“containerizing” applications with docker: ecosystem and tools
TRANSCRIPT
The Enterprise Software & Support CompanyThe Enterprise Software & Support Company
“Containerizing” Applications:
Ecosystem and Tools
#OpenExpo2016
● Javier Ramírez UreaSenior Consultant
Dockerized at HoplaSoftware
“Containerizing” Applications: Ecosystem and Tools
● Building Microservice Applications with Containers
● Container’s Ecosystem
● Building Images
● Operating Systems
● Storage & Backup
● Networking
● Security
● Clustering & Scheduling
● Dynamic Services
● Monitoring & Logging
● Provisioning & Configuration Management
Building Microservice Applications with Containers
Use the Force Luke!!!
Building Images
• Smaller is better
• Expose only what is really needed
• Don’t daemonize, unless required.
Operating Systems
• Host Nodes• Well known supported OSes
• “Container Specific Deployers”
• Containers
Storage & Backup
• StorageEphemeral Storage or Persistent Storage
✔ Runtime✔ Configuration✔ Data✔ Multihost
• Backup/Restore/Snapshot
Networking
• Docker Standard Drivers:• None• Host• Container• Bridge• Overlay
• Linking between containers
• Macvlan and Ipvlan Network Drivers (beta)
• Extending the daemon with plugins
Security
• Daemon• socket• TLS
• Containers• Namespaces• Control groups• Linux kernel capabilities• Hardened Kernel• Linux Security Modules
• Images• Use Trusted Images• Manage Dockerfiles and Image Components
vulnerabilities
Clustering & Scheduling
• Swarm
• Fleet
• Kubernetes
• Mesos
Dynamic Services
• Consumer, Proxy and Provider model.• Key/Value Store Backends
• Zookeeper• Etcd• Consul
• Registration• Registrator
• Dynamic Configuration• Confd• Consul Template
• Process Control• Supervisord
Monitoring & Logging
• Statistics• Online• Capacity Planning
• Container’s Health vs Service’s Health
• Logging• Engine vs Container • Use /dev/stdout and /dev/stderr on container.
Provisioning & Configuration Management
• Convergency
• Inmutable Infrastructure
Unix Zen
Write programs that do one thing and do it well
Write programs to work together
- Peter H. Salus -
Conclusions
• Do we really need just “The Holy Grail Tool”?
• Or a set of tools that best match our environment
Conclusions
• Get close to Open Container Initiative
References
• Docker Docs - https://docs.docker.com/• Operating Systems
• Alpine Docker Containers Examples - https://github.com/smebberson/docker-alpine• Storage
• Flocker - https://clusterhq.com/flocker• Convoy - https://github.com/rancher/convoy• Contiv - https://github.com/contiv/volplugin• Netshare - http://netshare.containx.io• NetApp - https://github.com/NetApp/netappdvp
• Networking• Docker Macvlan and Ipvlan -
https://github.com/docker/docker/blob/master/experimental/vlan-networks.md• Contiv - https://github.com/contiv/netplugin• Weaveworks - https://github.com/weaveworks• Openvswitch - https://github.com/openvswitch/ovs/blob/master/INSTALL.Docker.md
References
• Security Vulnerabilities Scanning• Clair - https://github.com/coreos/clair• Nautilus aka. Docker Security Scan - https://docs.docker.com/docker-cloud/builds/image-scan
• Clustering and Scheduling• Swarm - https://docs.docker.com/swarm• Fleet - https://coreos.com/using-coreos/clustering• Kubernetes - http://kubernetes.io• Mesos - http://mesos.apache.org• Marathon - https://mesosphere.github.io/marathon• Mesosphere - https://mesosphere.github.io
• Dynamic Services• Consul - https://www.consul.io• Etcd - https://coreos.com/etcd• Zookeeper - https://zookeeper.apache.org• Registrator - https://github.com/gliderlabs/registrato• Confd - https://github.com/kelseyhightower/confd• Consul Template - https://github.com/hashicorp/consul-template• Supervisord - http://supervisord.org
References
● Monitoring, Statistics and Logging• Docker stats - https://docs.docker.com/engine/reference/commandline/stats• Collectd - https://collectd.org• cAdvisor - https://github.com/google/cadvisor• InfluxDB - https://influxdata.com• Redis - http://redis.io• Grafana - http://grafana.org• Prometeus - https://prometheus.io• Sysdig - http://www.sysdig.org• Icinga - https://www.icinga.org• Nagios - https://www.nagios.org• Sensu - https://sensuapp.org• Fluentd - http://www.fluentd.org• Logstash - https://github.com/elastic/logstash• Syslog-ng - https://syslog-ng.org
References
● Provision and Configuration Management• Docker Machine - https://docs.docker.com/machine• Vagrant - https://www.vagrantup.com/• Puppet - https://github.com/puppetlabs/puppet• Ansible - https://github.com/ansible/ansible• Chef - https://www.chef.io
● Opencontainers Initiative - https://www.opencontainers.org