Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Dockerize it!
Alexnadalin-NAMSHI.com
WARNING
MINIMAL
DOCKER
AHEAD
playing with containers
figuring them out
never tried
DEMO
Container laws
Why containers?
remember
when...
require(‘http’).createServer(...)
<li ng-repeat=”item in items” … >
go func()
or when...
sudo service nginx restart
apt-get install curl
ulimit -n 1025
Systems are
boring.
Systems are
f*****g
boring.
Code is an F1 pilot
unique style
hard to replicate
hard to replicate
hard to replicatehard to replicate
hard to replicate
System is the F1 car
Robust
Reliable
Replicable
Systems aren’t
nice to build
They are nice
to orchestrate
VMs
How do they
differ from
containers?
“it’s just like a VM,
just much more lightweight”
“it’s just like a VM,
just much more lightweight”FLUFF
kernel
resources
isolation
security
“Containers have similar resource
isolation and allocation benefits as
virtual machines but a different
architectural appr...
Law #1
Even though they might try to
solve similar problems,
containers and VMs are
fundamentally different
1996
https://github.com/docker/libcontainer/blob/master/PRINCIPLES.md
runC
Law #2
Docker is not here to stay
(at least in the way we
think of it nowadays)
Think that
Docker is simple
Think that
Docker is simple
# docker-compose.yml
services:
web:
build: .
ports:
- "8080:8080"
volumes:
- .:/src
$ docker-compose up
expand the horizon
We have Docker in our
system
We’re developing
a nodejs app
without nodejs
we’re exposing it from
our container to our host
(-p 8080:8080)
then we’re running ngrok
to expose our host
to the internet
without ngrok
Law #3
Containers aren’t suitable for dev
or production, containers are
suitable for use-cases
docker pull graylog2/allinone
Law #4
Dockerfiles are the simplest form
of configuration management
Orchestrating
containers isn’t
simple.
But it’s the
fun part :-)
apiVersion: v1
kind: ReplicationController
metadata:
name: app
labels:
name: app
spec:
replicas: 1
selector:
name: app
tem...
apiVersion: v1
kind: ReplicationController
metadata:
name: app
labels:
name: app
spec:
replicas: 1
selector:
name: app
tem...
kubectl create -f
/path/to/definition.yml
PODs
REPLICATION CONTROLLERS
SERVICES
PODs
REPLICATION CONTROLLERS
SERVICES
A set of logically linked containers
PODs
REPLICATION
CONTROLLERS
SERVICES
The guy who makes sure
PODs are up & running
apiVersion: v1
kind: ReplicationController
metadata:
name: app
labels:
name: app
spec:
replicas: 1
selector:
name: app
tem...
kubectl scale
--replicas=2 rc app
PODs
REPLICATION CONTROLLERS
SERVICES
The DataCenter of the
future is taking shape
Law #5
Configuration management is
(almost) dead
Long live orchestrators
Law #6
Talk services, not machines
NERDADVICE
Containers aren’t
better than VMs,
it really just
depends on what
you need to do
https://goo.gl/DGQKDA
NERDADVICE
Forget about the
hosts, go GCE if
you can
https://goo.gl/haanq4
NERDADVICE
Else, use a mature
orchestration
platform
http://kubernetes.io/
https://goo.gl/sbk3Hk (swarm)
http://mesos.apac...
NERDADVICE
Run your hosts
on safe, light OS
like CoreOS
https://coreos.com/
NERDADVICE
Use Alpine for
your containers,
it’s a minimal
security-oriented
Linux distro
http://goo.gl/MF4nKp
NERDADVICE
Avoid running
containers as
root
http://goo.gl/MF4nKp
NERDADVICE
Regularly scan
your clusters to
see if there’s any
security gotcha
https://goo.gl/l8tO31
NERDADVICE
Isolate
“colanders” like
jenkins in
containers
https://goo.gl/1HuQjV
NERDADVICE
Stop manually
installing
software on your
own machine
https://goo.gl/9fHWHU
NERDADVICE
Live like it’s 2016
https://goo.gl/2FNwGq
https://github.com/coreos/rkt
https://runc.io/
Alessandro Nadalin
Alessandro Nadalin
@_odino_
Alessandro Nadalin
@_odino_
Namshi
Alessandro Nadalin
@_odino_
Namshi
VP Technology
Alessandro Nadalin
@_odino_
Namshi
VP Technology
odino.org
Thanks!
Alessandro Nadalin
@_odino_
Namshi
VP Technology
odino.org
we are hiring!
tech.namshi.com/join-us
github.com/namshi
twitter.com/TechNamshi
tech.namshi.com
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Dockerize it! @ Codemotion 2016 in Rome
Upcoming SlideShare
Loading in …5
×

Dockerize it! @ Codemotion 2016 in Rome

1,117 views

Published on

Docker is a groundbreaking technology that will heavily influence how we will write software in the years to come: let's then have a look at:

* where it comes from (Linux Containers)
* how it works
* how to dockerize simple apps to easily deploy them on production
* how you can use Docker in local environments to simplify your development workflow

Do you like Vagrant, auto-scaling or 12-factor apps? Then get ready to be mindblown.

