Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Your Docker Tech Stack

Bret Fisher
June 13, 2018
Technology
1
220

Building Your Docker Tech Stack

This session will focus on the practicals of building a fully-functional stack of container cluster tools, with different options for stacking those tools from the OS-up.

We’ve all seen examples of common technologies stacks, like the good ol’ LAMP and MEAN stacks for apps, but what about lower-level infrastructure? And can we get it without cloud vendor lock-in please? Oh and pure containers and infrastructure-as-code too?

With Docker, sure thing! This session will cover:

Which OS/Distro and Kernel to use
VM’s or Bare Metal
Recommended Swarm architectures
Tool stacks for “pure open source”, “cloud-service based”, and “Docker EE” scenarios
Demos of these tools working together including InfraKit, Docker, Swarm, Flow-Proxy, ELK, Prometheus, REX-Ray, and more.

Bret Fisher

June 13, 2018
Tweet

More Decks by Bret Fisher

See All by Bret Fisher
Node.js Rocks in Docker for Dev and Ops
bretfisher
2
470
Building Your Docker Swarm Tech Stack
bretfisher
1
97
Container Orchestration with Docker and Swarm
bretfisher
0
64
Why Docker, Why Now?
bretfisher
0
34
Going Production with Docker and Swarm
bretfisher
2
1.1k
Road to Docker Production: What You Need To Know and Decide
bretfisher
2
440
Journey to Docker Production
bretfisher
1
220
Your President Wants You To Hack: Civic Hacking for Fun, Profit, and Good Karma
bretfisher
1
150

Other Decks in Technology

See All in Technology
How to Write Robust Python Code
hayaosuzuki
5
1.1k
CloudWatch複合アラームでELBの5XXをいい感じに検知しようとしたらうまくいかなかった話 / cloudwatch alarm elb 5xx
gotok365
0
600
高速な深層学習モデルアーキテクチャ2023
yu4u
2
1.6k
Predictive back transition Animation on Android 14
line_developers
PRO
1
330
WOFFの紹介
mmclsntr
0
120
データマイニングと機械学習-SVM
trycycle
0
150
ChatGPTをどう使うか?(JJUGナイトセミナー5/23)
shin_higuchi
0
820
組織の立ち上げと体制変更の1年
tarappo
2
820
安心して現場で学習できる環境として Flutter Web の管理サイトがおすすめな話
htsuruo
4
120
[春のDojo祭り'23] いまからでも遅くない!データベース超入門 ハンズオン編
leekwangsoo1995
2
340
AI完全初心者でも最新の生成AIの仕組がわかった気になれるプレゼン
shimap_sampo
5
1.7k
フィンテックとは何か / What is FinTech?
ks91
PRO
0
120

Featured

See All Featured
What's new in Ruby 2.0
geeforr
336
30k
We Have a Design System, Now What?
morganepeng
38
6.2k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
The MySQL Ecosystem @ GitHub 2015
samlambert
240
11k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
270
12k
Automating Front-end Workflow
addyosmani
1352
200k
GraphQLとの向き合い方2022年版
quramy
23
11k
Imperfection Machines: The Place of Print at Facebook
scottboms
255
12k
Testing 201, or: Great Expectations
jmmastey
26
5.9k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.5k
The World Runs on Bad Software
bkeepers
PRO
59
5.9k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
32
8.4k

Transcript

  1. BRET FISHER
    Docker Captain, DevOps Dude,
    Author of Docker Mastery
    Building Your Docker Tech Stack
    bretfisher.com/dockercon18
    @bretfisher

    View Slide

  2. People ask "Where's my LAMP for container clusters?"
    Your solutions will be a "stack" of infrastructure tools
    Cloud-native container tools are new
    We need patterns and examples of full cluster stacks
    Problem: No Server Tool Lives In Isolation

    View Slide

  3. Build examples of full-er/ish stacks on different tools
    Options for solo to medium-sized DevOps/Ops teams
    Use Docker Swarm latest stable as orchestrator
    Avoid cloud vendor lock-in*
    4 Goals for Today
    * Lock-in: A service I can't swap out in my server stack

    View Slide

  4. Limit "going production Docker" project scope. Go Lean!
    Focus first on quality Dockerfiles
    Stay on your familiar host OS with 4.x Kernel
    Use base images of familiar OS (keep same pkg mgr)
    Swarm CE can be 1 or more nodes, use it everywhere
    Swarm EE is your "easy button" for security and ops
    Last Time On Bret's DockerCon Talk

