SlideShare ist ein Scribd-Unternehmen logo

Containerize everything - Wildcardconf 2015

Als PPTX, PDF herunterladen
Oscar Renalias
Oscar Renalias

Docker is definitely one of the hottest technologies at the moment and one that is already dramatically changing the way we build, package and deploy applications. In this session we’ll have a look at how a project got into a quest for containerizing most of their components and services while increasing the value delivered. This presentation was delivered at Wildcard Conference 2015, on 16th of May 2015 in Riga

Technologie
1 von 52
Containerize Everything!
@oscarrenalias github.com/oscarrenalias oscar.renalias@accenture.com oscar@renalias.net www.linkedin.com/oscarrenalias www.slideshare.net/oscarrenalias
This is going to be opinionated
Old-fashioned clients can run containers too!
Architecture nginx Tomcat TomcatTomcatTomcat PostgreSQL Solr
Architecture services Rundeck Yum repo & mirror Reverse proxy Docker Registry
Why containerize everything?
Simplified packaging, deployment and execution
Flexibly provision components on inflexible infrastructure
Better resource utilization
Anyone can have a production-like environment on their local workstation…
…or any other server
Our container principles
One single logical service per container
Containers are cattle, not pets
No SSH in containers
Try not to persist state in the container
Containers are independent (and unaware!) of where they’re running
Host port forwarding for network communication
How?
Container hierarchies base java tomcat service nginx postgres centos:6 frontend database Infra 1 Infra N
Building containers
Building containers automatically Publish artifacts Integration Test Build & unit test
Testing containers Container under test Test container: • Ruby • ServersSpec • ServerSpec Tests FROM …
Testing containers Container under test Test container
Storing containers Registry 2.0
Deploying and running containers Registry Container host Build & Publish Pull docker run
supervisor is your friend, if you need it
Application and container configuration Application container confd
Host Application and container configuration Application (container) Application configuration
Security
Run containers with their own user USER <user>
Keeping containers up-to- date base java tomcat service nginx postgres centos:6 frontend database Infra 1 Infra N OpenSSL Bug! base java tomcat service nginx postgres frontend database Infra 1 Infra N
Be mindful of SELinux
Operating containers
Container state Real world: don’t keep it in the container if you can avoid it Ideal world: containers don’t have state vs
Logging • Write to host (and use external aggregator) • Log to standard output (< 1.6) • Standard output + syslog logging driver (>= 1.6)
Monitoring Container processes are just like any other process and service – use existing tools
The darker side of Docke
Immutable containers are fun… until there’s an urgent security update
Docker will keep evolving
Sooner or later you will be bitten by a weird interaction between Docker or kernel or PAM or SElinux/AppArmor, and a container
No version pinning in the registry: “centos:6, is that you? You looked different yesterday!”
Docker security needs attention from implementers https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=docker16.100
Our lessons learned
Docker as a container engine *is* ready for production workloads
Docker works well as a convenient way of packaging, deploying and running applications
Containerizing everything does give you more flexibility…
…but be pragmatic
Dockerfiles are all you could possibly need to build containers
Start small – containerizing everything is a fair goal but takes time

Empfohlen

Docker Demystified for SB JUG
Docker Demystified for SB JUGDocker Demystified for SB JUG
Docker Demystified for SB JUG
Erik Osterman
 
Introducing Docker Swarm - the orchestration tool by Docker
Introducing Docker Swarm - the orchestration tool by DockerIntroducing Docker Swarm - the orchestration tool by Docker
Introducing Docker Swarm - the orchestration tool by Docker
Ramit Surana
 
Sysdig - Introducing a new definition of Monitoring
Sysdig - Introducing a new definition of MonitoringSysdig - Introducing a new definition of Monitoring
Sysdig - Introducing a new definition of Monitoring
Ramit Surana
 
London HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vaultLondon HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vault
London HashiCorp User Group
 
Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker Fundamentals
Anshul Patel
 
Atomic CLI scan
Atomic CLI scanAtomic CLI scan
Atomic CLI scan
Lalatendu Mohanty
 
Fluentd and docker monitoring
Fluentd and docker monitoringFluentd and docker monitoring
Fluentd and docker monitoring
Vinay Krishna
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
Docker, Inc.
 

