“containerizing” applications with docker: ecosystem and tools

The Enterprise Software & Support CompanyThe Enterprise Software & Support Company

“Containerizing” Applications:

Ecosystem and Tools

#OpenExpo2016

[email protected]

● Javier Ramírez UreaSenior Consultant

Dockerized at HoplaSoftware

[email protected]

mailto:[email protected]

“Containerizing” Applications: Ecosystem and Tools

● Building Microservice Applications with Containers

● Container’s Ecosystem

● Building Images

● Operating Systems

● Storage & Backup

● Networking

● Security

● Clustering & Scheduling

● Dynamic Services

● Monitoring & Logging

● Provisioning & Configuration Management

Building Microservice Applications with Containers

Use the Force Luke!!!

Building Images

• Smaller is better

• Expose only what is really needed

• Don’t daemonize, unless required.

Operating Systems

• Host Nodes• Well known supported OSes

• “Container Specific Deployers”

• Containers

Storage & Backup

• StorageEphemeral Storage or Persistent Storage

✔ Runtime✔ Configuration✔ Data✔ Multihost

• Backup/Restore/Snapshot

Networking

• Docker Standard Drivers:• None• Host• Container• Bridge• Overlay

• Linking between containers

• Macvlan and Ipvlan Network Drivers (beta)

• Extending the daemon with plugins

Security

• Daemon• socket• TLS

• Containers• Namespaces• Control groups• Linux kernel capabilities• Hardened Kernel• Linux Security Modules

• Images• Use Trusted Images• Manage Dockerfiles and Image Components

vulnerabilities

Clustering & Scheduling

• Swarm

• Fleet

• Kubernetes

• Mesos

Dynamic Services

• Consumer, Proxy and Provider model.• Key/Value Store Backends

• Zookeeper• Etcd• Consul

• Registration• Registrator

• Dynamic Configuration• Confd• Consul Template

• Process Control• Supervisord

Monitoring & Logging

• Statistics• Online• Capacity Planning

• Container’s Health vs Service’s Health

• Logging• Engine vs Container • Use /dev/stdout and /dev/stderr on container.

Provisioning & Configuration Management

• Convergency

• Inmutable Infrastructure

Unix Zen

Write programs that do one thing and do it well

Write programs to work together

- Peter H. Salus -

Conclusions

• Do we really need just “The Holy Grail Tool”?

• Or a set of tools that best match our environment

Conclusions

• Get close to Open Container Initiative

[email protected]

References

• Docker Docs - https://docs.docker.com/• Operating Systems

• Alpine Docker Containers Examples - https://github.com/smebberson/docker-alpine• Storage

• Flocker - https://clusterhq.com/flocker• Convoy - https://github.com/rancher/convoy• Contiv - https://github.com/contiv/volplugin• Netshare - http://netshare.containx.io• NetApp - https://github.com/NetApp/netappdvp

• Networking• Docker Macvlan and Ipvlan -

https://github.com/docker/docker/blob/master/experimental/vlan-networks.md• Contiv - https://github.com/contiv/netplugin• Weaveworks - https://github.com/weaveworks• Openvswitch - https://github.com/openvswitch/ovs/blob/master/INSTALL.Docker.md

References

• Security Vulnerabilities Scanning• Clair - https://github.com/coreos/clair• Nautilus aka. Docker Security Scan - https://docs.docker.com/docker-cloud/builds/image-scan

• Clustering and Scheduling• Swarm - https://docs.docker.com/swarm• Fleet - https://coreos.com/using-coreos/clustering• Kubernetes - http://kubernetes.io• Mesos - http://mesos.apache.org• Marathon - https://mesosphere.github.io/marathon• Mesosphere - https://mesosphere.github.io

• Dynamic Services• Consul - https://www.consul.io• Etcd - https://coreos.com/etcd• Zookeeper - https://zookeeper.apache.org• Registrator - https://github.com/gliderlabs/registrato• Confd - https://github.com/kelseyhightower/confd• Consul Template - https://github.com/hashicorp/consul-template• Supervisord - http://supervisord.org

References

● Monitoring, Statistics and Logging• Docker stats - https://docs.docker.com/engine/reference/commandline/stats• Collectd - https://collectd.org• cAdvisor - https://github.com/google/cadvisor• InfluxDB - https://influxdata.com• Redis - http://redis.io• Grafana - http://grafana.org• Prometeus - https://prometheus.io• Sysdig - http://www.sysdig.org• Icinga - https://www.icinga.org• Nagios - https://www.nagios.org• Sensu - https://sensuapp.org• Fluentd - http://www.fluentd.org• Logstash - https://github.com/elastic/logstash• Syslog-ng - https://syslog-ng.org

References

● Provision and Configuration Management• Docker Machine - https://docs.docker.com/machine• Vagrant - https://www.vagrantup.com/• Puppet - https://github.com/puppetlabs/puppet• Ansible - https://github.com/ansible/ansible• Chef - https://www.chef.io

● Opencontainers Initiative - https://www.opencontainers.org

“containerizing” applications with docker: ecosystem and tools

Technology