Container Orchestration Deluge

Transcript

1. © 2015 Mesosphere, Inc. All Rights Reserved. CONTAINER ORCHESTRATION DELUGE

   1 Michael Hausenblas | ContainerSched London | 2015-11-20

2. © 2015 Mesosphere, Inc. All Rights Reserved. 2

3. © 2015 Mesosphere, Inc. All Rights Reserved. 3 Let's dispel

   some container-related myths …

4. © 2015 Mesosphere, Inc. All Rights Reserved. A CONTAINER IS

   LIKE A VM, RIGHT? 4

5. © 2015 Mesosphere, Inc. All Rights Reserved. CONTAINER ==VM? 5

   Source: Google

6. © 2015 Mesosphere, Inc. All Rights Reserved. CONTAINER ==VM? 6

   No! • container • dependency management for apps • also: think appops rather than devops • lightweight: startup time, avg. runtime, footprint • pets vs cattle (vs flock of birds)

7. © 2015 Mesosphere, Inc. All Rights Reserved. CONTAINER ==VM? 7

   Pets are individuals (servers) that you give names and manually deploy apps on When they get sick, you nurse them back to health. Cattle are anonymous, identical to other cattle you assign numbers and when they get sick you ditch them. http://www.theregister.co.uk/2013/03/18/servers_pets_or_cattle_cern/

8. © 2015 Mesosphere, Inc. All Rights Reserved. CONTAINER ==VM? 8

   https://medium.com/@mhausenblas/pets-vs-cattle-vs-flock-of-birds-12f1da3abfc3 Flock of birds. Per-task computing: unit of compute is a function + dynamically allocated resources. • AWS Lambda • webtask.io • StackHut

9. © 2015 Mesosphere, Inc. All Rights Reserved. CONTAINER ORCHESTRATION, THAT'S

   FOR MICROSERVICES, OR? 9

10. © 2015 Mesosphere, Inc. All Rights Reserved. CONTAINER ORCHESTRATION, THAT'S

    FOR MICROSERVICES, OR? 10

11. © 2015 Mesosphere, Inc. All Rights Reserved. 11 • Orthogonal

    issues … • … however, many (successful) microservices architectures I've seen are containerized • Worry first about the basics: • Are you using Git? • Have you got your CI/CD pipeline set up? • How do you deploy your (container) images? CONTAINER ORCHESTRATION, THAT'S FOR MICROSERVICES, OR?

12. © 2015 Mesosphere, Inc. All Rights Reserved. BUT CONTAINERS ARE

    NOT SECURE! 12

13. © 2015 Mesosphere, Inc. All Rights Reserved. ARE CONTAINERS SECURE?

    13

14. © 2015 Mesosphere, Inc. All Rights Reserved. ARE CONTAINERS SECURE?

    14 • containers share same kernel (!) • namespaces (user NS: UID 0 recently introduced) • lock down networking (ICC, for example) • apply common sense when handling credentials

15. © 2015 Mesosphere, Inc. All Rights Reserved. ARE CONTAINERS SECURE?

    15 Please, don't bake credentials into images … rather do: $ docker run -d -e API_TOKEN=SECRET somedatabase $ docker run -d -v $(pwd):/fsecret:/fsecret:ro somedatabase → even better: use a key-value in-memory store such as Square's KeyWhiz, HashiCorp's Vault, or Crypt or native solutions such as Kubernetes Secrets for credentials.

16. © 2015 Mesosphere, Inc. All Rights Reserved. 16 Back to

    the topic …

17. © 2015 Mesosphere, Inc. All Rights Reserved. SHOULD I REALLY

    BE USING A CONTAINER ORCHESTRATION TOOL? 17

18. © 2015 Mesosphere, Inc. All Rights Reserved. 18

19. © 2015 Mesosphere, Inc. All Rights Reserved. 19

20. © 2015 Mesosphere, Inc. All Rights Reserved. 20

21. © 2015 Mesosphere, Inc. All Rights Reserved. DON'T TRUST MY

    WORDS … 21

22. © 2015 Mesosphere, Inc. All Rights Reserved. SHOULD I REALLY

    BE USING A CONTAINER ORCHESTRATION TOOL? 22 Yes! • No getting up at 3am to replace a HDD or deploy an app onto a new server • Benefit from the experience of Google (Kubernetes) and Twitter (Mesos) who invested BS&T

