Nico Meisenzahl discusses tools for building and deploying microservices, including Kaniko for building container images without privileges, Docker Compose for defining and running multi-container applications, Helm for packaging and deploying Kubernetes applications, and CNAB for packaging distributed applications independently of infrastructure. He demonstrates using these tools and highlights upcoming features like Helm 3's removal of Tiller and addition of an embedded Lua engine.
4. Everything starts with a Dockerfile
• Describes the Image
• Best practises
– choose the base image wisely
– use multi-stage builds
– combine commands into few
instructions as possible
– use curl/wget for non-persistent files
(installer, etc.)
– reduce waste
– know how caching works
4
5. Image build process
• “docker build” is the common way
• locally
– available with every Docker installation
→ we love it and it just works
• containerized
– mostly used in build pipelines
– Docker-in-Docker (DinD) is needed → Security issues!
• Docker daemon needs to be mounted
• privileged flag is needed
• not allowed in a K8s environment (hopefully)
→ could be better...
5
6. Kaniko can help
• Builds Images without privileges in a container
• developed by Google
• part of the Knative serverless stack
– Istio, Kaniko, Knative
• Docker Image: http://gcr.io/kaniko-project/executor
• More details: https://github.com/GoogleContainerTools/kaniko
6
7. Kaniko (Demo)
• can be used with
– “docker run”
– as a Pod definition (Kubernetes)
– in build pipelines
– ...
7
9. But, what if ...
• your application is based on various microservices?
• you would like to have a portable and easy deployment?
→ you will need a tool to package your application
9
10. Where Compose and Helm can help (Demo)
• can be used to define and run bundled multi-container Microservices
– portable deployments & updates
– versioning & rollbacks (Helm only)
– Repositories (Helm, docker-app)
• Compose can be used with
– pure Docker
– Swarm
– docker-app
• Helm is the defacto default package manager for Kubernetes
• more details
– https://helm.sh
– https://docs.docker.com/compose
– https://github.com/docker/app
10
11. Helm 3.0
• removal of Tiller
– Client-only
– based on RBAC, CRD
• embedded Lua engine
– optional and mixable
– more flexible
– work with objects not YAML
• Chart repo authentication & upload
– helm login
– helm push
• more details: https://www.youtube.com/watch?v=XUqNLhFWbl8
11
13. CNAB (Cloud Native Application Bundle)
• a spec for packaging distributed apps
• designed by Microsoft, Docker, bitnami & HashiCorp
• is not platform-specific: Containers, Functions, VMs, IaaS and PaaS
– Compose / Helm / Kubernetes
– Ansible / Terraform
– Azure , OpenStack on-premises, ….
• a CNAB is defined by a bundle.json and will be deployed by a invocation
image
13
14. CNAB (Cloud Native Application Bundle)
• CLIs supporting CNAB specs
– duffle by Microsoft
– docker-app by Docker
– ...
• CNABs can be pushed to Docker Hub (using docker-app)
• more details
– https://cnab.io
– https://github.com/deislabs/cnab-spec
– https://duffle.sh
– https://github.com/docker/app
– https://medium.com/01001101/cloud-native-application-bundle-a-spec-for-packagi
ng-distributed-apps-7f1a7e3fc6fe
14