Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Going Production with Docker and Swarm

Bret Fisher
November 14, 2017
Technology
2
1.1k

Going Production with Docker and Swarm

Come learn the major decisions you need to make and some big lessons learned on the way to using Docker Swarm in production. This is an updated top-10 talk from DockerCon on the details of infrastructure and project planning for jumping from Docker for dev/test to a production cluster in the datacenter or the cloud.
DevOps in the Real World is far from perfect, yet we all dream of that amazing auto-healing fully-automated CI/CD micro-service infrastructure that we'll have "someday." But until then, how can you really start using containers today, and what decisions do you need to make to get there? This session is designed for practitioners who are looking for ways to get started now with Docker and Swarm in production, using the latest versions. This is not a Docker 101, but rather it's to help you be successful on your way to Dockerizing your production systems. Attendees will get tactics, example configs, real working infrastructure designs, and see the (sometimes messy) internals of Docker in production today. Based on consulting project lessons-learned and Docker team best practices, given by a Docker Captain and DevOps consultant.

Bret Fisher

November 14, 2017
Tweet

More Decks by Bret Fisher

See All by Bret Fisher
Node.js Rocks in Docker for Dev and Ops
bretfisher
2
470
Building Your Docker Swarm Tech Stack
bretfisher
1
97
Container Orchestration with Docker and Swarm
bretfisher
0
63
Building Your Docker Tech Stack
bretfisher
1
220
Why Docker, Why Now?
bretfisher
0
34
Road to Docker Production: What You Need To Know and Decide
bretfisher
2
440
Journey to Docker Production
bretfisher
1
220
Your President Wants You To Hack: Civic Hacking for Fun, Profit, and Good Karma
bretfisher
1
150

Other Decks in Technology

See All in Technology
日浅流、 エンジニアリングマネージャーのしごと
takahia1988
0
110
競プロ作問を支える技術
tsutaj
0
200
Vision.framework - 商品画像からのテキスト検出と並列化実装への試み
hcrane
0
200
Security-JAWS#29 AWS Summit Tokyo 2023 オンデマンド配信を楽しむためのセキュリティ関連トピックご紹介
kthrtty
1
210
ChatGPTを聞き手にしよう
niryuu
0
390
サービスレベル管理とは?〜計測すべき指標と活用について/What is Service Level Management
newrelic2023
0
300
「エンジニアリングで運用を改善する」ためのAmazon CloudWatch活用
mitsuaki96
1
600
Deep Dive into Jetpack Compose State
jisungbin
0
180
Антихрупкость в IT или как полюбить изменения
alexanderbyndyu
0
190
トラブルシューティングから Linux カーネルに潜り込む
hiboma
7
1.4k
ブロックテーマでどう変わる?新しいWordPressのWebサイト制作
tbshiki
0
130
20230520_ChatGPT部_第7回_オープニングトークとこの1週間のサマリ
doradora09
0
100

Featured

See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
152
13k
Rebuilding a faster, lazier Slack
samanthasiow
70
7.7k
Intergalactic Javascript Robots from Outer Space
tanoku
263
26k
How to name files
jennybc
51
79k
Done Done
chrislema
178
15k
YesSQL, Process and Tooling at Scale
rocio
158
13k
10 Git Anti Patterns You Should be Aware of
lemiorhan
644
55k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
23
1.8k
Designing for Performance
lara
601
65k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
16
1.3k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
214
12k
Code Review Best Practice
trishagee
52
12k

Transcript

  1. Going Production
    with Docker and
    Swarm
    Bret Fisher
    DevOps Consultant

    Docker Captain, Dell {code} Catalyst

    Author of Udemy's Docker Mastery
    Add
    picture
    here

    View Slide

  2. Slides!
    Tweets!
    twitter.com/bretfisher
    Add
    picture
    here
    bretfisher.com/slides
    DevOps Consultant

    Docker Captain, Dell {code} Catalyst

    Author of Udemy's Docker Mastery

    View Slide

  3. Why Are We Here?
    ● Want Docker in production
    ● Want to orchestrate containers
    ● Need to make educated project decisions
    ● Learn which requirements could be optional
    ● Learn 80's/90's video games
    ● Hear bad analogies relating retro games to Docker

    View Slide

  4. A Bit About Me
    ●Geek since 5th Grade
    ●IT Sysadmin+Dev since 1994
    ●Currently Container Fanboy, Consultant/Trainer
    ●Owned *REAL* Atari 2600, NES, SNES, Sega
    Genesis, Sinclair, TRS-80, Packard Bell 386
    ●Likes Geek Trivia. Lets Have Some!

