Welcome to from-docker-to-kubernetes

Docker Database Containerization

Best practices, techniques, and considerations for containerizing databases with Docker

H A R S H H A A
@NotHarshhaa

Introduction to Database Containerization

Database containerization represents one of the most challenging yet rewarding applications of Docker technology. Containerizing databases requires careful consideration of persistent storage, performance optimization, high availability, and data integrity:

  • Infrastructure agility: Rapidly deploy consistent database environments across development, testing, and production
  • Resource efficiency: Optimize compute resource utilization compared to traditional database deployments
  • Environment parity: Ensure development and testing environments precisely match production
  • Orchestration benefits: Leverage Kubernetes and other orchestration platforms for database management
  • Simplified upgrades: Streamline database version upgrades and patching

This comprehensive guide explores the techniques, best practices, and considerations for successfully containerizing various database systems using Docker, addressing both the challenges and advantages of this approach.

Database Containerization Fundamentals

Stateful vs. Stateless Containers

Understanding the fundamental difference between stateful databases and stateless applications in containers:

  1. Persistence requirements: Databases require durable storage that survives container lifecycle
  2. Performance considerations: I/O performance impacts database workloads more critically
  3. Backup and recovery: Specialized processes needed for data protection
  4. High availability: More complex clustering and replication patterns
  5. Resource sensitivity: Databases often have specific memory, CPU, and storage requirements

Docker Storage Options for Databases

Docker provides several storage options for database containerization:

Volumes

Containerizing Specific Databases

MySQL/MariaDB

Containerizing MySQL or MariaDB requires specific configurations for optimal performance:

# Dockerfile for custom MySQL configuration
FROM mysql:8.0

# Add custom MySQL configuration
COPY my-custom.cnf /etc/mysql/conf.d/

# Add initialization scripts
COPY init-scripts/ /docker-entrypoint-initdb.d/

# Set healthcheck
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
  CMD mysqladmin ping -h localhost -u healthcheck_user --password=$MYSQL_HEALTHCHECK_PASSWORD || exit 1

Example Docker Compose configuration:

version: '3.8'

services:
  mysql:
    image: mysql:8.0
    container_name: mysql_db
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_DATABASE: ${MYSQL_DATABASE}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
    ports:
      - "3306:3306"
    volumes:
      - mysql_data:/var/lib/mysql
      - ./my-custom.cnf:/etc/mysql/conf.d/my-custom.cnf:ro
      - ./init-scripts:/docker-entrypoint-initdb.d
    command: 
      - --default-authentication-plugin=mysql_native_password
      - --character-set-server=utf8mb4
      - --collation-server=utf8mb4_unicode_ci
      - --innodb_buffer_pool_size=1G
      - --innodb_log_file_size=256M
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 5s

volumes:
  mysql_data:
    driver: local

Key considerations for MySQL containerization:

  1. Configuration tuning: Adjust MySQL parameters based on available container resources
  2. Initialization scripts: Use /docker-entrypoint-initdb.d/ for database setup
  3. Character set handling: Explicitly configure encoding to prevent issues
  4. Authentication plugins: Configure appropriate authentication mechanisms
  5. Health checks: Implement proper health monitoring

PostgreSQL

PostgreSQL containerization requires attention to specific PostgreSQL requirements:

version: '3.8'

services:
  postgres:
    image: postgres:15
    container_name: postgres_db
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_DB: ${POSTGRES_DB}
      PGDATA: /var/lib/postgresql/data/pgdata
    ports:
      - "5432:5432"
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./postgresql.conf:/etc/postgresql/postgresql.conf
      - ./pg_hba.conf:/etc/postgresql/pg_hba.conf
    command: postgres -c 'config_file=/etc/postgresql/postgresql.conf'
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 10s
    deploy:
      resources:
        limits:
          memory: 2G
        reservations:
          memory: 1G

volumes:
  postgres_data:
    driver: local

PostgreSQL-specific considerations:

  1. PGDATA path: Configure the data directory explicitly
  2. Configuration files: Mount custom postgresql.conf and pg_hba.conf
  3. Connection management: Configure max_connections based on workload
  4. Shared memory settings: Adjust shared_buffers for container memory allocation
  5. WAL configuration: Tune Write-Ahead Logging for performance and durability

MongoDB

MongoDB containerization example:

version: '3.8'

services:
  mongo:
    image: mongo:6.0
    container_name: mongodb
    restart: unless-stopped
    environment:
      MONGO_INITDB_ROOT_USERNAME: ${MONGO_ROOT_USER}
      MONGO_INITDB_ROOT_PASSWORD: ${MONGO_ROOT_PASSWORD}
    ports:
      - "27017:27017"
    volumes:
      - mongo_data:/data/db
      - mongo_config:/data/configdb
      - ./init-scripts:/docker-entrypoint-initdb.d
      - ./mongod.conf:/etc/mongod.conf
    command: ["--config", "/etc/mongod.conf"]
    healthcheck:
      test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017/admin -u $${MONGO_ROOT_USER} -p $${MONGO_ROOT_PASSWORD} --quiet | grep 1
      interval: 10s
      timeout: 10s
      retries: 5
      start_period: 40s

volumes:
  mongo_data:
    driver: local
  mongo_config:
    driver: local

MongoDB-specific considerations:

  1. Journal and data separation: Configure separate volumes for data and journal
  2. WiredTiger cache: Configure cache size based on container memory
  3. Authentication setup: Properly configure users and roles
  4. Replica set configuration: Consider replica sets for high availability
  5. Init scripts: Use JavaScript initialization scripts for database setup

Redis

Redis containerization example:

version: '3.8'

services:
  redis:
    image: redis:7.0-alpine
    container_name: redis_cache
    restart: unless-stopped
    ports:
      - "6379:6379"
    volumes:
      - redis_data:/data
      - ./redis.conf:/usr/local/etc/redis/redis.conf:ro
    command: ["redis-server", "/usr/local/etc/redis/redis.conf"]
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
      interval: 5s
      timeout: 3s
      retries: 5
    deploy:
      resources:
        limits:
          memory: 1G
    sysctls:
      net.core.somaxconn: '511'
      vm.overcommit_memory: '1'

volumes:
  redis_data:
    driver: local

Redis-specific considerations:

  1. Persistence configuration: Choose between RDB snapshots and AOF logs
  2. Memory management: Configure maxmemory and eviction policies
  3. Connection limits: Adjust maxclients based on expected connections
  4. System tuning: Configure sysctls for optimal Redis performance
  5. Security: Implement password authentication and protected mode

Database Clustering and High Availability

MySQL Replication

Setting up MySQL primary-replica replication with Docker Compose:

version: '3.8'

services:
  mysql_primary:
    image: mysql:8.0
    container_name: mysql_primary
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_DATABASE: ${MYSQL_DATABASE}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
    ports:
      - "3306:3306"
    volumes:
      - mysql_primary_data:/var/lib/mysql
      - ./primary.cnf:/etc/mysql/conf.d/custom.cnf:ro
    networks:
      - mysql_network
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
      interval: 10s
      timeout: 5s
      retries: 5

  mysql_replica:
    image: mysql:8.0
    container_name: mysql_replica
    restart: unless-stopped
    depends_on:
      mysql_primary:
        condition: service_healthy
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
      MYSQL_DATABASE: ${MYSQL_DATABASE}
      MYSQL_USER: ${MYSQL_USER}
      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
    ports:
      - "3307:3306"
    volumes:
      - mysql_replica_data:/var/lib/mysql
      - ./replica.cnf:/etc/mysql/conf.d/custom.cnf:ro
      - ./setup-replica.sh:/docker-entrypoint-initdb.d/setup-replica.sh
    networks:
      - mysql_network
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost"]
      interval: 10s
      timeout: 5s
      retries: 5

volumes:
  mysql_primary_data:
  mysql_replica_data:

networks:
  mysql_network:
    driver: bridge

Configuration for primary node (primary.cnf):

