$30 off During Our Annual Pro Sale. View Details »

Kickass Development Environments with Docker (LeedsPHP, January, 2017)

Kickass Development Environments with Docker (LeedsPHP, January, 2017)

Docker, the hottest technology around at the moment. It swept the Ops world by storm in 2014, became mainstream in 2015, and now it’s set to dominate the developer world, in 2016.

Docker is a tool that allows you to package your application up into a single-runnable distributable binary - akin to the phar, but in Hulk mode. Docker allows you, a developer, to specify the exact environment your application needs to run, across development; test; staging; and production.

In this talk I will cover the creation of this utopian distributable and show you how to can compose your entire production infrastructure locally with only a small YAML file and without installing a single thing.

Lets say hello, to Docker.

David McKay

January 19, 2017
Tweet

More Decks by David McKay

Other Decks in Technology

Transcript

  1. Kickass Development Environments with Docker
    Leeds PHP
    January, 2017

    View Slide

  2. [email protected]
    @rawkode
    github.com/rawkode
    ~
    Organiser:
    ScotlandPHP
    Docker | DevOps
    MongoDb | Pair Programming
    Glasgow
    ● PHP / Go / Elixir
    ● DevOps / CI / CD / Docker
    ● CQRS & Event Sourcing
    ● Domain-Driven Design
    ● TDD / BDD

    View Slide

  3. Kickass Development Environments with Docker

    View Slide

  4. let’s travel through time ...

    View Slide

  5. Development Environments circa 2000
    $ tree
    awesome-million-pound-project
    └── src
    ├── game.php
    ├── game.php.bk-david
    ├── game.php.bk-deano
    ├── main.php
    ├── main.php.maybe-fixed
    ├── main.php.bk-1999-12-02
    ├── main.php.bk-1999-12-02.2
    ├── player.php
    ├── player.php.orig
    └── .swp.player.php

    View Slide

  6. Production Environments circa 2000
    $ tree
    awesome-million-pound-project
    └── src
    ├── game.php
    ├── game.php.bk-david
    ├── game.php.bk-deano
    ├── main.php
    ├── main.php.maybe-fixed
    ├── main.php.bk-1999-12-02
    ├── main.php.bk-1999-12-02.2
    ├── player.php
    ├── player.php.orig
    └── .swp.player.php

    View Slide

  7. things got better ...

    View Slide

  8. but not for another six years ...

    View Slide

  9. 2006

    View Slide

  10. Dev/Prod parity becomes a twinkle in our eye

    View Slide

  11. 2009

    View Slide

  12. DSL Hell

    View Slide

  13. 2011

    View Slide

  14. Vagrant Problems
    ● You’re creating and managing VMs
    for each project / service
    ● Those VM’s are mutable / prone to
    error by user changes
    ● They’re built JIT (most cases)
    ● How long goes your vagrant up
    take?

    View Slide

  15. Let’s check out another option

    View Slide

  16. What is Docker?

    View Slide

  17. What is Docker?
    Docker allows you to package an application with all of its dependencies into
    a standardized unit for software development.
    docker.com

    View Slide

  18. What’s the goal?
    A single, runnable, distributable executable

    View Slide

  19. The Docker Family
    ● Docker
    ● Docker Engine
    ● Docker Registry
    ● Docker Compose
    ● Docker Machine
    ● Docker Swarm

    View Slide

  20. Lets jump in!

    View Slide

  21. Dockerfile

    View Slide

  22. FROM php:7.0

    View Slide

  23. ADD ./ /var/www
    COPY ./ /var/www
    Warning: Be careful with ADD

    View Slide

  24. WORKDIR /var/www

    View Slide

  25. ENTRYPOINT [ “php” ]

    View Slide

  26. CMD [ “-v” ]

    View Slide

  27. Layering

    View Slide

  28. Every Dockerfile keyword commits
    a layer

    View Slide

  29. This is great for caching

    View Slide

  30. Docker Container

    View Slide

  31. Docker Container

    View Slide

  32. Docker Container

    View Slide

  33. Demo: Docker Basics

    View Slide

  34. Using Docker for Development
    Composing Complex Systems

    View Slide

  35. Project Dependencies

    View Slide

  36. Project Dependencies

    View Slide

  37. Official Repositories

    View Slide

  38. View Slide

  39. Composing Services

    View Slide

  40. Composing Services
    services:
    php:
    image: php:7-cli
    elasticsearch:
    image: elasticsearch:5
    mysql:
    image: mysql:8
    redis:
    image: redis:3

    View Slide

  41. Composing Services
    services:
    php:
    image: php:7-cli
    elasticsearch:
    image: elasticsearch:5
    mysql:
    image: mysql:8
    redis:
    image: redis:3

    View Slide

  42. Composing Services
    services:
    php:
    image: rawkode/php:7-cli
    elasticsearch:
    image: quay.io/rawkode/elasticsearch:5

    View Slide

  43. Composing Services
    services:
    php:
    image: php:7-cli
    elasticsearch:
    image: elasticsearch:5
    mysql:
    image: mysql:8
    redis:
    image: redis:3

