1

Docker in the Wild

Chris Mague / Shokunin

3/4/2016

2

Today's Talk

Background The Good The Bad In development In CD pipelines In production Conclusion

3

“Everyone needs a daily dose of Vitamin No”

-Reiko

4

Why Virtualize at all?

- Big machine – small service- Migration possible- Legacy uses - Simpler provisioning- Isolation

5

Background

- Virtualization- VM vs Container- Jails- Solaris Zones- Cgroups in Linux- LXC- Docker

6

The Good

7

Good Reasons to use Docker

0) Immutable1) fast startup times2) lightweight3) good tools4) great with microservices

8

The Bad

9

Docker Downsides

0) Immutable1) requires Linux2) only runs one process3) tooling is awful (especially on not Linux)4) troubleshooting is hard5) need to rethink how you develop/deploy

10

Immutable

“these are snowflakes – chives are identical” - Dinner Rush

11

In Development

12

But where do these containers come from?

There are some high quality containers available for download!

13

Downloading things off the Internets

14

D-I-Y

15

Better Solution from Hashicorp- use puppet/chef/salt/ansible- still can use shell scripts- output a variety of formats - AMI - GCE - Droplets - Virtual box - Openstack - Docker - QEMU - Parallels (see, you can change your mind later)

16

Running Containers

Docker Composer - relatively simple - works great on a dev

machine - docker specific

17

Better Solution from Hashicorp (2)- Runs Docker Containers- Modular / Variables can be set- Controls a variety of services - Consul - GCE - Droplets - Mailgun - Postgres/Mysql - Datadog - PowerDNS - Heroku (see, you can change your mind later)

18

19

In CI/CD – Example Jenkins Pipeline

20

Now we come to scaling...

Treat a bunch of hardware as a big local docker instance

21

Or Amazon

22

Better Solution from Hashicorp (3) So do you work for them or something??

- Job scheduler - Docker - Java - Binary - QEMU- Cron scheduler- Orchestration- Service discovery integration

23

Job Specification

24

New problem – Discovery!

25

Better Solution from Hashicorp (4)

- single binary- Raft consensus / HA- Gossip protocol- Rest API- DNS Interface- Key/Value store- Locking- vs Zookeeper/Etcd

26

DNS Discovery

27

frontend http bind 0.0.0.0:80 capture request header Host len 500

{{range services}}{{ if .Tags | contains "web-service" }} acl host_{{ .Name }} hdr_beg(host) -i {{ .Name }}. use_backend {{ .Name }} if host_{{ .Name }}{{end}}{{end}}

{{range services}}{{ if .Tags | contains "web-service" }}backend {{ .Name }} mode http balance roundrobin option httpchk HEAD / HTTP/1.0\r\nHost:\ {{ .Name }}.test\r\nUser-

agent:\ HAPROXY-CHECK {{range service .Name}} server {{.Node}} {{.Address}}:{{.Port}} check inter 5s rise 2 fall 2{{end}}{{end}}{{end}}

frontend http bind 0.0.0.0:80 capture request header Host len 500

acl host_tabinin hdr_beg(host) -i tabinin. use_backend tabinin if host_tabinin

backend tabinin mode http balance roundrobin option httpchk HEAD / HTTP/1.0\r\nHost:\ tabinin.test\r\nUser-agent:\ HAPROXY-

CHECK server qatcd-nomad-2.example.com 172.19.58.171:27722 check inter 5s rise 2 fall 2 server qatcd-nomad-3.example.com 172.19.58.172:42417 check inter 5s rise 2 fall 2

Config File / Templates

28

Feature Flags – Consul generated file

29

In Production

A few things have to change...

30

Cattle vs. Pets

Pets: - have cute names - take them to the vet - care and feeding

Cattle: - replace it...

31

SLAs/KPIs become critical

- If my service returns a response in < 200ms 95% of the time...

- If my error rate > 2% over a 5 minute window...

32

Monitoring / Telemetry must follow

33

Logging is now your primary method of troubleshooting

34

New Problem

- You can deploy too fast……

Which one of the 10 deploys caused the issue and which one fixed it?

Two deployment windows a day 11:00 and 3:00 means everyone is on hand and able to jump in if there's an issue

35

Conclusion (1)

You are going to end up with an infrastructure that consists of Docker-ized and other types of services

Accordingly, pick the tool set that is the most flexible! (my bias is clear here...)

36

Conclusion (2)Docker is worth it for some things:- application servers- stateless applications- development environment

Don't bother:- data stores- slow moving monolithic apps