John Fiedler, profile picture
Uploaded byJohn Fiedler
PPTX, PDF3,104 views

Dockercon EU 2015

John Fiedler shared his experience running Docker in production at SalesforceIQ over two years. Some key lessons learned include starting simply with existing tools like Chef before adopting new container technologies, addressing file system and storage issues, using isolation to avoid resource constraints, and implementing security. Fiedler demonstrated how SalesforceIQ uses Docker with AWS Beanstalk and Mesos/DCOS for CI/CD and running stateless services at scale with service discovery, load balancing and auto-scaling. He advised starting simply and building towards a production-grade PaaS or CaaS as needs increase.

Embed presentation

Downloaded 59 times
Running Docker in Production Successfully John Fiedler Sr. Director of Engineering @ SalesforceIQ
About me ● I work for SalesforceIQ formerly RelateIQ ● I’ve used Docker for over 2 years ● I’ve done a couple of talks on Docker o http://blog.heavybit.com/blog/2015/3/2 3/dockermeetup o https://engineering.twitter.com/universi ty/videos/chef-versus-docker-at- relateiq o https://www.youtube.com/watch?v=z9 yNq-IjCcM ● I co-authored this book: o http://bleedingedgepress.com/docker- in-the-trenches/
Docker Book ● 50% off for everyone! ● Click here! https://gum.co/lQGH/dockerconeu ● Only $11.50 ● 200 pages
Agenda Docker Journey with SalesforceIQ Lessons Learned PaaS/CaaS
Docker Journey with SalesforceIQ Two years in production...
What is production? Production != test dev Isolation, Security, Performance, Monitoring, Logging… Scale, templates, automation… What is successful? >99% uptime or low # of outages? Fast code deployment? 0 Security Incidents?
100% of our web infrastructure running with Docker Boom
SalesforceIQ journey into production 2013 2014 2014 2014Q4Q4 Q1 Q2 Dev Environment Continuous Deployment in Teamcity Web Zero Downtime Deployments Full Stack Container Azkaban DockerMe Integrations Batch Jobs Mesos Kafka Dev/ Ops CLI Craft CMS Main Website Beanstalk 2015+ Devenv 2.0 P a a S Now2015
Database CI/CD Server Dev or Ops Environment Web Server Api Server Batch Jobs Integrations What we’ve put in containers Rate of Change Dependencies
Database CI/CD Server Dev or Ops Environment Web Server Api Server Batch Jobs Integrations Stateful Long-Life Stateless Short-Life What we’ve put in containers
Zoom in a little Persistent Storage Middleware / Integrations / Internal Tools / Scripts / Jobs Web Monitoring Logging Security Dev Environment Ops Environment CI / CD Fully Somewhat No Create Deploy Run Operate Dockerized Batch & Stream processing
Lessons Learned Alot...
Lots of tidbits ● Docker is prod ready but many surrounding solutions are not (alpha and beta) o Caution with the new toys is required ● Don’t go straight towards a PaaS if you're just starting out o Kubernetes, Mesos, CoreOS, Swarm, ECS ● Keep it simple o Know what works and what doesn’t ● Old tools still work great, and I’ll show you how o Know how to scale what you're doing ● You're going to have to roll your own at some point (orchestration) o As of version 1.5.11, HAProxy does not support zero downtime restarts or reloads of configuration. ● Learn from others, Tons of people in production now o Read the whole internet ● You can secure running containers o Twistlock, Conjur, Banyanops ● Get creative o Docker is golden and mobile
You can docker with Chef, Ansible, SaltStack... • You can use the tools you have today if you're not dockerized already • What… • But those are the tools i’m already using... • Yes they still work and work great
Our current prod web server ● Worked with all our existing tools! ○ Chef, Monitoring, Logging ● Security didn’t change ○ Security keys ○ Firewall ● Super easy to scale ○ Could pack with Packer to create AMI ○ Shell script was super easy ● Zero downtime ● Rollbacks Web Container v1 Web Container v2 Hipache/Redis Container Amazon AMI setup with Chef Cron job to run shell script to orchestrate containers
Demo It’s time
#1 thing we found!!!!
You WILL have disk/file system issues...
