Tweet
Tweet

Slide 1

Slide 1 text

© 2015 Mesosphere, Inc. All Rights Reserved. WHAT YOU ALWAYS WANTED TO KNOW ABOUT CONTAINER ORCHESTRATION AND NEVER DARED TO ASK 1 Michael Hausenblas | All Things Open | Raleigh, NC | 2015-10-20

Slide 2

Slide 2 text

© 2015 Mesosphere, Inc. All Rights Reserved. CONTAINERS ARE LIKE VMS, RIGHT? 2

Slide 3

Slide 3 text

© 2015 Mesosphere, Inc. All Rights Reserved. CONTAINERS ARE LIKE VMS, RIGHT? 3

Slide 4

Slide 4 text

© 2015 Mesosphere, Inc. All Rights Reserved. CONTAINERS ARE LIKE VMS, RIGHT? 4 No! • dependency management for apps • lightweight: startup time, avg. runtime, footprint • pets vs cattle

Slide 5

Slide 5 text

© 2015 Mesosphere, Inc. All Rights Reserved. CONTAINERS ARE LIKE VMS, RIGHT? 5 Pets are individuals that you give names and when they get ill you nurse them back to health. Cattle are anonymous, identical to other cattle you assign numbers and when they get ill → next one. http://www.theregister.co.uk/2013/03/18/servers_pets_or_cattle_cern/

Slide 6

Slide 6 text

© 2015 Mesosphere, Inc. All Rights Reserved. ARE CONTAINERS SECURE? 6

Slide 7

Slide 7 text

© 2015 Mesosphere, Inc. All Rights Reserved. ARE CONTAINERS SECURE? 7

Slide 8

Slide 8 text

© 2015 Mesosphere, Inc. All Rights Reserved. ARE CONTAINERS SECURE? 8 • containers share same kernel (!) • namespaces ('user' almost there) • lock down networking (e.g. Docker's --icc=false)

Slide 9

Slide 9 text

© 2015 Mesosphere, Inc. All Rights Reserved. ARE CONTAINERS SECURE? 9 Don't bake credentials into Docker images! Rather do … $ docker run -d -e API_TOKEN=SECRET somedatabase $ docker run -d -v $(pwd):/fsecret:/fsecret:ro somedatabase Ideally, use a key-value (in-memory) store such as
 Square's KeyWhiz, HashiCorp's Vault, or Crypt

Slide 10

Slide 10 text

© 2015 Mesosphere, Inc. All Rights Reserved. SHOULD I REALLY BE USING A CONTAINER ORCHESTRATION TOOL? 10

Slide 11

Slide 11 text

© 2015 Mesosphere, Inc. All Rights Reserved. SHOULD I REALLY BE USING A CONTAINER ORCHESTRATION TOOL? 11

Slide 12

Slide 12 text

© 2015 Mesosphere, Inc. All Rights Reserved. SHOULD I REALLY BE USING A CONTAINER ORCHESTRATION TOOL? 12 Yes! • No getting up at 3am to replace a HDD or deploy an app onto a new server • Elasticity (traffic, business needs, etc.)

Slide 13

Slide 13 text

© 2015 Mesosphere, Inc. All Rights Reserved. HOW DO I LAUNCH 100,000 CONTAINERS? 13

Slide 14

Slide 14 text

© 2015 Mesosphere, Inc. All Rights Reserved. HOW DO I LAUNCH 100,000 CONTAINERS? 14

Slide 15

Slide 15 text

© 2015 Mesosphere, Inc. All Rights Reserved. HOW DO I LAUNCH 100,000 CONTAINERS? 15 • Are you Google? Facebook? Twitter? • Small is beautiful and containers at scale is hard • But, what should I use? • For a handful of nodes:
 Nomad, Kubernetes, Docker Swarm, Apache Mesos • For ~100 nodes:
 Kubernetes, Apache Mesos • For 100s to 1000s nodes:
 Apache Mesos

