DockerCon Day 2WelcomeBen Golub – CEO@golubbe

• Works for everyone (developers, devops, & ops)• Works everywhere (multi-arch, multi-OS, on & off

prem)• Extensible & Pluggable• Solutions and roadmap

Security

Orchestration

Networking & storage

Workflows for developing, shipping, deploying/managing

• Real users

What does Docker in Production mean?

And that’s what this DockerCon is all about

Docker in Production

The Layers

Open Standards

Plumbing

Developer Platform

Business Solutions

Implement

Integrate

Augment

The Layers

Open Standards

Plumbing

Developer Platform

Business Solutions

OCF, OCP

1.7 , Swarm (+ Mesos, ECS), Compose, Machine, Plugins (Weave, ClusterHQ),++

runC, Notary

Today

3 Broad Categories of Commercial Solutions

Build/Create

Ship/Store

Run/Manage

Built by assembling best tools

Build/Create

Ship/Store

Run/Manage

• Developer Platform• CI/CD integration• Signing/Trust• +++

• Trusted registries• Official repositories• Access control• Policies• +++

• Orchestration• GUI• Management• Logging• +++

Delivered in manner that works in production

Build/Create

Ship/Store

Run/Manage

• Work both on premises and in the cloud• Have to work well together• Delivered with commercial support• Available through channels & partners• Priced & packaged to enable easy adoption

((Ben introduces Marianna here)

Since launching Docker Hub 12 months ago …

150,000repos

500+ million

pulls

240,000users

3/22

/13

5/23

/13

7/24

/13

9/24

/13

11/2

5/13

1/26

/14

3/29

/14

5/30

/14

7/31

/14

10/1

/14

12/2

/14

2/2/

15

4/5/

15

6/6/

15 -

50,000

100,000

150,000

200,000

250,000

4/29

/13

6/25

/13

8/21

/13

10/1

7/13

12/1

3/13

2/8/

14

4/6/

14

6/2/

14

7/29

/14

9/24

/14

11/2

0/14

1/16

/15

3/14

/15

5/10

/15

-

40,000

80,000

120,000

160,000

5/6/

13

7/4/

13

9/1/

13

10/3

0/13

12/2

8/13

2/25

/14

4/25

/14

6/23

/14

8/21

/14

10/1

9/14

12/1

7/14

2/14

/15

4/14

/15

6/12

/15

-

100,000,000

200,000,000

300,000,000

400,000,000

500,000,000

2014 2015 2014 2015 2014 2015

60+ millionpulls

Docker Hub

Dev & QA ColleaguesDevelopers

QA

Build & Ship

13,000organizations

Laptop to the World w/ DockerChris BuckleyDirector of DevOpsBusiness Insider

Summary

• About Me

- Working in Linux/systems administration for 14 years, specializing in LAMP based businesses

• About Business Insider

-Mix of Bare Metal & AWS infrastructure, PHP, Go, MongoDB, Puppet, Docker

The JourneyBusiness Insider’s beginnings with Docker

Why Docker at Business Insider?

• Because it was fun… - FreeBSD Jails, Linux Containers have been around a while

- Docker was a great way to really start playing with them at BI

• Quickly saw opportunities for applications- Local development environments

- Keeping consistent environments from Local (it works on my laptop??), Dev, Staging, through to Production

- Apps using same monolithic codebase able to be isolated and segregated on the same bare metal / virtual stack

Our first steps…

• Started using it for building and shipping code- Kept the same environment and software versions

during build as in production- … No matter where the build ran

First long running application…

• Several applications were utilizing the same infrastructure

- Memcached keys being overwritten & APC clashes caused issues in several applications

• Isolated containers could fix this…

Shipping infrastructure… so many questions• How do we ship the containers?

• Adding code inside or mounting a volume outside

• How to manage the container, keep it running in cases of failure?