File system... Volumes not unmounting Long deletion times on device mapper –storage-opt dm.blkdiscard=false Kernel version matters! Great visual deep dive http://merrigrove.blogspot.com/2015/10/visualizi ng-docker-containers-and-images.html?m=1 What we used overtime 1. Started with AUFS - hit 42 layer limit 2. Then moved to device mapper a. Device/Volume not found b. NNOOOOOOOOOO 3. Back using AUFS again after bug fixes and layer 42 limit removal a. Continue to fight layer issues, mount issues 4. Back to device mapper with Docker 1.7 dynamic binaries! What we’ve landed on Ubuntu = AUFS Amazon Linux = Device mapper
Get a good registry Great options • Hub.docker.com • Quay.io • Trusted registry • Google • Azure • AWS • S3.. no registry… save/load 1. We started private registry a. went insane with buggy releases, failed pulls/pushes 2. Went to quay.io a. happy but slow, and costs $$ 3. Back to private registry 0.9 release… now stable 4. Scaled it and working great 5. Now working on upgrading to Docker Registry 2.1
Storage -Unlimited -Cheap Elasticache -Redis Beanstalk -Autoscale Scaling our registry • 100% AWS • Beanstalk ELB Auto scaling Group Docker web service • Redis Cache Elasticache Had issues when a node failed • S3 Backend Had huge issues on layer corruption ELB Docker Registry Cache S3
Isolation is your friend Low container to host ratio • Compute Spikey Processing… no problem • Storage Out of disk… no problem • Networking Shared bandwidth… no problem • Ram Swapping issue… no problem • Security Groups Least privilege… no problem Web Container v2 Amazon AMI setup with Chef Cron job to run shell script to orchestrate containers Hipache/Redis Container Web Container v1
CI/CD with Docker • The biggest ROI with Docker • Teamcity • Used to use Docker in Docker https://jpetazzo.github.io/2015/09/03/do-not- use-docker-in-docker-for-ci/ • Agents used to run in a docker container Now built with chef and packer • Autoscaling with Docker? Github.com Dockerfile Teamcity Agent Agent Agent Registry Server
Many PaaS/CaaS utilize sidekicks • Amazon ECS https://github.com/aws/amazon-ecs-agent • Amazon Beanstalk https://github.com/aws/aws-eb-python- dockerfiles • Netflix Prana • Smartstack • Docker Ambassador http://www.slideshare.net/Docker/slides hare-burns • CoreOS - Sidekick • Rancher • Logging Container Container Container Container (sidekick) Rest Api Service Discovery Health checks Orchestration Container Host
PaaS/CaaS How you’ll scale a single service
Beanstalk -Cloud formation EC2 Server Autoscaling Isolation Security Groups Environment Variables Beanstalk architecture • Run Over 50+ services on beanstalk today • Automagically built web container per branch of code • Corp site/Help site • 100% automated!! • Great for Web services SOA • You will have disk issues Storage Easy to spin up DNS service discovery Load balancer SSL Termination ELB Container RDS
Demo Beanstalk
One year ago • CoreOS... so cool • Mesos… cool with scale • Beanstalk… with docker support • Swarm… beta • Deis… oooo saas • ECS… ok now we're getting somewhere • Kubernetes… where did that come from… looks cool too Now….. • Kubernetes on top of DCOS, on top of Mesos, on top of CoreOS… facepalm
PaaS/CaaS Overview CoreOS DCOS Kubernetes ECS Orchestration Scheduler Resource Allocation Service Discovery More than Containers Health Check Storage clustering... Live Migration... Affinity rules...
DCOS Mesos Private Slave Auto Scaling Health Checks Intelligence Being successful with a PaaS/CaaS Our DCOS Architecture Built a edge router Built a Brain router Infra CLI This will run all of our stateless services Mesos Public Slave Auto Scaling Service Discovery Public <> Private DNS Can be Internal as well Storage SSL Termination DNS ELB Edge Router DB2 ServiceService Edge Router DB3DB1 Mesos Master Marathon Health Check API Change Event Bus InfraIQ
Demo InfraIQ
Summary • Starting out? Just use the same tools you have • You’ll need to roll up your sleeves • Security is not hard but you need to think about it • Many vendors are entering container space • Build towards a PaaS • Many solutions to PaaS • Know what you're trying to solve • Have fun!
Thank you! John Fiedler@johnfiedler johnfiedler@gmail.com

