Daniël van Gils @foldingbeauty daniel@cloud66.com

www.cloud66.com

!

"

How the hell do I run Docker in Production?...

and will it scale?

UXDevOps

Business

Developer Advocate

Established in 2012

Build, deploy and maintain any application on any server, on the cloud provider of your choice or bring your own servers.

Running Docker in production for almost 1½ years for our customers.

We simplify DevOps.

Average of 4000+ servers.

How the hell do I run Docker in Production?...

and will it scale?

Daniël van Gils @foldingbeauty daniel@cloud66.com

www.cloud66.com

!

"

NOISE

$docker run alpine echo 'hello world’

you don’t know what kind of skills you need

production

you know what kind of skill you need

you think you know your gained all the skills

but you don’t know

time

skill

s

technology

#♥

NOISE

Minimal Lovable Service

%

&

#

#1 the right container image

#2 containers in production

&&

&

''

containers

& &&&&&

&

bin/libs

os

%

bin/libs bin/libs

(

)

*+

%

'server

os

bin/libs

)

,

''

cloud/VM

os

bin/libs

%

(

)

'os

bin/libs

(

)

cloud/VM

%

(

)

*+

containers

%%)

server

dev

ops

ops

ops

dev dev,

Containers need a smooth DevOps team

- service

& containers

server cluster(s)'

image&#

&&

= code

= docker file

= docker engine

= platform

&

build

ship

deploy

%containerisation

(

)

*+

the containerisation machine

&&&

(you can’t polish a turd

%

&

containerisation

)

*.

&&& =

Keep Images Slim Stupid

dev » test » stage » production

#Minimal Lovable Service Image

SMALL SECURE

SPEEDY / PERFORMANT STABLE

SET / IMMUTABLE

&#

Keep Images Small, Secure, Speedy, Stable and Set Stupid

SMALL Start with the smallest minimal image you can find. Remove compile time dependencies. Remove packages you don’t need. Run stats for the image.

&#

“I didn't have time to create a slim image, so I created a fat one instead.”

SMALL SECURE

PERFORMANT STABLE

IMMUTABLE

&#

SECURE Remove all the secrets. Patch to the latest security updates. Run the image with the right UID. Test the image.

&#

SMALL SECURE

PERFORMANT STABLE

IMMUTABLE

&#

PERFORMANT Optimise code. Memory and cpu usage. One process. Load testing.

&#

SMALL SECURE

PERFORMANT STABLE

IMMUTABLE

&#

STABLE Lock the image version. Lock the runtime version(s). Tag your image. Proper logging. Image guideline for your team.

&#

SMALL SECURE

PERFORMANT STABLE

IMMUTABLE

&#

IMMUTABLE Use volumes wisely. Loosely coupled. Don’t use databases inside a image. Use external services for persistency.

&#

dev » test » stage » production

#Minimal Lovable Service Image

Keep Images Small, Secure, Speedy, Stable and Set Stupid

-

&#

& 0

monolith containerisation ± 70 %

monolith 1x

monolith image FAT

-

&#

&

0

API first containerisation ± 20%

&#

&api 1x

frontend 1x

image frontend FAT

image api FAT

-

&#

&

0

splitting monolith containerisation ± 6%

&#api 6x

frontend 1x &#

&

workers 10x

&&&&&&&&&

image frontend FAT

image api THIN

image workers THIN

&&&&&&

-

&#

10

&#A 6x

B 12x &#

&

C 10x

&&&&&&&&&

image B THIN

image A THIN

image C THIN

&&&&&&

microservice architecture ± 4%

&&&&&&&

&&&&&

message queue

DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY

0

DEV/OPS/DESIGN FLOW Have an image guideline. Create a workflow using the same image in all the software cycle stages. From design to production mimic the environment. Test heavily.

20

DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY

3

ORCHESTRATION Isolation of services. Make use of the resource available. Self healing. Load distribution. Adding nodes to your cluster.

23

DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY

4

DISCOVERY Find your services and datasources with minimal code change. Versioning of running services. Automagically update discovery when new services are online or scaled up/down.

24

DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING/SCHEDULING DATA MANAGMENT MONITORING SECURITY

5

SCALING/SCHEDULING Scale your containers. Scale your docker cluster. Scale your on/off jobs. Failover groups. Cross cloud clusters. Load balancing.

25

DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY

DATA MANAGEMENT Backup and restores. Clustering. Verify your backups. Run natively not in a container for non cloud native DBs.

2

DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY

6

MONITORING Get all the statistics of resources (mem/load/net/res) used. Aggregating of logs. Debugging your containers.

26

DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY2

SECURITY Intrusion detection and prevention systems. Denial of service protection. Firewalling. Failover groups. Segregate container groups VPC / bastion servers. Verification of images.

22

SMALL SECURE PERFORMANT STABLEIMMUTABLE

&#DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING/SCHEDULING DATA MANAGMENT MONITORING SECURITY

%

MLI PLATFORM CONTAINERS AS A SERVICE

When you get DevOps right, Microservices architecture right and creating the right minimal lovable Image and having the right platform to run containers. Ohh man, the future is bright and you don’t go to hell!

#

www.cloud66.com blog.cloud66.com habitus.io startwithdocker.com

ready for your quest?

thank you

Daniël van Gils @foldingbeauty daniel@cloud66.com

www.cloud66.com

!

"