SlideShare ist ein Scribd-Unternehmen logo

Truemotion Adventures in Containerization

Als PPTX, PDF herunterladen
Ryan Hunter
Ryan Hunter

Presented at boston openstack meetup 8/24/17

Ingenieurwesen
1 von 34
Adventures in Containerization
Ryan Hunter ● SRE Lead @ TrueMotion ○ First Backend Engineer 3 years ago ○ Moved to operations in search of new challenges! ● I’m an automation fanatic! ● When I’m not working to make on-call a thing of the past, I enjoy: ○ Diving ○ Hiking ○ Building drones and other useless contraptions in my basement
Pets Cattle A Herd Servers as... Infrastructure Evolves with a Company
Why did we Switch to Containers? November 2016 3.05%
Why did we Switch to Containers? ● Debian based deploys o Great so long as all you dependencies were in debians too ● Ansible: Build the server from scratch o External dependency hell ● Neither flexible or reliable ● Minimum provisioning size was too large ● A more flexible build artifact ● Decouple instance size from application software ● A common, preloaded AMI could be used to run all (most) services Where we started... Where we wanted to go...
What did Docker give us? ●A flexible, portable, runtime artifact ■ Described runtime requirements ■ Memory/CPU requirements ●An ecosystem of tools to manage, version, and develop these containers
What Docker didn’t give us ●Really nice match for stateless services ●Stateful containers ARE possible, but significantly complicates scheduling
What Docker didn’t give us ●How do you… ...these containers? ○ schedule ○ provision ○ discover (and monitor) ○ configure
Schedule
Scheduling
Scheduling - Why ECS? ● Very basic (unopinionated) ● Amazon Support ● Amazon platform integration ○ IAM Roles ○ Cloudformation
Provision
Provision
Provision - Why Cloudformation ●Well integrated with AWS ●We can provision both docker containers and infrastructure in one template (because we use ECS) ●AWS Supported ●Parameter Validation
Provision - Why Cloudformation Application CodeDependencies Docker Container Cloudformation Template Lambda Code Lambda Zip Package Versioned Cloudformation Template Deployed Cloudformation Stack Develop Build Package Deploy Stamp Template Each Service is deployed via a Cloudformation stack
Provision - Why Cloudformation stacks: - name: prod template: prod-env region: us-east-1 version: prod parameters: EIPList: <redacted> EnvCIDR: 16 EnvMaturity: prod PagerDutyKey: {{ pagerduty_key }} RDSPassword: {{ rds_password }} - name: prod-etl template: dw-etl region: us-east-1 version: "92" parameters: DesiredInstanceCount: 6 EnvironmentName: prod EnvMaturity: prod ... ● Each service pushes a template with a name and a version to S3 ● That template has all the application dependencies hardcoded (docker container version, lambdas, etc) ● Each environment has its own repo containing a deploy.yaml
Discover (and monitor)
Discover (and monitor) ●We use Registrator to join new containers to consul ●Custom version that supports services without exposed ports ●Loadbalancers (internal and external) are configured via consul to route traffic to the appropriate container
Monitor (Is my service up?) ●Consul Docker exec health checks are very powerful ●Docker also has a new health check API! ●Configured via Registrator Consul Agent My Service Container health-check.py My Service Check Docker Host
Monitor (Logging) ●Sumo provides a docker log collector ●Wrote a script that fetches containers and assigns source category based on the container type ●Runs as a container on each docker host _sourceCategory = <Environment name>/<Service Name>/<Environment Maturity>
Monitor (Whitebox) ●Traffic - Requests per second, trips per second ●Errors - Rate of status codes and error logs ●Latency - How long does the service take to do a unit of work ●Saturation - How do I know I need to scale out? ●Consul Check (is it up?)
Monitor (Whitebox) ●We have very similar services ■ Webservice (http) ■ Data pipeline (etl, trip processing) ●TruMonitor library ■ Common monitoring tools library ■ UNVERSIONED - controversial
Configure
Last Mile Configuration ●Cloudformation provides a parameter interface ■ Pass on to container via Environment Variables ■ AWS infrastructure can be passed in directly ●Per Company Configs ■ Consul K/V + consul-template stacks: - name: prod template: prod-env region: us-east-1 version: prod parameters: EIPList: <redacted> EnvCIDR: 16 EnvMaturity: prod PagerDutyKey: {{ pagerduty_key }} RDSPassword: {{ rds_password }} ...
Consul + Consul Template Consul Cluster Consul Template Config File Application Process Exec PublishEntrypoint Docker Container ● Great for configs to complex for params ● Git2consul will sync configs in VCS with cluster ● Parameter validation matters! ■ Wrote SOME test coverage using JSONSchema
What about secrets storage? ●Initially used KMS Encrypted values decrypted with consul- template plugin ●DO NOT write consul template plugins with blocking/high latency calls
What we did instead ●Borrowed from the ansible-vault concept ●Encrypted “privates” file inside environment repo ●Populate cloudformation parameters using Jinja2 ●Works well enough… will not work for per company config values
Conclusions ●Developer training is hard: example repos work REALLY well ●Secrets management requires some forethought ●Jenkins Pipelines is very powerful… ●Spend time automating creating and removing ECS nodes ●Auto Scaling a docker cluster is nuanced!
Want to Help? We’re Hiring! ●I’m looking for backend software engineers with a passion for automation ●Talk to me! ●… or https://gotruemotion.com/careers/
THANK YOU!
Reference
ECSScheduler Consul Registrator Public LB (Nginx) Private LB (Nginx) Worker Nodes Public API Internal API ASG High Level Arch
EC2 Instance Today’s Pipeline Build Scripts Debian Pip Gemfury Ansible EC2 Instance provision.py ● Inflexible ● Jobs managed through UI ● Restricted versioning convention ● Supports only specific distro/version ● Pip doesn’t enforce dependencies for crap! ● Gemfury goes down! ● Instance config is in a separate repo from service code ● We can’t version configuration against services ● Lots of tight coupling between service roles ● Fails a LOT! ● Services tied to instance ● Instance type for a service defined globally ● Manual process to provision instances and other AWS resources ● AWS instance provisioning is entirely manual ● Difficult to automate ● Too easy to create and forget about instances
EC2 Instance Cloudformation/Docker Pipeline Jenkins Pipelines Docker CF Template CF Pipeline ECS Cluster Environment Config ● Resources defined per service ● Configs validated per service ● Leverage docker as a common runtime framework ● Build process definition lives in service repo ● Common processes can be defined via global library ● Use docker to provide build dependencies ● Cloudformation templates are used as the deployment artifact ● Environment updates via code review ● Tight coupling between resource requirements and resources provisioned ● Ability to use spot fleet/spot instances