Published in: Technology

Dockerize it! @ Codemotion 2016 in Rome

  1. 1. Dockerize it! Alexnadalin-NAMSHI.com
  2. 2. WARNING
  3. 3. MINIMAL DOCKER AHEAD
  4. 4. playing with containers
  5. 5. figuring them out
  6. 6. never tried
  7. 7. DEMO
  8. 8. Container laws
  9. 9. Why containers?
  10. 10. remember when...
  11. 11. require(‘http’).createServer(...)
  12. 12. <li ng-repeat=”item in items” … >
  13. 13. go func()
  14. 14. or when...
  15. 15. sudo service nginx restart
  16. 16. apt-get install curl
  17. 17. ulimit -n 1025
  18. 18. Systems are boring.
  19. 19. Systems are f*****g boring.
  20. 20. Code is an F1 pilot
  21. 21. unique style
  22. 22. hard to replicate hard to replicate hard to replicatehard to replicate hard to replicate
  23. 23. System is the F1 car
  24. 24. Robust
  25. 25. Reliable
  26. 26. Replicable
  27. 27. Systems aren’t nice to build
  28. 28. They are nice to orchestrate
  29. 29. VMs
  30. 30. How do they differ from containers?
  31. 31. “it’s just like a VM, just much more lightweight”
  32. 32. “it’s just like a VM, just much more lightweight”FLUFF
  33. 33. kernel
  34. 34. resources
  35. 35. isolation
  36. 36. security
  37. 37. “Containers have similar resource isolation and allocation benefits as virtual machines but a different architectural approach allows them to be much more portable and efficient” https://www.docker.com/what-docker
  38. 38. Law #1 Even though they might try to solve similar problems, containers and VMs are fundamentally different
  39. 39. 1996
  40. 40. https://github.com/docker/libcontainer/blob/master/PRINCIPLES.md
  41. 41. runC
  42. 42. Law #2 Docker is not here to stay (at least in the way we think of it nowadays)
  43. 43. Think that Docker is simple
  44. 44. Think that Docker is simple
  45. 45. # docker-compose.yml services: web: build: . ports: - "8080:8080" volumes: - .:/src $ docker-compose up
  46. 46. expand the horizon
  47. 47. We have Docker in our system
  48. 48. We’re developing a nodejs app
  49. 49. without nodejs
  50. 50. we’re exposing it from our container to our host (-p 8080:8080)
  51. 51. then we’re running ngrok to expose our host to the internet
  52. 52. without ngrok
  53. 53. Law #3 Containers aren’t suitable for dev or production, containers are suitable for use-cases
  54. 54. docker pull graylog2/allinone
  55. 55. Law #4 Dockerfiles are the simplest form of configuration management
  56. 56. Orchestrating containers isn’t simple.
  57. 57. But it’s the fun part :-)
  58. 58. apiVersion: v1 kind: ReplicationController metadata: name: app labels: name: app spec: replicas: 1 selector: name: app template: metadata: labels: name: app spec: containers: - name: master image: my-nodejs-app ports: - containerPort: 1234
  59. 59. apiVersion: v1 kind: ReplicationController metadata: name: app labels: name: app spec: replicas: 1 selector: name: app template: metadata: labels: name: app spec: containers: - name: master image: my-nodejs-app ports: - containerPort: 1234
  60. 60. kubectl create -f /path/to/definition.yml
  61. 61. PODs REPLICATION CONTROLLERS SERVICES
  62. 62. PODs REPLICATION CONTROLLERS SERVICES
  63. 63. A set of logically linked containers
  64. 64. PODs REPLICATION CONTROLLERS SERVICES
  65. 65. The guy who makes sure PODs are up & running
  66. 66. apiVersion: v1 kind: ReplicationController metadata: name: app labels: name: app spec: replicas: 1 selector: name: app template: metadata: labels: name: app spec: containers: - name: master image: my-nodejs-app ports: - containerPort: 1234
  67. 67. kubectl scale --replicas=2 rc app
  68. 68. PODs REPLICATION CONTROLLERS SERVICES
  69. 69. The DataCenter of the future is taking shape
  70. 70. Law #5 Configuration management is (almost) dead Long live orchestrators
  71. 71. Law #6 Talk services, not machines
  72. 72. NERDADVICE Containers aren’t better than VMs, it really just depends on what you need to do https://goo.gl/DGQKDA
  73. 73. NERDADVICE Forget about the hosts, go GCE if you can https://goo.gl/haanq4
  74. 74. NERDADVICE Else, use a mature orchestration platform http://kubernetes.io/ https://goo.gl/sbk3Hk (swarm) http://mesos.apache.org/
  75. 75. NERDADVICE Run your hosts on safe, light OS like CoreOS https://coreos.com/
  76. 76. NERDADVICE Use Alpine for your containers, it’s a minimal security-oriented Linux distro http://goo.gl/MF4nKp
  77. 77. NERDADVICE Avoid running containers as root http://goo.gl/MF4nKp
  78. 78. NERDADVICE Regularly scan your clusters to see if there’s any security gotcha https://goo.gl/l8tO31
  79. 79. NERDADVICE Isolate “colanders” like jenkins in containers https://goo.gl/1HuQjV
  80. 80. NERDADVICE Stop manually installing software on your own machine https://goo.gl/9fHWHU
  81. 81. NERDADVICE Live like it’s 2016 https://goo.gl/2FNwGq https://github.com/coreos/rkt https://runc.io/
  82. 82. Alessandro Nadalin
  83. 83. Alessandro Nadalin @_odino_
  84. 84. Alessandro Nadalin @_odino_ Namshi
  85. 85. Alessandro Nadalin @_odino_ Namshi VP Technology
  86. 86. Alessandro Nadalin @_odino_ Namshi VP Technology odino.org
  87. 87. Thanks! Alessandro Nadalin @_odino_ Namshi VP Technology odino.org
  88. 88. we are hiring! tech.namshi.com/join-us github.com/namshi twitter.com/TechNamshi tech.namshi.com

×