Two years of Docker at realestate.com.au

Transcript

1. Two years of Docker at realestate.com.au Mike Williams Melbourne Docker

   meetup 16 Feb 2016

2. FEB 1988

3. FEB 1998 (ish)

4. MAR 2013

5. OCT 2013 REA Group creates internal Docker registry and begins

   to experiment …

6. MAY 2014 Docker invades the build agents

7. Docker build agents

8. compose-powered builds test: docker-compose run --rm dev bundle install docker-compose

   run --rm dev bundle exec rake dev: image: docker-registry.somewhere-at.rea/ubuntu-ruby2.2:v42 links: - db:db volumes: - .:/app - ruby2.2-gem-cache:/var/cache/gems/2.2.0 working_dir: /app db: image: docker-registry.somewhere-at.rea/mysql:5.6.29 Makefile docker-compose.yml

9. Publishing images REPOSITORY = docker-registry.somewhere-at.rea/myteam/myapp VERSION := 1.0.$(shell date +'%s')

   default: image image: docker build -t $(REPOSITORY) . no_local_changes: git diff HEAD --exit-code release: no_local_changes image docker tag $(REPOSITORY):latest $(REPOSITORY):$(VERSION) docker push $(REPOSITORY):latest docker push $(REPOSITORY):$(VERSION) git tag $(VERSION) git push origin --tags Makefile

10. Meanwhile … “harpoon” it’s like … docker run + docker

    build + make with YAML, and Python an opinionated Docker client

11. lessons learned Build/test automation is a great place to start

    with Docker. Keep use-of-Docker for builds completely separate from use-of-Docker for packaging.

12. SEP 2014 Work begins on Docker-powered deployment tool, “rea-shipper”

13. None

14. John Fielder from SalesforceIQ in “Running Docker in Production Successfully”

    at DockerCon EU 2015 “Don’t go straight to a PaaS if you’re just starting out.”

15. TMI: team-managed infrastructure AWS account AWS account AWS account AWS

    account AWS account YOU ARE HERE

16. Shipper a simple launch vehicle for 12-factor Docker images “just

    enough half-assed PaaS on demand” <app/> configuration logs requests provides the perfect abstraction

17. Shipper a small change from what we were doing before

    ASG ELB

18. <app/> $CONFIG nginx log collector requests Splunk New Relic generic

    AMI supporting services your application docker-registry

19. Shipper, it’s … generic Docker host AMI + some support

    images + curated CloudFormation template (template) + command-line interface … packaged as a Ruby gem (and a Docker image)

20. Let me tell you a secret (We made secrets a

    container concern.) $KMS_ENCRYPTED_SECRET $SECRET shush application KMS

21. JAN 2016 REA Group hits 70 systems deployed using Shipper

22. Any web application any web-app framework any programming language any

    Linux variant Splunk support captures stdout/stderr no app support required New Relic support application monitoring system monitoring deployment notification CloudWatch support alerts you when service is down via email or web-hook Auto-scaling multiple servers load-balancing support for scaling schedules Zero-downtime deployments safe upgrades safe config changes

23. Big wins Versioned “best practice”. Assuming nothing means it works

    in any REA account. Zero-downtime, auto-rollback. (In theory) packaged apps will port easily to clusters.

24. lessons learned Docker is a great abstraction for processes. Single-Responsibility

    Principle applies. You don’t need a PaaS to be 12-factor.

25. But wait … It’s 2016 already - where’s my damn

    hoverboard PaaS?! Deployment could be faster. Utilisation could be higher. What about batch jobs?

26. Next steps More internal training. Introduce CaaS/PaaS infrastructure to support

    batch processing. Extend to support web-things and other long-lived workloads.

27. JAN 2016 Teams experimenting with ECS and ECR Might this

    be our CaaS? Cache images in the target account? What goes on top? Replace our existing internal registry?

28. THE FUTURE IS UNCERTAIN Swarm ECS Nomad Kubernetes CAAS PAAS

    Deis Convox

29. NOV 2015 REA Group’s new internal v2 registry goes live

    authenticated, and available from anywhere* registry:2 nginx S3 bucket authentication was the hard bit

30. DEC 2015 REA Group runs first internal Docker training 1/57

31. Our Docker open source - an opinionated Docker client -

    internal training material - “bundle update” for Docker - it’s a secret

32. /me waves [email protected] @woollyams github.com/mdub