More Related Content

PDF
Play Framework: Intro & High-Level Overview
byJosh Padnick
 
PDF
SF DevOps: Introducing Vagrant
byMitchell Hashimoto
 
PPTX
Stabilizing SE Build - Selenium conf 2013
bydimakovalenko
 
PDF
Realtime with websockets
byColdFusionConference
 
PDF
AWS Developer Fundamentals
byJosh Padnick
 
PDF
Play Framework + Docker + CircleCI + AWS + EC2 Container Service
byJosh Padnick
 
PPTX
Managing Large Selenium Grid
bydimakovalenko
 
PDF
Meet the Selenium Grid
byAlexey Nikolaenko
 
Play Framework: Intro & High-Level Overview
byJosh Padnick
 
SF DevOps: Introducing Vagrant
byMitchell Hashimoto
 
Stabilizing SE Build - Selenium conf 2013
bydimakovalenko
 
Realtime with websockets
byColdFusionConference
 
AWS Developer Fundamentals
byJosh Padnick
 
Play Framework + Docker + CircleCI + AWS + EC2 Container Service
byJosh Padnick
 
Managing Large Selenium Grid
bydimakovalenko
 
Meet the Selenium Grid
byAlexey Nikolaenko
 

What's hot

PPTX
Scaling and Managing Selenium Grid
bydimakovalenko
 
PPTX
Distributed automation sel_conf_2015
byaragavan
 
ODP
CommandBox REPL, CLI, and Package Manager
bybdw429s
 
PDF
Vagrant For DevOps
byLalatendu Mohanty
 
PDF
Agile sites311training
byMichele Sciabarrà
 
PDF
Divide and Conquer: Easier Continuous Delivery using Micro-Services
byCarlos Sanchez
 
PPTX
Package Management on Windows with Chocolatey
byPuppet
 
PPTX
Node.js and MongoDB from scratch, fully explained and tested
byJohn Culviner
 
PPTX
How to work with Selenium Grid and Cloud Solutions
byNoam Zakai
 
PDF
Making Developers Productive with Vagrant, VirtualBox, and Docker
byJohn Rofrano
 
PPTX
Opscode Webinar: Cooking with Chef on Microsoft Windows
byChef Software, Inc.
 
PDF
Microservices: How loose is loosely coupled?
byJohn Rofrano
 
PDF
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
byDocker, Inc.
 
PDF
Play concurrency
byJustin Long
 
PDF
ColdFusion builder plugins
byColdFusionConference
 
PDF
Docker zero
byManuel de la Peña Peña
 
PDF
Building with Virtual Development Environments
byOscar Merida
 
PDF
Instant ColdFusion with Vagrant
byColdFusionConference
 
PDF
Nginx Tutorial | Learn Nginx Fundamentals | Deploy a Web Application Using Ng...
byEdureka!
 
PDF
Learning chef
byJonathan Carrillo
 
Scaling and Managing Selenium Grid
bydimakovalenko
 
Distributed automation sel_conf_2015
byaragavan
 
CommandBox REPL, CLI, and Package Manager
bybdw429s
 
Vagrant For DevOps
byLalatendu Mohanty
 
Agile sites311training
byMichele Sciabarrà
 
Divide and Conquer: Easier Continuous Delivery using Micro-Services
byCarlos Sanchez
 
Package Management on Windows with Chocolatey
byPuppet
 
Node.js and MongoDB from scratch, fully explained and tested
byJohn Culviner
 
How to work with Selenium Grid and Cloud Solutions
byNoam Zakai
 
Making Developers Productive with Vagrant, VirtualBox, and Docker
byJohn Rofrano
 
Opscode Webinar: Cooking with Chef on Microsoft Windows
byChef Software, Inc.
 