Empfohlen

Docker Demystified for SB JUG
Docker Demystified for SB JUGDocker Demystified for SB JUG
Docker Demystified for SB JUG
Erik Osterman
 
Introducing Docker Swarm - the orchestration tool by Docker
Introducing Docker Swarm - the orchestration tool by DockerIntroducing Docker Swarm - the orchestration tool by Docker
Introducing Docker Swarm - the orchestration tool by Docker
Ramit Surana
 
Sysdig - Introducing a new definition of Monitoring
Sysdig - Introducing a new definition of MonitoringSysdig - Introducing a new definition of Monitoring
Sysdig - Introducing a new definition of Monitoring
Ramit Surana
 
London HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vaultLondon HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vault
London HashiCorp User Group
 
Docker Fundamentals
Docker FundamentalsDocker Fundamentals
Docker Fundamentals
Anshul Patel
 
Atomic CLI scan
Atomic CLI scanAtomic CLI scan
Atomic CLI scan
Lalatendu Mohanty
 
Fluentd and docker monitoring
Fluentd and docker monitoringFluentd and docker monitoring
Fluentd and docker monitoring
Vinay Krishna
 
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
The Good, the Bad and the Ugly of Networking for Microservices by Mathew Lodg...
Docker, Inc.
 
Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017
Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017
Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017
Codemotion
 
Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0
Anshul Patel
 
London Hug 20/6 - Vault production
London Hug 20/6 - Vault productionLondon Hug 20/6 - Vault production
London Hug 20/6 - Vault production
London HashiCorp User Group
 
BRISK_Network_Pentest_
BRISK_Network_Pentest_BRISK_Network_Pentest_
BRISK_Network_Pentest_
BriskInfosec Solutions
 
Docker security microservices
Docker security microservicesDocker security microservices
Docker security microservices
Vishwas Manral
 
Docker and Maestro for fun, development and profit
Docker and Maestro for fun, development and profitDocker and Maestro for fun, development and profit
Docker and Maestro for fun, development and profit
Maxime Petazzoni
 
CoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in UtrechtCoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in Utrecht
Timo Derstappen
 
Batch Applications for the Java Platform
Batch Applications for the Java PlatformBatch Applications for the Java Platform
Batch Applications for the Java Platform
Sivakumar Thyagarajan
 
Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017
Major Hayden
 
Docker and kernel security
Docker and kernel securityDocker and kernel security
Docker and kernel security
smart_bit
 
Containers orchestrators: Docker vs. Kubernetes
Containers orchestrators: Docker vs. KubernetesContainers orchestrators: Docker vs. Kubernetes
Containers orchestrators: Docker vs. Kubernetes
Dmitry Lazarenko
 
ContainerCon sysdig Slides
ContainerCon sysdig Slides ContainerCon sysdig Slides
ContainerCon sysdig Slides
Loris Degioanni
 
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...
Codemotion
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
All Things Open
 
Minecraft Docker
Minecraft DockerMinecraft Docker
Minecraft Docker
弘一 國井
 
Container Orchestration @Docker Meetup Hamburg
Container Orchestration @Docker Meetup HamburgContainer Orchestration @Docker Meetup Hamburg
Container Orchestration @Docker Meetup Hamburg
Timo Derstappen
 
Hug #9 who's keeping your secrets
Hug #9 who's keeping your secretsHug #9 who's keeping your secrets
Hug #9 who's keeping your secrets
Cameron More
 
Container orchestration
Container orchestrationContainer orchestration
Container orchestration
Timo Derstappen
 
Service discovery in Docker environments
Service discovery in Docker environmentsService discovery in Docker environments
Service discovery in Docker environments
alexandru giurgiu
 
DockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life ObservationsDockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life Observations
Docker, Inc.
 
