Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on Azure with Docker

588 views

Published on

Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on Azure with Docker

Published in: Software
  • Be the first to comment

Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on Azure with Docker

  1. 1. Patrick Chanezon, Docker Inc. @chanezon Developing and deploying Java & Linux on Azure with Docker March 2017
  2. 2. French Polyglot Platforms Software Plumber San Francisco Developer Relations @chanezon
  3. 3. PublicHybridPrivate Ops Devops Developers
  4. 4. Linux Container Ecosystem glusterfs weavecalicomidokuracisconuage Cloud OS Plugins Orchestration
  5. 5. Docker
  6. 6. The world needs tools of mass innovation
  7. 7. A programmable Internet would be the ultimate tool of mass innovation
  8. 8. A commercial product, built on a development platform, built on infrastructure, built on standards. Docker is building a stack to program the Internet
  9. 9. Docker Platform
  10. 10. Docker Platform constituencies Many purposes, users and infrastructure Today Developer Community Need to experiment and innovate with leading edge tech Ops Community Enterprise Partner Ecosystem Run business critical apps at scale anywhere Extend and add value to a platform with a shared path to monetization Need a predictable system to deploy and run apps
  11. 11. The Docker Platform Developers Ops Enterprise Ecosystem ONE PLATFORM For Developers and IT For Linux and Windows On Premises and in the Cloud Traditional Homegrown, Commercial ISV, Microservices Docker Community Edition (CE) Docker Enterprise Edition (EE) Docker Certified Docker Store
  12. 12. Docker Enterprise Edition (EE) and Community Edition (CE) • Free Docker platform for “do it yourself” dev and ops • Monthly Edge release with latest features for developers • Quarterly release with maintenance for ops Community Edition (CE)Enterprise Edition (EE) • CaaS enabled platform subscription (integrated container orchestration, management and security) • Enterprise class support • Quarterly releases, supported for one year each with backported patches and hotfixes. • Certified Infrastructure, Plugins, Containers
  13. 13. What is a Docker Edition Making things simple for a great user experience Virtual Network VMSS Blob Storage Azure LB ARM AAD
  14. 14. Enterprises need support and assurances NEW Certification program for Infrastructure, Plugins and Containers Infrastructure Platform Community EditionEnterprise Edition
  15. 15. Docker Certified Launch Partners
  16. 16. Docker Store • A commercial marketplace for partners and customers • Publishers gain instant access to Docker users with product delivery in containers • Customers gain ability to search, browse, purchase and manage from a single UX
  17. 17. Docker EE Subscription Tiers EE Basic EE Standard (Docker Datacenter) EE Advanced CaaS enabled platform x x x Container engine and built in orchestration, networking, security x x x Docker Certified Infra, Plugins and ISV Containers x x x Image management With private registry, caching x x Integrated container app management x x Multi-tenancy with RBAC, LDAP/AD x x Integrated secrets mgmt, image signing, policy x x Image security scanning and continuous vulnerability monitoring x DockerDatacenter
  18. 18. CaaS is the modern software supply chain framework
  19. 19. Isolation using Linux kernel features namespaces  pid  mnt  net  uts  ipc  user cgroups  memory  cpu  blkio  devices
  20. 20. Union File Systems & Image Layers
  21. 21. Swarm mode Service API Cryptographic node identity Built-in routing mesh Docker built-in orchestration
  22. 22. What’s New in Docker 17.03 • Docker EE and CE • Compose file support for Swarm mode service deployment • docker stack deploy --compose-file=docker-compose.yml my_stack • Secrets Management • System commands • docker system df, prune • Monitoring • docker service logs • Prometheus experiment endpoint • Build • docker build —squash • CPU management —cpus 2.5 • Docker for AWS & Azure GA
