$30 off During Our Annual Pro Sale. View Details »

Docker ohne Kubernetes

Docker ohne Kubernetes

Wie kommt man von einer herkömmlichen PHP-Plattform zu einer Lösung mit Containern, wenn man den notwendigen Aufwand für Kubernetes nicht leisten kann?

Frank Kleine

October 13, 2018
Tweet

More Decks by Frank Kleine

Other Decks in Technology

Transcript

  1. Docker ohne Kubernetes Frank Kleine @bovigo Unkonf 13.10.2018

  2. Docker@B::IT, 2 years later Frank Kleine @bovigo Unkonf 13.10.2018

  3. WHAT IS B::IT, ACTUALLY?

  4. B::IT 25 people Identity Management (EIAM, LDAP, etc.) Intranet (InsideNET,

    ONE) Tools for Collaboration (Wiki, Dev-Jira, Bitbucket)
  5. A LITTLE B::IT OF HISTORY

  6. Q4/2015 Department targets for 2016 NoSQL Docker

  7. Q1/2016 …

  8. Q2/2016 bit_docker Puppet Environment Toying around in sandbox.lan

  9. JUNE 21 2016 Yesterday I thought again over the hlt/xenon

    topic and aggregation on a VM. Couldn’t this be a use case for Docker? Jens (Head of IT Operations Data Services)
  10. JUNE 2016 Toying around, but more seriously: base images Docker

    registry in sandbox.lan
  11. JULY 2016 B::IT Docker Day I B::IT Docker Registry in

    Infrastructure
  12. JULY 18 2016

  13. OCTOBER 2016

  14. OCTOBER 2016 Kernel panics & incompatibilities between
 Kernel & file

    systems. https://inside.1and1.org/one/#walls/1112/posts/40582
  15. NOVEMBER 2016 Stable. But we need to know more. Orchestration!

  16. A YEAR OF CONTEMPLATION

  17. 2017/18 Kubernetes? Swarm?

  18. DOCKER SWARM No one ever used this in production. Otherwise

    the lack of working features can’t be explained.
  19. KUBERNETES Way too few people in B::IT Expected training curve

    too steep
  20. LEARNING CURVE People lost contact with developments So we decided

    to switch gears
  21. STRATEGY Switch to containers - learn the basics Evolution, not

    revolution
  22. None
  23. COMPUTESQUAD Group of people interested in further development of B::IT

    compute platform
  24. MICROSERVICES(BEFORE MICROSERVICES)

  25. INSIDENET ~55 single services Mostly PHP Joined via inside.1and1.org domain

    (proxy)
  26. APACHE/PHP bitservicebs01…n bitproxy-cluster-bs bitservicebap01…n bitproxy-cluster-bap https://inside.1and1.org/service/ /files/of/service http://0.0.0.0:80/ /files/of/service http://0.0.0.0:80/

  27. PROBLEMS Cluster provides one PHP version only Can’t migrate everything

    at once
  28. EVOLUTION

  29. DOCKER bitproxy-cluster-bs bitproxy-cluster-bap https://inside.1and1.org/service/ bitdockerbs01…n bitdockerbap01…n http://service/ http://0.0.0.0:80/ http://service/ http://0.0.0.0:80/

  30. APACHE AS LOADBALANCING PROXY

  31. PROXY <Proxy "balancer://navigation-proxy"> ProxySet failonstatus=418 BalancerMember http://bitservicesdockerqabsa01.mw.server.lan:80 retry=10 timeout=2 BalancerMember

    http://bitservicesdockerqabsa02.mw.server.lan:80 retry=10 timeout=2 </Proxy> ProxyPass /navigation/ "balancer://navigation-proxy/navigation/"
  32. PROXY One Proxy-Set for each application Failure code != application

    failure code
  33. BYREQUESTS => Mon Jun 18 14:24:58 CEST 2018 HTTP/1.1 200

    OK Host: bitdocker01:8123 => Mon Jun 18 14:24:59 CEST 2018 HTTP/1.1 200 OK Host: bitdocker02:8123 => Mon Jun 18 14:25:00 CEST 2018 HTTP/1.1 200 OK Host: bitdocker01:8123 => Mon Jun 18 14:25:01 CEST 2018 HTTP/1.1 200 OK Host: bitdocker02:8123
  34. DOWN: 01 => Mon Jun 18 14:25:51 CEST 2018 HTTP/1.1