    View Slide

  44. Configuring Services

    View Slide

  45. Configuring Services
    services:
    mysql:
    image: mysql:8

    View Slide

  46. Configuring Services: Hostname
    services:
    mysql:
    image: mysql:8

    View Slide

  47. Configuring Services: Publishing Ports
    services:
    php:
    image: php:7-cli
    ports:
    - 80:80

    View Slide

  48. Configuring Services: Publishing Ports
    services:
    php:
    image: php:7-cli
    ports:
    - 80 # Published on host as random natural number, from 32768

    View Slide

  49. Configuring Services: Environment / 12-Factor
    services:
    mysql:
    image: mysql:8
    environment:
    - MYSQL_DATABASE
    - MYSQL_USER=application
    - MYSQL_PASSWORD=password
    - MYSQL_RANDOM_ROOT_PASSWORD=true

    View Slide

  50. Configuring Services: Environment / 12-Factor
    services:
    mysql:
    image: mysql:8
    environment:
    MYSQL_DATABASE
    MYSQL_USER: application
    MYSQL_PASSWORD: password
    MYSQL_RANDOM_ROOT_PASSWORD: ’true’

    View Slide

  51. Configuring Services: Environment / 12-Factor
    services:
    mysql:
    image: mysql:8
    env_file: .env

    View Slide

  52. Configuring Services: Dependencies
    services:
    php:
    image: php:7-cli
    depends_on: mysql
    mysql:
    image: mysql:8

    View Slide

  53. Configuring Services: Volumes
    services:
    php:
    image: php:7-cli
    volumes:
    - ./:/code

    View Slide

  54. Configuring Services: Volumes
    services:
    logstash:
    image: logstash:latest
    volumes_from:
    - php:ro

    View Slide

  55. Configuring Services: Volumes
    volumes:
    cache:
    driver: local

    View Slide

  56. Configuring Services: Volumes
    volumes:
    cache:
    driver: local

    View Slide

  57. Configuring Services: Volumes
    volumes:
    cache:
    driver: local
    services:
    php:
    image: php:7-cli
    volumes:
    - cache:/var/www/cache

    View Slide

  58. Demo: Putting it all Together

    View Slide

  59. Docker Tips

    View Slide

  60. composer install --ignore-platform-reqs
    ● IDE AutoComplete
    ● Cached to ~/.composer
    Composer
    Keep it local

    View Slide

  61. https://goo.gl/B26y17
    Composer
    Keep it local

    but feel free to run it in a container!

    View Slide

  62. docker-compose down -v
    ● Stops and removes all containers
    and networks in the project
    ● -v means delete the volumes as well
    Down Means Destroy

    View Slide

  63. List all the Docker networks:
    docker network ls
    Feeling brave?
    docker network rm -f \
    $(docker network ls -q)
    Mind Your Networks
    Avoid subnet collisions!

    View Slide

  64. FROM alpine:3.3
    Alpine Linux
    ~ 5 MiB
    (with solid package management!)

    View Slide

  65. Base Image
    ONBUILD FTW
    # Dockerfile
    ONBUILD COPY . /var/www
    # docker-compose.yml
    application:
    image: my-base-image
    volumes:
    - .:/var/www
    # CI build
    FROM base-image

    View Slide

  66. Base Image
    NIGHTLY BUILDS
    cron / curl / wget / whatever!
    There’s no cascading builds in Docker.
    Automate it

    View Slide

  67. Arbitrary Commands
    docker-compose
    run --rm
    -u www-data
    service_name
    command

    View Slide

  68. Single Process per
    Container
    Keep Attack Surface Small
    This will bode well from development to
    production!

    View Slide

  69. Reduced Attack Surface
    If you get hacked, you
    SHOULD / COULD / MIGHT
    be OK

    View Slide

  70. Docker Security Modelled as the Matrix
    ...

    View Slide

  71. You, the Architect ...

    View Slide

  72. Your system is looking pretty sweet!

    View Slide

  73. Processes are being kept in-line

    View Slide

  74. But then, hackers come along

    View Slide

  75. This Guy!

    View Slide

  76. Corrupting your innocent
    processes and turning
    them into weapons

    View Slide

  77. Making them bend the
    rules because you didn’t
    drop
    CAP_SYS_ADMIN

    View Slide

  78. In-order to escape
    your utopian system!

    View Slide

  79. The point?

    View Slide

  80. Taking security seriously:
    Minimising processes
    Security scanning
    Dropping Kernel capabilities

    View Slide

  81. Would have stopped

    View Slide

  82. This Guy!

    View Slide

  83. Finding out about

    View Slide

  84. This Guy

    View Slide

  85. Corrupting him

    View Slide

  86. To do his evil bidding

    View Slide

  87. This wouldn’t have happened

    View Slide

  88. This wouldn’t have happened

    View Slide

  89. Most importantly
    This wouldn’t have happened

    View Slide

  90. Thanks for having me!
    Questions?
    @rawkode
    Slides
    speakerdeck.com/rawkode

    View Slide