One or multiple containers

Hi all,

TL;DR How to determine to use multiple services in one container or split them? And which one is more traffic (MB’s) hungry when using openBalena?

One of my main questions per project is if we should use one container or multiple. And if we use multiple, what’s the best approach?

Until now, we’ve used multiple for all different services (like Redis, serial communication and Node.js). We’d like to keep the serial communication and Node.js seperated, but only Node.js uses Redis. So should we combine Node.js with Redis in one container or should we keep them seperated, and why?

We’re using a Raspberry Pi 4 on openBalena. Because openBalena doesn’t support delta updates, I was wondering in this case what’s more traffic expensive? Redis is probably only going to be updated with security patches, but no big changes. So on an update, does it download the container just to be sure or does it know there’s no difference?

Thanks in advance!

Some good reasons about deciding to architect your app into multiple containers are:

  • uptime
    • in case that you are deploying a change that’s limited to a single component, then the rest containers don’t have to get restarted as well. For example, if you have multiple components relying on a DB container but you are just updating one of the consumers, the rest can still continue working uninterrupted.
    • in case that one of your containers error unexpectedly, then the device only needs to restart that one, while the rest are still running
  • security, you can limit the access that each container has, just to the minimum required. For example if only one container needs access to the device’s hardware, you can apply the appropriate docker-compose labels (or mark as privileged) just to that single one and have all others communicate with it. By using such an internal messaging approach, you can easily limit whether each container should be reachable from external networks.

The point that you raised about update download is an interesting one.
The first thing to note is that if your containers share a common base image, then that common docker image layer will be downloaded only once for all the containers of your application.
Moreover, if you use multiple containers, then this extra isolation can also lead to smaller update payloads when you are just updating a subset of your containers, because of how docker layer caching works. On the other hand if you were using a single container, then all layers after your changes would be invalidated and have to be re-downaloaded.

I hope that proves useful.

Kind regards,

1 Like