Advertisement

Dockerize it! @ Codemotion 2016 in Rome

Mar. 18, 2016
Advertisement

More Related Content

Advertisement

More from Alessandro Nadalin(20)

Advertisement

Dockerize it! @ Codemotion 2016 in Rome

  1. Dockerize it! Alexnadalin-NAMSHI.com
  2. WARNING
  3. MINIMAL DOCKER AHEAD
  4. playing with containers
  5. figuring them out
  6. never tried
  7. DEMO
  8. Container laws
  9. Why containers?
  10. remember when...
  11. require(‘http’).createServer(...)
  12. <li ng-repeat=”item in items” … >
  13. go func()
  14. or when...
  15. sudo service nginx restart
  16. apt-get install curl
  17. ulimit -n 1025
  18. Systems are boring.
  19. Systems are f*****g boring.
  20. Code is an F1 pilot
  21. unique style
  22. hard to replicate hard to replicate hard to replicatehard to replicate hard to replicate
  23. System is the F1 car
  24. Robust
  25. Reliable
  26. Replicable
  27. Systems aren’t nice to build
  28. They are nice to orchestrate
  29. VMs
  30. How do they differ from containers?
  31. “it’s just like a VM, just much more lightweight”
  32. “it’s just like a VM, just much more lightweight”FLUFF
  33. kernel
  34. resources
  35. isolation
  36. security
  37. “Containers have similar resource isolation and allocation benefits as virtual machines but a different architectural approach allows them to be much more portable and efficient” https://www.docker.com/what-docker
  38. Law #1 Even though they might try to solve similar problems, containers and VMs are fundamentally different
  39. 1996
  40. https://github.com/docker/libcontainer/blob/master/PRINCIPLES.md
  41. runC
  42. Law #2 Docker is not here to stay (at least in the way we think of it nowadays)
  43. Think that Docker is simple
  44. Think that Docker is simple
  45. # docker-compose.yml services: web: build: . ports: - "8080:8080" volumes: - .:/src $ docker-compose up
  46. expand the horizon
  47. We have Docker in our system
  48. We’re developing a nodejs app
  49. without nodejs
  50. we’re exposing it from our container to our host (-p 8080:8080)
  51. then we’re running ngrok to expose our host to the internet
  52. without ngrok
  53. Law #3 Containers aren’t suitable for dev or production, containers are suitable for use-cases
  54. docker pull graylog2/allinone
  55. Law #4 Dockerfiles are the simplest form of configuration management
  56. Orchestrating containers isn’t simple.
  57. But it’s the fun part :-)
  58. apiVersion: v1 kind: ReplicationController metadata: name: app labels: name: app spec: replicas: 1 selector: name: app template: metadata: labels: name: app spec: containers: - name: master image: my-nodejs-app ports: - containerPort: 1234
  59. apiVersion: v1 kind: ReplicationController metadata: name: app labels: name: app spec: replicas: 1 selector: name: app template: metadata: labels: name: app spec: containers: - name: master image: my-nodejs-app ports: - containerPort: 1234
  60. kubectl create -f /path/to/definition.yml
  61. PODs REPLICATION CONTROLLERS SERVICES
  62. PODs REPLICATION CONTROLLERS SERVICES
  63. A set of logically linked containers
  64. PODs REPLICATION CONTROLLERS SERVICES
  65. The guy who makes sure PODs are up & running
  66. apiVersion: v1 kind: ReplicationController metadata: name: app labels: name: app spec: replicas: 1 selector: name: app template: metadata: labels: name: app spec: containers: - name: master image: my-nodejs-app ports: - containerPort: 1234
  67. kubectl scale --replicas=2 rc app
  68. PODs REPLICATION CONTROLLERS SERVICES
  69. The DataCenter of the future is taking shape
  70. Law #5 Configuration management is (almost) dead Long live orchestrators
  71. Law #6 Talk services, not machines
  72. NERDADVICE Containers aren’t better than VMs, it really just depends on what you need to do https://goo.gl/DGQKDA
  73. NERDADVICE Forget about the hosts, go GCE if you can https://goo.gl/haanq4
  74. NERDADVICE Else, use a mature orchestration platform http://kubernetes.io/ https://goo.gl/sbk3Hk (swarm) http://mesos.apache.org/
  75. NERDADVICE Run your hosts on safe, light OS like CoreOS https://coreos.com/
  76. NERDADVICE Use Alpine for your containers, it’s a minimal security-oriented Linux distro http://goo.gl/MF4nKp
  77. NERDADVICE Avoid running containers as root http://goo.gl/MF4nKp
  78. NERDADVICE Regularly scan your clusters to see if there’s any security gotcha https://goo.gl/l8tO31
  79. NERDADVICE Isolate “colanders” like jenkins in containers https://goo.gl/1HuQjV
  80. NERDADVICE Stop manually installing software on your own machine https://goo.gl/9fHWHU
  81. NERDADVICE Live like it’s 2016 https://goo.gl/2FNwGq https://github.com/coreos/rkt https://runc.io/
  82. Alessandro Nadalin
  83. Alessandro Nadalin @_odino_
  84. Alessandro Nadalin @_odino_ Namshi
  85. Alessandro Nadalin @_odino_ Namshi VP Technology
  86. Alessandro Nadalin @_odino_ Namshi VP Technology odino.org
  87. Thanks! Alessandro Nadalin @_odino_ Namshi VP Technology odino.org
  88. we are hiring! tech.namshi.com/join-us github.com/namshi twitter.com/TechNamshi tech.namshi.com
Advertisement