Using Docker in production: Get started today!

Transcript

1. Using in production Get started today! By Clarence Bakirtzidis DevOps

   Chapter Lead @ Elabor8

2. Agenda • Motivations for containers • Quick recap of Docker

   • Docker: The past • Docker: The present • Operational concerns for adopting Docker in production • Live Demo: Docker laptop to the cloud • Docker platform choices • Q&A

3. Motivations for containers • Applications used to be: • Nearly

   always monolithic • Tightly coupled • Slow to change • Based on a single tech stack • Today applications are: • Decoupled • Continuously changing • Provisioned and scaled dynamically • Cloud native • Polyglot

4. Motivations for containers • Challenges with modern architectures • Supporting

   multiple tech stacks • Onboarding teams/individuals • Operational support • Lots of moving parts - complex infrastructure • Virtual Machines – not application centric, not portable, large and slow • Dynamic scheduling and scaling • Immutable infrastructure and Phoenix deployments • Designing CI/CD pipelines • Cloud infrastructure has made things a lot easier

5. Motivations for containers • Enter containers… • Lightweight virtualization in

   user- space • Share underlying OS kernel • Do not require a hypervisor • Resource isolation and constraints • Efficient use of resources on host • Not a new concept (see infographic) • Were not really designed for application developer ease of use • Docker changed this in 2013… Source: Pivotal Software, Inc. ("Moments in Container History") (https://content.pivotal.io/infographics/moments-in-container-history)

6. Quick recap of Docker • Docker is a … •

   … company (Docker, Inc.) • … project (now Moby Project) • … product/platform (Docker CE, Docker EE, etc.) • … ecosystem (community, support, plugins, Docker Store) • Founded in 2009 (formerly called dotCloud, Inc.) • “Docker” was released as an open source project in 2013 • Initially, a single monolithic binary, now made up of many components (runc, containerd, engine, client, etc.)

7. Quick recap of Docker • What was missing from widespread

   container adoption? • Containers were not easy to use for developers and operations • Focus was not on simplicity and user experience • Containers did not have a standard runtime or image format – no portability (see Open Container Initiative) • Standard tooling was missing (dev, ops, orchestration, registry, etc.) • No emphasis on re-use of components (Images, Layers, Docker Hub, Store) • No standard remote APIs • Docker addressed many of these issues • Docker reinforced the ideas behind microservices and 12 factor applications • Docker supported a laptop to production development lifecycle

8. Quick recap of Docker • Docker tools • Docker Engine

   (CE/EE) – assembled from upstream Moby components • Docker CLI • Docker Compose • Docker Machine • Docker Swarm (replaced by Swarm mode, now native to Docker Engine) • Docker Registry • Docker Cloud • Docker Enterprise Edition (EE) • Docker Trusted Registry (Image Signing, Scanning, RBAC) • Docker Universal Control Plane (UI to manage swarms, SSO, RBAC) • Certified components and support

9. Docker: The past • Single host • Initially, no official

   multi-host support • Use `docker run`, links, docker0 bridge, docker-compose, etc. • Multi host • Workarounds: ambassador pattern, services exposed on host port, legacy Swarm • Later, Docker Networks released with overlay networking (v1.8) and Network plugin support • No Windows support • No official Docker support on Windows • No native Windows containers with Docker • No Volume management • Workarounds: host directory mounting, Data-only containers • Later, Volume plugin support added with 3pp support for multi-host volume management • New `docker volume` commands added

10. Docker: The past • No Config and Secrets management •

    Reliance upon environment variables, host file binding, Config-only containers or external K-V stores • No secrets management – rely on external tools • No Automated Orchestration and Scheduling • No Desired State Reconciliation • No Service Discovery • No Healthchecking • No Load-Balancing • Limited Security Features • Underlying host security, e.g. SELINUX • Set Linux Kernel Capabilities on containers (division of root user actions)

11. Docker: The past (Docker networks)

12. Docker: The past (Service Registry and Service Discovery with Consul

    and Registrator)

13. Docker: The past (Docker Swarm - one API endpoint for

    multiple Docker hosts)

14. Docker: The past (Docker Swarm - Manager scheduling via constraints

    and default algorithm)

15. Docker: The past (Docker Swarm and Consul + Registrator)

16. Docker: The past (Adding Dynamic Load-Balancer Configuration) nginx.conf External load

    balancer re-write reload

17. Docker: The present • Rise of open source Container Scheduling

    and Orchestration Platforms • Cloud native support • Better integrated security • Native healthchecks • Swarm mode • Service concept – scaling, rolling updates, health checking, cluster-wide logs • Desired state reconciliation • Dynamic scheduling and orchestration • Stacks - deploy Compose V3 directly to Swarm mode

18. Docker: The present (Swarm Mode) Source: https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/

19. Docker: The present (Swarm ingress load-balancing) Source: https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/

20. Docker: The present (Docker EE for AWS) Source: https://github.com/aws-quickstart/quickstart-docker

21. Operational concerns for adopting Docker in production • Platforms •

    Choice of container scheduling and orchestration platforms • Build vs. Buy, Hosted vs. DIY, Cloud vs. On-prem • Linux vs. Windows, Multi-architecture (Linux + Windows) • Base images • Official, Custom, Minimal (e.g. alpine, scratch) • Registry • Self-hosted, Hosted 3pp, Docker Trusted Registry • Logging • SaaS (e.g. SumoLogic), Cloud native – e.g. CloudWatch Logs, DIY – ELK, Splunk, etc. • Monitoring • SaaS (e.g. DataDog), Cloud native – e.g. CloudWatch Metrics/Alarms, DIY – Prometheus, Graphite, etc.

22. Operational concerns for adopting Docker in production • Security •

    Secrets management, Image scanning and Signing, TLS • Storage Management and Migration • Volume drivers, Storage options • High-Availability • Scaling, Multi-instance, multi-region, Load-balancing, etc. • Multi-host Networking and Service Discovery • Deployment patterns • CI/CD pipelines, Docker Compose to Stack, Kubernetes Deployments, Single container per VM, etc.

23. Live Demo • We'll take an application from laptop to

    the cloud… • …using Docker CE for AWS

24. Docker platform choices • Docker CE/EE • Docker Cloud (Standard

    mode, Swarm mode) • Docker for Mac / Windows • Docker for AWS / Azure / GCP • Kubernetes - Vanilla upstream (kops, kubeadm) or Canonical Distribution of Kubernetes (conjure-up) • DC/OS (Mesos + Marathon) • HashiCorp Nomad (with Docker plugin) • IBM BlueMix Container Service (Kubernetes) • Google Container Engine (Kubernetes) • AWS EC2 Container Service (ECS) • AWS Elastic Beanstalk (Single container – EC2, Multi-container – ECS) • Azure Container Service (DC/OS, Swarm, Kubernetes) • Rancher (Cattle, Swarm, Kubernetes) • Heroku (Docker container support) • And more…

25. Q&A

26. The End Contact details Email - [email protected] Twitter - @clarenceb_oz