Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Running Docker in Production - The Good, the Bad and The Ugly


Published on

When beginning to run Docker in production choosing the right path is critical. This presentation gives you some tips and suggestions on how to make this process easier.

Published in: Technology
  • Be the first to comment

Running Docker in Production - The Good, the Bad and The Ugly

  1. 1. Docker in Production The Good, The Bad and The Ugly Jari Kolehmainen, CTO & Co-founder
  2. 2. © 2016 Kontena, Inc.
  3. 3. Pick the Right Path
  4. 4. Options DIY? Rent? Platform?
  5. 5. DIY? Do-It-Yourself Sounds like fun?
  6. 6. DON’T DO IT (unless you are forced)
  7. 7. Rent? AWS ECS Azure Container Service Google Container Engine
  8. 8. Rent ”I don’t want to maintain anything” Works for some use cases
  9. 9. Platform? Docker Swarm (the new one) Kubernetes Kontena DCOS
  10. 10. Platform Most features built-in Less maintenance Battle tested
  11. 11. Docker Engine
  12. 12. Docker Engine Tweak defaults Needs “janitors” Prefer container “native” hosts
  13. 13. Docker Engine Graphdriver of the day: overlay2 Engine plugins: run outside Keep engine & kernel up-to-date
  14. 14. Docker Engine 3rd parties might cause side-effects Systemd <> Overlay networks Cadvisor <> Docker mounts
  15. 15. CI/CD Pipeline
  16. 16. Pipeline Build Test Deploy
  17. 17. Pipeline Script everything Version control everything Yes, everything
  18. 18. Everything but secrets.
  19. 19. Tools for pipeline Drone Jenkins Gitlab CI
  20. 20. Pipeline Example
  21. 21. 1. Git Push 2. Trigger Build 3. Push Docker Image 4. Trigger Deploy 5a. Deploy to Staging 5b. Deploy to Production Pull Docker Image
  22. 22. Security
  23. 23. Security Security patching Network access Secret management Audit
  24. 24. Patching Container “native” OS Configuration management Image scanning
  25. 25. Network Security Overlay (SDN) networks Network segments/policies Firewalls
  26. 26. Secret Management Keep secrets out Use platform provider solution Integrate 3rd party solution to pipeline
  27. 27. Audit Audit logs Container logs Alerts
  28. 28. Prepare for Chaos
  29. 29. But why? Hosts fail Engines fail Containers fail Your app crashes
  30. 30. Ok, is all hope lost?
  31. 31. Rules for chaos Allow hosts to die Trust the scheduler Use clustered databases Outsource state if possible
  32. 32. Summary
  33. 33. Summary Prepare properly Tweak defaults Automate everything Use battle tested solutions
  34. 34. QA Ask and get a shirt!!!
  35. 35. @kontenainc Stay up to date!
  36. 36. Thank You!
  37. 37. We are hiring!