SlideShare ist ein Scribd-Unternehmen logo

Common primitives in Docker environments

alexandru giurgiu
alexandru giurgiu

This document discusses common primitives needed in Docker environments when deploying applications across multiple machines. It outlines several key primitives like persistence, service discovery, monitoring, logging, authentication and authorization. For each primitive, it describes different approaches, lists relevant open source projects, and provides recommendations on how to implement the primitive in a way that is standardized, scalable and works for both new and legacy applications. The goal is to abstract infrastructure and treat all machines similarly while achieving reliability, reproducibility and reducing manual labor.

Technologie
1 von 58
Downloaden Sie, um offline zu lesen
Common primitivesCommon primitives in Dockerin Docker environmentsenvironments Alex Giurgiu (alex@giurgiu.io)
DockerDocker isis great!great!
Until you want to deploy yourUntil you want to deploy your new application in production...new application in production... on multiple machineson multiple machines
You thought you have thisYou thought you have this
When in fact you have thisWhen in fact you have this
We are trying to get hereWe are trying to get here
This problem is intenselyThis problem is intensely debated at the moment...debated at the moment... with many competingwith many competing projects...projects... thatthat approachapproach it in oneit in one way or another...way or another...
Just look atJust look at Mesos Google's Omega Kubernetes CoreOS Centurion Helios Flynn Deis Dokku etc.
What do they have inWhat do they have in common?common? they abstract a set of machines, making it look like its one machine they provide a set of primitives that deal with resources on that set of machines
From this To this
Why not use one of the mentioned solutions? Most of them require you to write your application/workload in a custom way. To totally give in to their way of doing things. But (I)we want to run the old/legacy applications, while gaining the same advantages
Our goals are similar standardize the way we interact with our infrastructure treat all machines in a similar way achieve reliability, through software and not through hardware achieve reproducible infrastructure reduce manual labor
Our building blockOur building block Container Inputs (binaries,code, packages, etc) External services Build process State
Common primitivesCommon primitives "common enough that a generalized solution can be devised" "should be applicable to both in-house or external applications"
Common primitivesCommon primitives persistence service discovery monitoring logging authentication and authorization image build service image registry
(state) Persistence(state) Persistence
PersistencePersistence one of the hardest problems to solve in a clean and scalable way should be transparent for the application most people just avoid Docker-izing services that require persistence
LocalLocal - bring the state locally, relative to where the container runs - should be taken care by your deployment/PaaS solution - advantages: write/read speeds, reliability - disadvantages: potentially slow deploys, complex orchestration RemoteRemote - keep state remotely and "mount" it where the application is deployed - can be done by your PaaS solution or by the container itself - advantages: simpler to orchestrate, fast deploys - disadvantages: write/read speeds, (un)reliability
Projects that try toProjects that try to solve persitencesolve persitence Flocker - https://github.com/ClusterHQ/flocker ?
Flocker way(local)Flocker way(local)
Service discoveryService discovery and registrationand registration
Service discoveryService discovery most worked on aspect of Docker orchestration quite a few different open source projects that tackle this problem multiple approaches: environment variables, configuration files, key/value stores, DNS, ambassador pattern etc.
Open source projectsOpen source projects Consul (my personal favorite) etcd (CoreOS's favorite) ZooKeeper (many people's favorite) Eureka (Netflix's favorite) Smartstack (Airbnb's favorite) ... (service discovery)
choose a solution that can accommodate both legacy and custom applications: discovery using DNS or HTTP choose a solution that can be manipulated using a common protocol: HTTP make sure to remove died out applications from your SD system Ideally it should have no single point of failure Consul satisfies all the above requirements How to do itHow to do it (service discovery)
ConsulConsul (service discovery) can be queried over DNS and HTTP distributed key:value store consistent and fault tolerant(RAFT) fast convergence(SWIM) Service checks
Service registrationService registration Can be done by your application - simple HTTP call to Consul a separate script/application inside your container another container that inspects running containers - progrium/registrator Most importantly, each container should provide metadata about the service its running.
MonitoringMonitoring
MonitoringMonitoring 2 perspectives service monitoring - can be done as in pre-Docker times container monitoring
Service monitoringService monitoring (monitoring) can be done with tools like Nagios your monitoring system should react dynamically to services that start and stop containers should define what needs to be monitored services should register themselves in the monitoring system Consul supports service checks