Empfohlen

Swarm migration
Swarm migrationSwarm migration
Swarm migrationJanakiram MSV
 
Getting started with kubernetes
Getting started with kubernetesGetting started with kubernetes
Getting started with kubernetesJanakiram MSV
 
Kubernetes Webinar Series - Understanding Service Discovery
Kubernetes Webinar Series - Understanding Service DiscoveryKubernetes Webinar Series - Understanding Service Discovery
Kubernetes Webinar Series - Understanding Service DiscoveryJanakiram MSV
 
Looking Under The Hood: containerD
Looking Under The Hood: containerDLooking Under The Hood: containerD
Looking Under The Hood: containerDDocker, Inc.
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in DockerDocker, Inc.
 
Kubernetes Webinar - Using ConfigMaps & Secrets
Kubernetes Webinar - Using ConfigMaps & Secrets Kubernetes Webinar - Using ConfigMaps & Secrets
Kubernetes Webinar - Using ConfigMaps & Secrets Janakiram MSV
 
Enabling Security via Container Runtimes
Enabling Security via Container RuntimesEnabling Security via Container Runtimes
Enabling Security via Container RuntimesPhil Estes
 
Kubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and JobsKubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and JobsJanakiram MSV
 

Empfohlen

Swarm migration
Swarm migrationSwarm migration
Swarm migrationJanakiram MSV
 
Getting started with kubernetes
Getting started with kubernetesGetting started with kubernetes
Getting started with kubernetesJanakiram MSV
 
Kubernetes Webinar Series - Understanding Service Discovery
Kubernetes Webinar Series - Understanding Service DiscoveryKubernetes Webinar Series - Understanding Service Discovery
Kubernetes Webinar Series - Understanding Service DiscoveryJanakiram MSV
 
Looking Under The Hood: containerD
Looking Under The Hood: containerDLooking Under The Hood: containerD
Looking Under The Hood: containerDDocker, Inc.
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in DockerDocker, Inc.
 
