones has led us to the age of the web service—软件 hosted in the cloud accessed by user clients such as browsers 和 apps.

Not too long ago, web applications were run directly on physical machines in private data centers. 便于管理, these applications were usually monolithic—a single large server would contain all of the back-end code 和 database. 现在, web hosting services like Amazon 和 the spread of hypervisor technology have changed all of that. 多亏了 亚马逊网络服务 (AWS) 和 tools like VirtualBox, it has become easy to package an entire OS in a single file.

使用像EC2这样的服务, it has become easy to package machine images 和 string together sets of virtual servers. Along came the microservices paradigm—an approach to 软件 architecture wherein large monolithic apps are broken up into smaller focused services that do one thing well. 在一般情况下, this approach allows for easier scaling 和 feature development as bottlenecks are quicker to find 和 system changes easier to isolate.

从宠物到牲畜

我成为了一名基础设施工程师，正是在这种趋势达到顶峰的时候. I recall building my first production environment in Amazon using a series of bash scripts. 服务员对我来说就像宠物. 我给他们每个人起了可爱的名字. 我仔细地监视着他们. 我对警报迅速作出反应，并保持它们的健康. I treated those instances with love 和 affection because it was painful to try to replace them—much like a beloved pet.

Along came 厨师, a configuration management tool, 和 almost immediately my life got easier. 有了这样的工具 厨师 和 木偶, you can take away most of the manual pain associated with managing a cloud system. You can use its “environments” construct to separate development, staging, 和 production servers. You can use its “data bags” 和 “roles” to define configuration parameters 和 push sets of changes. 现在，我所有的“宠物”服务员都从服从学校毕业了.

然后在2013年，事情发生了 码头工人, 和 a new era began: the age of 软件 as livestock (apologies to any vegans in the audience). 容器范例是编排范例之一，而不是配置管理范例. Kubernetes之类的工具, 码头工人组成, 和 Marathon focus on moving around predefined images instead of adjusting config values on running instances. Infrastructure is immutable; when a container goes bad, 我们不会试图修复它，我们会朝它的头部开枪，然后换掉它. 我们更关心畜群的健康，而不是单个动物. 我们不再给服务器起可爱的名字了.

奖励

容器使很多事情变得更容易. 他们让企业更多地专注于自己的特殊酱料. Tech teams can worry less about infrastructure 和 configuration management 和 instead worry mostly about app code. 公司可以更进一步，为MySQL之类的东西使用托管服务, 卡珊德拉, 卡夫卡, 或者Redis，这样就完全不用处理数据层了. There are several startups offering “plug 和 play” machine learning services as well to allow companies to do sophisticated 分析 不用担心基础设施. These trends have culminated in the serverless model—a 软件 architecture approach that allows teams to release 软件 without managing a single VM or container. 像S3、Lambda、Kinesis和Dynamo这样的AWS服务使这成为可能. 为了扩展这个类比, 我们已经从宠物发展到家畜，再到某种按需提供的动物服务.

这一切都很酷. It is crazy that we live in a time where a twelve-year-old kid can spin up a sophisticated 软件 system with a few clicks. 我们应该记住，就在不久以前，这是不可能的. 就在几任美国总统之前, physical media was the st和ard 和 only big companies had the means to manufacture 和 distribute 软件. Bug修复是一种奢侈. 现在, that twelve-year-old kid can create an AWS account 和 make his 软件 available to the entire world. If there’s a bug, someone will bug him on Slack 和, in a few minutes, a fix is out for all users.

的风险

非常, 非常酷的, but not without its price—reliance on cloud providers like Amazon means reliance on big corporations 和 proprietary technologies. 如果理查德·斯托曼和爱德华·斯诺登没有让你担心这些事情的话, 最近Facebook的溃败当然应该如此.

Greater abstraction away from hardware also brings with it the risk of less transparency 和 control. 当运行数百个容器的系统出现故障时, 我们只能希望故障会在我们能检测到的地方冒出来. 如果问题与主机操作系统或底层硬件有关, 这可能很难确定. An outage that could have been resolved in 20 minutes using VMs may take hours or days to resolve with containers if you do not have the right instrumentation.

It isn’t just failures either that we need to worry about when it comes to things like 码头工人. 还有安全问题. 我们使用的任何容器平台, we have to trust that there are no backdoors or undisclosed security vulnerabilities. 使用开源平台也不能保证安全. If we rely on third-party container images for parts of our system, we may be vulnerable.

总结

The livestock paradigm is attractive for a number of reasons, but it is not without its downsides. 在把整堆货物装进集装箱之前, tech teams need to think about whether or not it is the right choice 和 ensure they can mitigate the negative effects.

就我个人而言，我喜欢与容器打交道. I’m excited to see where things go in the next ten years as new platforms 和 paradigms arise. 然而, 作为前安全顾问, 我很谨慎，知道任何事情都是有代价的. It is up to engineers to remain vigilant to ensure that we don’t give up our autonomy as users 和 developers. 即使是世界上最简单的CD/CI工作流程也不值得付出这样的代价.