Container monitoringContainer monitoring (monitoring) monitor container state(up/down) - Docker event API provides this information gather performance and usage metrics about each container - Google's cAdvisor provides this cAdvisor provides an API to pull the data out, so you can feed it to your trending system
Monitoring principlesMonitoring principles (monitoring) have a layer of system monitoring - that trusts humans have a layer of behavior tests - doesnt trust humans. Used to make sure that a certain environment is up reduces manual labor
enables detailed insights inside the kernel and applications they have a new "cloud" version same thing can be achieved on your private Docker platform SysdigSysdig (DTrace for Linux)
LoggingLogging
LoggingLogging logs will be used by engineers to troubleshoot issues ... but now your application is a distributed moving target the need for centralized log aggregation is big
How to do itHow to do it (logging) Multiple approaches applications write logs to STDOUT and you pick up the logs using the Docker API or client. Logspout can be used to ship the logs remotely applications write logs inside the container and a logging daemon inside the container(RSYSLOG) ships the logs to a centralized location applications write logs in a volume which is shared with another container that runs a log shipping daemon
How to do itHow to do it (logging) Choose an approach that fits your needs and send the logs to a centralized location logstash-forwarder is a great to forward your logs(please dont choose python-beaver) elasticsearch is a great way to store your logs Kibana is a great way to visualize your logs
What do we do about log ordering?
Authentication andAuthentication and authorizationauthorization
AuthentificationAuthentification how can you prove that a container/service is who it says it is? useful to have a generalized way of authenticating all your containers that way you can count on the reported identity when allowing access to certain resources
How to do itHow to do it (authentication) Largely unsolved Docker 1.3 tries to check image signatures if they come from the public registry and if they are marked as an "official repo" A PKI setup fits the problem, with a unique certificate for every container(not image) Docker promised some PKI based solution in future releases - I would wait for that
AuthorizationAuthorization builds on top of authentication will keep track of what resources a container/service can access should hand over details like user/pass pairs, API tokens and ssh keys
How to do itHow to do it (authorization) Do NOT bake in credentials and ssh keys into images (security and coupling) Easy way - mount external volume that contains credentials, ssh keys or even ssh agent sockets - doesn't require authentication - increases the complexity of your deployment solution Hard way - store credentials in a centralized service - requires some form of authentication - decreases complexity in your deployment solution
How to do itHow to do it (authorization) Crypt and Consul(or etcd) tries to solve the problem by using OpenPGP each container needs access to a private key. Can be made available through volume credentials are stored encrypted in Consul credentials get retrieved and decrypted in container
Image build serviceImage build service
Image build serviceImage build service Build gets triggered when code gets changed and committed to your repository Can perform basic checks to make sure the image complies with some basic rules Commits image to image registry If other images depend on it, a build job should be triggered for those images Extra tip: more control over the input sources for your images will in turn improve the reliability of your builds
How to do itHow to do it (image build service) Git and Jenkins? probably any vcs and CI tool will work but Git and Jenkins work great Simple workflow commits code Git post commit hook Github webhook Jenkins test and build Push to registry
Container Inputs (binaries,code, packages, etc) Build process Basic build process
Image registryImage registry
Image registryImage registry a central place to store your Docker images Docker Hub is the public one you can easily run a private registry
Open source projectsOpen source projects Docker registry https://github.com/docker/docker-registry Artifactory http://www.jfrog.com/open-source/ (image registry)
How to do itHow to do it (image registry) USE a registry and dont rely on building images on every machine tag your images with specific versions make version requirements explicit
Image registryImage registry
Where are we now?Where are we now? a lot of hype, experience needs to follow the sheer number of projects and work put in the ecosystem is impressive this momentum fuels on itself and ignites rapid development in projects that are required to achieve certain things can you program?
Some conclusionsSome conclusions reduce coupling between components think about your platform as a functional program with side effects - identify the logic and identify the state architect your system in a service oriented way - this way any required service can be placed inside a container avoid running services on your Docker host all container operations should be programmable, and ideally idempotent
The network is the last bastion of inflexibility. trade-off between flexibility and performance (throughput,latency) detailed analysis of performance?
Questions?Questions?