    View Slide

  5. Two Stacks, Same Core
    Docker CE Swarm
    Used for Dev/Test

    Heavy use of OSS/free

    Gluttony of choice for 3rd party

    Newest engine features
    Docker EE Swarm
    Used for Staging/Prod

    Heavy use of paid support

    Use Docker Solution Briefs

    Mature engine with hotfixes

    +
    +

    View Slide

  6. Clusters are Complex
    Start small and simple, grow them as you grow

    View Slide

  7. EE Platform Architecture
    Physical
    Virtualization
    Public Cloud
    Platform
    Security
    Developer
    Services
    Registry
    Services
    Access
    Policies
    App Lifecycle
    Management
    Automation &
    Extensibility
    Networking Orchestration Storage
    Container Engine
    ENTERPRISE EDITION PLATFORM

    View Slide

  8. CE Platform Architecture
    Public Cloud
    Overlay Swarm
    Container Engine
    COMMUNITY EDITION PLATFORM
    Physical
    Virtualization
    Platform
    Security

    View Slide

  9. v
    Sci-Fi, Am I Right!

    View Slide

  10. v
    Epic Battle Royale, on Swarm
    dogvs.cat
    VS

    View Slide

  11. v
    Epic Battle Royale, on Swarm
    dogvs.cat
    Sci-Fi Sounds Edition

    View Slide

  12. dogvs.cat App Services
    www.dogvs.cat vote.dogvs.cat blog.dogvs.cat
    result.dogvs.cat
    (Stack Files)

    View Slide

  13. dogvs.cat
    Swarm CE,
    (Han) Solo Sysadmin
    or

    View Slide

  14. Cloud agnostic, minimal infra
    Apps auto-recover on node fail
    Incoming TLS
    Centralized logging
    Centralized monitoring
    Healthcheck all containers
    Infra Requirements of dogvs.cat
    Performance auto-scaling
    Self-healing nodes
    Support serverless functions
    Services highly available
    Han Solo Requirements Optional Requirements for Later

    View Slide

  15. Simple Infrastructure, Easy Deployment
    "How can I deploy a multi-tier app
    on a few servers, with all the bells
    and whistles of orchestration with
    load balancing and auto recovery?"
    Han Solo,
    The Sysadmin

    View Slide

  16. 3+ Droplets (Ubuntu 16.04)
    Block Storage (Volumes)
    Load Balancer (incoming HTTP)
    Digital Ocean dogvs.cat
    Services Needed for High Availability

    View Slide

  17. App Services
    www.dogvs.cat vote.dogvs.cat blog.dogvs.cat
    result.dogvs.cat

    View Slide

  18. App Services + L7 Proxy
    www.dogvs.cat vote.dogvs.cat blog.dogvs.cat
    result.dogvs.cat

    View Slide

  19. App Services + L7 Proxy + Overlay
    www.dogvs.cat vote.dogvs.cat blog.dogvs.cat
    result.dogvs.cat

    View Slide

  20. App Services + L7 Proxy + Ops
    www.dogvs.cat vote.dogvs.cat blog.dogvs.cat
    result.dogvs.cat

    View Slide

  21. Cluster + External Load Balancer
    www.dogvs.cat vote.dogvs.cat blog.dogvs.cat
    result.dogvs.cat

    View Slide

  22. Open Source Stack
    Swarm GUI Portainer
    Central Monitoring Prometheus + Grafana
    Central Logging Elastic ELK
    Layer 7 Proxy Traefik + Let's Encrypt
    Storage REX-Ray + Digital Ocean Volumes
    Networking Docker Swarm Overlay
    Orchestration Docker Swarm
    Runtime Docker CE
    HW / OS Docker Machine + Digital Ocean

    View Slide

  23. Deploy Nodes: Docker Machine
    ./create-servers.sh
    ./enable-monitoring.sh
    ./create-swarm.sh

    View Slide

  24. Deploy Storage: RexRay Plug-in
    docker stack deploy -c stack-rexray.yml rexray

    View Slide

  25. Deploy Proxy Stack: Traefik with Let's Encrypt
    docker network create --driver overlay proxy
    docker stack deploy -c stack-proxy.yml proxy
    http://www.dogvs.cat:8080/dashboard/

