SlideShare a Scribd company logo
@ndeloof
Who 
are 
you 
? 
! 
! 
✓ Dev 
✓ Integration/Test 
✓ Acceptance / Qualif 
✓ Sysdamin / Ops
level 0
DEV 
✓Exact reproduction for 
target environment 
! 
! 
! 
!
Not 
on 
Linux 
?
DEV 
✓Quickly get third party 
tools up-and-running
level 1
Test 
✓ Define build / test infra in your SCM
QA 
✓ Quickly get low-cost iso-production environment
level 2
Dev/Ops 
a WAR archive is NOT what a sysadmin expect as delivery 
! 
! 
+
best 
DevOps 
tool 
so 
far 
(imho)
Separation 
of 
concern 
Inside container 
/var/log/myapp 
! 
! 
! 
On host 
/mnt/backup/myapp/log
Separation 
of 
concerns 
Inside container 
/var/log/myapp 
VOLUME ! 
! 
! 
On host 
/mnt/backup/myapp/log
Ops 
✓ Manage hardware / infrastructure 
✓ Monitoring / backups 
- Not apps « implementation details »
✓ Develop simplest possible solution 
✓ Configuration is a runtime constraint 
- Not extra-extra-flexibile application 
! 
! 
new WebServer().start(8080); 
Dev
level 3
Continuous 
Delivery 
•100% Reproducible environments 
« docker build . » to replace « mvn install » 
Dockerfile 
build WAR from 
sources 
Dockerfile 
run acceptance 
test suite 
Dockerfile 
build deployable 
container 
docker run COPY
Continuous 
Delivery
Pour 
quoi 
? 
! 
✓ Cloud 
! 
✓ devices 
more to come soon … 
! 
✓ on-premises
docker 
@ 
Cloud 
•« build and deploy » PaaS 
! 
! 
! 
! 
•binaries-based PaaS
“ 
Everything 
at 
Google, 
from 
Search 
to 
Gmail, 
is 
packaged 
and 
run 
in 
a 
Linux 
container. 
! 
Each 
week 
we 
launch 
more 
than 
2 
billion 
container 
instances 
across 
our 
global 
data 
centers, 
and 
the 
power 
of 
containers 
has 
enabled 
both 
more 
reliable 
services 
and 
higher, 
more-­‐efficient 
scalability. 
“ 
http://googlecloudplatform.blogspot.fr/2014/06/an-update-on-container-support-on-google-cloud-platform.html 
Google 
and 
Containers
your VM 
your docker 
image 
Managed 
VM 
Compute Engine 
your app 
AppEngine 
runtime 
Google 
Managed 
VM 
flexibility management
Bonus 
Code 
gde-in
level 4
New architectures
Diviser 
pour 
mieux 
régner 
Stop the monolithes ! 
! 
! 
! 
! 
! 
! 
!
Diviser 
pour 
mieux 
régner 
embrace Micro-services 
‣ « the unix way » 
‣ domain focussed 
‣ quick release cycles 
‣ segregate resources 
! 
! 
http://yobriefca.se/blog/2013/04/29/micro-service-architecture/ 
!
Micro-­‐service 
avec 
Docker 
LINK
sample 
: 
syslog 
host 
rsyslog 
/dev/log 
/tmp/syslogdev 
logger "hello" 
/dev/log 
http://jpetazzo.github.io/2014/08/24/syslog-docker/
durée 
de 
vie 
Un serveur ou une VM : 
des mois, voir plus 
! 
Un (ou des) containeur(s) : 
parfois juste quelques minutes 
!
Immutable 
infrastructures
Upgrades 
! 
Upgrade applicatif = build d’une nouvelle image
What 
about 
CM 
?
pimp 
my 
Dockerfile 
Dockerfile 
BUILD chef-solo 
Dockerfile 
COPY /cookbooks
Orchestrate 
Docker 
load balancer 
- hosts: web webapp 
webapp 
cache 
monitoring 
database replica 
sudo: yes 
tasks: 
- name: run tomcat servers 
docker: image=webapp ports=8080
level 5
En PROD si, si
Ops 
is 
cool 
now 
! 
#o
#Sexists 
you 
said 
?
CoreOS 
Système hôte minimaliste 
(160Mb RAM) 
cluster-ready 
service discovery etcd 
cgroup + systemd 
boot in ~ seconds
Apache 
Mesos
schedule state 
N replicas for a service 
pod = containers tied together 
service discovery & routage 
! 
Kubernetes
and 
(lots) 
more 
« 
orchestration 
» 
Kubelet 
maestro-ng 
Shipper 
Fleet 
Hellios 
Centurion
images: 
- name: jenkins_master 
source: ryfow/jenkins:0.2 
type: Default 
ports: 
- host_port: '9080' 
container_port: '8080' 
proto: TCP 
volumes: 
- host_path: "/var/jenkins" 
container_path: "/var/jenkins_home" 
- name: jenkins_slave_1 
source: ryfow/docker-jenkins-slave:0.2 
type: Default 
links: 
- service: jenkins_master 
alias: jenkins 
environment: 
- variable: SLAVE_NAME 
value: slave1 
{ 
"containers":[ 
{ 
"name":"rockmongo", 
"count":1, 
"image":"openshift/centos-rockmongo", 
"publicports":[{"internal":80,"external":6060}], 
"links":[{"to":"mongodb"}] 
}, 
{ 
"name":"mongodb", 
"count":1, 
"image":"openshift/centos-mongodb", 
"publicports":[{"internal":27017}] 
} 
] 
} 
name: demo 
registries: 
my-private-registry: 
registry: https://my-private-registry/v1/ 
ships: 
vm1.ore1: {ip: c414.ore1.domain.com} 
vm2.ore2: {ip: c415.ore2.domain.com, docker_port: 4243} 
services: 
zookeeper: 
image: zookeeper:3.4.5 
instances: 
zk-1: 
ship: vm1.ore1 
ports: {client: 2181, peer: 2888, leader_election: 3888} 
volumes: 
/var/lib/zookeeper: /data/zookeeper 
limits: 
memory: 1g 
cpu: 2
Distribute 
Docker 
images 
•DockerHub private registry 
•Run your own internal registry (docker image) 
•Docker load/save with CM 
•Dogistry / s3
Monitoring 
•collect cgroup metrics 
•cAdvisor 
•dedicated docker plugin 
LogScape
What 
about 
Data 
?
flocker
Container 
live 
migration
level 5
security
container 
security 
Containers are NOT secured 
! 
! 
! 
! 
! 
! 
http://blog.docker.com/2014/07/new-dockercon-video-docker- 
security-renamed-from-docker-and-selinux/
do 
you 
care 
? 
Treat containers like regular services 
! 
✓ drop privileges as soon as possible 
✓ run as non-root as much as possible 
✓ treat root within container as root on host 
✓ don’t run untrusted container
drop 
capabilities 
capabilities - overview of Linux capabilities 
! 
Description 
! 
For the purpose of performing permission checks, traditional UNIX implementations 
distinguish two categories of processes: privileged processes (whose effective user 
ID is 0, referred to as superuser or root), and unprivileged processes (whose 
effective UID is nonzero). Privileged processes bypass all kernel permission checks, 
while unprivileged processes are subject to full permission checking based on the 
process's credentials (usually: effective UID, effective GID, and supplementary 
group list). 
! 
Starting with kernel 2.2, Linux divides the privileges traditionally associated with 
superuser into distinct units, known as capabilities, which can be independently 
enabled and disabled. Capabilities are a per-thread attribute. 
! 
CAP_NET_ADMIN, CAP_SYS_ADMIN, …
User 
Name 
Space 
Map non root user to root within container
AppArmor 
/ 
SELinux 
http://stopdisablingselinux.com/
Multi 
Category 
Security 
(MCS) 
Protect containers from each other
level 42 
DHocJkeerro
what’s next
disclaimer
de 
facto 
Standard 
Adoption both for Cloud and on-premises 
! 
! 
! 
! 
!
Extensibility 
Alt. backends (AUFS is not an approved linux patch) 
‣ devicemapper 
‣ BTRFS 
‣ ZFS 
‣ … 
! 
Alt. implementations 
‣ Solaris Zones 
‣ BSD Jails
Tooling
Orchestration
security 
signature & authorization
Config 
Management 
Chef/Puppet/Salt/Ansible vs Docker
Q?