Microservices: How loose is loosely coupled?
byJohn Rofrano
 
DCSF 19 Modernizing Insurance with Docker Enterprise: The Physicians Mutual ...
byDocker, Inc.
 
Play concurrency
byJustin Long
 
ColdFusion builder plugins
byColdFusionConference
 
Docker zero
byManuel de la Peña Peña
 
Building with Virtual Development Environments
byOscar Merida
 
Instant ColdFusion with Vagrant
byColdFusionConference
 
Nginx Tutorial | Learn Nginx Fundamentals | Deploy a Web Application Using Ng...
byEdureka!
 
Learning chef
byJonathan Carrillo
 

Viewers also liked

PPTX
Inbox Love - RelateIQ
byDaniel Francisco
 
PDF
A Summary about Hykes' Keynote on Dockercon 2015
byHenry Huang
 
PPTX
Cultural Change using Docker (DockerCon 2015)
byThomas Shaw
 
PPTX
Real World Experience of Running Docker in Development and Production
byBen Hall
 
PPTX
Container as a Service with Docker
byPatrick Chanezon
 
PPTX
Dockercon Europe 2014 - Continuous Delivery leveraging on Docker CaaS
byAdrien Blind
 
PDF
Shipping Applications to Production in Containers with Docker
byJérôme Petazzoni
 
PDF
From development environments to production deployments with Docker, Compose,...
byJérôme Petazzoni
 
PDF
Dockercon 2015 - Faster Cheaper Safer
byAdrian Cockcroft
 
DOC
Compuertas técnicas avanzadas parte 2
byAndrés Cuervo
 
PPS
Carrera Placido Lo
byCristina Dino
 
PDF
Operating Systems - File Systems
byEmery Berger
 
PDF
Cobertura Aids 2010 Viena
byAlexandre Naime Barbosa
 
PPT
Communities: Build Or Join
byYahoo Developer Network
 
PPT
평가도구피피티
bygueste6f13f3
 
PDF
Australian Junior Mining Exploration Company
byjoel_fishlock
 
PPT
Pancreatitis
byAlcantara Julio
 
PPT
Zeimer BNI Presentation June 8, 2011
byZeimer's Advertising Shoppe
 
PPTX
ebay for Beginners
byIntranet Future
 
ODP
Animales en peligro de extincion
bylosdonkey
 
Inbox Love - RelateIQ
byDaniel Francisco
 
A Summary about Hykes' Keynote on Dockercon 2015
byHenry Huang
 
Cultural Change using Docker (DockerCon 2015)
byThomas Shaw
 
Real World Experience of Running Docker in Development and Production
byBen Hall
 
Container as a Service with Docker
byPatrick Chanezon
 
Dockercon Europe 2014 - Continuous Delivery leveraging on Docker CaaS
byAdrien Blind
 
Shipping Applications to Production in Containers with Docker
byJérôme Petazzoni
 
From development environments to production deployments with Docker, Compose,...
byJérôme Petazzoni
 
Dockercon 2015 - Faster Cheaper Safer
byAdrian Cockcroft
 
Compuertas técnicas avanzadas parte 2
byAndrés Cuervo
 
Carrera Placido Lo
byCristina Dino
 
Operating Systems - File Systems
byEmery Berger
 
Cobertura Aids 2010 Viena
byAlexandre Naime Barbosa
 
Communities: Build Or Join
byYahoo Developer Network
 
평가도구피피티
bygueste6f13f3
 
Australian Junior Mining Exploration Company
byjoel_fishlock
 
Pancreatitis
byAlcantara Julio
 
Zeimer BNI Presentation June 8, 2011
byZeimer's Advertising Shoppe
 
ebay for Beginners
byIntranet Future
 
Animales en peligro de extincion
bylosdonkey
 

Similar to Dockercon EU 2015

PPTX
How to be successful running Docker in Production
byDocker, Inc.
 
