Lessons learnt trying to deploy Docker in production

Transcript

1. Deploying Docker to production Lessons learnt

2. A clever man learns from his mistakes…

3. A clever man learns from his mistakes… a wise man

   learns from other people’s
4. None

5. You take the red pill, you stay in Wonderland, and

   I show you how deep the rabbit hole goes.

6. Docker provides a beautiful API that hides the real complexity.

7. Why do we call them containers?

8. ISO standards for containers were published between 1968 and 1970.

9. Software containers try to be the standard for Applications distribution

   Applications runtime

10. Distribution: Container Images

11. Packaging applications for distribution is not a new problem.

12. ❏ Disk images .iso ❏ VMware .vdmk ❏ Vagrant .box

    ❏ Amazon Machine Images AMI Systems Packaging

13. ❏ zip/tgz ❏ Java jar/war ❏ Debian deb ❏ RedHat

    rpm Application Packaging

14. Container images combine both system and application packaging. Old best

    practices still apply.

15. Container images can be easily built using manifests.

16. Building the same manifest twice could produce different images.

17. Build once. Promote images to different environments.

18. The difference between how you think something works and how

    it actually works risks hard-to-debug production issues. Gareth Rushgrove @garethr
19. None

20. ❏ Which OS is it based on? ❏ Which packages

    are installed? ❏ What application is running inside? Giving a running container

21. ❏ Which OS is it based on? ❏ Which packages

    are installed? ❏ What application is running inside? Giving a running container

22. Operating System Which Alpine? FROM  alpine CMD  [“echo”,  “Knock”,  ”Knock”,

     “Neo”]

23. Operating System Is this better? FROM  alpine:3.4 CMD  [“echo”,  “Knock”,

     ”Knock”,  “Neo”]

24. Operating System Tags can be overwritten! 3.4 won’t be the

    same in two weeks, probably FROM  alpine:3.4 CMD  [“echo”,  “Knock”,  ”Knock”,  “Neo”]

25. Operating System Always the same version… but please kill me

    now FROM  alpine@sha256:e4c425e28a3cfe41efdfceda7ccce6… CMD  [“echo”,  “Knock”,  ”Knock”,  “Neo”]

26. ❏ Which OS is it based on? ❏ Which packages

    are installed? ❏ What application is running inside? Giving a running container

27. Packages Which pip? FROM  alpine:3.4 RUN  apk  add  -­‐-­‐update  py-­‐pip

    CMD  [“echo”,  “Knock”,  ”Knock”,  “Neo”]

28. Versions Specify the version… and let’s hope developers respect versioning

    FROM  alpine:3.4 RUN  apk  add  -­‐-­‐update  py-­‐pip=8.1.2-­‐r0 CMD  [“echo”,  “Knock”,  ”Knock”,  “Neo”]

29. ❏ Which OS is it based on? ❏ Which packages

    are installed? ❏ What application is running inside? Giving a running container

30. Application Which version of our application? FROM  alpine:3.4 RUN  apk

     add  -­‐-­‐update  py-­‐pip=8.1.2-­‐r0 COPY  app.py  /app.py CMD  [“python”,  “/app.py”]

31. Metadata Use Docker Labels for application metadata FROM  alpine:3.4 ARG

     vcs_ref="Unknown" ARG  build_date="Unknown" RUN  apk  add  -­‐-­‐update  py-­‐pip=8.1.2-­‐r0 LABEL  org.label-­‐schema.vcs-­‐ref=$vcs_ref  \ org.label-­‐schema.build-­‐date=$build_date COPY  app.py  /app.py CMD  [“python”,  “/app.py”]

32. Metadata Use Docker Labels for application metadata FROM  alpine:3.4 ARG

     vcs_ref="Unknown" ARG  build_date="Unknown" RUN  apk add  -­‐-­‐update  py-­‐pip=8.1.2-­‐r0 LABEL  org.label-­‐schema.vcs-­‐ref=$vcs_ref \ org.label-­‐schema.build-­‐date=$build_date COPY  app.py /app.py CMD  [“python”,  “/app.py”]