    200 OK Host: bitdocker01:8123 => Mon Jun 18 14:25:52 CEST 2018 HTTP/1.1 200 OK Host: bitdocker02:8123 => Mon Jun 18 14:25:55 CEST 2018 HTTP/1.1 200 OK Host: bitdocker02:8123
  35. UP: 01 => Mon Jun 18 14:25:55 CEST 2018 HTTP/1.1

    200 OK Host: bitdocker02:8123 => Mon Jun 18 14:25:56 CEST 2018 HTTP/1.1 200 OK Host: bitdocker02:8123 => Mon Jun 18 14:25:57 CEST 2018 HTTP/1.1 200 OK Host: bitdocker02:8123 => Mon Jun 18 14:26:05 CEST 2018 HTTP/1.1 200 OK Host: bitdocker01:8123 => Mon Jun 18 14:26:06 CEST 2018 HTTP/1.1 200 OK Host: bitdocker02:8123
  36. DOWN: BOTH => Mon Jun 18 14:26:09 CEST 2018 HTTP/1.1

    200 OK Host: bitdocker01:8123 => Mon Jun 18 14:26:10 CEST 2018 HTTP/1.1 200 OK Host: bitdocker02:8123 => Mon Jun 18 14:26:11 CEST 2018 HTTP/1.1 503 Service Unavailable => Mon Jun 18 14:26:14 CEST 2018 HTTP/1.1 503 Service Unavailable => Mon Jun 18 14:26:17 CEST 2018 HTTP/1.1 503 Service Unavailable => Mon Jun 18 14:26:18 CEST 2018 HTTP/1.1 200 OK Host: bitdocker01:8123
  37. KEEPING A SINGLE HOST TOGETHER

  38. TRÆFIK Instance on each Docker host Listens to Docker backend

    Routes managed via labels on containers
  39. TEAPOT Registered in Træfik for path / Always responds 418

    I’m a Teapot
  40. APPLICATION: DOCKER-COMPOSE

  41. CONTAINER version: "2.0" services: web: image: "bit-registry.1and1.org/bbc/frontend:latest" restart: unless-stopped network_mode:

    bridge command: [ "-streamLocation", "http://idevplaindockerqsa01.mw.server.lan:8081/hls/", "-streamHost", "idevplaindockerqsa01.mw.server.lan", "-goshHost", "idevplaindockerqsa01.mw.server.lan", "-basepath", "/streams/", "-db", "/secrets/database", "-csrfAuthKey", "/secrets/csrfAuthKey", "-loginURL", "https://stage.inside.1and1.org/signin", "-validateURL", "https://stage.inside.1and1.org/signin/serviceValidate" ] volumes: - /opt/ui/data/bit-docker/credentials/bbc/database:/secrets/database - /opt/ui/data/bit-docker/credentials/bbc/csrfAuthKey:/secrets/csrfAuthKey labels: - "traefik.backend=bbc_frontend" - "traefik.frontend.rule=PathPrefixStrip:/streams" - "traefik.port=8443" - "traefik.enable=true"
  42. DEPLOYMENT

  43. DEPLOYMENT tar cf - docker-compose.yml | ssh bitservicedocker deploy group/app

  44. DELIVERY Takes care of creating the tar file SSHs to

    all hosts in parallel*
  45. DELIVERYFILE version: 1.0 application: bit-docker/teapot deployment: parallel environments: qa: cluster:

    - https://bitbucket.1and1.org/projects/BIT/repos/bit_cluster/raw/bitservicesqa.yml files: - docker-compose-qa.yml prod: cluster: - https://bitbucket.1and1.org/projects/BIT/repos/bit_cluster/raw/bitservicesprod.yml files: - docker-compose.yml
  46. ROLLOUT On each single server Accepts the tar file, unpacks

    it Classic blue/green deployment Starts & stops instances w/ docker-compose Zero downtime with deployment mode “parallel”
  47. FINAL THOUGHTS

  48. PITFALLS Clean up old images on single hosts! Ensure log-opts:

    max-size is set when using json-file log-driver
  49. NEXT Find a good solution for rollbacks Don’t deploy secrets

    manually
  50. AND THEN? Is this forever? Probably not.

  51. NEXT Looking into iCaas Play around with etcd

  52. THANKS! Frank Kleine @bovigo Unkonf 13.10.2018