• Infrastructure heavily Puppetized- Workflow was built around consistent instances with

updates applied as code (Puppet Server/Agent, Hiera)

- Business Insider DevOps

“Let’s give it a shot…”

Running the Containers

• Mounted application code using volumes

• Shipping code using temporary containers from Jenkins

• Long standing containers as Linux services, containers hosted on Docker Hub

It works! Sort of...• Our first application out on Docker,

and it worked (hurrah!)

• Docker Hub as the central repository for our containers

• Porting production containers back to Developers not so simple...

The LessonsBusiness Insider’s lessons with Docker

Lesson Learned: Build for Local

• Building for production first was grandiose but misguided

• Porting it backwards for Devs to use not the right path for us

• Bottleneck for Devs to start writing code

ConFIGuration• Fig (now Docker Compose) was

perfect for our needs

• Complete stack defined in YAML

• Links, Ports, Volumes, Environment variables all in one place

• Build container from a Dockerfile or pull an image from Docker Hub (we did both)

• Previous generations of Dev environments, average time to get a single app up and running was ~1-2 days

• With our own Vagrant running Docker, with Fig/Compose, we cut that down to a few hours (excluding any database imports)

• Allowed our Developers to start writing and committing code much faster

New Developer up and running in (almost) no time

• Fig / Compose was great for single host applications

• For multi host / distributed applications, we turned to using containers as Linux services (upstart, SysV)

• Rolling our own upstart scripts for every container became a real pain, even with our containers sitting in Docker Hub

Revisiting Production apps

• We went back to the Puppet approved Docker module to see what we could do.

- https://forge.puppetlabs.com/garethr/docker

• Turns out, it met a lot of our needs (Thanks Gareth!)

• Handled image versions, runtime configurations, links, startup dependencies, all in a nicely packaged init.d script

- Packaged as a class we could fill the blanks using Hiera, and pull the images from Docker Hub

Puppet Forge + Docker Hub == WIN

An example Puppet class, using the Docker Puppet Forge module, showing several

containers, linking, environment options, and dependencies on

other containers services starting first.

Dev + Ops Workflow Pre-Docker

DevOps Workflow Post-Docker

The FutureBusiness Insider’s roadmap with Docker

• Current system is pretty good, but we want to take orchestration to the next phase

- Investigating different tools• Docker Machine/Swarm/Compose• Kubernetes• Mesosphere DCOS• EC2 Container Service• CoreOS/Fleetctl

• Diving deeper into triggered/automated builds- Docker Hub automated builds- Jenkins Docker plugins for building containers

What’s next for Business Insider + Docker?

Summary

• Leverage what you know and have

- No need to completely reinvent the wheel with your infrastructure

• There is no wrong way to experiment

- Docker ecosystem is vast, you’ll find what works for you

• Have fun with it!

- If we can’t enjoy what we do, what’s the point?

Thank youChris Buckley

Twitter: @ChrisBuckleySA

Today

Quality

Docker Hub

Faster Pulls60% Less

Bandwidth

v1 v20%

25%

50%

75%

100%

v1 v20%

25%

50%

75%

100%

80% Fewer Requests

Docker HubDashboard: 2.0x

SpeedupSearch: 1.6x Speedup

Current New0

6,000

12,000

Current New0

3,000

6,000

9,000

Docker HubMore Reliable

Docker Hub Security

Authentication microservice

One-time use Build hosts

Content-addressable images

On-going scanning & audits

Public Beta

hub-beta.docker.com

5 FREE Private ReposOnly for DockerCon Attendees

Coupon Code:dockercon2015

“Which capabilities are required to run Docker in production?”