33. Standard for Docker labels

34. Use labels to extract info

35. Metadata Use Docker Labels for application metadata FROM  alpine:3.4 ARG

     vcs_ref="Unknown" ARG  build_date="Unknown" RUN  apk  add  -­‐-­‐update  py-­‐pip=8.1.2-­‐r0 LABEL  org.label-­‐schema.vcs-­‐ref=$vcs_ref  \ org.label-­‐schema.build-­‐date=$build_date COPY  app.py  /app.py CMD  [“python”,  “/app.py”]

36. Metadata Calculate the values for the labels $  docker  build

     \ -­‐-­‐build-­‐arg  vcs_ref=`git  rev-­‐parse  HEAD`  \ -­‐-­‐build-­‐arg  date=`date  -­‐u  +  "%Y-­‐%m-­‐%dT%H:%MZ"`  \ -­‐t  your_image_name  .

37. Open Source Docker Registries

38. Docker Hub

39. Official Docker Registry

40. Harbor (VMware)

41. Port.us (Suse)

42. Paid Docker Registries

43. Docker DataCenter

44. AWS ECR

45. JFrog Artifactory

46. Container Runtime

47. Build once. Promote images to different environments.

48. Jenkins Workflow 1. Detect merge to repository

49. Jenkins Workflow 1. Detect merge to repository 2. If tests

    pass, build image and push it to pre production registry

50. Jenkins Workflow 1. Detect merge to repository 2. If tests

    pass, build image and push it to pre production registry 3. Deploy to pre environment

51. Jenkins Workflow 1. Detect merge to repository 2. If tests

    pass, build image and push it to pre production registry 3. Deploy to pre environment 4. If tests pass, push image to pro registry

52. Jenkins Workflow 1. Detect merge to repository 2. If tests

    pass, build image and push it to pre production registry 3. Deploy to pre environment 4. If tests pass, push image to pro registry 5. Deploy to production

53. Keep In Mind ❏ Be clear on which versions of

    docker/docker-compose you allow ❏ Use Jenkins build number or timestamp as image tag ❏ Seek a Generic Build process ❏ Clean old images/containers

54. Clean old images/containers

55. Clean volumes

56. What does deploy mean?

57. Microservices architecture

58. ❏ Harder to test before production ❏ Harder to build/deploy

    different languages ❏ More and more servers needed Microservices architecture

59. Mesos Container orchestration k8s Swarm

60. None

61. ❏ Harder to test before production ❏ Harder to build/deploy

    different languages ❏ More and more servers needed Microservices architecture

62. Migrate to docker one step at a time.

63. Simplest scheduling you can get. 1 server = 1 container

64. ❏ Start adding Dockerfile to your projects ❏ Easier testing

    using project’s images ❏ Deploying and building projects gets simpler ❏ Get used to Docker (logs/signals/…) Forget about orchestration for now

65. Automate everything.

66. Ansible Automation - Wimpy

67. ❏ Builds and pushes docker image to registry ❏ Auto

    Scaling Group with CoreOS instances ❏ ELB in front of instances accessible through DNS ❏ Hooks to execute your own Ansible tasks ❏ Cloud Formation contains all the resources Deployment using Wimpy

68. $  ansible-­‐playbook deploy.yml \ –extra-­‐vars “wimpy_release_version=2.3  \ wimpy_deployment_environment=pre”

69. ❏ Services used by other internal services ❏ Services exposed

    to the internet Two types of services / deploys

70. ❏ Services used by other internal services ❏ Services exposed

    to the internet Two types of services / deploys
71. None
72. None

73. ❏ Services used by other internal services ❏ Services exposed

    to the internet Two types of services / deploys
74. None
75. None

76. Re-Use configuration

77. Wrapping Up

78. We need formal pipelines to promote images from development to

    production. Build once and promote.

79. Choose your battles. Automate everything, but focusing on the important

    parts.

80. Docker is not a toy. Your Kubernetes cluster on raspberry

    pi is not production ready.
81. None

82. @fiunchinho Schibsted Spain Jose Armesto