Kubernetes Webinar - Using ConfigMaps & Secrets
Kubernetes Webinar - Using ConfigMaps & Secrets Kubernetes Webinar - Using ConfigMaps & Secrets
Kubernetes Webinar - Using ConfigMaps & Secrets Janakiram MSV
 
Enabling Security via Container Runtimes
Enabling Security via Container RuntimesEnabling Security via Container Runtimes
Enabling Security via Container RuntimesPhil Estes
 
Kubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and JobsKubernetes Webinar Series - Exploring Daemon Sets and Jobs
Kubernetes Webinar Series - Exploring Daemon Sets and JobsJanakiram MSV
 
A Closer Look at Kubernetes Pods and Replica Sets
A Closer Look at Kubernetes Pods and Replica SetsA Closer Look at Kubernetes Pods and Replica Sets
A Closer Look at Kubernetes Pods and Replica SetsJanakiram MSV
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKevin Lynch
 
Everything you want to know about Ingress
Everything you want to know about IngressEverything you want to know about Ingress
Everything you want to know about IngressJanakiram MSV
 
Leveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan HazlettLeveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan HazlettDocker, Inc.
 
Tupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBTupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBDocker, Inc.
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
Android Meets Docker
Android Meets DockerAndroid Meets Docker
Android Meets DockerDocker, Inc.
 
Platform Orchestration with Kubernetes and Docker
Platform Orchestration with Kubernetes and DockerPlatform Orchestration with Kubernetes and Docker
Platform Orchestration with Kubernetes and DockerJulian Strobl
 
The Fairy Tale of the One Command Build Script
The Fairy Tale of the One Command Build ScriptThe Fairy Tale of the One Command Build Script
The Fairy Tale of the One Command Build ScriptDocker, Inc.
 
Kubernetes and OpenStack at Scale
Kubernetes and OpenStack at ScaleKubernetes and OpenStack at Scale
Kubernetes and OpenStack at ScaleStephen Gordon
 
The (mutable) config management showdown
The (mutable) config management showdownThe (mutable) config management showdown
The (mutable) config management showdownBob Killen
 
Kubernetes training
Kubernetes trainingKubernetes training
Kubernetes trainingDes Drury
 
Securing Containerized Applications: A Primer
Securing Containerized Applications: A PrimerSecuring Containerized Applications: A Primer
Securing Containerized Applications: A PrimerPhil Estes
 
Cloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications PrimerCloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications PrimerPhil Estes
 
Ansible, integration testing, and you.
Ansible, integration testing, and you.Ansible, integration testing, and you.
Ansible, integration testing, and you.Bob Killen
 
Scale out, with Kubernetes (k8s)
Scale out, with Kubernetes (k8s)Scale out, with Kubernetes (k8s)
Scale out, with Kubernetes (k8s)Arkadiusz Borek
 
The state of containerd
The state of containerdThe state of containerd
The state of containerdDocker, Inc.
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesMichal Cwienczek
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingPiotr Perzyna
 
DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3sHaggai Philip Zagury
 
NetflixOSS Meetup season 3 episode 1
NetflixOSS Meetup season 3 episode 1NetflixOSS Meetup season 3 episode 1
NetflixOSS Meetup season 3 episode 1Ruslan Meshenberg
 

Weitere ähnliche Inhalte

Was ist angesagt?

A Closer Look at Kubernetes Pods and Replica Sets
A Closer Look at Kubernetes Pods and Replica SetsA Closer Look at Kubernetes Pods and Replica Sets
A Closer Look at Kubernetes Pods and Replica SetsJanakiram MSV
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKevin Lynch
 
Everything you want to know about Ingress
Everything you want to know about IngressEverything you want to know about Ingress
Everything you want to know about IngressJanakiram MSV
 
Leveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan HazlettLeveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan HazlettDocker, Inc.
 
Tupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBTupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBDocker, Inc.
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesRishabh Indoria
 
Android Meets Docker
Android Meets DockerAndroid Meets Docker
Android Meets DockerDocker, Inc.
 
Platform Orchestration with Kubernetes and Docker
Platform Orchestration with Kubernetes and DockerPlatform Orchestration with Kubernetes and Docker
Platform Orchestration with Kubernetes and DockerJulian Strobl
 
The Fairy Tale of the One Command Build Script
The Fairy Tale of the One Command Build ScriptThe Fairy Tale of the One Command Build Script
The Fairy Tale of the One Command Build ScriptDocker, Inc.
 
Kubernetes and OpenStack at Scale
Kubernetes and OpenStack at ScaleKubernetes and OpenStack at Scale
Kubernetes and OpenStack at ScaleStephen Gordon
 
The (mutable) config management showdown
The (mutable) config management showdownThe (mutable) config management showdown
The (mutable) config management showdownBob Killen
 
Kubernetes training
Kubernetes trainingKubernetes training
Kubernetes trainingDes Drury
 
Securing Containerized Applications: A Primer
Securing Containerized Applications: A PrimerSecuring Containerized Applications: A Primer
Securing Containerized Applications: A PrimerPhil Estes
 
Cloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications PrimerCloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications PrimerPhil Estes
 
Ansible, integration testing, and you.
Ansible, integration testing, and you.Ansible, integration testing, and you.
Ansible, integration testing, and you.Bob Killen
 
Scale out, with Kubernetes (k8s)
Scale out, with Kubernetes (k8s)Scale out, with Kubernetes (k8s)
Scale out, with Kubernetes (k8s)Arkadiusz Borek
 
The state of containerd
The state of containerdThe state of containerd
The state of containerdDocker, Inc.
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesMichal Cwienczek
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopBob Killen
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingPiotr Perzyna
 

Was ist angesagt? (20)

A Closer Look at Kubernetes Pods and Replica Sets
A Closer Look at Kubernetes Pods and Replica SetsA Closer Look at Kubernetes Pods and Replica Sets
A Closer Look at Kubernetes Pods and Replica Sets
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the Datacenter
 
Everything you want to know about Ingress
Everything you want to know about IngressEverything you want to know about Ingress
Everything you want to know about Ingress
 
Leveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan HazlettLeveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan Hazlett
 
Tupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FBTupperware: Containerized Deployment at FB
Tupperware: Containerized Deployment at FB
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Android Meets Docker
Android Meets DockerAndroid Meets Docker
Android Meets Docker
 
Platform Orchestration with Kubernetes and Docker
Platform Orchestration with Kubernetes and DockerPlatform Orchestration with Kubernetes and Docker
Platform Orchestration with Kubernetes and Docker
 
The Fairy Tale of the One Command Build Script
The Fairy Tale of the One Command Build ScriptThe Fairy Tale of the One Command Build Script
The Fairy Tale of the One Command Build Script
 
Kubernetes and OpenStack at Scale
Kubernetes and OpenStack at ScaleKubernetes and OpenStack at Scale
Kubernetes and OpenStack at Scale
 
The (mutable) config management showdown
The (mutable) config management showdownThe (mutable) config management showdown
The (mutable) config management showdown
 
Kubernetes training
Kubernetes trainingKubernetes training
Kubernetes training
 
Securing Containerized Applications: A Primer
Securing Containerized Applications: A PrimerSecuring Containerized Applications: A Primer
Securing Containerized Applications: A Primer
 
Cloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications PrimerCloud Native TLV Meetup: Securing Containerized Applications Primer
Cloud Native TLV Meetup: Securing Containerized Applications Primer
 
Ansible, integration testing, and you.
Ansible, integration testing, and you.Ansible, integration testing, and you.
Ansible, integration testing, and you.
 
