This document describes how Zalando, one of Europe's largest online fashion retailers, uses Docker and AWS to enable radical agility in deploying applications. It discusses how Zalando developed STUPS (STUPS To Unleash Penguin Swarms), an internal platform built on AWS that provides developers maximum freedom while enabling near-real-time audit compliance. STUPS utilizes Docker, PierOne Docker registry, Senza deploy tool, and Taupage AMIs to allow teams to deploy applications in isolated AWS accounts with full AWS access, immutable infrastructure, and managed SSH access for compliance and security.
1. Radical Agility
with Docker & AWS
Docker San Fransisco Meetup 2015-10-28
volker.pilz@zalando.de
@volkr
tech.zalando.com
2. ONE OF EUROPE’S LARGEST ONLINE FASHION RETAILERS
★ 15 countries
★ 3 fulfillment centers
★ 16+ mn active customers
★ 2.2+ bn € ($ ~2.5 bn) revenue 2014
★ 135+ mn visits per month
★ 9.000+ employees
★ IPO in Oct 2014
★ ~7 bn € current valuation (Oct 2015)
3. … WITH A STRONG FOCUS ON TECHNOLOGY
★ 800+ in Tech Dept
★ 5 main tech locations in Europe
○ Berlin
○ Dortmund
○ Hamburg
○ Dublin
○ Helsinki
Visit us our tech page:
tech.zalando.com
19. “We provide maximum freedom for
developers while enabling near-real-
time audit compliance for every
single application.”
-- Zalando STUPS Delivery Team
22. OUR FOCUS FOR TODAY
✓ PierOne
Docker Registry with S3 storage
✓ Senza
Deploy Tool using CloudFormation
✓ Taupage AMI
Amazon Machine Image with Docker Runtime
http://docs.stups.io/en/latest/user-guide/standalone-deployment.html
43. EXAMPLE STACK
AWS EC2
Taupage AMI
Docker Container
Application
✓ In isolated
team
account
✓ Created by
senza
through
Cloud
Formation
✓ Docker Runtime
✓ Managed SSH access
✓ Audit Logging
✓ Log Collection
✓ Monitoring
✓ Reviewed security
additions
✓ Ubuntu
✓ OpenJDK
✓ Zalando CA
certificate
✓ scm-source
…
44. ● Ubuntu & OpenJDK base image
https://github.com/zalando/docker-openjdk
● Log to STDOUT
● Config via KMS encrypted env vars
● AMI runs Docker daemon out-of-the-box
● Non-root execution
● Persistence via EBS mounts
● Immutable stacks, no orchestration
● DNS endpoints
RECAP: DOCKER IN STUPS