    View Slide

  5. View Slide

  6. View Slide

  7. View Slide

  8. Project Docker
    Super Project Advice Special Turbo Champion Edition

    View Slide

  9. Limit Your Simultaneous Innovation
    ● Many initial container projects are too big in scope
    ● Solutions you maybe don't need day one:
    ○ Fully automatic CI/CD
    ○ Dynamic performance scaling
    ○ Containerizing all or nothing
    ○ Starting with persistent data

    View Slide

  10. Legacy Apps Work In Containers Too
    ● Microservice conversion isn't required
    ● 12 Factor is a horizon we're always chasing
    ● Don't let these ideals delay containerization

    View Slide

  11. View Slide

  12. Dockerfile Power-Ups

    View Slide

  13. What To Focus On First: Dockerfiles
    ● More important than fancy orchestration
    ● It's your new build documentation
    ● Study Dockerfile/Entrypoints of Hub Officials
    ● Use FROM Official distros that are most familiar

    View Slide

  14. Dockerfile Maturity Model
    ●Make it start
    ●Make it log all things to stdout/stderr
    ●Make it documented in file
    ●Make it work for others
    ●Make it lean
    ●Make it scale

    View Slide

  15. View Slide

  16. View Slide

  17. View Slide

  18. Dockerfile
    Anti-patterns

    View Slide

  19. Dockerfile Anti-pattern: Trapping Data
    ● Problem: Storing unique data in container
    ● Solution: Define VOLUME for each location

    View Slide

  20. Dockerfile Anti-pattern: Using Latest
    ● Latest = Image builds will be ¯\_(ツ)_/¯
    ● Problem: Image builds pull FROM
    latest
    ● Solution: Use specific FROM tags
    ● Problem: Image builds install latest
    packages
    ● Solution: Specify version for critical
    apt/yum/apk packages

    View Slide

  21. Dockerfile Anti-pattern: Leaving Default Config
    ● Problem: Not changing app defaults, or blindly copying VM conf
    ○ e.g. php.ini, mysql.conf.d, java memory
    ● Solution: Update default configs via ENV, RUN, and ENTRYPOINT

    View Slide

  22. Dockerfile Anti-pattern: Environment Specific
    ● Problem: Copy in environment config at image build
    ● Solution: Single Dockerfile with default ENV's, and
    overwrite per-environment with ENTRYPOINT script

    View Slide

  23. View Slide

  24. View Slide

  25. View Slide

  26. Lets Slay Some Infrastructure Dragons
    The Big 3 Decisions

    View Slide

  27. Containers-on-VM or Container-on-Bare-Metal
    ●Do either, or both. Lots of pros/cons to either
    ●Stick with what you know at first
    ●Do some basic performance testing. You will learn lots!
    ●2017 Docker Inc. and HPE whitepaper on MySQL benchmark
    ○(authored by yours truly, and others)
    ○bretfisher.com/qconsf17

    View Slide

  28. OS Linux Distribution/Kernel Matters
    ● Docker is very kernel and storage driver dependent
    ● Innovations/fixes are still happening here
    ● "Minimum" version != "best" version
    ● No pre-existing opinion? Ubuntu 16.04 LTS
    ○ Popular, well-tested with Docker
    ○ 4.x Kernel and wide storage driver support
    ● Or InfraKit and LinuxKit!
    ● Get correct Docker for your distro from store.docker.com

    View Slide

  29. Container Base Distribution: Which One?
    ● Which FROM image should you use?
    ● Don't make a decision based on image size (remember it's
    Single Instance Storage)
    ● At first: match your existing deployment process
    ● Consider changing to Alpine later, maybe much later

    View Slide

  30. View Slide

  31. Build Your Empire Swarm

    View Slide

  32. Good Defaults: Swarm Architectures
    ● Simple sizing guidelines based off:
    ○ Docker internal testing
    ○ Docker reference architectures
    ○ Real world deployments
    ○ Swarm3k lessons learned

    View Slide

  33. Baby Swarm: 1-Node
    ●"docker swarm init" done!
    ●Solo VM's do it, so can
    Swarm
    ●Gives you more features
    then docker run

    View Slide

  34. HA Swarm: 3-Node
    ●Minimum for HA
    ●All Managers
    ●One node can fail
    ●Use when very small budget
    ●Pet projects or Test/CI

    View Slide

  35. Biz Swarm: 5-Node
    ●Better high-availability
    ●All Managers
    ●Two nodes can fail
    ●My minimum for uptime that
    affects $$$

    View Slide

  36. Flexy Swarm: 10+ Nodes
    ●5 dedicated Managers
    ●Workers in DMZ
    ●Anything beyond 5 nodes, stick with
    5 Managers and rest Workers
    ●Control container placement with
    labels + constraints

    View Slide

  37. Swole Swarm: 100+ Nodes
    ●5 dedicated managers
    ●Resize Managers as you grow
    ●Multiple Worker subnets on
    Private/DMZ
    ●Control container placement with
    labels + constraints

    View Slide

  38. Don't Turn Cattle into Pets
    ● Assume nodes will be replaced
    ● Assume containers will be recreated
    ● Docker for (AWS/Azure) does this
    ● LinuxKit and InfraKit expect it

    View Slide

  39. Reasons for Multiple Swarms
    Bad Reasons
    ● Different hardware
    configurations (or OS!)
    ● Different subnets or
    security groups
    ● Different availability zones
    ●Security boundaries for
    compliance
    Good Reasons
    ● Learning: Run Stuff on Test
    Swarm
    ● Geographical boundaries
    ● Management boundaries
    using Docker API (or Docker
    EE RBAC, or other auth plugin)