[mysqld]
server-id = 1
log_bin = mysql-bin
binlog_format = ROW
binlog_do_db = ${MYSQL_DATABASE}

Configuration for replica node (replica.cnf):

[mysqld]
server-id = 2
relay_log = mysql-relay-bin
log_bin = mysql-bin
binlog_format = ROW
read_only = ON

Setup script for replica (setup-replica.sh):

#!/bin/bash
set -e

# Wait for MySQL primary to be ready
until mysql -h mysql_primary -u root -p${MYSQL_ROOT_PASSWORD} -e "SELECT 1"; do
  echo "Waiting for MySQL primary to be ready..."
  sleep 5
done

# Get binary log position from primary
MASTER_STATUS=$(mysql -h mysql_primary -u root -p${MYSQL_ROOT_PASSWORD} -e "SHOW MASTER STATUS\G")
BINLOG_FILE=$(echo "$MASTER_STATUS" | grep File | awk '{print $2}')
BINLOG_POSITION=$(echo "$MASTER_STATUS" | grep Position | awk '{print $2}')

# Configure replication
mysql -u root -p${MYSQL_ROOT_PASSWORD} << EOF
CHANGE MASTER TO
  MASTER_HOST='mysql_primary',
  MASTER_USER='${MYSQL_USER}',
  MASTER_PASSWORD='${MYSQL_PASSWORD}',
  MASTER_LOG_FILE='$BINLOG_FILE',
  MASTER_LOG_POS=$BINLOG_POSITION;
START SLAVE;
EOF

echo "Replica configured and started"

PostgreSQL Replication

Setting up PostgreSQL primary-standby replication:

version: '3.8'

services:
  postgres_primary:
    image: postgres:15
    container_name: postgres_primary
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_DB: ${POSTGRES_DB}
      PGDATA: /var/lib/postgresql/data/pgdata
    ports:
      - "5432:5432"
    volumes:
      - postgres_primary_data:/var/lib/postgresql/data
      - ./primary.conf:/etc/postgresql/postgresql.conf:ro
      - ./pg_hba.conf:/etc/postgresql/pg_hba.conf:ro
    command: postgres -c 'config_file=/etc/postgresql/postgresql.conf'
    networks:
      - postgres_network
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      timeout: 5s
      retries: 5

  postgres_standby:
    image: postgres:15
    container_name: postgres_standby
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_DB: ${POSTGRES_DB}
      PGDATA: /var/lib/postgresql/data/pgdata
    ports:
      - "5433:5432"
    volumes:
      - postgres_standby_data:/var/lib/postgresql/data
      - ./standby.conf:/etc/postgresql/postgresql.conf:ro
      - ./pg_hba.conf:/etc/postgresql/pg_hba.conf:ro
      - ./setup-replica.sh:/docker-entrypoint-initdb.d/setup-replica.sh
    command: postgres -c 'config_file=/etc/postgresql/postgresql.conf'
    networks:
      - postgres_network
    depends_on:
      postgres_primary:
        condition: service_healthy

volumes:
  postgres_primary_data:
  postgres_standby_data:

networks:
  postgres_network:
    driver: bridge

MongoDB Replica Set

Setting up a MongoDB replica set:

version: '3.8'

services:
  mongo1:
    image: mongo:6.0
    container_name: mongo1
    restart: unless-stopped
    command: ["--replSet", "rs0", "--bind_ip_all"]
    ports:
      - "27017:27017"
    volumes:
      - mongo1_data:/data/db
      - ./init-replica.js:/docker-entrypoint-initdb.d/init-replica.js:ro
    networks:
      - mongo_network
    healthcheck:
      test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017 --quiet | grep 1
      interval: 10s
      timeout: 10s
      retries: 5
      start_period: 40s

  mongo2:
    image: mongo:6.0
    container_name: mongo2
    restart: unless-stopped
    command: ["--replSet", "rs0", "--bind_ip_all"]
    ports:
      - "27018:27017"
    volumes:
      - mongo2_data:/data/db
    networks:
      - mongo_network
    depends_on:
      - mongo1

  mongo3:
    image: mongo:6.0
    container_name: mongo3
    restart: unless-stopped
    command: ["--replSet", "rs0", "--bind_ip_all"]
    ports:
      - "27019:27017"
    volumes:
      - mongo3_data:/data/db
    networks:
      - mongo_network
    depends_on:
      - mongo1

volumes:
  mongo1_data:
  mongo2_data:
  mongo3_data:

networks:
  mongo_network:
    driver: bridge

Initialization script for MongoDB replica set (init-replica.js):

