challenges of container configuration
TRANSCRIPT
![Page 1: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/1.jpg)
![Page 2: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/2.jpg)
The challenges ofcontainer configuration David Lutterkort @lutterkort [email protected]
![Page 3: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/3.jpg)
Overview
● What is configuration ?
● Immutability
● Build vs Run
● Who configures the scheduler ?
● Conclusions
3
![Page 4: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/4.jpg)
What is configuration ?
![Page 5: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/5.jpg)
package/file/service
is only one instance of a more general problem
5
![Page 6: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/6.jpg)
Configuration is any input into infrastructure
It needs to be managed
over time and at scale
6
![Page 7: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/7.jpg)
Core configuration management features:
❏ describe system aspects in isolation
❏ combine aspects into whole
❏ common format for querying
❏ bridge across entire infrastructure
7
![Page 8: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/8.jpg)
$ docker run -d \ -e MYSQL_HOST=mysql.example.com \ -e MYSQL_PORT=3306 \ --health-cmd /usr/bin/check \ webapp
![Page 9: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/9.jpg)
Immutability
![Page 10: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/10.jpg)
$ docker run \ --name example fedora:24 \ /bin/sh -c ‘while true; do \ cat /etc/system-release; \ sleep 1; \ done’
![Page 11: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/11.jpg)
$ docker run …
Fedora release 24 (Twenty Four)Fedora release 24 (Twenty Four)Fedora release 24 (Twenty Four)Fedora release 24 (Twenty Four)Fedora release 24 (Twenty Four)Fedora release 24 (Twenty Four)Fedora release 24 (Twenty Four)Fedora release 24 (Twenty Four)
![Page 12: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/12.jpg)
$ docker exec example /bin/sh -c \ ‘sed -i -e s/24/25/ /etc/system-release’
![Page 13: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/13.jpg)
Fedora release 24 (Twenty Four)Fedora release 24 (Twenty Four)
Fedora release 25 (Twenty Four)Fedora release 25 (Twenty Four)Fedora release 25 (Twenty Four)Fedora release 25 (Twenty Four)Fedora release 25 (Twenty Four)Fedora release 25 (Twenty Four)
$ docker exec …
![Page 14: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/14.jpg)
$ docker diff exampleC /runA /run/secretsC /etcC /etc/system-release
![Page 15: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/15.jpg)
Containers are not immutable by defaultOnly as immutable as packages
15
![Page 16: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/16.jpg)
$ docker run --read-only \ --name example fedora:24 \ /bin/sh -c ‘while true; do \ cat /etc/system-release; \ sleep 1; \ done’
![Page 17: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/17.jpg)
$ docker exec example /bin/sh -c \ ‘sed -i -e s/24/25/ /etc/system-release’sed: couldn't open temporary file /etc/sed5OCs5t: Read-only file system
![Page 18: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/18.jpg)
$ docker diff exampleC /runA /run/secrets
![Page 19: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/19.jpg)
Suggestion
Enable --read-only whenever possible
19
![Page 20: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/20.jpg)
require 'rubygems'require 'sinatra'require 'haml'
# Handle GET-request (Show the upload form)get "/upload" do haml :uploadend
# Handle POST-request (Receive and save the uploaded file)post "/upload" do File.open('uploads/' + params['myfile'][:filename], "w") do |f|
f.write(params['myfile'][:tempfile].read) end return "The file was successfully uploaded!"end
![Page 21: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/21.jpg)
$ docker run -d --read-only lutter/lolcat
![Page 22: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/22.jpg)
require 'rubygems'require 'sinatra'require 'haml'
# Handle GET-request (Show the upload form)get "/upload" do haml :uploadend
# Handle POST-request (Receive and save the uploaded file)post "/upload" do
File.open('uploads/' + params['myfile'][:filename], "w") do |f|f.write(params['myfile'][:tempfile].read)
end return "The file was successfully uploaded!"end
![Page 23: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/23.jpg)
$ docker run -d --read-only \ -v /srv/lolcat/uploads:/app/uploads \ lutter/lolcat
![Page 24: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/24.jpg)
require 'rubygems'require 'sinatra'require 'haml'
# Handle GET-request (Show the upload form)get "/upload" do haml :uploadend
# Handle POST-request (Receive and save the uploaded file)post "/upload" do File.open('uploads/' + params['myfile'][:filename], "w") do |f|
f.write(params['myfile'][:tempfile].read) end return "The file was successfully uploaded!"end
![Page 25: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/25.jpg)
$ docker run -d --read-only \ -v /srv/lolcat/uploads:/app/uploads \ --tmpfs /tmp \ lutter/lolcat
![Page 26: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/26.jpg)
Suggestion
Use --tmpfs where needed
26
![Page 27: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/27.jpg)
Without technical controls you only have
social guarantees of immutability
27
![Page 28: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/28.jpg)
How do you know the correct
invocation for an image ?
