code execution and scheduling (runs Docker containers) • Marathon for managing long-running services • Chronos for running things on a timer (nightly batches) • SmartStack for service registration and discovery • Sensu for monitoring/alerting • Jenkins (optionally) for continuous deployment (CI/CD) PaaSTA: Platform as a Service
Yelp maintained Docker images, no public images ◦ latest images ◦ no packages pinned to certain versions ◦ .dockerignore contains .git Docker container best practices
entropy strings from entering the code base • assumes existing code has no secrets • checks only the new code • loosely based on truffleHog No secrets into the service repository