  23. 23. Docker & Microsoft: a great Open Source collaboration
  24. 24. Docker & Microsoft: collaboration on all fronts • Build • Docker for Windows • Docker EE for Windows Servers • Visual Studio Tools for Docker • Visual Studio Code Docker extension • Ship • Visual Studio team Services Docker Integration • Azure Container Registry • Run • Azure Docker agent • Azure Container Service Swarm and Swarm Mode • Docker EE in Azure MarketPlace
  25. 25. Docker for Developers
  26. 26. Docker for Mac Docker for Windows
  27. 27. spring-doge.jar Example: Spring Boot App using MongoDB https://github.com/chanezon/docker-tips/ spring-doge spring-doge-web spring-doge-photo API: Spring Boot, Spring Data UI: AngularJS Business Logic: java.awt java -Dserver.port=8080 -Dspring.data.mongodb.uri=mongodb://mongo:27017/test -jar spring-doge.jar
  28. 28. Dockerfile FROM java:8 MAINTAINER Patrick Chanezon <patrick@chanezon.com> EXPOSE 8080 COPY spring-doge/target/*.jar /usr/src/spring-doge/spring- doge.jar WORKDIR /usr/src/spring-doge CMD java -Dserver.port=8080 - Dspring.data.mongodb.uri=$MONGODB_URI -jar spring-doge.jar HEALTHCHECK --interval=5m --timeout=3s --retries=3 CMD curl -f http://localhost:8080/ || exit 1
  29. 29. Using Docker to compile your jar/war https://registry.hub.docker.com/_/maven/ docker run -it --rm -v $PWD:/usr/src/spring-doge -v maven:/root/.m2 -w /usr/src/spring-doge maven:3.3-jdk-8 mvn package
  30. 30. Build an image docker build -t chanezon/spring-doge . FROM java:8 MAINTAINER Patrick Chanezon <patrick@chanezon.com> EXPOSE 8080 COPY spring-doge/target/*.jar /usr/src/spring-doge/spring- doge.jar WORKDIR /usr/src/spring-doge CMD java -Dserver.port=8080 - Dspring.data.mongodb.uri=$MONGODB_URI -jar spring-doge.jar HEALTHCHECK --interval=5m --timeout=3s --retries=3 CMD curl -f http://localhost:8080/ || exit 1
  31. 31. Run a container docker run —env MONGODB_URI=mongodb://mongo:27017/test -p 8090:8080 chanezon/spring-doge
  32. 32. docker-compose: running multiple containers  Run your stack with one command: docker-compose up  Describe your stack with one file: docker-compose.yml version: '3' services: web: image: chanezon/spring-doge ports: - "8080:8080" environment: - MONGODB_URI=mongodb://mongo:27017/test mongo: image: mongo
  33. 33. Demo
  34. 34. Docker Java Labs https://github.com/docker/labs/tree/master/developer-tools/ • Wildfly and Couchbase J2EE App • Debugging a Java app in Docker using Eclipse
  35. 35. Docker for Ops
  36. 36. Docker for Azure
  37. 37. Azure Container Service SLA-backed Azure service az acs create…
  38. 38. ACS Engine open-source project that enables power users to customize the cluster configuration Where Docker can work directly with Microsoft on newer versions of both Docker & ACS https://github.com/Azure/acs-engine/blob/master/docs/swarmmode.md
  39. 39. Azure Container Service Swarm Mode https://github.com/Azure/acs-engine/blob/master/docs/swarmmode.md acs-engine ARM template generator acs-engine swarmmode.json cd _output/SwarmMode... az group create --name "pat_az_5" --location "westus" az group deployment create -g pat_az_5 -n pat_acs_5 --template-file=azuredeploy.json --parameters=@azuredeploy.parameters.json
  40. 40. docker stack deploy  Deploy your stack with one command: docker stack deploy  Describe your stack with one file: docker-compose.yml version: '3' services: web: image: chanezon/spring-doge ports: - "8004:8080" environment: - MONGODB_URI=mongodb://mongo:27017/test deploy: replicas: 2 update_config: parallelism: 2 delay: 10s restart_policy: condition: on-failure mongo: image: mongo
  41. 41. Demo
  42. 42. Docker for Enterprise
  43. 43. Goals + + Agility Portability Control
