Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Lessons Learned from running Docker in production


Published on

I held this presentation at the Devsmeetup in Freiburg on January 31st 2018

Published in: Technology
  • Be the first to comment

Lessons Learned from running Docker in production

  1. 1. Lessons Learned from Running Docker in Production Nicholas Dille, Docker Captain & CDM MVP
  2. 2. Nicholas Dille Ehemann, Vater, Geek, Autor Microsoft MVP seit 2010 Docker Captain seit 2017 DevOps Engineer @ Haufe-Lexware @NicholasDille
  3. 3. Run Docker Tools Host docker-compose.yml Dockerfile Image Image Container Registry Container Push Pull ImageBuild
  4. 4. Do not use latest Latest is like buying a pig in a poke ubuntu:latest = ubuntu:xenial until new LTS ubuntu:xenial = ubuntu:xenial-20180123 until new monthly patch Latest breaks repeatability Derive from specific version Update regularly, fail early
  5. 5. Do not use latest Dockerfile FROM ubuntu #... Dockerfile FROM nginx #... Dockerfile FROM ubuntu:xenial-20180123 #... Dockerfile FROM nginx:1.12.1 #...
  6. 6. Derive from code Using community images is also like buying a pig in a poke h1kkan/jenkins-docker is has lots of useful stuff Community images may not receive updates Community images may follow undesirable paths Fork Dockerfile and build yourself
  7. 7. Plan for PID 1 Even containerized services want to exit gracefully Only containerized PID 1 received signals Several processed require an init process Choices include supervisor, dumb-init, tini Use exec when starting from scripts Isolate in sidekicks
  8. 8. Plan for PID 1 Dockerfile FROM ubuntu:xenial-20180123 RUN apt update && apt install -y nginx ADD / ENTRYPOINT / #!/bin/bash #... exec nginx -g daemon=off;
  9. 9. Plan for PID 1 Dockerfile FROM ubuntu:xenial-20180123 RUN apt update && apt install -y nginx supervisor ADD nginx.conf /etc/supervisor/conf.d/ ENTRYPOINT supervisord nginx.conf [program:nginx] command=nginx -g daemon=off;
  10. 10. Use microlabeling Mark images with information about origin Easily find corresponding code Use image annotations by the OCI Deprecated:
  11. 11. Use microlabeling Dockerfile FROM ubuntu:xenial-20180123 LABEL org.opencontainers.image.created=“2018-01-31T20:00:00Z+01:00“ org.opencontainers.image.authors=““ org.opencontainers.image.source=““ org.opencontainers.image.revision=“566a5e0“ org.opencontainers.image.vendor=“Nicholas Dille“ #...
  12. 12. Parameterize Hardcoded values increase maintenance Separate environmental information Use ENV in Dockerfile Use environment in docker-compose.yml
  13. 13. Parameterize Dockerfile FROM ubuntu:xenial-20180123 RUN apt update && apt -y install nginx=1.10.3* Dockerfile FROM ubuntu:xenial-20180123 ENV NGINX_VERSION=1.10.3 RUN apt update && apt -y install nginx=${NGINX_VERSION}*
  14. 14. Parameterize docker-compose.yml version: ‘2.0‘ services: db: image: postgres-${POSTGRES_VERSION} environment: POSTGRES_PASSWORD: ${POSTGRES_ROOT_PASSWORD} web: image: nginx-${NGINX_VERSION}
  15. 15. Readability beats size Myth: More layers reduce access time My own tests prove otherwise Layers improve performance on pull (parallel downloads) One layer per installed tool Separate functionality into chains of images dind  dind-gocd-agent  linux-agent  linux-agent-gocd  linux-agent-jenkins
  16. 16. Tips and tricks Building behind a proxy docker build --build-arg http_proxy --build-arg https_proxy --build-arg no_proxy . Running behind a proxy docker run -it --env http_proxy --env https_proxy --env no_proxy ubuntu:xenial-20180123 Implicit pull on build docker build --pull . Automatic cleanup docker run -it --rm ubuntu:xenial Derive dynamically ARG VERSION=xenial-20180123 FROM ubuntu:${VERSION}
  17. 17. Learn your own lessons Do my lessons apply to you? Automate Do CI/CD Containers are just one option Link to code 31%20Docker%20%40%20Devsmeetup