Scale out, with Kubernetes (k8s)
Scale out, with Kubernetes (k8s)Scale out, with Kubernetes (k8s)
Scale out, with Kubernetes (k8s)
 
The state of containerd
The state of containerdThe state of containerd
The state of containerd
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
Introduction to Kubernetes Workshop
Introduction to Kubernetes WorkshopIntroduction to Kubernetes Workshop
Introduction to Kubernetes Workshop
 
K8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals TrainingK8s in 3h - Kubernetes Fundamentals Training
K8s in 3h - Kubernetes Fundamentals Training
 

Ähnlich wie Truemotion Adventures in Containerization

DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3sHaggai Philip Zagury
 
NetflixOSS Meetup season 3 episode 1
NetflixOSS Meetup season 3 episode 1NetflixOSS Meetup season 3 episode 1
NetflixOSS Meetup season 3 episode 1Ruslan Meshenberg
 
Getting started with docker (2017)
Getting started with docker (2017)Getting started with docker (2017)
Getting started with docker (2017)JEMLI Fathi
 
Netflix Container Scheduling and Execution - QCon New York 2016
Netflix Container Scheduling and Execution - QCon New York 2016Netflix Container Scheduling and Execution - QCon New York 2016
Netflix Container Scheduling and Execution - QCon New York 2016aspyker
 
Scheduling a fuller house - Talk at QCon NY 2016
Scheduling a fuller house - Talk at QCon NY 2016Scheduling a fuller house - Talk at QCon NY 2016
Scheduling a fuller house - Talk at QCon NY 2016Sharma Podila
 
Swarm: Native Docker Clustering
Swarm: Native Docker ClusteringSwarm: Native Docker Clustering
Swarm: Native Docker ClusteringRoyee Tager
 
Devops with Python by Yaniv Cohen DevopShift
Devops with Python by Yaniv Cohen DevopShiftDevops with Python by Yaniv Cohen DevopShift
Devops with Python by Yaniv Cohen DevopShiftYaniv cohen
 
The benefits of running Spark on your own Docker
The benefits of running Spark on your own DockerThe benefits of running Spark on your own Docker
The benefits of running Spark on your own DockerItai Yaffe
 
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...Richard Bullington-McGuire
 
Future of Cloud Computing with Containers
Future of Cloud Computing with ContainersFuture of Cloud Computing with Containers
Future of Cloud Computing with ContainersLakmal Warusawithana
 
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...Haggai Philip Zagury
 
OSDC 2018 | Three years running containers with Kubernetes in Production by T...
OSDC 2018 | Three years running containers with Kubernetes in Production by T...OSDC 2018 | Three years running containers with Kubernetes in Production by T...
OSDC 2018 | Three years running containers with Kubernetes in Production by T...NETWAYS
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthNicolas Brousse
 
introduction to micro services
introduction to micro servicesintroduction to micro services
introduction to micro servicesSpyros Lambrinidis
 
ContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven InfrastructureContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven InfrastructureYury Tsarev
 
Taking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and DecideTaking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and DecideBret Fisher
 
Taking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and DecideTaking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and DecideDocker, Inc.
 

Ähnlich wie Truemotion Adventures in Containerization (20)

DevEx | there’s no place like k3s
DevEx | there’s no place like k3sDevEx | there’s no place like k3s
DevEx | there’s no place like k3s
 
NetflixOSS Meetup season 3 episode 1
NetflixOSS Meetup season 3 episode 1NetflixOSS Meetup season 3 episode 1
NetflixOSS Meetup season 3 episode 1
 
Getting started with docker (2017)
Getting started with docker (2017)Getting started with docker (2017)
Getting started with docker (2017)
 
JOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in ProductionJOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in Production
 
Netflix Container Scheduling and Execution - QCon New York 2016
Netflix Container Scheduling and Execution - QCon New York 2016Netflix Container Scheduling and Execution - QCon New York 2016
Netflix Container Scheduling and Execution - QCon New York 2016
 
Scheduling a fuller house - Talk at QCon NY 2016
Scheduling a fuller house - Talk at QCon NY 2016Scheduling a fuller house - Talk at QCon NY 2016
Scheduling a fuller house - Talk at QCon NY 2016
 
Swarm: Native Docker Clustering
Swarm: Native Docker ClusteringSwarm: Native Docker Clustering
Swarm: Native Docker Clustering
 
Devops with Python by Yaniv Cohen DevopShift
Devops with Python by Yaniv Cohen DevopShiftDevops with Python by Yaniv Cohen DevopShift
Devops with Python by Yaniv Cohen DevopShift
 
Docker in Production at the Aurora Team
Docker in Production at the Aurora TeamDocker in Production at the Aurora Team
Docker in Production at the Aurora Team
 
The benefits of running Spark on your own Docker
The benefits of running Spark on your own DockerThe benefits of running Spark on your own Docker
The benefits of running Spark on your own Docker
 
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...
 
