Embed Size (px)
Citation preview
Dockerize it!Alex nadalin - NAMSHI.com
WARNING
MINIMALDOCKERAHEAD
playing with containers
figuring them out
never tried
DEMO
Container laws
Why containers?
remember when...
require(‘http’).createServer(...)
<li ng-repeat=”item in items” … >
go func()
or when...
sudo service nginx restart
apt-get install curl
ulimit -n 1025
Systems are
boring.
Systems aref*****gboring.
Code is an F1 pilot
unique style
hard to replicatehard to replicate
hard to replicatehard to replicate
hard to replicate
System is the F1 car
Robust
Reliable
Replicable
Systems aren’tnice to build
They are niceto orchestrate
VMs
How do theydiffer fromcontainers?
“it’s just like a VM,just much more lightweight”
“it’s just like a VM,just much more lightweight”FLUFF
kernel
resources
isolation
security
“Containers have similar resourceisolation and allocation benefits as
virtual machines but a differentarchitectural approach allows them
to be much more portable and efficient”
https://www.docker.com/what-docker
Law #1
Even though they might try to solve similar problems, containers and VMs are fundamentally different
1996
https://github.com/docker/libcontainer/blob/master/PRINCIPLES.md
runC
Law #2
Docker is not here to stay(at least in the way wethink of it nowadays)
Think thatDocker is simple
Think thatDocker is simple
# docker-compose.ymlservices: web: build: . ports: - "8080:8080"
volumes: - .:/src
$ docker-compose up
expand the horizon
We have Docker in oursystem
We’re developinga nodejs app
without nodejs
we’re exposing it fromour container to our host
(-p 8080:8080)
then we’re running ngrokto expose our host
to the internet
without ngrok
Law #3
Containers aren’t suitable for dev or production, containers are
suitable for use-cases
docker pull graylog2/allinone
Law #4
Dockerfiles are the simplest form of configuration management
Orchestratingcontainers isn’t
simple.
But it’s thefun part :-)
apiVersion: v1kind: ReplicationControllermetadata: name: app labels: name: appspec: replicas: 1 selector: name: app template: metadata: labels: name: app spec: containers: - name: master image: my-nodejs-app ports: - containerPort: 1234
apiVersion: v1kind: ReplicationControllermetadata: name: app labels: name: appspec: replicas: 1 selector: name: app template: metadata: labels: name: app spec: containers: - name: master image: my-nodejs-app ports: - containerPort: 1234
kubectl create -f/path/to/definition.yml
PODs
REPLICATION CONTROLLERS
SERVICES
PODs
REPLICATION CONTROLLERS
SERVICES
A set of logically linked containers
PODs
REPLICATION CONTROLLERS
SERVICES
The guy who makes surePODs are up & running
apiVersion: v1kind: ReplicationControllermetadata: name: app labels: name: appspec: replicas: 1 selector: name: app template: metadata: labels: name: app spec: containers: - name: master image: my-nodejs-app ports: - containerPort: 1234
kubectl scale--replicas=2 rc app
PODs
REPLICATION CONTROLLERS
SERVICES
The DataCenter of thefuture is taking shape
Law #5
Configuration management is (almost) dead
Long live orchestrators
Law #6
Talk services, not machines
NERD ADVICEContainers aren’tbetter than VMs, it really just depends on what you need to dohttps://goo.gl/DGQKDA
NERD ADVICEForget about the hosts, go GCE if you canhttps://goo.gl/haanq4
NERD ADVICEElse, use a mature orchestration platformhttp://kubernetes.io/ https://goo.gl/sbk3Hk (swarm) http://mesos.apache.org/
NERD ADVICERun your hosts on safe, light OSlike CoreOShttps://coreos.com/
NERD ADVICEUse Alpine for your containers,it’s a minimal security-orientedLinux distrohttp://goo.gl/MF4nKp
NERD ADVICEAvoid runningcontainers asroothttp://goo.gl/MF4nKp
NERD ADVICERegularly scanyour clusters tosee if there’s anysecurity gotchahttps://goo.gl/l8tO31
NERD ADVICEIsolate “colanders” like jenkins in containershttps://goo.gl/1HuQjV
NERD ADVICEStop manually installing software on your own machinehttps://goo.gl/9fHWHU
NERD ADVICELive like it’s 2016https://goo.gl/2FNwGqhttps://github.com/coreos/rkthttps://runc.io/
Alessandro Nadalin
Alessandro Nadalin
@_odino_
Alessandro Nadalin
@_odino_
Namshi
Alessandro Nadalin
@_odino_
Namshi
VP Technology
Alessandro Nadalin
@_odino_
Namshi
VP Technology
odino.org
Thanks!Alessandro Nadalin
@_odino_
Namshi
VP Technology
odino.org
we are hiring!tech.namshi.com/join-us
github.com/namshi
twitter.com/TechNamshi
tech.namshi.com