Empfohlen

Inside the Android application framework - Google I/O 2009
Inside the Android application framework - Google I/O 2009Inside the Android application framework - Google I/O 2009
Inside the Android application framework - Google I/O 2009Viswanath J
 
The Docker ecosystem and the future of application deployment
The Docker ecosystem and the future of application deploymentThe Docker ecosystem and the future of application deployment
The Docker ecosystem and the future of application deploymentJérôme Petazzoni
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX ContainerAraf Karsh Hamid
 
Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...Jérôme Petazzoni
 
Dockerfile Tutorial with Example | Creating your First Dockerfile | Docker Tr...
Dockerfile Tutorial with Example | Creating your First Dockerfile | Docker Tr...Dockerfile Tutorial with Example | Creating your First Dockerfile | Docker Tr...
Dockerfile Tutorial with Example | Creating your First Dockerfile | Docker Tr...Edureka!
 
Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...
Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...
Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...Simplilearn
 
Containers 101
Containers 101Containers 101
Containers 101Black Duck by Synopsys
 
Journey to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshiftJourney to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshiftYusuf Hadiwinata Sutandar
 

Empfohlen

Inside the Android application framework - Google I/O 2009
Inside the Android application framework - Google I/O 2009Inside the Android application framework - Google I/O 2009
Inside the Android application framework - Google I/O 2009Viswanath J
 
The Docker ecosystem and the future of application deployment
The Docker ecosystem and the future of application deploymentThe Docker ecosystem and the future of application deployment
The Docker ecosystem and the future of application deploymentJérôme Petazzoni
 
Docker, LinuX Container
Docker, LinuX ContainerDocker, LinuX Container
Docker, LinuX ContainerAraf Karsh Hamid
 
Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...Containers, docker, and security: state of the union (Bay Area Infracoders Me...
Containers, docker, and security: state of the union (Bay Area Infracoders Me...Jérôme Petazzoni
 
Dockerfile Tutorial with Example | Creating your First Dockerfile | Docker Tr...
Dockerfile Tutorial with Example | Creating your First Dockerfile | Docker Tr...Dockerfile Tutorial with Example | Creating your First Dockerfile | Docker Tr...
Dockerfile Tutorial with Example | Creating your First Dockerfile | Docker Tr...Edureka!
 
Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...
Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...
Docker Tutorial For Beginners | What Is Docker And How It Works? | Docker Tut...Simplilearn
 
Containers 101
Containers 101Containers 101
Containers 101Black Duck by Synopsys
 
Journey to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshiftJourney to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshiftYusuf Hadiwinata Sutandar
 
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...Docker, Inc.
 
Using Docker Containers to Improve Reproducibility in Software and Web Engine...
Using Docker Containers to Improve Reproducibility in Software and Web Engine...Using Docker Containers to Improve Reproducibility in Software and Web Engine...
Using Docker Containers to Improve Reproducibility in Software and Web Engine...Vincenzo Ferme
 
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Jérôme Petazzoni
 
Head first docker
Head first dockerHead first docker
Head first dockerHan Qin
 
Weave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapWeave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapPatrick Chanezon
 
Hack the whale
Hack the whaleHack the whale
Hack the whaleMarco Ferrigno
 
Novices guide to docker
Novices guide to dockerNovices guide to docker
Novices guide to dockerAlec Clews
 
