Docker Experience at InbotJilles van Gurp

Who is Jilles?

www.jillesvangurp.com, and @jillesvangurp on *

Java (J)Ruby Python Javascript/node.js

Servers reluctant Devops guy Software Architecture

Universities of Utrecht (NL), Blekinge (SE), and Groningen (NL)

GX (NL),Nokia Research (FI), Nokia/Here (DE),Localstream (DE),

Inbot (DE).

Inbot app - available for Android & IOS

Reluctant Devops, so I Docker Ops: I need it it done and I need it done right, so I can move on with Dev

If you want something done right: DIY.

Rant: Ops keeps sucking up my dev time; source of technical debt as well because I don't actually have time to do it "properly" (for varying definitions of properly). I need less Ops in my life; not more.

Docker is generally helping me to get closer to that goal.

It is also immature, flaky, and a bit of a moving target.

What is Docker?Simple question, lots of answers, beware bad metaphors & analogies

Bla bla cgroups bla bla security bla bla archaic kernel stuff that has been around for ages but was way to tedious to deal with for mere mortals

IMHO: 'standardized' way of building, packaging, running & configuring software -> fixes a real problem! clean separation between software provisioning (aka. DEV) and infrastructure provisioning (aka. OPS)

https://en.wikipedia.org/wiki/Docker_(software)

Docker history @Inbot2014 Just puppetized Inbot, looking at ansible. Hey: there's this cool new thing called docker.

2015 Lets get our ass out of Hetzner and get rid of puppet; Docker!?

2016 Inboot: AWS, Cloudformation, ECS & Docker

2017 Lets cut some cost. Replace Inboot with Das-Boot.

2018 Who knows ...

Docker & Devops: separation of concernsDEV: produce software & package it up as a docker image.

OPS: provision infrastructure to run the docker images

Interface between Dev & Ops == Docker + CI builds.

Installing software dependencies no longer an Ops concern.

No deployment time overhead for installing stuff (already in the container).

OPS part can be automated (das-boot)

What I love about DockerfileDockerfile LOC <<<< Puppet/Ansible/Salt/whatever LOC.

WYSIWYG software provisioning:

ENV foo=bar

RUN whatever command

no silly magic

Reads like documentation for all the stuff you need to get something running.

Docker ecosystemSnakeoil sellers are having a great time, once again. Usual suspects + a few new ones ...

Smells:

Your docker infrastructure requires more hardware than your app

Anything you buy into is obsolete 6 months down the road.

Documentation: here's hello world, ops stuff left as an exercise to the reader.

TODO: Security? Logging? Service discovery? Configuration? Monitoring? Best practices? ...

Our builds: docker build whatever

We have 1 managed script on our jenkins that does this on repos where we use it:

1. docker build . (downloads the world, compiles & tests)2. docker push image, 3. trigger das-boot deploy to environment associated with branch (if any)

Das-boot == docker container with our deployment scripts (node.js, aws-cli, and cloudformation yaml)

Dockerized build pipepline

Yay Layers & caching

Yay layers (2): Our production deploy processmerge master to newproduction

newproduction src now identical to master

docker build reuses most of the layers of our master build

tests already ran for master build

so jumps straight to deploy

Logging: GELF log driver on every docker host

Also syslog, beware the OOM Killer

Ran into this one today ….

Unresolved/rapidly evolving stuffKubernetes vs. Docker Swarm vs. Amazon We Don't Quite Have This Yet?

Consul, Etcd, Zookeeper, DIY dns hacks (yay route 53)?

Fun fact: AWS doesn't do service discovery, yet. So what will they do and when?

Rkt vs. Docker vs. ...?

Network overlays? Security? Logging?

Running stateful services heavy storage requirements?

Running stateful, clustering services?

What about a batteries included Docker ready PAAS + CI + Monitoring + Logging + Alerting + Sane defaults + ...?

QA?@jillesvangurp, @inbotapp