I am working for a financial organization. In this situation, we want to deploy in two ways:1. We can use a VM (virtual machine)-installed OS. This OS deploys a container.2. Another way is by deploying Docker on a physical machine or server, ensuring high availability.My question is: What is the standard or which is suitable for me to deploy a Docker in a production system for a financial organization?
Usually in financial organizations it’s all about security, so you should look at Docker rootless installation (link).
It has a few complications, and I read Docker Swarm is not working with rootless installation.
You could also run Docker containers inside VMs or LXCs or Docker itself. Clearly having more security layers are good, but they also complicate the whole setup.
Have a look at Proxmox (link), which provides a GUI to manage servers, VMs and containers. There is also Portainer (link) for containers and swarm/k8s.
For a “real” financial institution I would look into k8s, for example RKE2 (link), which claims to be specifically hardened. I would say within k8s the container runtime doesn’t really matter anymore, if Docker or Podman or something else.
If you go down the k8s path, make sure to have at least a FTE to manage it, I feel it can’t be done with 20% time of 1 developer.
Overall I would recommend to get a consultant on board, who has experience in this topic to create the secure infrastructure architecture.
High availability is a complicated topic, because it usually has a breaking point. We run a SaaS with Docker Swarm and Traefik as reverse proxy, a managed load balancer in front of it, applications distributed on multiple servers, several DB clusters.
Our single point of failure is the LB, if it’s gone, our services are not reachable. All other elements (Swarm manager node, Traefik node, application node, DB node) can tolerate a server failure.
But even with management tools like k8s/swarm errors or misconfiguration can happen, then services go down, potentially like Starlink today.
So high availability is a very complicated beast With high security even more
Before you start anything, make sure you acquaint yourself with the security and compliance governance of your company. There should be standards regarding operations, application development, usually a container strategy and probably other standards. This is typically company specific, and often go beyond external regulations.
Once you know what requirements you need to met, you can start looking for solutions.