Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Kickass Development Environments with Docker (MidwestPHP 2017)

Kickass Development Environments with Docker (MidwestPHP 2017)

Docker, the hottest technology around at the moment. It swept the Ops world by storm in 2014, became mainstream in 2015, and now it’s set to dominate the developer world, in 2016.

Docker is a tool that allows you to package your application up into a single-runnable distributable binary - akin to the phar, but in Hulk mode. Docker allows you, a developer, to specify the exact environment your application needs to run, across development; test; staging; and production.

In this talk I will cover the creation of this utopian distributable and show you how to can compose your entire production infrastructure locally with only a small YAML file and without installing a single thing.

Lets say hello, to Docker.

69172dc4e4cc3e4cdd234c40adf395fa?s=128

David McKay

March 18, 2017
Tweet

Transcript

  1. Kickass Development Environments with Docker

  2. david@rawkode.com @rawkode github.com/rawkode ~ Organiser: ScotlandPHP Docker | DevOps MongoDB

    | Pair Programming Glasgow • PHP / Go / Elixir • DevOps / CI / CD / Docker • CQRS & Event Sourcing • Domain-Driven Design • TDD / BDD
  3. let’s travel through time ...

  4. Development Environments circa 2000 $ tree awesome-million-pound-project └── src ├──

    game.php ├── game.php.bk-david ├── game.php.bk-deano ├── main.php ├── main.php.maybe-fixed ├── main.php.bk-1999-12-02 ├── main.php.bk-1999-12-02.2 ├── player.php ├── player.php.orig └── .swp.player.php
  5. Production Environments circa 2000 $ tree awesome-million-pound-project └── src ├──

    game.php ├── game.php.bk-david ├── game.php.bk-deano ├── main.php ├── main.php.maybe-fixed ├── main.php.bk-1999-12-02 ├── main.php.bk-1999-12-02.2 ├── player.php ├── player.php.orig └── .swp.player.php
  6. things got better ...

  7. but not for another six years ...

  8. 2006

  9. Dev/Prod parity becomes a twinkle in our eye

  10. 2009

  11. DSL Hell

  12. 2011

  13. Vagrant Problems • You’re creating and managing VMs for each

    project / service • Those VM’s are mutable / prone to error by user changes • They’re built JIT (most cases) • How long goes your vagrant up take?
  14. Let’s check out another option

  15. What is Docker?

  16. What is Docker? Docker allows you to package an application

    with all of its dependencies into a standardized unit for software development. docker.com
  17. What’s the goal? A single, runnable, distributable executable

  18. The Docker Family • Docker • Docker Engine • Docker

    Registry • Docker Compose • Docker Machine • Docker Swarm
  19. Lets jump in!

  20. Dockerfile

  21. FROM php:7.0

  22. ADD ./ /var/www COPY ./ /var/www Warning: Be careful with

    ADD
  23. WORKDIR /var/www

  24. ENTRYPOINT [ “php” ]

  25. CMD [ “-v” ]

  26. Layering

  27. Every Dockerfile keyword commits a layer

  28. This is great for caching

  29. Docker Container

  30. Docker Container

  31. Docker Container

  32. Demo: Docker Basics

  33. Using Docker for Development Composing Complex Systems

  34. Project Dependencies

  35. Project Dependencies

  36. Official Repositories

  37. None
  38. Composing Services

  39. Composing Services services: php: image: php:7-cli elasticsearch: image: elasticsearch:5 mysql:

    image: mysql:8 redis: image: redis:3
  40. Composing Services services: php: image: php:7-cli elasticsearch: image: elasticsearch:5 mysql:

    image: mysql:8 redis: image: redis:3
  41. Composing Services services: php: image: php:7-cli elasticsearch: image: elasticsearch:5 mysql:

    image: mysql:8 redis: image: redis:3
  42. Configuring Services

  43. Configuring Services services: mysql: image: mysql:8

  44. Configuring Services: Hostname services: mysql: image: mysql:8

  45. Configuring Services: Publishing Ports services: php: image: php:7-cli ports: -

    80:80
  46. Configuring Services: Publishing Ports services: php: image: php:7-cli ports: -