Future of Cloud Computing with Containers
Future of Cloud Computing with ContainersFuture of Cloud Computing with Containers
Future of Cloud Computing with Containers
 
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
DevOpsDays Tel Aviv DEC 2022 | Building A Cloud-Native Platform Brick by Bric...
 
A docker love story
A docker love storyA docker love story
A docker love story
 
OSDC 2018 | Three years running containers with Kubernetes in Production by T...
OSDC 2018 | Three years running containers with Kubernetes in Production by T...OSDC 2018 | Three years running containers with Kubernetes in Production by T...
OSDC 2018 | Three years running containers with Kubernetes in Production by T...
 
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
 
introduction to micro services
introduction to micro servicesintroduction to micro services
introduction to micro services
 
ContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven InfrastructureContainerCon - Test Driven Infrastructure
ContainerCon - Test Driven Infrastructure
 
Taking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and DecideTaking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and Decide
 
Taking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and DecideTaking Docker to Production: What You Need to Know and Decide
Taking Docker to Production: What You Need to Know and Decide
 

Kürzlich hochgeladen

BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfSuman Jyoti
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSrknatarajan
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTbhaskargani46
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfRagavanV2
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 
Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spaintimesproduction05
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01KreezheaRecto
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 

Kürzlich hochgeladen (20)

BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
NFPA 5000 2024 standard .
NFPA 5000 2024 standard .NFPA 5000 2024 standard .
NFPA 5000 2024 standard .
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spain
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 