PDF
Docker in the Enterprise
bySaul Caganoff
 
PDF
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
byCodemotion
 
PDF
Using Docker Developing and Deploying Software with Containers 1st Edition Ad...
byyounktroyahf
 
PPTX
Docker Ecosystem on Azure
byPatrick Chanezon
 
PDF
Scale Big With Docker — Moboom 2014
byJérôme Petazzoni
 
PDF
Continuous Integration with Docker on AWS
byAndrew Heifetz
 
PPTX
Docker and-daily-devops
bySatria Ady Pradana
 
PPTX
Docker & Daily DevOps
bySatria Ady Pradana
 
PDF
codemotion-docker-2014
byCarlo Bonamico
 
PDF
Using Docker Developing and Deploying Software with Containers 1st Edition Ad...
byabucdaroga
 
PDF
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
byErica Windisch
 
PDF
Taking Docker to Production: What You Need to Know and Decide
byDocker, Inc.
 
PDF
Taking Docker to Production: What You Need to Know and Decide
byBret Fisher
 
PDF
Using Docker Developing And Deploying Software With Containers 1st Edition Ad...
bygraankloen
 
PDF
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
PDF
Going Production with Docker and Swarm
byC4Media
 
PDF
Cassandra and Docker Lessons Learned
byDataStax Academy
 
PDF
Real-World Docker: 10 Things We've Learned
byRightScale
 
PDF
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
byJérôme Petazzoni
 
How to be successful running Docker in Production
byDocker, Inc.
 
Docker in the Enterprise
bySaul Caganoff
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
byCodemotion
 
Using Docker Developing and Deploying Software with Containers 1st Edition Ad...
byyounktroyahf
 
Docker Ecosystem on Azure
byPatrick Chanezon
 
Scale Big With Docker — Moboom 2014
byJérôme Petazzoni
 
Continuous Integration with Docker on AWS
byAndrew Heifetz
 
Docker and-daily-devops
bySatria Ady Pradana
 
Docker & Daily DevOps
bySatria Ady Pradana
 
codemotion-docker-2014
byCarlo Bonamico
 
Using Docker Developing and Deploying Software with Containers 1st Edition Ad...
byabucdaroga
 
The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration
byErica Windisch
 
Taking Docker to Production: What You Need to Know and Decide
byDocker, Inc.
 
Taking Docker to Production: What You Need to Know and Decide
byBret Fisher
 
Using Docker Developing And Deploying Software With Containers 1st Edition Ad...
bygraankloen
 
Docker 0.11 at MaxCDN meetup in Los Angeles
byJérôme Petazzoni
 
Going Production with Docker and Swarm
byC4Media
 
Cassandra and Docker Lessons Learned
byDataStax Academy
 
Real-World Docker: 10 Things We've Learned
byRightScale
 
Docker Intro at the Google Developer Group and Google Cloud Platform Meet Up
byJérôme Petazzoni
 

Recently uploaded

PDF
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
PDF
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
PDF
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
PDF
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
PDF
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PDF
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
PDF
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
PDF
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PDF
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
PDF
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
PDF
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
PDF
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
PPTX
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
PDF
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
Title Installing Windows, Linux, MacOS.pdf
byGeraldAbadajos
 
Agentic-Document-Extraction-2026-Presentation.pdf
byTamanna
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
Computer-Based Training (CBT) The Backbone of Modern Technical & Defence Trai...
bycomputerbasedtrainin1
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
"Painless Major Upgrade: A Strategy for Updating Large Codebases", Andrii Yat...
byFwdays
 