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013dotCloud
 
Docker: do's and don'ts
Docker: do's and don'tsDocker: do's and don'ts
Docker: do's and don'tsPaolo Tonin
 
Docker meetup-20-apr-17-openshit
Docker meetup-20-apr-17-openshitDocker meetup-20-apr-17-openshit
Docker meetup-20-apr-17-openshitYusuf Hadiwinata Sutandar
 
BelfastJUG, Spring Boot + Docker
BelfastJUG, Spring Boot + DockerBelfastJUG, Spring Boot + Docker
BelfastJUG, Spring Boot + DockerHudson Mendes
 
CDI 2.0 is upon us Devoxx
CDI 2.0 is upon us DevoxxCDI 2.0 is upon us Devoxx
CDI 2.0 is upon us DevoxxAntoine Sabot-Durand
 
Webinar: Code Faster on Kubernetes
Webinar: Code Faster on KubernetesWebinar: Code Faster on Kubernetes
Webinar: Code Faster on KubernetesAmbassador Labs
 
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOpsDevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOpsAmbassador Labs
 
Containers & CaaS
Containers & CaaSContainers & CaaS
Containers & CaaSOpenCity Community
 
Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016Patrick Chanezon
 
DevOps Indonesia #5 - The Future of Containers
DevOps Indonesia #5 - The Future of ContainersDevOps Indonesia #5 - The Future of Containers
DevOps Indonesia #5 - The Future of ContainersDevOps Indonesia
 
I3 docker-intro-yusuf
I3 docker-intro-yusufI3 docker-intro-yusuf
I3 docker-intro-yusufYusuf Hadiwinata Sutandar
 
Extending Java EE with CDI and JBoss Forge
Extending Java EE with CDI and JBoss ForgeExtending Java EE with CDI and JBoss Forge
Extending Java EE with CDI and JBoss ForgeAntoine Sabot-Durand
 
Blue Whale in an Enterprise Pond
Blue Whale in an Enterprise PondBlue Whale in an Enterprise Pond
Blue Whale in an Enterprise PondDigia Plc
 
HPC Cloud Burst Using Docker
HPC Cloud Burst Using DockerHPC Cloud Burst Using Docker
HPC Cloud Burst Using DockerIRJET Journal
 
Devops interview questions 1 www.bigclasses.com
Devops interview questions 1 www.bigclasses.comDevops interview questions 1 www.bigclasses.com
Devops interview questions 1 www.bigclasses.combigclasses.com
 

Weitere ähnliche Inhalte

Was ist angesagt?

DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...Docker, Inc.
 
Using Docker Containers to Improve Reproducibility in Software and Web Engine...
Using Docker Containers to Improve Reproducibility in Software and Web Engine...Using Docker Containers to Improve Reproducibility in Software and Web Engine...
Using Docker Containers to Improve Reproducibility in Software and Web Engine...Vincenzo Ferme
 
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Jérôme Petazzoni
 
Head first docker
Head first dockerHead first docker
Head first dockerHan Qin
 
Weave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapWeave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapPatrick Chanezon
 
Novices guide to docker
Novices guide to dockerNovices guide to docker
Novices guide to dockerAlec Clews
 
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013dotCloud
 
Docker: do's and don'ts
Docker: do's and don'tsDocker: do's and don'ts
Docker: do's and don'tsPaolo Tonin
 
BelfastJUG, Spring Boot + Docker
BelfastJUG, Spring Boot + DockerBelfastJUG, Spring Boot + Docker
BelfastJUG, Spring Boot + DockerHudson Mendes
 
Webinar: Code Faster on Kubernetes
Webinar: Code Faster on KubernetesWebinar: Code Faster on Kubernetes
Webinar: Code Faster on KubernetesAmbassador Labs
 
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOpsDevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOpsAmbassador Labs
 
Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016Patrick Chanezon
 
DevOps Indonesia #5 - The Future of Containers
DevOps Indonesia #5 - The Future of ContainersDevOps Indonesia #5 - The Future of Containers
DevOps Indonesia #5 - The Future of ContainersDevOps Indonesia
 
Extending Java EE with CDI and JBoss Forge
Extending Java EE with CDI and JBoss ForgeExtending Java EE with CDI and JBoss Forge
Extending Java EE with CDI and JBoss ForgeAntoine Sabot-Durand
 
Blue Whale in an Enterprise Pond
Blue Whale in an Enterprise PondBlue Whale in an Enterprise Pond
Blue Whale in an Enterprise PondDigia Plc
 

Was ist angesagt? (20)

DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
DockerCon EU 2015: Persistent, stateful services with docker cluster, namespa...
 
Using Docker Containers to Improve Reproducibility in Software and Web Engine...
Using Docker Containers to Improve Reproducibility in Software and Web Engine...Using Docker Containers to Improve Reproducibility in Software and Web Engine...
Using Docker Containers to Improve Reproducibility in Software and Web Engine...
 
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
Making DevOps Secure with Docker on Solaris (Oracle Open World, with Jesse Bu...
 
Head first docker
Head first dockerHead first docker
Head first docker
 
Weave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapWeave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 Recap
 
Hack the whale
Hack the whaleHack the whale
Hack the whale
 
Novices guide to docker
Novices guide to dockerNovices guide to docker
Novices guide to docker
 
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
Write Once and REALLY Run Anywhere | OpenStack Summit HK 2013
 
Docker: do's and don'ts
Docker: do's and don'tsDocker: do's and don'ts
Docker: do's and don'ts
 
Docker meetup-20-apr-17-openshit
Docker meetup-20-apr-17-openshitDocker meetup-20-apr-17-openshit
Docker meetup-20-apr-17-openshit
 
BelfastJUG, Spring Boot + Docker
BelfastJUG, Spring Boot + DockerBelfastJUG, Spring Boot + Docker
BelfastJUG, Spring Boot + Docker
 
CDI 2.0 is upon us Devoxx
CDI 2.0 is upon us DevoxxCDI 2.0 is upon us Devoxx
CDI 2.0 is upon us Devoxx
 
Webinar: Code Faster on Kubernetes
Webinar: Code Faster on KubernetesWebinar: Code Faster on Kubernetes
Webinar: Code Faster on Kubernetes
 
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOpsDevOps Days Boston 2017: Real-world Kubernetes for DevOps
DevOps Days Boston 2017: Real-world Kubernetes for DevOps
 
Containers & CaaS
Containers & CaaSContainers & CaaS
Containers & CaaS
 
Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016Docker Container As A Service - Mix-IT 2016
Docker Container As A Service - Mix-IT 2016
 
DevOps Indonesia #5 - The Future of Containers
DevOps Indonesia #5 - The Future of ContainersDevOps Indonesia #5 - The Future of Containers
DevOps Indonesia #5 - The Future of Containers
 
I3 docker-intro-yusuf
I3 docker-intro-yusufI3 docker-intro-yusuf
I3 docker-intro-yusuf
 
Extending Java EE with CDI and JBoss Forge
Extending Java EE with CDI and JBoss ForgeExtending Java EE with CDI and JBoss Forge
Extending Java EE with CDI and JBoss Forge
 
Blue Whale in an Enterprise Pond
Blue Whale in an Enterprise PondBlue Whale in an Enterprise Pond
Blue Whale in an Enterprise Pond
 

Ähnlich wie Common primitives in Docker environments

HPC Cloud Burst Using Docker
HPC Cloud Burst Using DockerHPC Cloud Burst Using Docker
HPC Cloud Burst Using DockerIRJET Journal
 
Devops interview questions 1 www.bigclasses.com
Devops interview questions 1 www.bigclasses.comDevops interview questions 1 www.bigclasses.com
Devops interview questions 1 www.bigclasses.combigclasses.com
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with DockerAndrey Hristov
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with DockerAndrey Hristov
 
DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2Docker, Inc.
 
