Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kickass Development Environments with Docker (LeedsPHP, January, 2017)

Kickass Development Environments with Docker (LeedsPHP, January, 2017)

Docker, the hottest technology around at the moment. It swept the Ops world by storm in 2014, became mainstream in 2015, and now it’s set to dominate the developer world, in 2016.

Docker is a tool that allows you to package your application up into a single-runnable distributable binary - akin to the phar, but in Hulk mode. Docker allows you, a developer, to specify the exact environment your application needs to run, across development; test; staging; and production.

In this talk I will cover the creation of this utopian distributable and show you how to can compose your entire production infrastructure locally with only a small YAML file and without installing a single thing.

Lets say hello, to Docker.

69172dc4e4cc3e4cdd234c40adf395fa?s=128

David McKay

January 19, 2017
Tweet

Transcript

  1. Kickass Development Environments with Docker Leeds PHP January, 2017

  2. david@rawkode.com @rawkode github.com/rawkode ~ Organiser: ScotlandPHP Docker | DevOps MongoDb

    | Pair Programming Glasgow • PHP / Go / Elixir • DevOps / CI / CD / Docker • CQRS & Event Sourcing • Domain-Driven Design • TDD / BDD
  3. Kickass Development Environments with Docker

  4. let’s travel through time ...

  5. Development Environments circa 2000 $ tree awesome-million-pound-project └── src ├──

    game.php ├── game.php.bk-david ├── game.php.bk-deano ├── main.php ├── main.php.maybe-fixed ├── main.php.bk-1999-12-02 ├── main.php.bk-1999-12-02.2 ├── player.php ├── player.php.orig └── .swp.player.php
  6. Production Environments circa 2000 $ tree awesome-million-pound-project └── src ├──

    game.php ├── game.php.bk-david ├── game.php.bk-deano ├── main.php ├── main.php.maybe-fixed ├── main.php.bk-1999-12-02 ├── main.php.bk-1999-12-02.2 ├── player.php ├── player.php.orig └── .swp.player.php
  7. things got better ...

  8. but not for another six years ...

  9. 2006

  10. Dev/Prod parity becomes a twinkle in our eye

  11. 2009

  12. DSL Hell

  13. 2011

  14. Vagrant Problems • You’re creating and managing VMs for each

    project / service • Those VM’s are mutable / prone to error by user changes • They’re built JIT (most cases) • How long goes your vagrant up take?
  15. Let’s check out another option

  16. What is Docker?

  17. What is Docker? Docker allows you to package an application

    with all of its dependencies into a standardized unit for software development. docker.com
  18. What’s the goal? A single, runnable, distributable executable

  19. The Docker Family • Docker • Docker Engine • Docker

    Registry • Docker Compose • Docker Machine • Docker Swarm
  20. Lets jump in!

  21. Dockerfile

  22. FROM php:7.0

  23. ADD ./ /var/www COPY ./ /var/www Warning: Be careful with

    ADD
  24. WORKDIR /var/www

  25. ENTRYPOINT [ “php” ]

  26. CMD [ “-v” ]

  27. Layering

  28. Every Dockerfile keyword commits a layer

  29. This is great for caching

  30. Docker Container

  31. Docker Container

  32. Docker Container

  33. Demo: Docker Basics

  34. Using Docker for Development Composing Complex Systems

  35. Project Dependencies

  36. Project Dependencies

  37. Official Repositories

  38. None
  39. Composing Services

  40. Composing Services services: php: image: php:7-cli elasticsearch: image: elasticsearch:5 mysql:

    image: mysql:8 redis: image: redis:3
  41. Composing Services services: php: image: php:7-cli elasticsearch: image: elasticsearch:5 mysql:

    image: mysql:8 redis: image: redis:3
  42. Composing Services services: php: image: rawkode/php:7-cli elasticsearch: image: quay.io/rawkode/elasticsearch:5

