The document discusses the evolution and practicality of container technology, particularly focusing on the use of Docker and Kubernetes within environments like OpenStack and IaaS. It presents various use cases, benchmarking, and the transition from virtual machines to containerized applications, emphasizing infrastructure optimization and secure deployment in enterprise settings. Additionally, it touches upon the importance of implementing cloud-native designs and microservice architecture.

1. #CONTAINERWORLD
Using the right container tech for the job
or, the questions you’re too afraid to ask about containers
@DustinKirkland

2. @DustinKirkland
Canonical is the company
behind Ubuntu

3. @DustinKirkland
EMPLOYEES
London
Boston
Shanghai
Taipei
800+
COUNTRIES
47+
FOUNDED
2004
Beijing
Austin
Tokyo

4. @DustinKirkland
What’s all the hype about?
Containers have been around
forever…
They’re just little VMs,
aren’t they?
asked no one, ever.

5. @DustinKirkland
virtual machines
process containers
application containers
machine containers
Taxonomy

6. @DustinKirkland
let’s see a quick demo

7. @DustinKirkland
Should I run my PAAS on
top of my IAAS?
Or should I run my IAAS
on top of my PAAS?
asked no one, ever.

8. @DustinKirkland
Kubernetes on top of OpenStack
Docker
Kubernetes
OpenStack
LXD
MAAS
Bare Metal
LXD

9. @DustinKirkland
OpenStack on top of Kubernetes
Docker
OpenStack
Kubernetes
LXD
MAAS
Bare Metal
LXD

10. @DustinKirkland
Kubernetes along with OpenStack
Docker
Kubernetes + OpenStack
LXD
MAAS
Bare Metal
LXD

11. @DustinKirkland
$ conjure-up kubernetes
One command to deploy a complete
Kubernetes on Ubuntu 16.04 LTS

12. @DustinKirkland
Just how fast are
containers, really?
asked no one, ever.

13. @DustinKirkland
let’s run some benchmarks

14. @DustinKirkland
If we take a VM
running on IaaS,
and run it on PaaS
in a Docker container,
does that mean the app
is now “dockerized”?
asked no one, ever.

15. @DustinKirkland
let’s break that down

16. @DustinKirkland
IaaS
PaaS

17. @DustinKirkland
let’s look at a workload

18. @DustinKirkland
● SwissCom’s new
workloads are
“dockerized”
● Was 400 VMs running 400
databases
● Now 20 VMs running 400
Databases
● DBaaS through the
organization
● Build, Ship, Run mentality
within the IT organization
Source: https://www.docker.com/use-cases/infrastructure-optimization

19. @DustinKirkland
● Digitized transaction
workflow, mathematically
secured
● Shared, replicated ledger
● IBM Blockchain workloads
are “dockerized”
● IBM Mainframe hardware
● Ubuntu Linux
● Docker images
● Hyperledger software
● Cutting edge technology
● Lots of
run-to-completion,
stateless number
crunching
Source: http://www.ibm.com/blockchain/hyperledger.html

20. @DustinKirkland
● Mature, legacy code base,
that generally “just
works”
● No desire really to ever
touch it again
● Linux, Apache, PHP,
Postgres, on AWS --
should dockerize easily,
right?
● Those were easy, but
what about Cron?
Logrotate? Vacuumdb?
Backup? Package
updates?
● DivItUp.com moved to
LXD much more easily

21. @DustinKirkland
Does your new
12-factor app
implement a
cloud-native design
with a microservice
architecture?
asked no one, ever.

22. @DustinKirkland
12-factor cloud-native micro-service, huh?

23. @DustinKirkland Source: http://microservices.io/patterns/microservices.html
Microservice Architecture

24. @DustinKirkland Source: http://12factor.net
12-factor app

25. @DustinKirkland
Cloud Native Design
Source: https://pivotal.io/cloud-native

26. @DustinKirkland
Can any of this
container stuff
actually be used
securely in production
in an enterprise
environment?
asked no one, ever.

27. @DustinKirkland
Resource Control
Discretionary Access
Mandatory Access
Fine Grained Access
cgroups
namespaces
apparmor
seccomp
Container Security

28. # Count the CPUs and Memory available
lxc exec demo1 -- grep processor /proc/cpuinfo
lxc exec demo1 -- free
# Limit the container to 1 CPU and 128MB of Mem
lxc config set demo1 limits.cpu 1
lxc config set demo1 limits.memory 128MB
lxc stop demo1 && lxc start demo1
# Recount the CPUs and Memory available
lxc exec demo1 -- grep processor /proc/cpuinfo
lxc exec demo1 -- free

29. Ubuntu in production

30. @DustinKirkland
How do you ensure
patches get applied
everywhere?
asked no one, ever.

31. @DustinKirkland
let’s recreate new stateless containers

32. @DustinKirkland
let’s update stateful containers

33. @DustinKirkland

34. @DustinKirkland@DustinKirkland
Using the right container tech for the job
or, the questions you’re too afraid to ask about containers
Container World
Santa Clara, CA
February 21, 2017