// Wait for all nodes to be available
const waitForNodes = (hosts, attempts = 30) => {
  let attempt = 0;
  
  while (attempt < attempts) {
    try {
      for (const host of hosts) {
        const conn = new Mongo(host);
        const status = conn.getDB("admin").runCommand({ ping: 1 });
        if (status.ok !== 1) throw new Error(`Failed to connect to ${host}`);
        print(`Successfully connected to ${host}`);
      }
      return true;
    } catch (err) {
      print(`Attempt ${attempt + 1}/${attempts}: ${err.message}`);
      sleep(5000);
      attempt++;
    }
  }
  
  throw new Error("Failed to connect to all nodes");
};

// Initialize replica set
const initReplSet = () => {
  try {
    waitForNodes(["mongo1:27017", "mongo2:27017", "mongo3:27017"]);
    
    print("Configuring replica set...");
    const rsConfig = {
      _id: "rs0",
      members: [
        { _id: 0, host: "mongo1:27017", priority: 2 },
        { _id: 1, host: "mongo2:27017", priority: 1 },
        { _id: 2, host: "mongo3:27017", priority: 1 }
      ]
    };
    
    rs.initiate(rsConfig);
    
    print("Waiting for replica set to initialize...");
    sleep(5000);
    
    // Check status
    const status = rs.status();
    printjson(status);
    
    print("Replica set initialization complete!");
  } catch (err) {
    print(`Failed to initialize replica set: ${err.message}`);
    throw err;
  }
};

// Run initialization
initReplSet();

Performance Optimization

Resource Allocation and Limits

Properly configuring resource limits is essential for database containers:

version: '3.8'

services:
  postgres:
    image: postgres:15
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 4G
        reservations:
          cpus: '1'
          memory: 2G
    # ... other configuration ...

  mysql:
    image: mysql:8.0
    deploy:
      resources:
        limits:
          cpus: '2'
          memory: 4G
        reservations:
          cpus: '1'
          memory: 2G
    # ... other configuration ...

Best practices for resource allocation:

  1. Memory reservation: Set a minimum guaranteed memory allocation
  2. Memory limits: Set appropriate upper bounds based on workload
  3. CPU allocation: Balance between guaranteed and maximum CPU resources
  4. Swap configuration: Disable or carefully control swap usage
  5. Resource monitoring: Implement monitoring to detect resource pressure

Storage Performance

Optimizing storage performance for containerized databases:

Volume Driver Selection

  • Use volume drivers optimized for database workloads
  • Consider local SSD-backed volumes for performance-critical databases
  • Evaluate cloud-specific volume drivers for cloud deployments

I/O Optimization

  • Configure appropriate I/O schedulers
  • Tune filesystem parameters for database workloads
  • Consider direct I/O for specific database engines

Database-Specific Tuning

  • Adjust database engine parameters based on storage characteristics
  • Configure appropriate buffer sizes and cache settings
  • Optimize write-ahead logging and journaling based on storage performance

Example configuration for optimized storage:

version: '3.8'

services:
  postgres:
    # ... other configuration ...
    volumes:
      - type: volume
        source: postgres_data
        target: /var/lib/postgresql/data
        volume:
          nocopy: true
      - type: tmpfs
        target: /dev/shm
        tmpfs:
          size: 1G
    sysctls:
      vm.swappiness: 0
      vm.dirty_ratio: 80
      vm.dirty_background_ratio: 5

volumes:
  postgres_data:
    driver: local
    driver_opts:
      type: 'ext4'
      device: '/dev/sdb1'
      o: 'noatime,nodiratime'