  44. 44. Docker EE Subscription Tiers EE Basic EE Standard (Docker Datacenter) EE Advanced CaaS enabled platform x x x Container engine and built in orchestration, networking, security x x x Docker Certified Infra, Plugins and ISV Containers x x x Image management With private registry, caching x x Integrated container app management x x Multi-tenancy with RBAC, LDAP/AD x x Integrated secrets mgmt, image signing, policy x x Image security scanning and continuous vulnerability monitoring x DockerDatacenter Docker 2017 - Confidential
  45. 45. Docker Universal Control Plane Integrated Security Docker Engine Container runtime, orchestration, networking, volumes, plugins Docker Trusted Registry Operating Systems Config Mgt Monitoring LoggingCI/CD ..more..Images Networking Volumes VirtualizationPublic Cloud Physical Docker Datacenter Docker EE Platform
  46. 46. Usable Security Secure defaults with tooling that is native to both dev and ops The Key Components of Container Security 47 Infrastructure Independent Trusted Delivery Safer Apps Everything needed for a full functioning app is delivered safely and guaranteed to not be tampered with All of these things in your system are in the app platform and can move across infrastructure without disrupting the app + + =
  47. 47. Usable Security Integrated Security with Docker EE 48 Infrastructure Independent Trusted Delivery Safer Apps Image Scanning TLS Encryption Encryption at Rest App Secrets Image Signing & Verification Public CloudVirtualizationPhysical Users & RBAC Dev/Ops Workflow + + = Secure by default runtime
  48. 48. Docker Universal Control Plane
  49. 49. UCP Permission Model
  50. 50. What’s New in Docker Datacenter
  51. 51. What’s New in Docker EE 17.03 Application Services Content Trust and Distribution Platform Enhancements • Secrets Management • HTTP Routing Mesh (GA) • Docker Compose for Services • Access control for Secrets and Volumes • Image Content Cache • On premises image security scanning and vulnerability monitoring • Registry Webhooks • DTR install command from UI • UI Enhancements • Additional LDAP configs • Templates for AWS, Azure
  52. 52. Integrated Secrets Management 53 WorkerWorker Manager Internal Distributed Store Raft Consensus Group ManagerManager Worker External App Web UI • Management – Admins can add/remove/list/update secrets in the cluster – Exposed to a container via a ”/secrets” tmpfs volume • Authorization – Tag secrets to a specific service – Admins can authorize secrets access to users/teams via RBAC • Rotation – Use GUI to update a secret to all containers in a service • Auditing – Each user request for secret access logged in cluster for auditing
  53. 53. Security Scanning: Get a full BOM for a Docker Image
  54. 54. 55 Security Scanning: Vulnerabilities and Licensing for Each Component
  55. 55. Security Scanning: Set Automated Policy for Scanning
  56. 56. Security Scanning: Online and Offline Updates
  57. 57. Compose for Services • Deploy stacks (services, volumes, networks, secrets) using new Compose file v3.1 format • Manage and monitor stacks directly from UCP UI
  58. 58. Built in HTTP Routing Mesh (Now GA!) • Extend TCP routing mesh to HTTP hostname routing for services • HTTPS support via SNI protocol • Support for multiple HRM networks for enhanced app isolation • External LB routes hostnames to nodes • Can add hostname routing via UI • Non-service containers continue to use Interlock ref arch WorkerWorkerWorker External Load Balancer Traffic via DNS (http to port 80 or other) Foo.com Bar.com Qux.com R RR
  59. 59. Docker EE on Azure
  60. 60. Docker EE on Azure Free 30 Days Test Drive from Docker Store
  61. 61. Docker EE on Azure
  62. 62. Demo
  63. 63. • Software • https://www.docker.com/get-docker • Slides • https://www.slideshare.net/chanezon • Samples • https://github.com/chanezon/docker-tips • https://github.com/docker/labs Resources
  64. 64. THANK YOU

×