Truemotion Adventures in Containerization

  • 2. Ryan Hunter ● SRE Lead @ TrueMotion ○ First Backend Engineer 3 years ago ○ Moved to operations in search of new challenges! ● I’m an automation fanatic! ● When I’m not working to make on-call a thing of the past, I enjoy: ○ Diving ○ Hiking ○ Building drones and other useless contraptions in my basement
  • 3. Pets Cattle A Herd Servers as... Infrastructure Evolves with a Company
  • 4. Why did we Switch to Containers? November 2016 3.05%
  • 5. Why did we Switch to Containers? ● Debian based deploys o Great so long as all you dependencies were in debians too ● Ansible: Build the server from scratch o External dependency hell ● Neither flexible or reliable ● Minimum provisioning size was too large ● A more flexible build artifact ● Decouple instance size from application software ● A common, preloaded AMI could be used to run all (most) services Where we started... Where we wanted to go...
  • 6. What did Docker give us? ●A flexible, portable, runtime artifact ■ Described runtime requirements ■ Memory/CPU requirements ●An ecosystem of tools to manage, version, and develop these containers
  • 7. What Docker didn’t give us ●Really nice match for stateless services ●Stateful containers ARE possible, but significantly complicates scheduling
  • 8. What Docker didn’t give us ●How do you… ...these containers? ○ schedule ○ provision ○ discover (and monitor) ○ configure
  • 11. Scheduling - Why ECS? ● Very basic (unopinionated) ● Amazon Support ● Amazon platform integration ○ IAM Roles ○ Cloudformation
  • 14. Provision - Why Cloudformation ●Well integrated with AWS ●We can provision both docker containers and infrastructure in one template (because we use ECS) ●AWS Supported ●Parameter Validation
  • 15. Provision - Why Cloudformation Application CodeDependencies Docker Container Cloudformation Template Lambda Code Lambda Zip Package Versioned Cloudformation Template Deployed Cloudformation Stack Develop Build Package Deploy Stamp Template Each Service is deployed via a Cloudformation stack
  • 16. Provision - Why Cloudformation stacks: - name: prod template: prod-env region: us-east-1 version: prod parameters: EIPList: <redacted> EnvCIDR: 16 EnvMaturity: prod PagerDutyKey: {{ pagerduty_key }} RDSPassword: {{ rds_password }} - name: prod-etl template: dw-etl region: us-east-1 version: "92" parameters: DesiredInstanceCount: 6 EnvironmentName: prod EnvMaturity: prod ... ● Each service pushes a template with a name and a version to S3 ● That template has all the application dependencies hardcoded (docker container version, lambdas, etc) ● Each environment has its own repo containing a deploy.yaml
  • 18. Discover (and monitor) ●We use Registrator to join new containers to consul ●Custom version that supports services without exposed ports ●Loadbalancers (internal and external) are configured via consul to route traffic to the appropriate container
  • 19. Monitor (Is my service up?) ●Consul Docker exec health checks are very powerful ●Docker also has a new health check API! ●Configured via Registrator Consul Agent My Service Container health-check.py My Service Check Docker Host
  • 20. Monitor (Logging) ●Sumo provides a docker log collector ●Wrote a script that fetches containers and assigns source category based on the container type ●Runs as a container on each docker host _sourceCategory = <Environment name>/<Service Name>/<Environment Maturity>
  • 21. Monitor (Whitebox) ●Traffic - Requests per second, trips per second ●Errors - Rate of status codes and error logs ●Latency - How long does the service take to do a unit of work ●Saturation - How do I know I need to scale out? ●Consul Check (is it up?)
  • 22. Monitor (Whitebox) ●We have very similar services ■ Webservice (http) ■ Data pipeline (etl, trip processing) ●TruMonitor library ■ Common monitoring tools library ■ UNVERSIONED - controversial
  • 24. Last Mile Configuration ●Cloudformation provides a parameter interface ■ Pass on to container via Environment Variables ■ AWS infrastructure can be passed in directly ●Per Company Configs ■ Consul K/V + consul-template stacks: - name: prod template: prod-env region: us-east-1 version: prod parameters: EIPList: <redacted> EnvCIDR: 16 EnvMaturity: prod PagerDutyKey: {{ pagerduty_key }} RDSPassword: {{ rds_password }} ...
  • 25. Consul + Consul Template Consul Cluster Consul Template Config File Application Process Exec PublishEntrypoint Docker Container ● Great for configs to complex for params ● Git2consul will sync configs in VCS with cluster ● Parameter validation matters! ■ Wrote SOME test coverage using JSONSchema
  • 26. What about secrets storage? ●Initially used KMS Encrypted values decrypted with consul- template plugin ●DO NOT write consul template plugins with blocking/high latency calls
  • 27. What we did instead ●Borrowed from the ansible-vault concept ●Encrypted “privates” file inside environment repo ●Populate cloudformation parameters using Jinja2 ●Works well enough… will not work for per company config values
  • 28. Conclusions ●Developer training is hard: example repos work REALLY well ●Secrets management requires some forethought ●Jenkins Pipelines is very powerful… ●Spend time automating creating and removing ECS nodes ●Auto Scaling a docker cluster is nuanced!
  • 29. Want to Help? We’re Hiring! ●I’m looking for backend software engineers with a passion for automation ●Talk to me! ●… or https://gotruemotion.com/careers/
  • 32. ECSScheduler Consul Registrator Public LB (Nginx) Private LB (Nginx) Worker Nodes Public API Internal API ASG High Level Arch
  • 33. EC2 Instance Today’s Pipeline Build Scripts Debian Pip Gemfury Ansible EC2 Instance provision.py ● Inflexible ● Jobs managed through UI ● Restricted versioning convention ● Supports only specific distro/version ● Pip doesn’t enforce dependencies for crap! ● Gemfury goes down! ● Instance config is in a separate repo from service code ● We can’t version configuration against services ● Lots of tight coupling between service roles ● Fails a LOT! ● Services tied to instance ● Instance type for a service defined globally ● Manual process to provision instances and other AWS resources ● AWS instance provisioning is entirely manual ● Difficult to automate ● Too easy to create and forget about instances
  • 34. EC2 Instance Cloudformation/Docker Pipeline Jenkins Pipelines Docker CF Template CF Pipeline ECS Cluster Environment Config ● Resources defined per service ● Configs validated per service ● Leverage docker as a common runtime framework ● Build process definition lives in service repo ● Common processes can be defined via global library ● Use docker to provide build dependencies ● Cloudformation templates are used as the deployment artifact ● Environment updates via code review ● Tight coupling between resource requirements and resources provisioned ● Ability to use spot fleet/spot instances