Dockerize it! @ Codemotion 2016 in Rome
Report
Alessandro NadalinFollow
Mar. 18, 2016•0 likes•1,516 views
8 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Check these out next
Dockerize it! @ Codemotion 2016 in Rome
Mar. 18, 2016•0 likes•1,516 views
8 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Technology
Docker is a groundbreaking technology that will heavily influence how we will write software in the years to come: let's then have a look at: * where it comes from (Linux Containers) * how it works * how to dockerize simple apps to easily deploy them on production * how you can use Docker in local environments to simplify your development workflow Do you like Vagrant, auto-scaling or 12-factor apps? Then get ready to be mindblown.
Alessandro NadalinFollow
Recommended
Deploying 3 times a day without a downtime @ Rocket Tech Summit in BerlinAlessandro Nadalin
IaC and Immutable Infrastructure with Terraform, Сергей МарченкоSigma Software
Docker: automation for the rest of usJérôme Petazzoni
Continous Delivering a PHP applicationJavier López
One commit, one release. Continuously delivering a Symfony project.Javier López
Continuous Integration: SaaS vs Jenkins in CloudIdeato
Dockerize it! @ Codemotion 2016 in Rome
- Dockerize it! Alexnadalin-NAMSHI.com
- WARNING
- MINIMAL DOCKER AHEAD
- playing with containers
- figuring them out
- never tried
- DEMO
- Container laws
- Why containers?
- remember when...
- require(‘http’).createServer(...)
- <li ng-repeat=”item in items” … >
- go func()
- or when...
- sudo service nginx restart
- apt-get install curl
- ulimit -n 1025
- Systems are boring.
- Systems are f*****g boring.
- Code is an F1 pilot
- unique style
- hard to replicate hard to replicate hard to replicatehard to replicate hard to replicate
- System is the F1 car
- Robust
- Reliable
- Replicable
- Systems aren’t nice to build
- They are nice to orchestrate
- VMs
- How do they differ from containers?
- “it’s just like a VM, just much more lightweight”
- “it’s just like a VM, just much more lightweight”FLUFF
- kernel
- resources
- isolation
- security
- “Containers have similar resource isolation and allocation benefits as virtual machines but a different architectural approach allows them to be much more portable and efficient” https://www.docker.com/what-docker
- Law #1 Even though they might try to solve similar problems, containers and VMs are fundamentally different
- 1996
- https://github.com/docker/libcontainer/blob/master/PRINCIPLES.md
- runC
- Law #2 Docker is not here to stay (at least in the way we think of it nowadays)
- Think that Docker is simple
- Think that Docker is simple
- # docker-compose.yml services: web: build: . ports: - "8080:8080" volumes: - .:/src $ docker-compose up
- expand the horizon
- We have Docker in our system
- We’re developing a nodejs app
- without nodejs
- we’re exposing it from our container to our host (-p 8080:8080)
- then we’re running ngrok to expose our host to the internet
- without ngrok
- Law #3 Containers aren’t suitable for dev or production, containers are suitable for use-cases
- docker pull graylog2/allinone
- Law #4 Dockerfiles are the simplest form of configuration management
- Orchestrating containers isn’t simple.
- But it’s the fun part :-)
- apiVersion: v1 kind: ReplicationController metadata: name: app labels: name: app spec: replicas: 1 selector: name: app template: metadata: labels: name: app spec: containers: - name: master image: my-nodejs-app ports: - containerPort: 1234
- apiVersion: v1 kind: ReplicationController metadata: name: app labels: name: app spec: replicas: 1 selector: name: app template: metadata: labels: name: app spec: containers: - name: master image: my-nodejs-app ports: - containerPort: 1234
- kubectl create -f /path/to/definition.yml
- PODs REPLICATION CONTROLLERS SERVICES
- PODs REPLICATION CONTROLLERS SERVICES
- A set of logically linked containers
- PODs REPLICATION CONTROLLERS SERVICES
- The guy who makes sure PODs are up & running
- apiVersion: v1 kind: ReplicationController metadata: name: app labels: name: app spec: replicas: 1 selector: name: app template: metadata: labels: name: app spec: containers: - name: master image: my-nodejs-app ports: - containerPort: 1234
- kubectl scale --replicas=2 rc app
- PODs REPLICATION CONTROLLERS SERVICES
- The DataCenter of the future is taking shape
- Law #5 Configuration management is (almost) dead Long live orchestrators
- Law #6 Talk services, not machines
- NERDADVICE Containers aren’t better than VMs, it really just depends on what you need to do https://goo.gl/DGQKDA
- NERDADVICE Forget about the hosts, go GCE if you can https://goo.gl/haanq4
- NERDADVICE Else, use a mature orchestration platform http://kubernetes.io/ https://goo.gl/sbk3Hk (swarm) http://mesos.apache.org/
- NERDADVICE Run your hosts on safe, light OS like CoreOS https://coreos.com/
- NERDADVICE Use Alpine for your containers, it’s a minimal security-oriented Linux distro http://goo.gl/MF4nKp
- NERDADVICE Avoid running containers as root http://goo.gl/MF4nKp
- NERDADVICE Regularly scan your clusters to see if there’s any security gotcha https://goo.gl/l8tO31
- NERDADVICE Isolate “colanders” like jenkins in containers https://goo.gl/1HuQjV
- NERDADVICE Stop manually installing software on your own machine https://goo.gl/9fHWHU
- NERDADVICE Live like it’s 2016 https://goo.gl/2FNwGq https://github.com/coreos/rkt https://runc.io/
- Alessandro Nadalin
- Alessandro Nadalin @_odino_
- Alessandro Nadalin @_odino_ Namshi
- Alessandro Nadalin @_odino_ Namshi VP Technology
- Alessandro Nadalin @_odino_ Namshi VP Technology odino.org
- Thanks! Alessandro Nadalin @_odino_ Namshi VP Technology odino.org
- we are hiring! tech.namshi.com/join-us github.com/namshi twitter.com/TechNamshi tech.namshi.com