Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Docker in Production (PHP London, July 2016)

Docker in Production (PHP London, July 2016)

Docker - the awesome utility that allows you to create a single, runnable, distributable application … but is it really that awesome?

In this talk I’ll discuss some of the common pitfalls and hurdles that one must navigate to have an enjoyable and fruitful relationship with Docker; giving you the confidence to take that relationship to the next stage: production.

David McKay

July 07, 2016
Tweet

More Decks by David McKay

Other Decks in Programming

Transcript

  1. [email protected] @rawkode github.com/rawkode Me! ★ Software Consultant ★ Docker Glasgow

    Organiser ★ Scotland PHP Organiser ★ Running Docker in production since March 2014
  2. Isolation: Reduced Friendly Fire You don’t need to seek permission

    / compatibility before upgrading or changing your stack
  3. Better Allocation of Resources Single auto-scaling group and allocate resources,

    rather than an auto-scaling group for each project, with under utilised resources
  4. ECS Good • You’re already on AWS • Handles load

    balancing and service discovery • FINALLY handles auto-scaling at container level
  5. ECS Bad • Behind on Docker version • Deploying is

    a very manual process / API is convoluted • Can’t use dynamic port allocation due to ELB requirements
  6. Swarm Good • Same CLI as Docker • Service Discovery

    • Load Balancing • One click EVERYTHING
  7. Swarm Bad • Must be on latest version for the

    good stuff • Changing fast • Not proven at scale
  8. Kubernetes Good • Service discovery • Load balancing • “Planet

    Scale” • Secret / config management • Lots of storage driver support, including AWS • EVERYTHING
  9. Mesosphere Meh • DCOS is cool • Mesos doesn’t do

    much on it’s own • Marathon and other plugins required • I’ve not really used it
  10. Small Steps Gotcha Don’t jump straight into Kubernetes / Mesos

    / OpenShift Orchestrate containers using your current tooling
  11. Service Discovery Gotcha How do I speak to other containers?

    Assuming you’re not using Kubernetes, etc
  12. Port Based Tip Pick a random port for each service

    and never change it. Load balance across ALL hosts
  13. $ docker events time container create 53487539487534 ( image=php:7-cli ,

    name=sharp_meninsky) time container attach 53487539487534 ( image=php:7-cli , name=sharp_meninsky) time network connect 38274982374222 (container=53487539487534, type=bridge) time container start 53487539487534 (image=php:7-cli, name=sharp_meninsky) time container die 53487539487534 (exitCode=0, image=php:7-cli , name=sharp_meninsky) time network disconnect 38274982374222 (container=53487539487534, type=bridge) time container destroy 53487539487534 ( image=php:7-cli , name=sharp_meninsky)
  14. Docker Log Drivers Since Docker >= 1.6 --log-driver=<driver> • json-file

    • syslog • fluentd • awslogs • gelf (LogStash and Graylog)
  15. Sign Your Images Tip Don’t suffer because of a poisoned

    image https://github.com/docker/notary
  16. ICC Gotcha By default, any container can communicate with another

    container Turn off inter-container communication
  17. composer.lock STOP COMMITTING Since “composer install” won’t be part of

    your deployment strategy, don’t commit your lock file. “composer install” should always get your latest and greatest during build and those dependencies are BAKED into your image.
  18. composer.lock If your CI/D build passes it’s tests, you’re golden.

    If it fails, you’re not pinning your dependencies well enough. STOP COMMITTING