Automotive: Gaining the required edge
Automotive: Gaining the required edgeAutomotive: Gaining the required edge
Automotive: Gaining the required edge
Pawan Kawan
 
OpenSlava 2013 - Dynamic Languages
OpenSlava 2013 - Dynamic LanguagesOpenSlava 2013 - Dynamic Languages
OpenSlava 2013 - Dynamic Languages
Oscar Renalias
 

Weitere ähnliche Inhalte

Was ist angesagt?

CoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in UtrechtCoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in Utrecht
Timo Derstappen
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
All Things Open
 

Was ist angesagt? (20)

Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017
Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017
Jörg Schad - NO ONE PUTS Java IN THE CONTAINER - Codemotion Milan 2017
 
Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0Linux kit meetup_v1.0.0
Linux kit meetup_v1.0.0
 
London Hug 20/6 - Vault production
London Hug 20/6 - Vault productionLondon Hug 20/6 - Vault production
London Hug 20/6 - Vault production
 
BRISK_Network_Pentest_
BRISK_Network_Pentest_BRISK_Network_Pentest_
BRISK_Network_Pentest_
 
Docker security microservices
Docker security microservicesDocker security microservices
Docker security microservices
 
Docker and Maestro for fun, development and profit
Docker and Maestro for fun, development and profitDocker and Maestro for fun, development and profit
Docker and Maestro for fun, development and profit
 
CoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in UtrechtCoreOS @ summer meetup in Utrecht
CoreOS @ summer meetup in Utrecht
 
Batch Applications for the Java Platform
Batch Applications for the Java PlatformBatch Applications for the Java Platform
Batch Applications for the Java Platform
 
Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017Deploying Kubernetes without scaring off your security team - KubeCon 2017
Deploying Kubernetes without scaring off your security team - KubeCon 2017
 
Docker and kernel security
Docker and kernel securityDocker and kernel security
Docker and kernel security
 
Containers orchestrators: Docker vs. Kubernetes
Containers orchestrators: Docker vs. KubernetesContainers orchestrators: Docker vs. Kubernetes
Containers orchestrators: Docker vs. Kubernetes
 
ContainerCon sysdig Slides
ContainerCon sysdig Slides ContainerCon sysdig Slides
ContainerCon sysdig Slides
 
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...
 
Securing Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container PlatformSecuring Applications and Pipelines on a Container Platform
Securing Applications and Pipelines on a Container Platform
 
Minecraft Docker
Minecraft DockerMinecraft Docker
Minecraft Docker
 
Container Orchestration @Docker Meetup Hamburg
Container Orchestration @Docker Meetup HamburgContainer Orchestration @Docker Meetup Hamburg
Container Orchestration @Docker Meetup Hamburg
 
Hug #9 who's keeping your secrets
Hug #9 who's keeping your secretsHug #9 who's keeping your secrets
Hug #9 who's keeping your secrets
 
Container orchestration
Container orchestrationContainer orchestration
Container orchestration
 
Service discovery in Docker environments
Service discovery in Docker environmentsService discovery in Docker environments
Service discovery in Docker environments
 
DockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life ObservationsDockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life Observations
 

Andere mochten auch

Richard Smeltz Linkedin Presentation Rev A
Richard Smeltz Linkedin Presentation Rev ARichard Smeltz Linkedin Presentation Rev A
Richard Smeltz Linkedin Presentation Rev A
Richard Smeltz
 
Richard smeltz linkedin presentation
Richard smeltz linkedin presentationRichard smeltz linkedin presentation
Richard smeltz linkedin presentation
Richard Smeltz
 

Andere mochten auch (8)

Automotive: Gaining the required edge
Automotive: Gaining the required edgeAutomotive: Gaining the required edge
Automotive: Gaining the required edge
 
OpenSlava 2013 - Dynamic Languages
OpenSlava 2013 - Dynamic LanguagesOpenSlava 2013 - Dynamic Languages
OpenSlava 2013 - Dynamic Languages
 