Backup and Recovery Strategies

Volume-based Backups

Creating consistent backups of database volumes:

# Create a backup container to snapshot the database
docker run --rm \
  --volumes-from postgres_db \
  -v $(pwd)/backups:/backups \
  alpine \
  tar czf /backups/postgres_data_$(date +%Y%m%d_%H%M%S).tar.gz /var/lib/postgresql/data

Database-native Backups

Using database-native tools for consistent backups:

version: '3.8'

services:
  postgres:
    # ... main database configuration ...

  postgres_backup:
    image: postgres:15
    depends_on:
      - postgres
    volumes:
      - ./backups:/backups
      - ./backup-scripts:/scripts
    environment:
      PGPASSWORD: ${POSTGRES_PASSWORD}
    entrypoint: /scripts/backup.sh
    deploy:
      restart_policy:
        condition: none

Backup script example (backup.sh):

#!/bin/bash
set -e

# Variables
BACKUP_DIR="/backups"
POSTGRES_HOST="postgres"
POSTGRES_DB="${POSTGRES_DB:-postgres}"
POSTGRES_USER="${POSTGRES_USER:-postgres}"
DATE=$(date +"%Y%m%d_%H%M%S")
BACKUP_FILE="${BACKUP_DIR}/${POSTGRES_DB}_${DATE}.sql.gz"

# Ensure backup directory exists
mkdir -p ${BACKUP_DIR}

# Create backup
echo "Creating backup of ${POSTGRES_DB} database from ${POSTGRES_HOST}..."
pg_dump -h ${POSTGRES_HOST} -U ${POSTGRES_USER} ${POSTGRES_DB} | gzip > ${BACKUP_FILE}

# Verify backup
if [ -f "${BACKUP_FILE}" ]; then
  echo "Backup completed successfully: ${BACKUP_FILE}"
  echo "Backup size: $(du -h ${BACKUP_FILE} | cut -f1)"
else
  echo "Backup failed!"
  exit 1
fi

# Cleanup old backups (keep last 7 days)
find ${BACKUP_DIR} -name "${POSTGRES_DB}_*.sql.gz" -type f -mtime +7 -delete

Automated Backup Scheduling

Scheduling regular database backups:

version: '3.8'

services:
  # ... main database services ...
  
  backup_scheduler:
    image: alpine
    volumes:
      - ./backups:/backups
      - /var/run/docker.sock:/var/run/docker.sock
    command: |
      sh -c "
        apk add --no-cache docker-cli
        echo '0 2 * * * docker-compose exec -T mysql mysqldump -u root -p$$MYSQL_ROOT_PASSWORD --all-databases | gzip > /backups/mysql_all_$$(date +\%Y\%m\%d).sql.gz' > /etc/crontabs/root
        crond -f -d 8
      "
    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}

Security Considerations

Authentication and Access Control

Implementing proper authentication for containerized databases:

version: '3.8'

services:
  postgres:
    image: postgres:15
    environment:
      POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_DB: ${POSTGRES_DB}
    volumes:
      - postgres_data:/var/lib/postgresql/data
      - ./pg_hba.conf:/etc/postgresql/pg_hba.conf:ro
    secrets:
      - postgres_password

secrets:
  postgres_password:
    file: ./postgres_password.txt

Example pg_hba.conf with restricted access:

# TYPE  DATABASE        USER            ADDRESS                 METHOD
local   all             postgres                                peer
host    all             all             127.0.0.1/32            scram-sha-256
host    all             all             ::1/128                 scram-sha-256
host    all             all             172.16.0.0/12           scram-sha-256
host    all             all             0.0.0.0/0               reject

Encryption and Data Protection

Implementing encryption for containerized databases:

  1. Transport encryption: Configure TLS/SSL for database connections
  2. Data-at-rest encryption: Use encrypted volumes or database-level encryption
  3. Secrets management: Securely manage database credentials

