managing containers with docker

Download Managing containers with Docker

Post on 16-Jul-2015

424 views

Category:

Software

4 download

Embed Size (px)

TRANSCRIPT

  • INTRODUCTION TODOCKER

  • JOHANNES 'FISH' ZIEMKEtwitter/github: @discordianfish

    Building Docker's infrastructure for central services

    hub.docker.comdocker.comregistry

    Former SoundCloud System and Infrastructureengineer

    Scaled infrastructure by 10x in 2 years

  • DOCKER?Docker 1.4.1Open Source, written in Godeveloped publicly; GitHub, Mailinglists, DGABBuilds, packs and ships applications as lightweightcontainersBuild once, run (almost) everywhereLinux 3.10, OS X and Windows via transparent VMwrapper

  • CONTAINER VS VM

  • WHO CARES?

  • SOME DODocker 0.1 release Spring 2013by dotCloud (now Docker Inc)Rewrite of code that powers dotCloud PaaSSince release>70000 Images on central registry>54000 Dockerfiles on GitHub>100M Image downloads

  • WELL, OKAY..but why should I care?

  • TEST THINGS?Start always with a clean slateSpawn up complete test infrastructures in secondsRun your tests against various versions of libraries andservices

  • MAKE THINGS EASIER, HELPOR TEACH PEOPLE?

    Provide students with software environmentDistribute complex setups as self-contained containerfor

    Bioinformatics, Information sciencesYour favorite blogdocker run -p 8080:8080 -eURL=http://example.com fish/ghost

    Empower people to run their own services

  • BUILDINGINFRASTRUCTURES?

  • 90S INFRASTRUCTURESProprietary, homogeneous and often vertically scaledstackWaterfall design processRelease cycles of monthsHuge companies...targeting rather small audience/vertical businessesHuge IT/Ops departments

  • TODAY'SINFRASTRUCTURES

    Agile development methods to move fastInterconnected services scaled horizontal inheterogenious environmentLots of spinning wheelsSeveral deploys per daySmall but fast growing startups targeting Millions ofusers

  • CHALLENGESManaging such infrastructures is incredible hardMillions of knobs and switchesBillions of possible combinationsHigh complexity make it hard to reason aboutNobody can completely understand it

  • Go away or I will replace you with a very small shell script

  • CONFIG MANAGEMENTDescribe what you want and how to get thereChange state somewhere, encode what might affectedCFEngine, Puppet, Chef, Ansible, SaltManage everything!Doesn't solve anything

  • MANAGING COMPLEXITYSimilar problems:

    Software complexitymodules, classes, plugins

    Human communicationnamed concepts like cat, nerd or car

    Shipping goodsintermodal containers

    Solution: Abstraction!

  • WHERE CAN DOCKER HELP?Containers = abstracted application, includingdependencies and configurationOperations = Adding/removing of containersThe container is the same where ever it runsLightweight; can be deployed/rolled back fast andeasilyIsolation makes sure one container isn't affectingothersClear separation of concerns

  • DEVELOPER: WHY I LOVEDOCKER

    Because I just have to care about my container:

    my librariesmy package managermy code

    I own the container and don't care where it's running.

  • OPS: WHY I LOVE DOCKERBecause I just have to care about running containers:

    provide systems with the Dockerresources planning & monitoringorchestration, remote access

    I own the platform and don't care what's inside thecontainers

  • WHAT IS DOCKER EXACTLYDOING?

  • RUNNING COMMANDS ON:immutable, shippable, layered imageswith copy-on-write storage on topin isolated environmentvia RESTish API

  • SHIPPABLE IMAGESimmutablemultiple layersdefined by Dockerfile, built by builderpushed to/pulled from Docker registry

  • DOCKERFILE/BUILDERDockerfile: Simple text file with instructions:

    FROMubuntu:latestMAINTAINERJohannes'fish'ZiemkeRUNaptgetyqupdateRUNaptgetyqinstallnginxENTRYPOINT["/usr/sbin/nginx"]CMD["g","daemonoff"]

    docker build creates image from DockerfileEach instruction creates new layerIf instruction hasn't changed, uses cached layerdocker push uploads image layers to registry

  • DOCKER REGISTRYhosting/delivery of imagesopen source projectsupports various storage backendshosted platform: hub.docker.com

  • COPY-ON-WRITE STORAGEProvides writable layer on top of (read-only) imagesPersists all changes done by running containerPluggable, supported drivers:

    aufsbtrfsdevicemapperoverlayfsvfs

  • ISOLATED EXECUTIONPlugable, supported: lxc, nativeUsing kernel features:

    namespacesIsolation by scopingAvailable: pid, mnt, net, uts, ipc, user

    cgroups (control groups)limit, account and isolate resourcesCPU, memory, I/O and general devices

    Future: solaris zones, BSD jails, full blown virtualization

  • DOCKER APIRESTish API, defaults to UNIX socketOptional TLS client and server authenticationThe system APINo need for any other remote accessReady for building your infrastructuredeployment/automation on top

  • FUTUREComposition: Multi-containerScheduling: Multi-hostTools

    Docker nativefigKubernetesMesos

  • DEMO TIME!

  • THANKS!QUESTIONS?

    Johannes 'fish' Ziemke/

    GitHub/Twitter/Facebook: @discordianfishfish@docker.com fish@freigeist.org