How to reach maximum performance and reliability in KVM + Docker

[AlexEv1337]

I have installed KVM with 30 Ubuntu (in future will be more) on Ubuntu and finally that bunch of VM working fine.
But my next test in this server is adding to this machine huge amount of docker images - more than 50.
And I thinking, but no answer what is right way to do this.
First way is place docker to physical machine with Ubuntu, as peer of KVM. Second way is place docker inside one of the KVM machine.
Additional condition - KVM VM machines is production, it can not be stopped in any way, and whole server can not be reboot in any way, because rebooting means lost client and lost money. In other case images inside docker is experimental and maybe can not working stable and fine and images inside docker (as expected) will be constantly restarted.
What right way to set Docker+KVM in my condition (1) from performance point of view and (2) from point to avoid reboot server at least next 3 years?

 

[f33dm3bits]

If you are requesting a business solution for your question since you seem to be setting this up for people buying services from you then hire a solutions architect, if that is not an option just try out the different ways you think it is possible and compare the results. Also keep in mind when you do kernel updates you are going to have to reboot in order to boot into the new kernel with the latest security patches, as well as after updating certain components of systemd your system will need a reboot.

 

[AlexEv1337]

Thank you, @f33dm3bits Security patches is big trouble, but I will always ignore it to avoid reboot. At common I'm solutions architect of this system and of course administrator of all servers of this solution. And I see a lot of advantage and disadvantage of both main way - docker inside KVM and docker as paraller to KVM. Unfortunately I can not time for comparing performance of two main solution in practice. I search experience of other admins who successfully pass similar task. (1) Performance comparison. (2) Memory utilization comparision, (3) Influence permanently restarting docker images to stability docker engine (like memory leaks). (4) physical server stability with KVM or alternatively with KVM+Docker engine.

 

[f33dm3bits]

One downside of docker is that you have to create wrapper scripts around it if people are going to have access to the machine because if you have access to the docker user you basically can become root on the system. If you want to run multiple containers on psychical hardware you will need a way to efficiently be able to manage them and for the user to be able to efficiently deploy new containers from images. The best way would by using something such Kubernetes or Openshift(which is kubernates with some extra tools, options and and an a web-interface).
So I would say if you are going to use docker then run docker inside KVM vm's so that for each client you can run a separate virtual machine with docker. So that you don't have to worry about setting up a way to separate the different user containers but only have to setup a way for the user per machine to be able to control the images and containers without needing access to the docker user, if you are going to use something like Kubernetes or Openshift than run it on phsycial hardware. I've played around a bit with Openshift but just know some of the basics, but I haven't done anything with just Kurbenetes so I wouldn't know how easy that is to setup etc but I do know that if you have to run multiple containers on one platform then Kubernetes or Openshift are the way to go.

 

[AlexEv1337]

thank you, will read about Openshift, I don't know what is it, with docker I was always use Portainer

 

[f33dm3bits]

You only mentioned docker so I assumed you were using plain docker. I have never heard of Portainer before but having had a quick look at it, it seems it probably has some of the same functionalities as Openshift. Openshift is a Redhat product which you need a license for and you get support but there is also a community version, OKD. Now that I know you are not using plain docker, I would go for Openshift or Portainer on a physical system since those types of setups are meant to be able to run easily run and manage containers, and I don't think you would want to be running 20 vm's with each a seperate instance of Openshift or Portainer, maybe a cluster of 1-3 physical machines depending on how much load is expected.