Example MySQL configuration with TLS:

version: '3.8'

services:
  mysql:
    image: mysql:8.0
    volumes:
      - mysql_data:/var/lib/mysql
      - ./ssl:/etc/mysql/ssl:ro
    command:
      - --ssl-ca=/etc/mysql/ssl/ca.pem
      - --ssl-cert=/etc/mysql/ssl/server-cert.pem
      - --ssl-key=/etc/mysql/ssl/server-key.pem
      - --require-secure-transport=ON

Database Migration and Upgrades

Version Upgrades

Strategies for upgrading database versions in containers:

Parallel Deployment

  • Deploy new version alongside existing version
  • Migrate data to new version
  • Switch traffic once migration is complete
  • Keep old version as fallback

In-place Upgrade

  • Create comprehensive backup
  • Update container image version
  • Validate upgrade success
  • Maintain rollback capability

Example upgrade workflow for PostgreSQL:

# 1. Create a backup of the current database
docker exec postgres_db pg_dumpall -c -U postgres > postgres_backup.sql

# 2. Stop the current container
docker-compose stop postgres

# 3. Update the image version in docker-compose.yml from postgres:14 to postgres:15

# 4. Start the new version
docker-compose up -d postgres

# 5. Verify the upgrade
docker exec postgres_db psql -U postgres -c "SELECT version();"

Schema Migrations

Managing database schema migrations in containers:

version: '3.8'

services:
  postgres:
    # ... main database configuration ...

  flyway:
    image: flyway/flyway:9
    command: -url=jdbc:postgresql://postgres:5432/${POSTGRES_DB} -user=${POSTGRES_USER} -password=${POSTGRES_PASSWORD} migrate
    volumes:
      - ./migrations:/flyway/sql
    depends_on:
      postgres:
        condition: service_healthy

Monitoring and Observability

Health Checks and Readiness Probes

Implementing effective health checks for database containers:

version: '3.8'

services:
  mysql:
    image: mysql:8.0
    # ... other configuration ...
    healthcheck:
      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "healthcheck_user", "--password=$$MYSQL_HEALTHCHECK_PASSWORD"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 30s
  
  postgres:
    image: postgres:15
    # ... other configuration ...
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U postgres"]
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 10s
  
  mongodb:
    image: mongo:6.0
    # ... other configuration ...
    healthcheck:
      test: echo 'db.runCommand("ping").ok' | mongosh localhost:27017/admin -u $${MONGO_INITDB_ROOT_USERNAME} -p $${MONGO_INITDB_ROOT_PASSWORD} --quiet | grep 1
      interval: 10s
      timeout: 10s
      retries: 5
      start_period: 40s

Prometheus Monitoring

Setting up Prometheus monitoring for containerized databases:

version: '3.8'

services:
  postgres:
    # ... main database configuration ...

  postgres_exporter:
    image: prometheuscommunity/postgres-exporter
    environment:
      DATA_SOURCE_NAME: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?sslmode=disable"
    ports:
      - "9187:9187"
    depends_on:
      - postgres

  prometheus:
    image: prom/prometheus
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml
      - prometheus_data:/prometheus
    ports:
      - "9090:9090"
    command:
      - '--config.file=/etc/prometheus/prometheus.yml'
      - '--storage.tsdb.path=/prometheus'
      - '--web.console.libraries=/usr/share/prometheus/console_libraries'
      - '--web.console.templates=/usr/share/prometheus/consoles'

  grafana:
    image: grafana/grafana
    depends_on:
      - prometheus
    ports:
      - "3000:3000"
    volumes:
      - grafana_data:/var/lib/grafana
      - ./dashboards:/etc/grafana/provisioning/dashboards
      - ./datasources:/etc/grafana/provisioning/datasources

volumes:
  postgres_data:
  prometheus_data:
  grafana_data:

Example Prometheus configuration (prometheus.yml):

global:
  scrape_interval: 15s
  evaluation_interval: 15s

scrape_configs:
  - job_name: 'postgres'
    static_configs:
      - targets: ['postgres_exporter:9187']

Cloud and Orchestration Environments

Kubernetes StatefulSets

Deploying databases with Kubernetes StatefulSets:

