Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building Minimal Docker Containers

Avatar for Gavin Zhou Gavin Zhou
February 22, 2017
Technology
1.3k
0

Building Minimal Docker Containers

Avatar for Gavin Zhou

Gavin Zhou

February 22, 2017

More Decks by Gavin Zhou

See All by Gavin Zhou
Prometheus Operator
Avatar for Gavin Zhou gavinzhou
3
1.3k
Other ingress voyager
Avatar for Gavin Zhou gavinzhou
0
190
Multiple Ingress on GKE
Avatar for Gavin Zhou gavinzhou
0
1.9k
kubernetes chatops
Avatar for Gavin Zhou gavinzhou
0
620

Other Decks in Technology

See All in Technology
AGENTS.mdとSkillsで始めるAIエージェント活用
Avatar for そのだ sonoda_mj
3
210
AIの性能が向上しても未解決な組織の重大問題は何か?/An Unsolved Organizational Problem in the Age of AI
Avatar for moriyuya moriyuya
4
660
自律型AIエージェントは何を破壊するのか
Avatar for kojira kojira
0
160
"何を作るか"を任される エンジニアは、どう育つのか
Avatar for ofuji-works yutaokafuji
1
680
プロダクト開発から業務改善コンサルまで。事業全体へ「染み出す」ことで広がるエンジニアの可能性
Avatar for ham ham0215
0
120
攻撃者視点で考えるDetection Engineering
Avatar for Ruslan Sayfiev cryptopeg
3
1.8k
中期計画、2回作ってみた ~業務委託と正社員、両方の視点から~
Avatar for 株式会社出前館 demaecan
1
750
AmazonRoute 53ではじめてのドメイン取得!HTTPS化までの道のりを整理してみた
Avatar for usanchuu usanchuu
3
140
Oracle AI Database@AWS:サービス概要のご紹介
Avatar for oracle4engineer oracle4engineer
PRO
4
2.9k
日本 Fintech 未来予測レポート 2027〜2028年(オリジナル版)
Avatar for 8maki 8maki
0
2.2k
連合学習と機密コンピューティング
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
120
SONiCのLinuxベースを活かしたZabbix監視
Avatar for SONiC Users Group Japan sonic
0
150

Featured

See All Featured
Product Roadmaps are Hard
Avatar for C. Todd Lombardo iamctodd
PRO
55
12k
Speed Design
Avatar for Sergey Chernyshev sergeychernyshev
33
1.8k
Bioeconomy Workshop: Dr. Julius Ecuru, Opportunities for a Bioeconomy in West Africa
Avatar for AKADEMIYA2063 akademiya2063
PRO
1
140
Joys of Absence: A Defence of Solitary Play
Avatar for Sebastian Deterding codingconduct
1
390
Odyssey Design
Avatar for Ryan Kendrick rkendrick25
PRO
2
700
Avoiding the “Bad Training, Faster” Trap in the Age of AI
Avatar for Mike Taylor tmiket
0
170
How to Talk to Developers About Accessibility
Avatar for Jason CranfordTeague jct
2
230
New Earth Scene 8
Avatar for Sydney Stone popppiees
3
2.3k
Mozcon NYC 2025: Stop Losing SEO Traffic
Avatar for Sam Torres samtorres
1
250
How to Get Subject Matter Experts Bought In and Actively Contributing to SEO & PR Initiatives.
Avatar for Liv Day livdayseo
0
140
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
Avatar for Vitaly Friedman smashingmag
254
22k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
120k

Transcript

  1. Building Minimal Docker Containers Orangesys Inc.

  2. $Who am I Orangesys Inc. Tachibana Shuji Twitter @yepn Running

  3. Orangesys Inc. SaaS監視システム https://orangesys.io @orangesysio

  4. None
  5. None

  6. Orangesys • All in docker • Kubernetes on GKE •

    OpsDev -> NoOps Architecture & Stack

  7. Architecture: Orangesys > Kubernetes Apigateway Namespace Cloud Load Balancing Standard

    Devices HTTPS Browser Client Production Namespace Kube-system Namespace Tiller Replication Controller Grafana Container Engine Replication Controller Influxdb Container Engine Replication Controller Corporate Site App Engine Autoscaling Orangesys Firebase Autoscaling Monitoring Namespace Prometheus RC Influxdb RC Grafana RC Opsbot Namespace Kubebot RC K8s-event RC Stripe Server Api Container Engine Replication Controller PostgresSQL Container Engine Replication Controller MariaDb Container Engine Replication Controller Nginx Container Engine Replication Controller Traefik Container Engine Replication Controller Server Telegraf Ingress Container Engine Replication Controller Kong ApiGateway Container Engine Replication Controller Kubenetes API Replication Controller SSL Cert Bot Replication Controller Orange Api Container Engine Replication Controller

  8. Technology Stack

  9. Agenda • Docker images size • Docker images security

  10. None

  11. Coreos clair Security data Sources

  12. Layers

  13. Topic Alpineでdocker image Goalngなら、scratchベースでdocker imageを作る Layersを減らすと、build時間が短縮

  14. Alpine base image base size 2MBのAlpineでdocker imageを作る、 ただし LIBCがMUSL LIBCとなりましたが、OS周りの依頼関係

    ex) Not resolving using search domain <service-name>.<namespace-name>.svc.cluster.local https://github.com/gliderlabs/docker-alpine/issues/8

  15. Scratch base image Goalngなら、scratchベースでdocker imageを作る ただし コンテナから外部へhttps通信時、ca証明書の実装が必要となります。 FROM scratch ADD

    ca-certificates.crt /etc/ssl/certs/ ADD main / CMD ["/main"]

  16. Layers Layersを減らすと、build時間が短縮 ただし、LIBCを使う場合は、既存のdocker imagesを利用した方が良いかも

  17. 参考 https://github.com/orangesys https://stackshare.io/orangesys-inc https://hub.docker.com/u/orangesys/dashboard/