    View Slide

  26. Deploy Ops Stacks:
    Prometheus + ELK + Portainer
    docker stack deploy -c stack-swarmprom.yml prom
    docker stack deploy -c stack-elk.yml elk
    docker stack deploy -c stack-portainer.yml portainer

    View Slide

  27. Our Apps: Voting + Ghost + Static Site
    docker stack deploy -c stack-ghost.yml ghost
    docker stack deploy -c stack-voting.yml vote
    docker stack deploy -c stack-menu.yml menu

    View Slide

  28. Deploy Stacks: Maintenance Tasks
    docker stack deploy -c stack-prune.yml prune
    backups (in stack file with app)

    View Slide

  29. Day Two Operations: Updates
    stack deploy ∞
    micromanage update_config and healthcheck
    tune your limits and reservations

    View Slide

  30. Security?
    host setup scanning: Docker Bench
    image scanning: Aqua Microscanner
    behavior monitoring: Sysdig Falco
    user namespaces

    View Slide

  31. Next Steps
    more nodes? make 'em workers
    CI/CD stacks: gitlab, jenkins
    make redis, mysql, psql HA
    add app metrics to Prometheus
    swap Overlay for Weave Net
    swap ELK for Papertrail, etc.
    swap Prometheus for Sysdig,
    Datadog, Librato, etc.
    add socat proxy to Traefik

    View Slide

  32. Swarm EE,
    Amazonian DevOps
    dogvscat.biz
    or

    View Slide

  33. Complex Infrastructure, Harder Deployment
    "How can I deploy many multi-tier
    app on a many servers, with all the
    b e l l s a n d w h i s t l e s o f H A
    orchestration, have load balancing
    at all levels, with failover and
    auto recovery?"
    Amazonian
    Team

    View Slide

  34. CE Platform Architecture
    Physical
    Virtualization
    Public Cloud
    Platform
    Security Networking Orchestration
    Container Engine
    COMMUNITY EDITION PLATFORM

    View Slide

  35. EE Platform Architecture
    Physical
    Virtualization
    Public Cloud
    Platform
    Security
    Developer
    Services
    Registry
    Services
    Access
    Policies
    App Lifecycle
    Management
    Automation &
    Extensibility
    Networking Orchestration Storage
    Container Engine
    ENTERPRISE EDITION PLATFORM

    View Slide

  36. No More One Size Fits All
    Docker for
    AWS
    Docker for
    Azure

    View Slide

  37. Docker Certified Infrastructure

    View Slide

  38. v
    Reference
    Architecture
    Automation
    Tools
    Ecosystem
    Integration
    Docker Certified Infrastructure

    View Slide

  39. DCI AWS

    View Slide

  40. Docker EE on AWS Stack
    Swarm GUI Docker EE UCP
    Central Monitoring AWS Cloudwatch + Telegraph
    Central Logging AWS Cloudwatch Logs
    Registry Docker EE DTR
    Layer 7 Proxy HTTP Routing Mesh (Interlock+Nginx)
    Storage Docker Cloudstor EBS/EFS
    Networking Docker Swarm Overlay
    Orchestration Docker Swarm
    Runtime Docker EE
    HW / OS Terraform + Ansible + AWS

    View Slide

  41. Deploy Nodes: Terraform + Ansible
    terraform apply
    ansible-playbook -i inventory install.yml

    View Slide

  42. Advantages
    more flexible deployment tools
    more SecOps tools
    ops tools are fully HA
    ops tools are team-ready
    deploy to K8s just as easy

    View Slide

  43. Deploy Apps
    docker stack deploy -c stack-ghost.yml ghost
    docker stack deploy -c stack-voting.yml vote
    docker stack deploy -c stack-menu.yml menu

    View Slide

  44. Next Steps
    All the things in Swarm CE
    monitoring via CloudWatch and
    Telegraph
    logging via CloudWatch Logs

    View Slide

  45. Summary
    Infrastructure as code, make everything repeatable
    No "special" nodes, use remote management
    Grow as you go, assume you'll resize
    Look for compose files of popular tools to make stacks
    Don't throw out the good in search of the perfect

    View Slide

  46. I'd like to
    thank the
    internet

    View Slide

  47. Support
    the open source
    you use

    View Slide

  48. PLEASE VOTE SO I WIN ALL
    THE DOCKERS FRIDAY!
    Thanks!
    bretfisher.com/dockercon18
    "Building Your Docker Tech Stack"

    View Slide