1. Support2. On-premise registry3. Networking4. Security5. Directory integration

Open Source Registry Downloads

6.5 million

Docker Trusted Registry

On-premise registry server

LDAP/Active Directory

integration

Role-based access control

Audit & events logging

Easy deploy, upgrade, & rollback

800+

https://flic.kr/p/dERZT6 - m01229

Current State – Monolithic, Stand alone application

IAM

RDMS

API

Analytics

App-Business

Logic

LB

IAM

RDMS

API

Report

IAM

RDMS

API

Search

IAM

RDMS

API

Analytics

Application 1 Application 2 Application 3 Application 4

Bus

ines

s Lo

gic

App-Business

Logic

LB

App-Business

Logic

LB

App-Business

Logic

LB

Ser

vice

s

Target State –Business focused

abstracted from the common platform IAM

API

Analytics

Data Services

Search/Reports

Security

Cloud Infrastructure

Business Logic

Platform

Application 1

Bus

ines

s Lo

gic

Ser

vice

s

Business Logic

Application 2

Business Logic

Application 3

Business Logic

Application 4

Demo Flow

Github Enterprise

Jenkins

Project Jellyfish/Po

rtal

ChefAWS/EC2RHEL 7.1SWARM

InterlockHAPROXY

Container(s)

Consul

Git Push

Docker Trusted Registry

Docker Trusted Registry

Demo

Benefits

• Improved customer-centric services • Increased time-to-market• Reduced cost• Creates opportunities for new business• Target state of 2 week production

sprints for platform and new applications

• Decrease time for security review

Next Steps

• Image governance through provenance• Inserting secrets in containers with Keywhiz

https://square.github.io/keywhiz/• Container networking• Plugins for Interlock (nginx, external, stats)• API for Interlock for deeper integration

• “Docker Security”11:45am @ Yerba Buena 9Diogo Monica and Nathan McCauley

“Which capabilities are required to run Docker in production?”

1. Support2. On-premise registry3. Networking4. Security5. Directory integration

Docker Engines Image Registry

Docker Trusted Registry

Docker HubRegistry

Commercial Support

Subscription

$150 per month

docker.com/solutions

Distributed Apps: What’s Next?

Distributed Apps: What’s Next?

Michael FarberEVP Innovation, Booz-

Allen@BoozAllen

Jason McGeeCloud CTO, IBM

@jrmcgee

Mark RussinovichCTO, Microsoft Azure@markrussinovich

The Road Ahead

2012 2013 2014 2015 2016 2017 2018 20190M

2M

4M

6M

8M

10M

12MWin-dowsLinuxUNIX

Worldwide x86 Server Unit Shipments

2012 2013 2014 2015 2016 2017 2018 20190M

2M

4M

6M

8M

10M

12MWin-dowsLinuxUNIX

Worldwide x86 Server Unit Shipments

Openness Innovation

Docker | Microsoft

Since last year at DockerCon…Docker extensions in Microsoft Azure

Docker client for Windows

Docker VM image in Azure

ASP.NET 5 Preview Docker image

Orchestration in Azure

Visual Studio 2015 tools for Docker: Preview

Windows Server Containers showcase

Libswarm support

Windows Server Containers

Demo

“As a sysadmin, how should I manage Dockerized apps in prod?”

“What tools can help me easily scale-up my apps?”

“What’s the Docker-recommended way to use Engine, Swarm, Compose, and other technologies in production?”

“How can Ops make it easy – and secure - to give Devs self-serve access to approved images?”

“I need better visibility into where my containers are running and how they’re performing…”

Project Orca

http://voices.suntimes.com

A Top-to-Bottom Integrated Stack

Docker Engine

Networking

Docker Compose

Docker Swarm

GUI

Security

… plus tools for installation, deployment, configuration, and updates

Hosts

Project OrcaDocker Hub Registry

Docker Trusted Registry

Ship Run

Demo

Hosts

Docker Swarm

GUI & Control

Project Orca

Docker Engines

Docker Hub Registry

Docker Trusted Registry

Docker Compose

Demo

Everything You Need To “Run”

Hosts

Docker Swarm

GUI & Control

Project Orca

Docker Engines

Docker Hub Registry

Docker Trusted Registry

Docker Compose

bit.ly/project-orca

Docker: Ready for Production

Docker: Ready for Production

Docker Hub

Docker Trusted Registry

ProjectOrca

CommercialSolutions

Docker: Ready for Production

Ecosystem Partners

Docker: Ready for Production

Have A Great DockerCon Day 2!

Thank you