[Post updated as of November 5, 2020]
Anchore provides a convenient quick-start using both Docker Compose and Helm to spin up each of its services. Docker Compose may have some advantages over Kubernetes for those new to container architectures, namely the smaller learning curve required, as deployments grow, Kubernetes is a more robust solution to handle scaling, high availability, and multi-node clusters whether in cloud, hybrid, or on-prem environments. In this blog, we’ll outline some pitfalls of deploying Anchore in a production environment using Docker Compose and why we recommend deploying on Kubernetes via Helm.
Competition Over Resources
The biggest issue with using Docker Compose as a deployment method for Anchore at a production-scale level is that Docker Compose is intended to run on a single host. Anchore services can be resource-intensive when performing actions such as feed synchronization and image analysis. Herein lies the issue: when using Docker Compose on a single host, the containers compete for the same underlying resources including memory, CPU, and disk I/O. By spreading services across a cluster of hosts, fewer containers may run on the same host, reducing the competition over resource allocation.
Difficulty Scaling Docker Compose
While it’s not impossible to scale with Docker Compose, it’s not as simple as it is using Kubernetes. Since Docker Compose is intended to run on a single host, there may be issues with conflicting ports, log sizes, and service communication. Within Anchore, the number of images analyzed concurrently is dependent on the number of analyzers deployed. Having multiple CI/CD pipelines is a common theme that we see, making the ability to scale analyzers a necessity to increase analysis throughput.
Effort Required to Upgrade
With Docker Compose, upgrading Anchore services requires modifying the docker compose.yaml, and then relaunching the containers. Should something be incorrect or the deployment needs to be rolled back, the containers would need to be stopped, reverted back to their previous versions, and then redeployed. Kubernetes and Helm provide an easy upgrade method, as well as a rollback should it be necessary.
Overall, Kubernetes is a more production-ready container orchestration platform than Docker Compose. There are multiple mature products out for monitoring Kubernetes clusters, it better handles secrets, as well as integrates easily with visualization and metrics tools. If you’re unsure about where to start when scaling Anchore, take a look at our Scanning in the Millions blog.
To get started with Anchore for either Helm or Docker Compose, check out our installation guide.