28
![Page 29: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/29.jpg)
Build vs Run
![Page 30: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/30.jpg)
Given an image
❏ What machine built this image ?
❏ How do you run this image ?
❏ Who supports this image ?
❏ Does the image contain malware ?
30
![Page 31: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/31.jpg)
Given a container
❏ Who built it ?
❏ How was it built ?
❏ What software does it contain ?
❏ Is the software up-to-date ?
31
![Page 32: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/32.jpg)
FROM fedora:24
RUN dnf update -y && \ dnf install -y ruby rubygem-bundler && \ dnf clean all
COPY . /app
RUN cd /app && bundle install --path vendor/bundle
WORKDIR /appVOLUME /app/uploadsEXPOSE 9292CMD ["/usr/bin/bundle", "exec", "rackup"]
![Page 33: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/33.jpg)
FROM fedora:24
RUN dnf update -y && \ dnf install -y ruby rubygem-bundler && \ dnf clean all
COPY . /app
RUN cd /app && bundle install --path vendor/bundle
WORKDIR /appVOLUME /app/uploadsEXPOSE 9292CMD ["/usr/bin/bundle", "exec", "rackup"]
Where did the base image come from ?
![Page 34: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/34.jpg)
FROM fedora:24
RUN dnf update -y && \ dnf install -y ruby rubygem-bundler && \ dnf clean all
COPY . /app
RUN cd /app && bundle install --path vendor/bundle
WORKDIR /appVOLUME /app/uploadsEXPOSE 9292CMD ["/usr/bin/bundle", "exec", "rackup"]
What repositories and what package versions ?
![Page 35: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/35.jpg)
FROM fedora:24
RUN dnf update -y && \ dnf install -y ruby rubygem-bundler && \ dnf clean all
COPY . /app
RUN cd /app && bundle install --path vendor/bundle
WORKDIR /appVOLUME /app/uploadsEXPOSE 9292CMD ["/usr/bin/bundle", "exec", "rackup"]
What was in this directory at build time ?
![Page 36: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/36.jpg)
Time is your enemy
36
![Page 37: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/37.jpg)
When do you rebuild images ?
