building your docker tech stack · containers-on-vm or container-on-bare-metal. ... developer...
TRANSCRIPT
![Page 1: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/1.jpg)
BRET FISHERDocker Captain, DevOps Dude, Author of Docker Mastery
Building Your Docker Tech Stack
bretfisher.com/docker
![Page 2: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/2.jpg)
docker.com/captains
![Page 3: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/3.jpg)
bretfisher.com/youtube
![Page 4: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/4.jpg)
![Page 5: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/5.jpg)
bretfisher.com/podcast
![Page 6: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/6.jpg)
Talk about server/cluster implementation "good defaults"Show examples of cluster architectureDiscuss tool stacks and optionsOptions for solo to medium-sized DevOps/Ops teams (.5-5)ASK QUESTIONS THROUGHOUT
4 Goals for Today
![Page 7: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/7.jpg)
The Duality of Container Infrastructure“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity...”
Charles Dickens A Tale of Two Cities, 1859
![Page 8: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/8.jpg)
Limit "going production Docker" project scope. Go Lean!Focus first on quality DockerfilesStay on your familiar host OS with 4.x KernelUse base images of familiar OS (keep same pkg mgr)Swarm CE can be 1 or more nodes, use it everywhereSwarm EE is your "easy button" for security and ops
Last Time On Bret's DockerCon Talk
![Page 9: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/9.jpg)
Do either, or both. Lots of pros/cons to eitherStick with what you know at firstDo some basic performance testing. You will learn lots!2017 Docker Inc. and HPE whitepaper on MySQL benchmark(authored by yours truly, and others)bretfisher.com/docker
Containers-on-VM or Container-on-Bare-Metal
![Page 10: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/10.jpg)
Docker is very kernel and storage driver dependentInnovations/fixes are still happening here"Minimum" version != "best" versionNo pre-existing opinion? Ubuntu 18.04 LTS
Popular, well-tested with Docker4.x Kernel and wide storage driver support
Later consider minimal distro or "container-based OS"Get correct Docker for your distro from hub.docker.com
OS Linux Distribution/Kernel Matters
![Page 11: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/11.jpg)
Container Clusters are Complex
Start small and simple, grow them as you grow
Container Clusters are Complex
![Page 12: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/12.jpg)
EE Platform Architecture
PhysicalVirtualizationPublic Cloud
Platform Security
Developer Services
Registry Services
Access Policies
App Lifecycle Management
Automation & Extensibility
Networking Orchestration Storage
Container Engine
ENTERPRISE EDITION PLATFORM
![Page 13: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/13.jpg)
CE Platform Architecture
Public Cloud
Overlay Swarm
Container Engine
COMMUNITY EDITION PLATFORM
PhysicalVirtualization
Platform Security
![Page 14: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/14.jpg)
dogvs.cat App Serviceswww.dogvs.cat vote.dogvs.cat blog.dogvs.catresult.dogvs.cat
(Stack Files)
![Page 15: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/15.jpg)
![Page 16: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/16.jpg)
Good Defaults: Swarm Architectures
● Simple sizing guidelines based off:
○ Docker internal testing
○ Docker reference architectures
○ Real world deployments
○ Swarm3k lessons learned
![Page 17: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/17.jpg)
Baby Swarm: 1-Node
● "docker swarm init" done!
●Solo VM's do it, so can Swarm
●Gives you more features then docker run
![Page 18: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/18.jpg)
HA Swarm: 3-Node
●Minimum for HA
●All managers + workers
●One node can fail
●Use when very small budget
●Pet projects or Test/CI
![Page 19: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/19.jpg)
Biz Swarm: 5-Node
●Better high-availability
●All managers + workers
●Two nodes can fail
●My minimum for uptime that affects $$$
![Page 20: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/20.jpg)
Flexy Swarm: 10+ Nodes
●5 dedicated managers
●Workers in DMZ
●Anything beyond 5 nodes, stick with 5 managers and rest workers
●Control container placement with labels + constraints
![Page 21: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/21.jpg)
Docker Enterprise Min
●3 dedicated managers (UCP)
●3 dedicated registries (DTR)
●Rest are dedicated workers
●success.docker.com/architectures
●docs.docker.com/ee/docker-ee-architecture
![Page 22: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/22.jpg)
Swole Swarm: 100+ Nodes
●5 dedicated managers
●Resize Managers as you grow
●Multiple Worker subnets on Private/DMZ
●Control container placement with labels + constraints
![Page 23: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/23.jpg)
Multi-Architecture
●Cluster different CPU's/OS's
●Linux + Windows + Mainframe + ARM
●Workloads assigned to their arch+os
![Page 24: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/24.jpg)
What About Windows Server?●Works great on Win 2019, less so in 2016
●Try to use Semi-Annual Channel 1903 (Kubernetes support)
●Hard to be "Windows Only Swarm"
○Much of container landscape tools are Linux only
●My recommendation:
○Managers on Linux
○Reserve Windows for Windows-exclusive workloads
![Page 25: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/25.jpg)
Don't Turn Cattle into Pets
● Assume nodes will be replaced
● Assume containers will be recreated
● Do everything in containers (troubleshooting, admin, backups, security)
![Page 26: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/26.jpg)
Swarm CE
![Page 27: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/27.jpg)
App Serviceswww.dogvs.cat vote.dogvs.cat blog.dogvs.catresult.dogvs.cat
![Page 28: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/28.jpg)
App Services + L7 Proxy
www.dogvs.cat vote.dogvs.cat blog.dogvs.catresult.dogvs.cat
![Page 29: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/29.jpg)
App Services + L7 Proxy + Overlay
www.dogvs.cat vote.dogvs.cat blog.dogvs.catresult.dogvs.cat
![Page 30: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/30.jpg)
App Services + L7 Proxy + Ops
www.dogvs.cat vote.dogvs.cat blog.dogvs.catresult.dogvs.cat
![Page 31: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/31.jpg)
Cluster + External Load Balancer
www.dogvs.cat vote.dogvs.cat blog.dogvs.catresult.dogvs.cat
![Page 32: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/32.jpg)
Open Source Swarm StackSwarm GUI PortainerCentral Monitoring Prometheus + GrafanaCentral Logging Elastic ELKLayer 7 Proxy Traefik + Let's EncryptStorage REX-Ray + cloud storageNetworking Docker Swarm OverlayOrchestration Docker SwarmRuntime Docker CEHW / OS Terraform + Cloud Instances
![Page 33: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/33.jpg)
SummaryInfrastructure as code, make everything repeatableNo "special" nodes, use remote managementGrow as you go, assume you'll resizeLook for compose files of popular tools to make stacksDon't throw out the good in search of the perfect
![Page 34: Building Your Docker Tech Stack · Containers-on-VM or Container-on-Bare-Metal. ... Developer Services Registry Services Access Policies App Lifecycle Management ... Overlay Swarm](https://reader036.vdocuments.us/reader036/viewer/2022070800/5f0259767e708231d403d585/html5/thumbnails/34.jpg)
Thanks! 🤗bretfisher.com/docker