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 

Dockercon EU 2015

  • 1.
    Running Docker inProduction Successfully John Fiedler Sr. Director of Engineering @ SalesforceIQ
  • 2.
    About me ● Iwork for SalesforceIQ formerly RelateIQ ● I’ve used Docker for over 2 years ● I’ve done a couple of talks on Docker o http://blog.heavybit.com/blog/2015/3/2 3/dockermeetup o https://engineering.twitter.com/universi ty/videos/chef-versus-docker-at- relateiq o https://www.youtube.com/watch?v=z9 yNq-IjCcM ● I co-authored this book: o http://bleedingedgepress.com/docker- in-the-trenches/
  • 3.
    Docker Book ● 50%off for everyone! ● Click here! https://gum.co/lQGH/dockerconeu ● Only $11.50 ● 200 pages
  • 4.
    Agenda Docker Journey withSalesforceIQ Lessons Learned PaaS/CaaS
  • 6.
  • 7.
    What is production? Production!= test dev Isolation, Security, Performance, Monitoring, Logging… Scale, templates, automation… What is successful? >99% uptime or low # of outages? Fast code deployment? 0 Security Incidents?
  • 8.
    100% of ourweb infrastructure running with Docker Boom
  • 9.
    SalesforceIQ journey intoproduction 2013 2014 2014 2014Q4Q4 Q1 Q2 Dev Environment Continuous Deployment in Teamcity Web Zero Downtime Deployments Full Stack Container Azkaban DockerMe Integrations Batch Jobs Mesos Kafka Dev/ Ops CLI Craft CMS Main Website Beanstalk 2015+ Devenv 2.0 P a a S Now2015
  • 10.
    Database CI/CD Server Dev orOps Environment Web Server Api Server Batch Jobs Integrations What we’ve put in containers Rate of Change Dependencies
  • 11.
    Database CI/CD Server Dev orOps Environment Web Server Api Server Batch Jobs Integrations Stateful Long-Life Stateless Short-Life What we’ve put in containers
  • 12.
    Zoom in alittle Persistent Storage Middleware / Integrations / Internal Tools / Scripts / Jobs Web Monitoring Logging Security Dev Environment Ops Environment CI / CD Fully Somewhat No Create Deploy Run Operate Dockerized Batch & Stream processing
  • 13.
  • 14.
    Lots of tidbits ●Docker is prod ready but many surrounding solutions are not (alpha and beta) o Caution with the new toys is required ● Don’t go straight towards a PaaS if you're just starting out o Kubernetes, Mesos, CoreOS, Swarm, ECS ● Keep it simple o Know what works and what doesn’t ● Old tools still work great, and I’ll show you how o Know how to scale what you're doing ● You're going to have to roll your own at some point (orchestration) o As of version 1.5.11, HAProxy does not support zero downtime restarts or reloads of configuration. ● Learn from others, Tons of people in production now o Read the whole internet ● You can secure running containers o Twistlock, Conjur, Banyanops ● Get creative o Docker is golden and mobile
  • 16.
    You can dockerwith Chef, Ansible, SaltStack... • You can use the tools you have today if you're not dockerized already • What… • But those are the tools i’m already using... • Yes they still work and work great
  • 17.
    Our current prodweb server ● Worked with all our existing tools! ○ Chef, Monitoring, Logging ● Security didn’t change ○ Security keys ○ Firewall ● Super easy to scale ○ Could pack with Packer to create AMI ○ Shell script was super easy ● Zero downtime ● Rollbacks Web Container v1 Web Container v2 Hipache/Redis Container Amazon AMI setup with Chef Cron job to run shell script to orchestrate containers
  • 18.
  • 20.
    #1 thing wefound!!!!
  • 21.
    You WILL havedisk/file system issues...
  • 22.
    File system... Volumes notunmounting Long deletion times on device mapper –storage-opt dm.blkdiscard=false Kernel version matters! Great visual deep dive http://merrigrove.blogspot.com/2015/10/visualizi ng-docker-containers-and-images.html?m=1 What we used overtime 1. Started with AUFS - hit 42 layer limit 2. Then moved to device mapper a. Device/Volume not found b. NNOOOOOOOOOO 3. Back using AUFS again after bug fixes and layer 42 limit removal a. Continue to fight layer issues, mount issues 4. Back to device mapper with Docker 1.7 dynamic binaries! What we’ve landed on Ubuntu = AUFS Amazon Linux = Device mapper