Richard Smeltz Linkedin Presentation Rev A
Richard Smeltz Linkedin Presentation Rev ARichard Smeltz Linkedin Presentation Rev A
Richard Smeltz Linkedin Presentation Rev A
 
Asynchronous web apps with the Play Framework 2.0
Asynchronous web apps with the Play Framework 2.0Asynchronous web apps with the Play Framework 2.0
Asynchronous web apps with the Play Framework 2.0
 
Globalization
GlobalizationGlobalization
Globalization
 
Richard smeltz linkedin presentation
Richard smeltz linkedin presentationRichard smeltz linkedin presentation
Richard smeltz linkedin presentation
 
Derivative market in nepal
Derivative market in nepalDerivative market in nepal
Derivative market in nepal
 
Role and function of nepal rastra bank
Role and function of nepal rastra bankRole and function of nepal rastra bank
Role and function of nepal rastra bank
 

Ähnlich wie Containerize everything - Wildcardconf 2015

Docker Understanding, What is Docker? Why Docker? How do I containerize somet...
Docker Understanding, What is Docker? Why Docker? How do I containerize somet...Docker Understanding, What is Docker? Why Docker? How do I containerize somet...
Docker Understanding, What is Docker? Why Docker? How do I containerize somet...
Yogesh Wadile
 
Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015
Jérôme Petazzoni
 
LXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software DeliveryLXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software Delivery
Docker, Inc.
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
NETWAYS
 

Ähnlich wie Containerize everything - Wildcardconf 2015 (20)

Docker & Daily DevOps
Docker & Daily DevOpsDocker & Daily DevOps
Docker & Daily DevOps
 
Docker and-daily-devops
Docker and-daily-devopsDocker and-daily-devops
Docker and-daily-devops
 
Docker Understanding, What is Docker? Why Docker? How do I containerize somet...
Docker Understanding, What is Docker? Why Docker? How do I containerize somet...Docker Understanding, What is Docker? Why Docker? How do I containerize somet...
Docker Understanding, What is Docker? Why Docker? How do I containerize somet...
 
Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015
 
Docker-Intro
Docker-IntroDocker-Intro
Docker-Intro
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
 
LXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software DeliveryLXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software Delivery
 
Accelerate your development with Docker
Accelerate your development with DockerAccelerate your development with Docker
Accelerate your development with Docker
 
Accelerate your software development with Docker
Accelerate your software development with DockerAccelerate your software development with Docker
Accelerate your software development with Docker
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
StorageOS, Storage for Containers Shouldn't Be Annoying at Container Camp UK
StorageOS, Storage for Containers Shouldn't Be Annoying at Container Camp UKStorageOS, Storage for Containers Shouldn't Be Annoying at Container Camp UK
StorageOS, Storage for Containers Shouldn't Be Annoying at Container Camp UK
 
Docker - A curtain raiser to the Container world
Docker - A curtain raiser to the Container worldDocker - A curtain raiser to the Container world
Docker - A curtain raiser to the Container world
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
 
CoreOS: The Inside and Outside of Linux Containers
CoreOS: The Inside and Outside of Linux ContainersCoreOS: The Inside and Outside of Linux Containers
CoreOS: The Inside and Outside of Linux Containers
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Demystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDemystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data Scientists
 
OpenStack Summit
OpenStack SummitOpenStack Summit
OpenStack Summit
 
Everything you need to know about Docker
Everything you need to know about DockerEverything you need to know about Docker
Everything you need to know about Docker
 
JOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in ProductionJOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in Production
 
Best Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with DockerBest Practices for Developing & Deploying Java Applications with Docker
Best Practices for Developing & Deploying Java Applications with Docker
 

Mehr von Oscar Renalias

Mehr von Oscar Renalias (9)

Enterprise Open Source
Enterprise Open SourceEnterprise Open Source
Enterprise Open Source
 
DockerCon EU 2017 - Containers are not just for microservices
DockerCon EU 2017 - Containers are not just for microservicesDockerCon EU 2017 - Containers are not just for microservices
DockerCon EU 2017 - Containers are not just for microservices
 