  43. Composing Services services: php: image: php:7-cli elasticsearch: image: elasticsearch:5 mysql:

    image: mysql:8 redis: image: redis:3
  44. Configuring Services

  45. Configuring Services services: mysql: image: mysql:8

  46. Configuring Services: Hostname services: mysql: image: mysql:8

  47. Configuring Services: Publishing Ports services: php: image: php:7-cli ports: -

    80:80
  48. Configuring Services: Publishing Ports services: php: image: php:7-cli ports: -

    80 # Published on host as random natural number, from 32768
  49. Configuring Services: Environment / 12-Factor services: mysql: image: mysql:8 environment:

    - MYSQL_DATABASE - MYSQL_USER=application - MYSQL_PASSWORD=password - MYSQL_RANDOM_ROOT_PASSWORD=true
  50. Configuring Services: Environment / 12-Factor services: mysql: image: mysql:8 environment:

    MYSQL_DATABASE MYSQL_USER: application MYSQL_PASSWORD: password MYSQL_RANDOM_ROOT_PASSWORD: ’true’
  51. Configuring Services: Environment / 12-Factor services: mysql: image: mysql:8 env_file:

    .env
  52. Configuring Services: Dependencies services: php: image: php:7-cli depends_on: mysql mysql:

    image: mysql:8
  53. Configuring Services: Volumes services: php: image: php:7-cli volumes: - ./:/code

  54. Configuring Services: Volumes services: logstash: image: logstash:latest volumes_from: - php:ro

  55. Configuring Services: Volumes volumes: cache: driver: local

  56. Configuring Services: Volumes volumes: cache: driver: local

  57. Configuring Services: Volumes volumes: cache: driver: local services: php: image:

    php:7-cli volumes: - cache:/var/www/cache
  58. Demo: Putting it all Together

  59. Docker Tips

  60. composer install --ignore-platform-reqs • IDE AutoComplete • Cached to ~/.composer

    Composer Keep it local
  61. https://goo.gl/B26y17 Composer Keep it local … but feel free to

    run it in a container!
  62. docker-compose down -v • Stops and removes all containers and

    networks in the project • -v means delete the volumes as well Down Means Destroy
  63. List all the Docker networks: docker network ls Feeling brave?

    docker network rm -f \ $(docker network ls -q) Mind Your Networks Avoid subnet collisions!
  64. FROM alpine:3.3 Alpine Linux ~ 5 MiB (with solid package

    management!)
  65. Base Image ONBUILD FTW # Dockerfile ONBUILD COPY . /var/www

    # docker-compose.yml application: image: my-base-image volumes: - .:/var/www # CI build FROM base-image
  66. Base Image NIGHTLY BUILDS cron / curl / wget /

    whatever! There’s no cascading builds in Docker. Automate it
  67. Arbitrary Commands docker-compose run --rm -u www-data service_name command

  68. Single Process per Container Keep Attack Surface Small This will

    bode well from development to production!
  69. Reduced Attack Surface If you get hacked, you SHOULD /

    COULD / MIGHT be OK
  70. Docker Security Modelled as the Matrix ...

  71. You, the Architect ...

  72. Your system is looking pretty sweet!

  73. Processes are being kept in-line

  74. But then, hackers come along

  75. This Guy!

  76. Corrupting your innocent processes and turning them into weapons

  77. Making them bend the rules because you didn’t drop CAP_SYS_ADMIN

  78. In-order to escape your utopian system!

  79. The point?

  80. Taking security seriously: Minimising processes Security scanning Dropping Kernel capabilities

  81. Would have stopped

  82. This Guy!

  83. Finding out about

  84. This Guy

  85. Corrupting him

  86. To do his evil bidding

  87. This wouldn’t have happened

  88. This wouldn’t have happened

  89. Most importantly This wouldn’t have happened

  90. Thanks for having me! Questions? @rawkode Slides speakerdeck.com/rawkode