23. © 2015 Mesosphere, Inc. All Rights Reserved. BUT I ALREADY

    USE CHEF, PUPPET, ANSIBLE, OR SALTSTACK—DO I REALLY NEED A CONTAINER ORCHESTRATION SYSTEM? 23

24. © 2015 Mesosphere, Inc. All Rights Reserved. BUT I ALREADY

    USE CHEF, PUPPET, ANSIBLE, OR SALTSTACK—DO I REALLY NEED A CONTAINER ORCHESTRATION SYSTEM? 24

25. © 2015 Mesosphere, Inc. All Rights Reserved. BUT I ALREADY

    USE CHEF, PUPPET, ANSIBLE, OR SALTSTACK—DO I REALLY NEED A CONTAINER ORCHESTRATION SYSTEM? 25 Horses for courses! • Base provisioning: CM tool of your choice • Container orchestration: Apache Mesos, Kubernetes, Nomad, Firmament, (Docker Swarm)

26. © 2015 Mesosphere, Inc. All Rights Reserved. OK, SMARTY- PANTS,

    WHICH ONE SHOULD I USE? 26

27. © 2015 Mesosphere, Inc. All Rights Reserved. OK, SMARTY- PANTS,

    WHICH ONE SHOULD I USE? 27

28. © 2015 Mesosphere, Inc. All Rights Reserved. 28 I don't

    really mind, just DON'T WRITE IT YOURSELF. Pretty please. With sugar on top of it.

29. © 2015 Mesosphere, Inc. All Rights Reserved. 29 OK, SMARTY-

    PANTS, WHICH ONE SHOULD I USE?

30. © 2015 Mesosphere, Inc. All Rights Reserved. 30 OK, SMARTY-

    PANTS, WHICH ONE SHOULD I USE?

31. © 2015 Mesosphere, Inc. All Rights Reserved. 31 Summing up:

    
 use one of: Nomad, Kubernetes, Mesos >>
 write your own >>
 manually managing containers

32. © 2015 Mesosphere, Inc. All Rights Reserved. LEARNING BY DOING

    AND SOME USEFUL RESOURCES … 32

33. © 2015 Mesosphere, Inc. All Rights Reserved. LEARNING BY DOING

    AND SOME USEFUL RESOURCES … 33

34. © 2015 Mesosphere, Inc. All Rights Reserved. 34 • Mostly

    challenges are of social nature • Developer agility vs admin-to-server ratio • Convince your colleagues and boss with:
 The Phoenix Project LEARNING BY DOING AND SOME USEFUL RESOURCES …

35. © 2015 Mesosphere, Inc. All Rights Reserved. 35 LEARNING BY

    DOING AND SOME USEFUL RESOURCES … http://shop.oreilly.com/product/9781939902184.do 35 http://shop.oreilly.com/product/0636920035671.do

36. © 2015 Mesosphere, Inc. All Rights Reserved. 36 LEARNING BY

    DOING AND SOME USEFUL RESOURCES … http://shop.oreilly.com/product/0636920039952.do https://manning.com/books/mesos-in-action 36

37. © 2015 Mesosphere, Inc. All Rights Reserved. 37 LEARNING BY

    DOING AND SOME USEFUL RESOURCES … 37 http://shop.oreilly.com/product/0636920043874.do http://www.oreilly.com/webops-perf/free/kubernetes.csp http://mhausenblas.info/dnsd/toc.pdf

38. © 2015 Mesosphere, Inc. All Rights Reserved. 38 LEARNING BY

    DOING AND SOME USEFUL RESOURCES … http://p24e.io 38 http://k8s.info

39. © 2015 Mesosphere, Inc. All Rights Reserved. AND NOW IT'S

    YOUR TURN … 39