37
![Page 38: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/38.jpg)
Code changes and external factors
should trigger rebuild
38
![Page 39: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/39.jpg)
Explain yourself with metadataDocker labels are a great way to do that
39
![Page 40: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/40.jpg)
Name : glibcVersion : 2.23.1Release : 10.fc24Architecture: x86_64License : LGPLv2+ and LGPLv2+ with exceptions and GPLv2+Signature : RSA/SHA256, Thu 18 Aug 2016 09:27:43 AM PDT, Key ID 73bde98381b46521Source RPM : glibc-2.23.1-10.fc24.src.rpmBuild Date : Thu 18 Aug 2016 06:37:42 AM PDTBuild Host : buildvm-16.phx2.fedoraproject.orgPackager : Fedora ProjectVendor : Fedora ProjectSummary : The GNU libc libraries
![Page 41: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/41.jpg)
$ docker inspect \ -f "{{json .Config.Volumes}}" lutter/lolcat{ "/app/uploads": {}}
![Page 42: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/42.jpg)
$ docker inspect \ -f "{{json .Config.ExposedPorts}}" lutter/lolcat{ "9292/tcp": {}}
![Page 43: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/43.jpg)
LABEL vendor=”ACME Incorporated” \ com.acme.release-status=”beta” \ com.acme.version=”0.1.0-beta” \ com.acme.git.sha=”f260653a”
![Page 44: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/44.jpg)
$ docker inspect \ -f "{{json .Config.Labels}}" lutter/lolcat | jq{ "com.acme.git.sha": "f260653a", "com.acme.release-status": "beta", "com.acme.version": "0.1.0-beta", "vendor": "ACME Incorporated"}
![Page 45: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/45.jpg)
Suggestion
Decide upon and enforcemetadata standards
45
![Page 46: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/46.jpg)
LABEL com.acme.dockerfile=”/Dockerfile”
![Page 47: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/47.jpg)
$ docker inspect \ -f "{{json .Config.Labels}}" lutter/alpine | jq{ "com.example.dockerfile": "/Dockerfile"}
![Page 48: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/48.jpg)
$ docker run -it lutter/alpine cat /DockerfileFROM alpineRUN apk add --update bash && rm -rf /var/cache/apk/*COPY Dockerfile /LABEL com.example.dockerfile="/Dockerfile"
![Page 49: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/49.jpg)
Suggestion
Embed your Dockerfile in the image
49
![Page 50: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/50.jpg)
LABEL com.acme.cmd.packages=”apk info -vv”
![Page 51: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/51.jpg)
$ docker run -it lutter/alpine apk info -vvmusl-1.1.14-r12 - the musl c library (libc)busybox-1.24.2-r11 - Size optimized toolbox of ...alpine-baselayout-3.0.3-r0 - Alpine base dir ...alpine-keys-1.1-r0 - Public keys for Alpine Linux ...zlib-1.2.8-r2 - A compression/decompression Librarybash-4.3.42-r3 - The GNU Bourne Again shell...
![Page 52: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/52.jpg)
Suggestion
Make your images discoverable
52
![Page 53: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/53.jpg)
puppetlabs/puppetlabs-image_build
![Page 54: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/54.jpg)
class { 'nginx': }
nginx::resource::vhost { 'default': www_root => '/var/www/html',}
file { '/var/www/html/index.html': ensure => present, content => 'Hello Puppet and Docker',}
exec { 'Disable Nginx daemon mode': path => '/bin', command => 'echo "daemon off;" >> /etc/nginx/nginx.conf', unless => 'grep "daemon off" /etc/nginx/nginx.conf',}
![Page 55: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/55.jpg)
# metadata.yamlcmd: nginxexpose: 80image_name: puppet/nginx
![Page 56: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/56.jpg)
$ puppet docker build...
$ docker run -d -p 8080:80 acme/nginx-test83d5fbe370e84d424c71c1c038ad1f5892fec579d28b...
$ curl http://127.0.0.1:8080Hello Puppet and Docker
![Page 57: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/57.jpg)
Who configures the scheduler ?
![Page 58: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/58.jpg)
Schedulers/orchestrators isolate you from
❏ where individual containers run
❏ balancing due to new resources
❏ respawning due to failed resources
58
![Page 59: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/59.jpg)
Schedulers operate on constraints
59
![Page 60: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/60.jpg)
Decisions depend on accurate resource
information
60
![Page 61: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/61.jpg)
$ docker daemon \ --label environment=production \ --label storage=ssd
![Page 62: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/62.jpg)
$ docker run -d -P \ --label com.example.environment=production \ -e constraint:storage==ssd --name db mysql
![Page 63: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/63.jpg)
template: metadata: labels: app: guestbook tier: frontend spec: containers: - name: php-redis image: gcr.io/google-samples/gb-frontend:v4 resources: requests: cpu: 100m memory: 100Mi env: - name: GET_HOSTS_FROM value: dns # If your cluster config does not include a dns service, then to # instead access environment variables to find service host # info, comment out the 'value: dns' line above, and uncomment the # line below. # value: env ports: - containerPort: 80
![Page 64: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/64.jpg)
How do you manage properties
for all your hosts ?