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: postgres
spec:
  serviceName: "postgres"
  replicas: 1
  selector:
    matchLabels:
      app: postgres
  template:
    metadata:
      labels:
        app: postgres
    spec:
      containers:
      - name: postgres
        image: postgres:15
        ports:
        - containerPort: 5432
          name: postgres
        env:
        - name: POSTGRES_PASSWORD
          valueFrom:
            secretKeyRef:
              name: postgres-secrets
              key: password
        - name: POSTGRES_USER
          value: postgres
        - name: POSTGRES_DB
          value: myapp
        - name: PGDATA
          value: /var/lib/postgresql/data/pgdata
        volumeMounts:
        - name: postgres-data
          mountPath: /var/lib/postgresql/data
        readinessProbe:
          exec:
            command: ["pg_isready", "-U", "postgres"]
          initialDelaySeconds: 5
          periodSeconds: 10
        resources:
          requests:
            memory: "1Gi"
            cpu: "500m"
          limits:
            memory: "2Gi"
            cpu: "1000m"
  volumeClaimTemplates:
  - metadata:
      name: postgres-data
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: 10Gi
---
apiVersion: v1
kind: Service
metadata:
  name: postgres
spec:
  selector:
    app: postgres
  ports:
  - port: 5432
    targetPort: 5432
  clusterIP: None

Managed Cloud Databases

When to use managed cloud databases vs containerized databases:

# Example connection to managed RDS database from containerized application
version: '3.8'

services:
  app:
    image: myapp:latest
    environment:
      DB_HOST: mydb.cluster-abcdefghijkl.us-east-1.rds.amazonaws.com
      DB_PORT: 5432
      DB_NAME: myapp
      DB_USER: app_user
      DB_PASSWORD_FILE: /run/secrets/db_password
    secrets:
      - db_password

secrets:
  db_password:
    external: true

Considerations for cloud environments:

  1. Managed services: Often preferred for production workloads
  2. Containerized databases: Better for development and testing environments
  3. Hybrid approach: Using containerized replicas of managed databases
  4. Data locality: Consider regional requirements and latency concerns
  5. Operational overhead: Evaluate management complexity vs control

Specialized Database Systems

Time-Series Databases

Containerizing time-series databases like InfluxDB or TimescaleDB:

version: '3.8'

services:
  influxdb:
    image: influxdb:2.6
    container_name: influxdb
    restart: unless-stopped
    ports:
      - "8086:8086"
    volumes:
      - influx_data:/var/lib/influxdb2
    environment:
      - DOCKER_INFLUXDB_INIT_MODE=setup
      - DOCKER_INFLUXDB_INIT_USERNAME=${INFLUXDB_USERNAME}
      - DOCKER_INFLUXDB_INIT_PASSWORD=${INFLUXDB_PASSWORD}
      - DOCKER_INFLUXDB_INIT_ORG=${INFLUXDB_ORG}
      - DOCKER_INFLUXDB_INIT_BUCKET=${INFLUXDB_BUCKET}
      - DOCKER_INFLUXDB_INIT_RETENTION=${INFLUXDB_RETENTION}
    healthcheck:
      test: ["CMD", "influx", "ping"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 30s

volumes:
  influx_data:

Graph Databases

Containerizing graph databases like Neo4j:

version: '3.8'

services:
  neo4j:
    image: neo4j:5.5
    container_name: neo4j
    restart: unless-stopped
    ports:
      - "7474:7474"  # HTTP
      - "7687:7687"  # Bolt
    volumes:
      - neo4j_data:/data
      - neo4j_logs:/logs
      - neo4j_import:/var/lib/neo4j/import
      - neo4j_plugins:/plugins
      - ./neo4j.conf:/conf/neo4j.conf
    environment:
      - NEO4J_AUTH=neo4j/${NEO4J_PASSWORD}
      - NEO4J_dbms_memory_pagecache_size=1G
      - NEO4J_dbms_memory_heap_initial__size=1G
      - NEO4J_dbms_memory_heap_max__size=2G
    healthcheck:
      test: ["CMD", "wget", "-O", "/dev/null", "-q", "http://localhost:7474"]
      interval: 1m
      timeout: 10s
      retries: 3
      start_period: 40s

volumes:
  neo4j_data:
  neo4j_logs:
  neo4j_import:
  neo4j_plugins:

Development and Testing Environments

Local Development Setup

Simplified database setup for local development:

version: '3.8'

services:
  dev_db:
    image: postgres:15-alpine
    restart: unless-stopped
    environment:
      POSTGRES_PASSWORD: devpassword
      POSTGRES_USER: devuser
      POSTGRES_DB: devdb
    ports:
      - "5432:5432"
    volumes:
      - dev_db_data:/var/lib/postgresql/data
      - ./init-scripts:/docker-entrypoint-initdb.d
    command: >
      -c max_connections=100
      -c shared_buffers=256MB
      -c effective_cache_size=512MB
      -c log_statement=all
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U devuser -d devdb"]
      interval: 5s
      timeout: 3s
      retries: 3

volumes:
  dev_db_data:

Database Test Fixtures

Creating database test fixtures with Docker:

version: '3.8'

services:
  test_db:
    image: postgres:15-alpine
    environment:
      POSTGRES_PASSWORD: testpassword
      POSTGRES_USER: testuser
      POSTGRES_DB: testdb
    ports:
      - "5433:5432"
    volumes:
      - ./test-fixtures:/docker-entrypoint-initdb.d
    tmpfs:
      - /var/lib/postgresql/data
    command: >
      -c fsync=off
      -c full_page_writes=off
      -c synchronous_commit=off
  
  integration_tests:
    image: myapp-tests:latest
    depends_on:
      test_db:
        condition: service_healthy
    environment:
      DB_HOST: test_db
      DB_PORT: 5432
      DB_NAME: testdb
      DB_USER: testuser
      DB_PASSWORD: testpassword
    volumes:
      - ./test-results:/app/test-results

Best Practices and Patterns

Anti-patterns to Avoid

Common mistakes when containerizing databases:

  1. Ephemeral storage: Failing to use persistent volumes
  2. Inadequate resource limits: Not setting appropriate memory and CPU constraints
  3. Missing health checks: Failing to implement proper health monitoring
  4. Ignoring security: Not following security best practices
  5. Neglecting backups: Not implementing reliable backup strategies

Multi-environment Deployment

Strategies for deploying across different environments:

# docker-compose.override.yml for local development
version: '3.8'

services:
  postgres:
    ports:
      - "5432:5432"
    environment:
      POSTGRES_PASSWORD: localdev
    volumes:
      - ./dev-init-scripts:/docker-entrypoint-initdb.d
    command: >
      -c log_statement=all
      -c log_min_duration_statement=0

GitOps and Infrastructure as Code

Managing database containers with GitOps:

# Example Argo CD Application for database deployment
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: postgres-database
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://github.com/myorg/database-configs.git
    targetRevision: HEAD
    path: postgres
  destination:
    server: https://kubernetes.default.svc
    namespace: database
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true

Conclusion

Containerizing databases with Docker provides significant benefits in terms of deployment consistency, environment parity, and resource efficiency. While database containerization presents unique challenges related to persistence, performance, and high availability, following the best practices outlined in this guide can help organizations successfully implement containerized database solutions across development, testing, and production environments.

The key to successful database containerization lies in understanding the specific requirements of each database system, properly configuring persistent storage, implementing comprehensive monitoring and backup strategies, and carefully optimizing performance for containerized environments. By addressing these considerations, organizations can leverage the agility and consistency of Docker containers while maintaining the reliability and performance expected from database systems.

As container orchestration technologies continue to evolve, database containerization will become increasingly sophisticated, offering new opportunities for automating database operations, enhancing scalability, and improving resilience in distributed environments.

Edit this page
Docker Security Scanning and Vulnerability Management
Comprehensive techniques for identifying, managing, and remediating security vulnerabilities in Docker containers and images
Docker Observability Platforms
Comprehensive guide to implementing observability solutions for Docker environments using modern monitoring, logging, and tracing tools