    View Slide

  40. What About Windows Server 2016 Swarm?
    ●Hard to be "Windows Only Swarm", mix with Linux nodes
    ●Much of those tools are Linux only
    ●Windows = Less choice, but easier path
    ●My recommendation:
    ○Managers on Linux
    ○Reserve Windows for Windows-exclusive workloads

    View Slide

  41. View Slide

  42. View Slide

  43. Bring In
    Reinforcements

    View Slide

  44. Outsource Well-Defined Plumbing
    ● Beware the "not implemented here" syndrome
    ● If challenge to implement and maintain
    ● + SaaS/commercial market is mature
    ● = Opportunities for outsourcing

    View Slide

  45. Outsourcing: For Your Consideration
    ●Image registry
    ●Logs
    ●Monitoring and alerting
    ● Tools/Projects: https://github.com/cncf/landscape

    View Slide

  46. Tech Stacks
    Designs for a full-featured cluster

    View Slide

  47. Pure Open Source Self-Hosted Tech Stack
    Swarm GUI Portainer
    Central Monitoring Prometheus + Grafana
    Central Logging ELK
    Layer 7 Proxy Flow-Proxy Traefik
    Registry Docker Distribution + Portus
    CI/CD Jenkins
    Storage REX-Ray
    Networking Docker Swarm
    Orchestration Docker Swarm
    Runtime Docker
    HW / OS InfraKit Terraform
    Also
    Functions As A Service:
    OpenFaaS
    Kubernetes???

    View Slide

  48. Docker for X: Cheap and Easy Tech Stack
    Swarm GUI Portainer
    Central Monitoring Librato Sysdig
    Central Logging Docker for AWS/Azure
    Layer 7 Proxy Flow-Proxy Traefik
    Registry Docker Hub Quay
    CI/CD Codeship TravisCI
    Storage Docker for AWS/Azure
    Networking Docker Swarm
    Orchestration Docker Swarm
    Runtime Docker
    HW / OS Docker for AWS/Azure

    View Slide

  49. Docker Enterprise Edition + Docker for X
    Swarm GUI Docker EE (UCP)
    Central Monitoring Librato Sysdig
    Central Logging Docker for AWS/Azure
    Layer 7 Proxy Docker EE (UCP)
    Registry Docker EE (DTR)
    CI/CD Codeship TravisCI
    Storage Docker for AWS/Azure
    Networking Docker Swarm
    Orchestration Docker Swarm
    Runtime Docker EE
    HW / OS Docker for AWS/Azure
    Also
    Image Security Scanning
    Role-Based Access Cont
    Image Promotion
    Content Trust
    Kubernetes

    View Slide

  50. View Slide

  51. View Slide

  52. 4 Can Co-Op,
    But 1 Plays

    Just Fine

    View Slide

  53. Must We Have An Orchestrator?
    ● Let's accelerate your docker migration even more
    ● Already have good infrastructure automation?
    ● Maybe you have great VM autoscale?
    ● Like the security boundary of the VM OS?

    View Slide

  54. One Container Per VM
    ● Why don't we talk about this more?
    ● Least amount of infrastructure change but also:
    ○ Run on Dockerfile recipes rather then Puppet etc.
    ○ Improve your Docker management skills
    ○ Simplify your VM OS build

    View Slide

  55. One Container Per VM: Not New
    ● Windows is doing it with Hyper-V Containers
    ● Linux is doing it with Intel Clear Containers
    ● LinuxKit will make this easier: Immutable OS
    ● Watch out for Windows "LCOW" using LinuxKit

    View Slide

  56. View Slide

  57. View Slide

  58. View Slide

  59. View Slide

  60. Summary
    ●Trim the optional requirements at first
    ●First, focus on Dockerfile/docker-compose.yml
    ●Watch out for Dockerfile anti-patterns
    ●Stick with familiar OS and FROM images
    ●Grow Swarm as you grow
    ●Find ways to outsource plumbing
    ●Realize parts of your tech stack may change, stay flexible

    View Slide

  61. Give Me A Green Eval!
    ● Help me come back next year

    View Slide

  62. Thank You!


    Slides: bretfisher.com/qconsf17 

    ●90% Off My Bestselling Docker Mastery Course
    ○bretfisher.com/dockermastery
    ○Swarm Production Course Coming Soon!

    View Slide

  63. Honorable Mentions
    ●Metroid ('83 NES)
    ●Mega Man ('87 NES)
    ●Wolfenstein 3D ('92 PC)
    ●Homeworld ('99 PC)
    ●Legend Of Zelda ('86
    NES)
    ●Mortal Kombat ('92)
    ●Doom/Quake ('93 PC)
    ●Contra/Castlevania ('86 NES)
    ● Hitchhiker's GTTG ('84 TRS-80)
    ●Zenophobe ('87 Arcade)
    ●Battlezone ('80 Arcade)
    ●Joust/Dig Dug ('82 Arcade)

    View Slide