MAISON CODE .
/ Tech · DevOps · Docker · Kubernetes · Containers

Docker & Kubernetes: Shipping Containers, Not Code

"It works on my machine" is not an acceptable excuse. How containerization ensures consistency from Development to Production.

AB
Alex B.

The “Works on My Machine” Syndrome

Developer A: “The login works on my Mac.” Developer B: “It fails on my Windows PC.” Server: “It crashes on Linux because Node.js version is mismatched.” This is Environment Drift. It wastes thousands of hours. Docker solves this. We don’t ship “Code”. We ship a “Container”. A Container is a lightweight Virtual Machine that contains the OS (Alpine Linux), the Runtime (Node 18), the Dependencies (node_modules), and the Code. If the Container starts on your laptop, it will start on the server. Guaranteed. It is the standard unit of deployment.

Why Maison Code Discusses This

At Maison Code, we value Reproducibility. If a new developer joins the team, they shouldn’t spend 3 days installing Redis, Postgres, and ImageMagick. They should run docker-compose up and be coding in 10 minutes. We use Kubernetes (K8s) for our enterprise clients who need massive scale and self-healing capabilities. We talk about this because DevOps is not an afterthought; it is the foundation of Development Velocity.

The Dockerfile: The Recipe

The Dockerfile defines how to build the container.

# 1. Base Image (Small & Secure)
FROM node:18-alpine AS builder

# 2. Set Directory
WORKDIR /app

# 3. Install Dependencies (Cache Layer)
COPY package*.json ./
RUN npm ci

# 4. Copy Code
COPY . .

# 5. Build
RUN npm run build

# --- Multi-Stage Build (Optimization) ---
# We discard the 'builder' stage and keep only the production artifacts
FROM node:18-alpine AS runner
WORKDIR /app
COPY --from=builder /app/.next ./.next
COPY --from=builder /app/public ./public
COPY --from=builder /app/node_modules ./node_modules
COPY --from=builder /app/package.json ./package.json

# 6. Start
CMD ["npm", "start"]

Optimization Tip: Multi-Stage Builds. In the example above, we use a builder stage to compile the code. Then we copy only the result to the runner stage. We leave behind the “Source Code”, the “TypeScript Compiler”, and the “DevDependencies”. Result: Use have a 100MB image instead of a 1GB image. Faster deploy, safer runtime.

Docker Compose: Local Orchestration

You rarely run just one container. You run a Web App, a Database, and a Cache. docker-compose.yml orchestrates them.

version: '3'
services:
  web:
    build: .
    ports: ["3000:3000"]
    environment:
      DATABASE_URL: postgres://user:pass@db:5432/myapp
  db:
    image: postgres:15
    environment:
      POSTGRES_PASSWORD: pass
  redis:
    image: redis:alpine

Now, docker-compose up spins up the entire stack. The web container can talk to db simply by using the hostname db. Magic DNS.

Kubernetes (K8s): The Captain

Docker runs containers. Kubernetes Manages them. If you have 1 server, use Docker. If you have 100 servers, use Kubernetes. K8s handles:

  1. Self-Healing: “Container A crashed. Restart it.”
  2. Auto-Scaling: “CPU usage is high. Add 5 more Containers.”
  3. Rolling Updates: “Update version 1 to 2. Do it one by one. If errors spike, Rollback automatically.”

The “Overkill” Warning

Kubernetes is complex. It has a steep learning curve (Pods, Deployments, Services, Ingress, Helm Charts). For 90% of startups, K8s is overkill. Use a PaaS (Platform as a Service) like Vercel, Railway, or AWS App Runner. They run containers for you without the headache of managing the Cluster Control Plane. Only move to K8s when you need:

  • Compliance (On-premise hosting).
  • Cost optimization at massive scale.
  • Complex networking meshes.

7. Helm: The Package Manager for K8s

K8s YAML files are verbose. deployment.yaml (50 lines). service.yaml (20 lines). ingress.yaml (30 lines). Multiply by 3 environments (Dev, Staging, Prod). It is unmanageable. Solution: Helm. Helm Charts are templates. helm install my-app ./charts/my-app --set image.tag=v2 It replaces variables in the template and deploys the manifests. It is “NPM for Kubernetes”.

8. GitOps (ArgoCD): The Truth is in Git

Never run kubectl apply -f file.yaml from your laptop. This creates “Configuration Drift”. Solution: GitOps.

  1. Store all YAMLs in a Git Repo (infra-repo).
  2. Install ArgoCD in the cluster.
  3. ArgoCD watches the Git Repo.
  4. If you push a change to Git, ArgoCD automatically applies it to the cluster.
  5. If someone manually hacks the cluster, ArgoCD detects the diff and reverts it (Self-Healing Configuration). The Cluster state always matches Git.

10. Distroless Images: Security by Minimalism

Alpine Linux is small (5MB). But it has a shell (/bin/sh). If a hacker gets in, they can run commands. Solution: Google “Distroless” Images. They contain only your app and its dependencies. No Shell. No Package Manager. No ls. If a hacker exploits a vulnerability, they verify “I’m in!”… and then they can’t do anything. Use gcr.io/distroless/nodejs.

11. Pod Disruption Budgets (PDB)

You have 3 replicas of your API. Kubernetes wants to upgrade the node (OS Patch). It drains the node. It kills all 3 replicas at once. Site goes down. Fix: Define a PDB. minAvailable: 2. K8s is forced to kill one, wait for the new one to start, then kill the next. This guarantees Zero Downtime Deployments even during infrastructure maintenance.

12. The Skeptic’s View

“Docker is slow on Mac.” Counter-Point: True. It runs in a VM. But debugging “Why does bcrypt fail on Linux” takes longer than the 5% performance hit. Consistency > Raw Speed.

FAQ

Q: Docker vs Virtual Machine (VM)? A: A VM captures the Hardware (Heavy). A Container captures the OS User Space (Light). You can run 100 containers on a server that can only hold 5 VMs.

Q: Is Docker secure? A: By default, yes (isolation). But if you run as root inside the container, and there is a kernel exploit, the attacker can escape. Best Practice: Create a generic user (RUN adduser app) and switch to it (USER app) deep in the Dockerfile.

Conclusion

Containers are the shipping containers of code. Before standard shipping containers, loading a ship was chaos (barrels, sacks, boxes). Now, everything fits in a standard box. The crane doesn’t care what’s inside. Docker makes your code a standard box. AWS is the crane. Pack it right, and you can ship it anywhere.

Deployment nightmares?

If your deployments are flaky “it worked on my machine” situations, Maison Code can Dockerize your stack. We implement CI/CD pipelines that build, test, and ship containers automatically.

Deployment headaches?

We Containerize applications using Docker and orchestrate them with Kubernetes for bulletproof deployments. Hire our Architects.