ContainerDays NYC 2015: "What It Really Takes to Build a Container Platform" (Matt Butcher)

What It Really Takes to Build a Container
Platform
10 Things We Learned the Hard Way

Matt Butcher
Platform Architect at Deis
Matt is responsible for
defining Deis v2 and
overseeing what he likes to
call…
The Great Kubernetes Rebase
11/18/2015 Putting Containers into Production

This is not a commercial for Deis

Our View (Subject to Change)
• Component architecture is haute couture.
• Containers are the idea vehicle for
contemporary architecture
• Avoid the “thrown over the wall” problem by
building good tools

Background
Deis v1
• Focus: Better Heroku for
You
• Docker to the max
• Mostly Go
• Flexibility, but no services
• Big success
Deis v2
• Focus: PaaS as a Set of
Microservices
• Kubernetes to the max
• Still mostly Go
• Building blocks
• About 40% complete

Top Ten List of Things We Learned the
Wrong Way
Hard

SAY “YES” TO OBJECT STORAGE
Lesson 10

… and probably
“no” to network
file systems

Mistake: We assumed everyone wanted a
single storage solution.
Solution: Focus on object storage for core
components

Object Storage vs. Network FS
Object Storage
• Standard interface: S3 API
• Dozens of nearly uniform
implementations
• Unit of work: object (file)
Filesystem/Block Storage
• POSIX-ish, lots of standards
• Too many choices for
implementation
• Lots of variants with
important discrepancies
• But can handle streaming

TURTLES ALL THE WAY DOWN
Lesson 9

The strange things we do for security

Mistake: We built our containers inside of
containers (insecure).
Solution: Well…

Docker and Security
• Running containers:
relatively small set of
issues
• Building containers is
much riskier

“What if we ran Docker in a VM in a container?”
Kubernetes Node
Container
VM (Qemu)
Build Container

THE CLUSTERBOMB
Lesson 8

HA clustering is hard. Ask etcd.

Mistake: We used Etcd in a naïve way,
assuming clustering was fairly dynamic.
Solution: Spend lots more time
hardening clustering solutions.

DOCKER IS A WHALE ON THE MOVE
Lesson 7

Mistake: We committed to stay on the
latest release of Docker within the 1.x line
(SemVer).
Solution: Hang back until a particular
version emerges as stable.

Docker doesn’t do
SemVer

SINK THE TITANIC WHILE IT’S STILL AT
HARBOR
Lesson 6

Mistake: Underestimate the complexity
of a fully operational container platform.
Solution: Testing of as many varieties as
possible.

Testing with vim and vigor
http://is.gd/GWKfGv

GOPHERS ARE AWESOME…ISH
Lesson 5

Five Things I Love About Go
1. Great tools
2. Static compilation is huge for containers
3. Rich libraries, esp. for networking
4. Easy to learn
5. Cross-platform (for very small definitions of
“platform”)

Mistake: We might have been just a little
starry eyed.
Solution: Accept the limitations.

O Go, Y U NO…
http://meme.wikia.com/wiki/File:Y_u_no_sketch.png

Trouble in Paradise
• “Go is easy” == simple
syntax, verbose code
• Package management

YOUR TEAM IS LIKE YOUR UNDERPANTS
Lesson 4

They can only stretch so far

Microservice Architecture
http://assets2.ignimgs.com/2014/06/24/ready-player-one-book-art-1280jpg-b68ca1_1280w.jpg

Mistake: Microservice all the things, but
without a plan for maintenance.
Solution: Process saves the day.

ALL YOUR SCHEDULERS ARE BELONG TO
US
Lesson 3

Somebody set up us the bomb!

Mistake: “Support all of the schedulers”
means “support the weakest scheduler”
Solution: Choose just one, and choose
based on power & flexibility.

MONOREPOS ARE EVIL
Lesson 2

Monorepos
Pros
• All the code is in just one
place.
• Everyone gets alerted on
everything.
• Simplifies builds,
documentation, issue
queue, etc.
Cons
• Huge dependency tree
• Everyone gets alerted on
everything
• Stable and “preview” mixed
• Monorepo vs. microservice
• Our users couldn’t
effectively re-use

Mistake: One repo with everything in it!
(Hey! Google does it!)
Solution: Break out microservices into
their own repo.

KUBERNETES FLOATS MY BOAT
Lesson 1

But it’s a very big and complex boat
http://is.gd/bUGF1J

Mistake: “Kubernetes is easy! After all,
we only have to support one scheduler!”
Solution: Educate, cooperate, and build
really good tooling!

Package Management
Make working with
Kubernetes as easy
as…
$ helm install redis-
cluster
Github.com/deis/helm

Conclusion
• Our guiding philosophy: containers for
microservices without “throwing over the
wall”
• We’ve learned some lessons along the way
• But the bottom line: Containers are the right
bet for the microservice architecture.

ContainerDays NYC 2015: "What It Really Takes to Build a Container Platform" (Matt Butcher)

ContainerDays NYC 2015: "What It Really Takes to Build a Container Platform" (Matt Butcher)

Recommended

More Related Content

Viewers also liked

Viewers also liked(11)

Similar to ContainerDays NYC 2015: "What It Really Takes to Build a Container Platform" (Matt Butcher)

Similar to ContainerDays NYC 2015: "What It Really Takes to Build a Container Platform" (Matt Butcher)(20)

Recently uploaded

Recently uploaded(20)

ContainerDays NYC 2015: "What It Really Takes to Build a Container Platform" (Matt Butcher)