Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Minimal Docker Containers

Gavin Zhou
February 22, 2017
Technology
0
1.1k

Building Minimal Docker Containers

Gavin Zhou

February 22, 2017
Tweet

More Decks by Gavin Zhou

See All by Gavin Zhou
Prometheus Operator
gavinzhou
3
1.2k
Other ingress voyager
gavinzhou
0
160
Multiple Ingress on GKE
gavinzhou
0
1.8k
kubernetes chatops
gavinzhou
0
540

Other Decks in Technology

See All in Technology
New Relicを活用したSREの最初のステップ / NRUG OKINAWA VOL.3
isaoshimizu
2
620
エンジニア人生の拡張性を高める 「探索型キャリア設計」の提案
tenshoku_draft
1
130
プロダクト活用度で見えた真実 ホリゾンタルSaaSでの顧客解像度の高め方
tadaken3
0
140
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
180
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
組織成長を加速させるオンボーディングの取り組み
sudoakiy
2
180
オープンソースAIとは何か? --「オープンソースAIの定義 v1.0」詳細解説
shujisado
9
1.1k
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
390
Flutterによる 効率的なAndroid・iOS・Webアプリケーション開発の事例
recruitengineers
PRO
0
110
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
250
Can We Measure Developer Productivity?
ewolff
1
150
生成AIが変えるデータ分析の全体像
ishikawa_satoru
0
160

Featured

See All Featured
Optimising Largest Contentful Paint
csswizardry
33
2.9k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
840
Rails Girls Zürich Keynote
gr2m
94
13k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
44
2.2k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
27
4.3k
Scaling GitHub
holman
458
140k
Automating Front-end Workflow
addyosmani
1366
200k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
The World Runs on Bad Software
bkeepers
PRO
65
11k

Transcript

  1. Building Minimal Docker Containers Orangesys Inc.

  2. $Who am I Orangesys Inc. Tachibana Shuji Twitter @yepn Running

  3. Orangesys Inc. SaaS監視システム https://orangesys.io @orangesysio

  4. None
  5. None

  6. Orangesys • All in docker • Kubernetes on GKE •

    OpsDev -> NoOps Architecture & Stack

  7. Architecture: Orangesys > Kubernetes Apigateway Namespace Cloud Load Balancing Standard

    Devices HTTPS Browser Client Production Namespace Kube-system Namespace Tiller Replication Controller Grafana Container Engine Replication Controller Influxdb Container Engine Replication Controller Corporate Site App Engine Autoscaling Orangesys Firebase Autoscaling Monitoring Namespace Prometheus RC Influxdb RC Grafana RC Opsbot Namespace Kubebot RC K8s-event RC Stripe Server Api Container Engine Replication Controller PostgresSQL Container Engine Replication Controller MariaDb Container Engine Replication Controller Nginx Container Engine Replication Controller Traefik Container Engine Replication Controller Server Telegraf Ingress Container Engine Replication Controller Kong ApiGateway Container Engine Replication Controller Kubenetes API Replication Controller SSL Cert Bot Replication Controller Orange Api Container Engine Replication Controller

  8. Technology Stack

  9. Agenda • Docker images size • Docker images security

  10. None

  11. Coreos clair Security data Sources

  12. Layers

  13. Topic Alpineでdocker image Goalngなら、scratchベースでdocker imageを作る Layersを減らすと、build時間が短縮

  14. Alpine base image base size 2MBのAlpineでdocker imageを作る、 ただし LIBCがMUSL LIBCとなりましたが、OS周りの依頼関係

    ex) Not resolving using search domain <service-name>.<namespace-name>.svc.cluster.local https://github.com/gliderlabs/docker-alpine/issues/8

  15. Scratch base image Goalngなら、scratchベースでdocker imageを作る ただし コンテナから外部へhttps通信時、ca証明書の実装が必要となります。 FROM scratch ADD

    ca-certificates.crt /etc/ssl/certs/ ADD main / CMD ["/main"]

  16. Layers Layersを減らすと、build時間が短縮 ただし、LIBCを使う場合は、既存のdocker imagesを利用した方が良いかも

  17. 参考 https://github.com/orangesys https://stackshare.io/orangesys-inc https://hub.docker.com/u/orangesys/dashboard/