64
![Page 65: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/65.jpg)
Suggestion
Compute host properties dynamically
65
![Page 66: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/66.jpg)
$ facter -y | head -n 20aio_agent_version: 1.7.0augeas: version: 1.4.0disks: sda:
model: SanDisk SDSSDA24size: 223.57 GiBsize_bytes: 240057409536vendor: ATA
...dmi: bios: ...memory:...
![Page 67: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/67.jpg)
$ docker daemon \ --label os=$(facter os.family) \ --label kernel=$(facter kernelversion) \ --label memory=$(facter memory.system.total_bytes)
![Page 68: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/68.jpg)
https://forge.puppet.com/puppetlabs/docker_platform
![Page 69: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/69.jpg)
class { 'docker': labels => [ "os=${facts[os][family]", "kernel=${facts[kernelversion]}", "memory=${facts[memory][system][total_bytes]}" ],}
![Page 70: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/70.jpg)
Schedulers introduce higher-level primitives
70
![Page 71: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/71.jpg)
Docker networks
Kubernetes services and replication controllers
Chronos jobs
71
![Page 72: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/72.jpg)
Many interfaces imperative not declarative
72
![Page 73: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/73.jpg)
$ kubectl get pod mypod -o yaml \ | sed -e ‘s/\(image:myimage\):.*$/\1:v4/’ \ | kubectl replace -f -
![Page 74: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/74.jpg)
$ docker network create bobca7b185775966003d38ccbd9bba822fb570766e4bb
$ docker network create bobError response from daemon: network with name bob ...
![Page 75: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/75.jpg)
docker_network { 'bob': ensure => present, driver => 'overlay', subnet => '192.168.1.0/24', gateway => '192.168.1.1', ip_range => '192.168.1.4/32',}
![Page 76: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/76.jpg)
And everything is in YAML
76
![Page 77: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/77.jpg)
“The language to represent the data should be a simple, data-only
format such as JSON or YAML, and programmatic modification of
this data should be done in a real programming language, where
there are well-understood semantics, as well as good tooling.
Borg, Omega, and Kubernetes, ACM Queue, Volume 14 Issue 1 | http://queue.acm.org/detail.cfm?id=2898444
77
![Page 78: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/78.jpg)
Code plus data has advantages
over data alone
78
![Page 79: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/79.jpg)
https://forge.puppet.com/garethr/kubernetes
![Page 80: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/80.jpg)
kubernetes_pod { 'sample-pod': ensure => present, metadata => { namespace => 'default', }, spec => { containers => [{ name => 'container-name', image => 'nginx', }] },}
![Page 81: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/81.jpg)
controller_service_pair { 'redis-master': app => 'redis', role => 'master', tier => 'backend', port => 6379,}
![Page 82: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/82.jpg)
Conclusions
![Page 83: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/83.jpg)
The difference between how you think a
system behaves and how it actually behaves
risks hard-to-debug production issues
83
![Page 84: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/84.jpg)
Container use at scale and over time
requires meaningful abstraction
84
![Page 85: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/85.jpg)
Configuration management as a discipline
provides tools to build those abstractions and
thereby minimize risk
85
![Page 86: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/86.jpg)
86
Project Blueshift boothExhibition Hall
Docker, Mesos, Kubernetes and Puppet? Don't Panic !Deepak Giridharagopal, Thur, 4:45pm
Pulling the strings to containerize your lifeScott Coulton, Fri, 9:50am
Running Puppet software in Docker containersGareth Rushgrove, Fri, 1:30pm
![Page 87: Challenges of container configuration](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f309e71a28ab1d1a8b4569/html5/thumbnails/87.jpg)