Containers: DevOp Enablers of Technical Solutions
Containers: DevOp Enablers of Technical SolutionsContainers: DevOp Enablers of Technical Solutions
Containers: DevOp Enablers of Technical SolutionsJules Pierre-Louis
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017Patrick Chanezon
 
Microservices and containers for the unitiated
Microservices and containers for the unitiatedMicroservices and containers for the unitiated
Microservices and containers for the unitiatedKevin Lee
 
Shipping NodeJS with Docker and CoreOS
Shipping NodeJS with Docker and CoreOSShipping NodeJS with Docker and CoreOS
Shipping NodeJS with Docker and CoreOSRoss Kukulinski
 
Docker, Cloud Foundry, Bosh & Bluemix
Docker, Cloud Foundry, Bosh & BluemixDocker, Cloud Foundry, Bosh & Bluemix
Docker, Cloud Foundry, Bosh & BluemixIBM
 
Devoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and BoltsDevoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and BoltsPatrick Chanezon
 
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitThe DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitMarco Ferrigno
 
The DevOps Paradigm
The DevOps ParadigmThe DevOps Paradigm
The DevOps ParadigmNaLUG
 

Ähnlich wie Common primitives in Docker environments (20)

HPC Cloud Burst Using Docker
HPC Cloud Burst Using DockerHPC Cloud Burst Using Docker
HPC Cloud Burst Using Docker
 
Devops interview questions 1 www.bigclasses.com
Devops interview questions 1 www.bigclasses.comDevops interview questions 1 www.bigclasses.com
Devops interview questions 1 www.bigclasses.com
 
Demystifying Docker101
Demystifying Docker101Demystifying Docker101
Demystifying Docker101
 
Demystifying Docker
Demystifying DockerDemystifying Docker
Demystifying Docker
 
Overview of Docker
Overview of DockerOverview of Docker
Overview of Docker
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
 
DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2DockerCon 15 Keynote - Day 2
DockerCon 15 Keynote - Day 2
 
Containers: DevOp Enablers of Technical Solutions
Containers: DevOp Enablers of Technical SolutionsContainers: DevOp Enablers of Technical Solutions
Containers: DevOp Enablers of Technical Solutions
 
Webinar Docker Tri Series
Webinar Docker Tri SeriesWebinar Docker Tri Series
Webinar Docker Tri Series
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
 
Microservices and containers for the unitiated
Microservices and containers for the unitiatedMicroservices and containers for the unitiated
Microservices and containers for the unitiated
 
Shipping NodeJS with Docker and CoreOS
Shipping NodeJS with Docker and CoreOSShipping NodeJS with Docker and CoreOS
Shipping NodeJS with Docker and CoreOS
 
Docker In Brief
Docker In BriefDocker In Brief
Docker In Brief
 
Docker, Cloud Foundry, Bosh & Bluemix
Docker, Cloud Foundry, Bosh & BluemixDocker, Cloud Foundry, Bosh & Bluemix
Docker, Cloud Foundry, Bosh & Bluemix
 
Devoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and BoltsDevoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and Bolts
 
Axigen on docker
Axigen on dockerAxigen on docker
Axigen on docker
 
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkitThe DevOps paradigm - the evolution of IT professionals and opensource toolkit
The DevOps paradigm - the evolution of IT professionals and opensource toolkit
 
The DevOps Paradigm
The DevOps ParadigmThe DevOps Paradigm
The DevOps Paradigm
 
Docker for Developers
Docker for DevelopersDocker for Developers
Docker for Developers
 

Kürzlich hochgeladen

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Kürzlich hochgeladen (20)

Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Common primitives in Docker environments