Slide 16

Slide 16 text

© 2015 Mesosphere, Inc. All Rights Reserved. I ALREADY USE CHEF, PUPPET, ANSIBLE, SALTSTACK, ETC.—DO I REALLY NEED A CONTAINER ORCHESTRATION SYSTEM? 16

Slide 17

Slide 17 text

© 2015 Mesosphere, Inc. All Rights Reserved. I ALREADY USE CHEF, PUPPET, ANSIBLE, SALTSTACK, ETC.—DO I REALLY NEED A CONTAINER ORCHESTRATION SYSTEM? 17

Slide 18

Slide 18 text

© 2015 Mesosphere, Inc. All Rights Reserved. I ALREADY USE CHEF, PUPPET, ANSIBLE, SALTSTACK, ETC.—DO I REALLY NEED A CONTAINER ORCHESTRATION SYSTEM? 18 • It's really horses for courses • Base provisioning: CM tool of your choice • Container orchestration: Apache Mesos, Kubernetes, Nomad, Docker Swarm

Slide 19

Slide 19 text

© 2015 Mesosphere, Inc. All Rights Reserved. CONTAINER ORCHESTRATION, THAT'S FOR MICROSERVICES, OR? 19

Slide 20

Slide 20 text

© 2015 Mesosphere, Inc. All Rights Reserved. CONTAINER ORCHESTRATION, THAT'S FOR MICROSERVICES, OR? 20

Slide 21

Slide 21 text

© 2015 Mesosphere, Inc. All Rights Reserved. 21 • Orthogonal issues … • … however, many (successful) microservices architectures I've seen are containerized • Worry first about the basics: • Are you using Git? • Have you got your CI/CD pipeline set up? • How do you deploy your (container) images? CONTAINER ORCHESTRATION, THAT'S FOR MICROSERVICES, OR?

Slide 22

Slide 22 text

© 2015 Mesosphere, Inc. All Rights Reserved. THAT CONTAINER ORCHESTRATION THING THAT'S FOR ON-PREMISES, RIGHT? 22

Slide 23

Slide 23 text

© 2015 Mesosphere, Inc. All Rights Reserved. THAT CONTAINER ORCHESTRATION THING THAT'S FOR ON-PREMISES, RIGHT? 23

Slide 24

Slide 24 text

© 2015 Mesosphere, Inc. All Rights Reserved. 24 • Nope, just different things are important • Think: provisioning (putting a box into a rack vs. pressing a button) • Actually, many do hybrid cloud (on-premises + cloud or inter-cloud) THAT CONTAINER ORCHESTRATION THING THAT'S FOR ON-PREMISES, RIGHT?

Slide 25

Slide 25 text

© 2015 Mesosphere, Inc. All Rights Reserved. BUT THERE ARE CERTAINLY SOME DOWNSIDES TO IT, I'M SURE! 25

Slide 26

Slide 26 text

© 2015 Mesosphere, Inc. All Rights Reserved. BUT THERE ARE CERTAINLY SOME DOWNSIDES TO IT, I'M SURE! 26

Slide 27

Slide 27 text

© 2015 Mesosphere, Inc. All Rights Reserved. 27 • Mostly challenges of social nature (less people can take of more stuff) • Convince your colleagues and boss with:
 The Phoenix Project BUT THERE ARE CERTAINLY SOME DOWNSIDES TO IT, I'M SURE!

Slide 28

Slide 28 text

© 2015 Mesosphere, Inc. All Rights Reserved. 28 BUT THERE ARE CERTAINLY SOME DOWNSIDES TO IT, I'M SURE! http://shop.oreilly.com/product/9781939902184.do http://p24e.io http://shop.oreilly.com/product/0636920039952.do https://manning.com/books/mesos-in-action 28 http://shop.oreilly.com/product/0636920043874.do

Slide 29

Slide 29 text

© 2015 Mesosphere, Inc. All Rights Reserved. AND NOW IT IS YOUR TURN … 29