Containers aren’t just for microservices – Containerizing Legacy Workloads
Containers aren’t just for microservices – Containerizing Legacy WorkloadsContainers aren’t just for microservices – Containerizing Legacy Workloads
Containers aren’t just for microservices – Containerizing Legacy Workloads
 
50 production deployments a day, at least
50 production deployments a day, at least50 production deployments a day, at least
50 production deployments a day, at least
 
DockerCon 2016 - Structured Container Delivery
DockerCon 2016 - Structured Container DeliveryDockerCon 2016 - Structured Container Delivery
DockerCon 2016 - Structured Container Delivery
 
Next-generation JavaScript - OpenSlava 2014
Next-generation JavaScript - OpenSlava 2014Next-generation JavaScript - OpenSlava 2014
Next-generation JavaScript - OpenSlava 2014
 
Node.js, for architects - OpenSlava 2013
Node.js, for architects - OpenSlava 2013Node.js, for architects - OpenSlava 2013
Node.js, for architects - OpenSlava 2013
 
ScalaCheck Cookbook v1.0
ScalaCheck Cookbook v1.0ScalaCheck Cookbook v1.0
ScalaCheck Cookbook v1.0
 
Unlocking value in your (big) data
Unlocking value in your (big) dataUnlocking value in your (big) data
Unlocking value in your (big) data
 

Kürzlich hochgeladen

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Kürzlich hochgeladen (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Containerize everything - Wildcardconf 2015

Hinweis der Redaktion

  1. We won’t cover the basics. Docker has dramatically changed the way we package, deploy and run applications. Millions of downloads of the engine, hundreds of millions of images from registry. Absolutely impressive for a 2 year old project.
  2. This is going to be opinionated.
  3. In a real project, for a very classic client.
  4. How many of you are you still working in a scenario where releases are deployed to production by giving a .zip package and a word file with instructions to a third party, for installation?
  5. We don’t have the luxury of working on cloud, yet, so containers are for us a much more granular way of deploying content as opposed to deployment to Tomcat. Containers let us for example easily deploy multiple releases of the same application more than once to the same server, without the need to deal with kludges.
  6. This is a way for us to segregate the functionalities of containers; if there's a function that does not seem to belong to a container, then it gets spun off to its own container. This does not necessarily mean that one container runs a single process!
  7. Use docker exec.
  8. We don't really like data volumes and data-only containers.
  9. Container hierarchies are necessary so that we can segregate responsibilities between containers; the smaller and the less they do, the better. They also help to keep build times shorter, e.g. creating a container by simply coping a WAR file into it is way faster than building it every time from scratch. The hard part: changing one of the containers at the very top means that we need to rebuild every single container. For minor changes this is not a problem since we can roll out updated containers at our own pace but for critical updates such as security fixes, it may be a bit problematic.
  10. Existing previous investment in Puppet for automation, which is still currently used. However, containers are being slowly migrated to plain Dockerfiles.
  11. We started with Artifactory as it’s our über-repository for all sorts of artifacts. With Docker 1.6, we decided to move to Docker registry 2.0.
  12. While Jenkins builds containers, Rundeck is responsible for deploying them to hosts. Integration between Jenkins and Rundeck has not been implemented yet, but it’s in the plans. Remember the restart policies!
  13. Use USER in Dockerfile, or –u with docker run
  14. Don’t keep it in the container: Data volumes (though I don’t like them), or data-only containers Write to host if you have to Or do not containerize applications with tons of state (e.g. databases) Put state in a networked filesystem
  15. The darker side of Docker.
  16. - Can’t sign containers - Logging API was very much needed – and it was only just finished
  17. Tags can be overwritten in a registry without anyone realizing. For example, it’s hard to say if today’s centos:6 is the same as yesterday when you make a new build. Solution: build your own, or keep a local copy.
  18. Docker is ready for production workloads; your expected level of integration and automation will define how much infrastructure “glue” you need to design and build on top – e.g. service discovery, automation, load balancing, etc.