  • 1. Common primitivesCommon primitives in Dockerin Docker environmentsenvironments Alex Giurgiu (alex@giurgiu.io)
  • 3. Until you want to deploy yourUntil you want to deploy your new application in production...new application in production... on multiple machineson multiple machines
  • 4. You thought you have thisYou thought you have this
  • 5. When in fact you have thisWhen in fact you have this
  • 6. We are trying to get hereWe are trying to get here
  • 7. This problem is intenselyThis problem is intensely debated at the moment...debated at the moment... with many competingwith many competing projects...projects... thatthat approachapproach it in oneit in one way or another...way or another...
  • 8. Just look atJust look at Mesos Google's Omega Kubernetes CoreOS Centurion Helios Flynn Deis Dokku etc.
  • 9. What do they have inWhat do they have in common?common? they abstract a set of machines, making it look like its one machine they provide a set of primitives that deal with resources on that set of machines
  • 11. Why not use one of the mentioned solutions? Most of them require you to write your application/workload in a custom way. To totally give in to their way of doing things. But (I)we want to run the old/legacy applications, while gaining the same advantages
  • 12. Our goals are similar standardize the way we interact with our infrastructure treat all machines in a similar way achieve reliability, through software and not through hardware achieve reproducible infrastructure reduce manual labor
  • 13. Our building blockOur building block Container Inputs (binaries,code, packages, etc) External services Build process State
  • 14. Common primitivesCommon primitives "common enough that a generalized solution can be devised" "should be applicable to both in-house or external applications"
  • 15. Common primitivesCommon primitives persistence service discovery monitoring logging authentication and authorization image build service image registry
  • 17. PersistencePersistence one of the hardest problems to solve in a clean and scalable way should be transparent for the application most people just avoid Docker-izing services that require persistence
  • 18. LocalLocal - bring the state locally, relative to where the container runs - should be taken care by your deployment/PaaS solution - advantages: write/read speeds, reliability - disadvantages: potentially slow deploys, complex orchestration RemoteRemote - keep state remotely and "mount" it where the application is deployed - can be done by your PaaS solution or by the container itself - advantages: simpler to orchestrate, fast deploys - disadvantages: write/read speeds, (un)reliability
  • 19. Projects that try toProjects that try to solve persitencesolve persitence Flocker - https://github.com/ClusterHQ/flocker ?
  • 21. Service discoveryService discovery and registrationand registration
  • 22. Service discoveryService discovery most worked on aspect of Docker orchestration quite a few different open source projects that tackle this problem multiple approaches: environment variables, configuration files, key/value stores, DNS, ambassador pattern etc.
  • 23.
  • 24. Open source projectsOpen source projects Consul (my personal favorite) etcd (CoreOS's favorite) ZooKeeper (many people's favorite) Eureka (Netflix's favorite) Smartstack (Airbnb's favorite) ... (service discovery)
  • 25. choose a solution that can accommodate both legacy and custom applications: discovery using DNS or HTTP choose a solution that can be manipulated using a common protocol: HTTP make sure to remove died out applications from your SD system Ideally it should have no single point of failure Consul satisfies all the above requirements How to do itHow to do it (service discovery)
  • 26. ConsulConsul (service discovery) can be queried over DNS and HTTP distributed key:value store consistent and fault tolerant(RAFT) fast convergence(SWIM) Service checks
  • 27. Service registrationService registration Can be done by your application - simple HTTP call to Consul a separate script/application inside your container another container that inspects running containers - progrium/registrator Most importantly, each container should provide metadata about the service its running.
  • 29. MonitoringMonitoring 2 perspectives service monitoring - can be done as in pre-Docker times container monitoring
  • 30. Service monitoringService monitoring (monitoring) can be done with tools like Nagios your monitoring system should react dynamically to services that start and stop containers should define what needs to be monitored services should register themselves in the monitoring system Consul supports service checks
  • 31. Container monitoringContainer monitoring (monitoring) monitor container state(up/down) - Docker event API provides this information gather performance and usage metrics about each container - Google's cAdvisor provides this cAdvisor provides an API to pull the data out, so you can feed it to your trending system
