Post on 21-Mar-2017
transcript
Daniël van Gils @foldingbeauty daniel@cloud66.com
www.cloud66.com
!
"
How the hell do I run Docker in Production?...
and will it scale?
UXDevOps
Business
Developer Advocate
Established in 2012
Build, deploy and maintain any application on any server, on the cloud provider of your choice or bring your own servers.
Running Docker in production for almost 1½ years for our customers.
We simplify DevOps.
Average of 4000+ servers.
How the hell do I run Docker in Production?...
and will it scale?
Daniël van Gils @foldingbeauty daniel@cloud66.com
www.cloud66.com
!
"
NOISE
$docker run alpine echo 'hello world’
you don’t know what kind of skills you need
production
you know what kind of skill you need
you think you know your gained all the skills
but you don’t know
time
skill
s
technology
#♥
NOISE
Minimal Lovable Service
%
&
#
#1 the right container image
#2 containers in production
&&
&
''
containers
& &&&&&
&
bin/libs
os
%
bin/libs bin/libs
(
)
*+
%
'server
os
bin/libs
)
,
''
cloud/VM
os
bin/libs
%
(
)
'os
bin/libs
(
)
cloud/VM
%
(
)
*+
containers
%%)
server
dev
ops
ops
ops
dev dev,
Containers need a smooth DevOps team
- service
& containers
server cluster(s)'
image&#
&&
= code
= docker file
= docker engine
= platform
&
build
ship
deploy
%containerisation
(
)
*+
the containerisation machine
&&&
(you can’t polish a turd
%
&
containerisation
)
*.
&&& =
Keep Images Slim Stupid
dev » test » stage » production
#Minimal Lovable Service Image
SMALL SECURE
SPEEDY / PERFORMANT STABLE
SET / IMMUTABLE
&#
Keep Images Small, Secure, Speedy, Stable and Set Stupid
SMALL Start with the smallest minimal image you can find. Remove compile time dependencies. Remove packages you don’t need. Run stats for the image.
&#
“I didn't have time to create a slim image, so I created a fat one instead.”
SMALL SECURE
PERFORMANT STABLE
IMMUTABLE
&#
SECURE Remove all the secrets. Patch to the latest security updates. Run the image with the right UID. Test the image.
&#
SMALL SECURE
PERFORMANT STABLE
IMMUTABLE
&#
PERFORMANT Optimise code. Memory and cpu usage. One process. Load testing.
&#
SMALL SECURE
PERFORMANT STABLE
IMMUTABLE
&#
STABLE Lock the image version. Lock the runtime version(s). Tag your image. Proper logging. Image guideline for your team.
&#
SMALL SECURE
PERFORMANT STABLE
IMMUTABLE
&#
IMMUTABLE Use volumes wisely. Loosely coupled. Don’t use databases inside a image. Use external services for persistency.
&#
dev » test » stage » production
#Minimal Lovable Service Image
Keep Images Small, Secure, Speedy, Stable and Set Stupid
-
&#
& 0
monolith containerisation ± 70 %
monolith 1x
monolith image FAT
-
&#
&
0
API first containerisation ± 20%
&#
&api 1x
frontend 1x
image frontend FAT
image api FAT
-
&#
&
0
splitting monolith containerisation ± 6%
&#api 6x
frontend 1x &#
&
workers 10x
&&&&&&&&&
image frontend FAT
image api THIN
image workers THIN
&&&&&&
-
&#
10
&#A 6x
B 12x &#
&
C 10x
&&&&&&&&&
image B THIN
image A THIN
image C THIN
&&&&&&
microservice architecture ± 4%
&&&&&&&
&&&&&
message queue
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY
0
DEV/OPS/DESIGN FLOW Have an image guideline. Create a workflow using the same image in all the software cycle stages. From design to production mimic the environment. Test heavily.
20
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY
3
ORCHESTRATION Isolation of services. Make use of the resource available. Self healing. Load distribution. Adding nodes to your cluster.
23
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY
4
DISCOVERY Find your services and datasources with minimal code change. Versioning of running services. Automagically update discovery when new services are online or scaled up/down.
24
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING/SCHEDULING DATA MANAGMENT MONITORING SECURITY
5
SCALING/SCHEDULING Scale your containers. Scale your docker cluster. Scale your on/off jobs. Failover groups. Cross cloud clusters. Load balancing.
25
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY
DATA MANAGEMENT Backup and restores. Clustering. Verify your backups. Run natively not in a container for non cloud native DBs.
2
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY
6
MONITORING Get all the statistics of resources (mem/load/net/res) used. Aggregating of logs. Debugging your containers.
26
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY2
SECURITY Intrusion detection and prevention systems. Denial of service protection. Firewalling. Failover groups. Segregate container groups VPC / bastion servers. Verification of images.
22
SMALL SECURE PERFORMANT STABLEIMMUTABLE
&#DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING/SCHEDULING DATA MANAGMENT MONITORING SECURITY
%
MLI PLATFORM CONTAINERS AS A SERVICE
When you get DevOps right, Microservices architecture right and creating the right minimal lovable Image and having the right platform to run containers. Ohh man, the future is bright and you don’t go to hell!
#
www.cloud66.com blog.cloud66.com habitus.io startwithdocker.com
ready for your quest?
thank you
Daniël van Gils @foldingbeauty daniel@cloud66.com
www.cloud66.com
!
"