  • 23.
    Get a goodregistry Great options • Hub.docker.com • Quay.io • Trusted registry • Google • Azure • AWS • S3.. no registry… save/load 1. We started private registry a. went insane with buggy releases, failed pulls/pushes 2. Went to quay.io a. happy but slow, and costs $$ 3. Back to private registry 0.9 release… now stable 4. Scaled it and working great 5. Now working on upgrading to Docker Registry 2.1
  • 24.
    Storage -Unlimited -Cheap Elasticache -Redis Beanstalk -Autoscale Scaling our registry •100% AWS • Beanstalk ELB Auto scaling Group Docker web service • Redis Cache Elasticache Had issues when a node failed • S3 Backend Had huge issues on layer corruption ELB Docker Registry Cache S3
  • 25.
    Isolation is yourfriend Low container to host ratio • Compute Spikey Processing… no problem • Storage Out of disk… no problem • Networking Shared bandwidth… no problem • Ram Swapping issue… no problem • Security Groups Least privilege… no problem Web Container v2 Amazon AMI setup with Chef Cron job to run shell script to orchestrate containers Hipache/Redis Container Web Container v1
  • 26.
    CI/CD with Docker •The biggest ROI with Docker • Teamcity • Used to use Docker in Docker https://jpetazzo.github.io/2015/09/03/do-not- use-docker-in-docker-for-ci/ • Agents used to run in a docker container Now built with chef and packer • Autoscaling with Docker? Github.com Dockerfile Teamcity Agent Agent Agent Registry Server
  • 27.
    Many PaaS/CaaS utilizesidekicks • Amazon ECS https://github.com/aws/amazon-ecs-agent • Amazon Beanstalk https://github.com/aws/aws-eb-python- dockerfiles • Netflix Prana • Smartstack • Docker Ambassador http://www.slideshare.net/Docker/slides hare-burns • CoreOS - Sidekick • Rancher • Logging Container Container Container Container (sidekick) Rest Api Service Discovery Health checks Orchestration Container Host
  • 28.
  • 29.
    Beanstalk -Cloud formation EC2 Server Autoscaling Isolation SecurityGroups Environment Variables Beanstalk architecture • Run Over 50+ services on beanstalk today • Automagically built web container per branch of code • Corp site/Help site • 100% automated!! • Great for Web services SOA • You will have disk issues Storage Easy to spin up DNS service discovery Load balancer SSL Termination ELB Container RDS
  • 30.
  • 31.
    One year ago •CoreOS... so cool • Mesos… cool with scale • Beanstalk… with docker support • Swarm… beta • Deis… oooo saas • ECS… ok now we're getting somewhere • Kubernetes… where did that come from… looks cool too Now….. • Kubernetes on top of DCOS, on top of Mesos, on top of CoreOS… facepalm
  • 32.
    PaaS/CaaS Overview CoreOS DCOSKubernetes ECS Orchestration Scheduler Resource Allocation Service Discovery More than Containers Health Check Storage clustering... Live Migration... Affinity rules...
  • 33.
    DCOS Mesos Private Slave AutoScaling Health Checks Intelligence Being successful with a PaaS/CaaS Our DCOS Architecture Built a edge router Built a Brain router Infra CLI This will run all of our stateless services Mesos Public Slave Auto Scaling Service Discovery Public <> Private DNS Can be Internal as well Storage SSL Termination DNS ELB Edge Router DB2 ServiceService Edge Router DB3DB1 Mesos Master Marathon Health Check API Change Event Bus InfraIQ
  • 34.
  • 35.
    Summary • Starting out?Just use the same tools you have • You’ll need to roll up your sleeves • Security is not hard but you need to think about it • Many vendors are entering container space • Build towards a PaaS • Many solutions to PaaS • Know what you're trying to solve • Have fun!
  • 37.