  • 32. Monitoring principlesMonitoring principles (monitoring) have a layer of system monitoring - that trusts humans have a layer of behavior tests - doesnt trust humans. Used to make sure that a certain environment is up reduces manual labor
  • 33. enables detailed insights inside the kernel and applications they have a new "cloud" version same thing can be achieved on your private Docker platform SysdigSysdig (DTrace for Linux)
  • 35. LoggingLogging logs will be used by engineers to troubleshoot issues ... but now your application is a distributed moving target the need for centralized log aggregation is big
  • 36. How to do itHow to do it (logging) Multiple approaches applications write logs to STDOUT and you pick up the logs using the Docker API or client. Logspout can be used to ship the logs remotely applications write logs inside the container and a logging daemon inside the container(RSYSLOG) ships the logs to a centralized location applications write logs in a volume which is shared with another container that runs a log shipping daemon
  • 37. How to do itHow to do it (logging) Choose an approach that fits your needs and send the logs to a centralized location logstash-forwarder is a great to forward your logs(please dont choose python-beaver) elasticsearch is a great way to store your logs Kibana is a great way to visualize your logs
  • 38. What do we do about log ordering?
  • 40.
  • 41. AuthentificationAuthentification how can you prove that a container/service is who it says it is? useful to have a generalized way of authenticating all your containers that way you can count on the reported identity when allowing access to certain resources
  • 42. How to do itHow to do it (authentication) Largely unsolved Docker 1.3 tries to check image signatures if they come from the public registry and if they are marked as an "official repo" A PKI setup fits the problem, with a unique certificate for every container(not image) Docker promised some PKI based solution in future releases - I would wait for that
  • 43. AuthorizationAuthorization builds on top of authentication will keep track of what resources a container/service can access should hand over details like user/pass pairs, API tokens and ssh keys
  • 44. How to do itHow to do it (authorization) Do NOT bake in credentials and ssh keys into images (security and coupling) Easy way - mount external volume that contains credentials, ssh keys or even ssh agent sockets - doesn't require authentication - increases the complexity of your deployment solution Hard way - store credentials in a centralized service - requires some form of authentication - decreases complexity in your deployment solution
  • 45. How to do itHow to do it (authorization) Crypt and Consul(or etcd) tries to solve the problem by using OpenPGP each container needs access to a private key. Can be made available through volume credentials are stored encrypted in Consul credentials get retrieved and decrypted in container
  • 46. Image build serviceImage build service
  • 47. Image build serviceImage build service Build gets triggered when code gets changed and committed to your repository Can perform basic checks to make sure the image complies with some basic rules Commits image to image registry If other images depend on it, a build job should be triggered for those images Extra tip: more control over the input sources for your images will in turn improve the reliability of your builds
  • 48. How to do itHow to do it (image build service) Git and Jenkins? probably any vcs and CI tool will work but Git and Jenkins work great Simple workflow commits code Git post commit hook Github webhook Jenkins test and build Push to registry
  • 51. Image registryImage registry a central place to store your Docker images Docker Hub is the public one you can easily run a private registry
  • 52. Open source projectsOpen source projects Docker registry https://github.com/docker/docker-registry Artifactory http://www.jfrog.com/open-source/ (image registry)
  • 53. How to do itHow to do it (image registry) USE a registry and dont rely on building images on every machine tag your images with specific versions make version requirements explicit
  • 55. Where are we now?Where are we now? a lot of hype, experience needs to follow the sheer number of projects and work put in the ecosystem is impressive this momentum fuels on itself and ignites rapid development in projects that are required to achieve certain things can you program?
  • 56. Some conclusionsSome conclusions reduce coupling between components think about your platform as a functional program with side effects - identify the logic and identify the state architect your system in a service oriented way - this way any required service can be placed inside a container avoid running services on your Docker host all container operations should be programmable, and ideally idempotent
  • 57. The network is the last bastion of inflexibility. trade-off between flexibility and performance (throughput,latency) detailed analysis of performance?