    80 # Published on host as random natural number, from 32768
  47. Configuring Services: Environment / 12-Factor services: mysql: image: mysql:8 environment:

    - MYSQL_DATABASE - MYSQL_USER=application - MYSQL_PASSWORD=password - MYSQL_RANDOM_ROOT_PASSWORD=true
  48. Configuring Services: Environment / 12-Factor services: mysql: image: mysql:8 environment:

    MYSQL_DATABASE MYSQL_USER: application MYSQL_PASSWORD: password MYSQL_RANDOM_ROOT_PASSWORD: ’true’
  49. Configuring Services: Environment / 12-Factor services: mysql: image: mysql:8 env_file:

    .env
  50. Configuring Services: Dependencies services: php: image: php:7-cli depends_on: - mysql

    mysql: image: mysql:8
  51. Configuring Services: Health Checks services: php: image: php:7-cli depends_on: mysql:

    condition: service_healthy mysql: image: mysql:8 healthcheck: test: “nc -z 3306”
  52. Configuring Services: Volumes services: php: image: php:7-cli volumes: - ./:/code

  53. Configuring Services: Volumes services: logstash: image: logstash:latest volumes_from: - php:ro

  54. Configuring Services: Volumes volumes: cache: driver: local

  55. Configuring Services: Volumes volumes: cache: driver: local

  56. Configuring Services: Volumes volumes: cache: driver: local services: php: image:

    php:7-cli volumes: - cache:/var/www/cache
  57. Demo: Putting it all Together

  58. Docker Tips

  59. composer install --ignore-platform-reqs • IDE AutoComplete • Cached to ~/.composer

    Composer Keep it local
  60. https://goo.gl/B26y17 Composer Keep it local … but feel free to

    run it in a container!
  61. docker-compose down -v • Stops and removes all containers and

    networks in the project • -v means delete the volumes as well Down Means Destroy
  62. List all the Docker networks: docker network ls Feeling brave?

    docker network rm -f \ $(docker network ls -q) Mind Your Networks Avoid subnet collisions!
  63. FROM alpine:3.3 Alpine Linux ~ 5 MiB (with solid package

    management!)
  64. Base Image ONBUILD FTW # Dockerfile ONBUILD COPY . /var/www

    # docker-compose.yml application: image: my-base-image volumes: - .:/var/www # CI build FROM base-image
  65. Base Image NIGHTLY BUILDS cron / curl / wget /

    whatever! There’s no cascading builds in Docker. Automate it
  66. Arbitrary Commands docker-compose run --rm -u www-data service_name command

  67. Traefik Learn it. Love it.

  68. Single Process per Container Keep Attack Surface Small This will

    bode well from development to production!
  69. Reduced Attack Surface If you get hacked, you SHOULD /

    COULD / MIGHT be OK
  70. Docker Security Modelled as the Matrix ...

  71. You, the Architect ...

  72. Your system is looking pretty sweet!

  73. Processes are being kept in-line

  74. But then, hackers come along

  75. This Guy!

  76. Corrupting your innocent processes and turning them into weapons

  77. Making them bend the rules because you didn’t drop CAP_SYS_ADMIN

  78. In-order to escape your utopian system!

  79. The point?

  80. Taking security seriously: Minimising processes Security scanning Dropping Kernel capabilities

  81. Would have stopped

  82. This Guy!

  83. Finding out about

  84. This Guy

  85. Corrupting him

  86. To do his evil bidding

  87. This wouldn’t have happened

  88. This wouldn’t have happened

  89. Most importantly This wouldn’t have happened

  90. Thanks for having me! Questions? @rawkode Feedback joind.in/talk/0395e Slides speakerdeck.com/rawkode