More Related Content

What's hot

Docker Meetup 08 03-2016
Docker Meetup 08 03-2016Docker Meetup 08 03-2016
Docker Meetup 08 03-2016
Docker
 
DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy  DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy
Docker, Inc.
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in Production
Gianluca Arbezzano
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker, Inc.
 
Continuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & KontenaContinuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & Kontena
Jussi Nummelin
 
Containerizing a REST API and Deploying to Kubernetes
Containerizing a REST API and Deploying to KubernetesContainerizing a REST API and Deploying to Kubernetes
Containerizing a REST API and Deploying to Kubernetes
Ashley Roach
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
Arun prasath
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development Pipeline
Docker, Inc.
 
Running Docker in Production - The Good, the Bad and The Ugly
Running Docker in Production - The Good, the Bad and The UglyRunning Docker in Production - The Good, the Bad and The Ugly
Running Docker in Production - The Good, the Bad and The Ugly
Kontena, Inc.
 
Windows Server Containers- How we hot here and architecture deep dive
Windows Server Containers- How we hot here and architecture deep diveWindows Server Containers- How we hot here and architecture deep dive
Windows Server Containers- How we hot here and architecture deep dive
Docker, Inc.
 
DockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for DevelopersDockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for Developers
Docker, Inc.
 
Jenkins & IaC
Jenkins & IaCJenkins & IaC
Jenkins & IaC
HungWei Chiu
 
Modernizing .NET Apps
Modernizing .NET AppsModernizing .NET Apps
Modernizing .NET Apps
Docker, Inc.
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EE
Docker, Inc.
 
Docker, what's next ?
Docker, what's next ?Docker, what's next ?
Docker, what's next ?
DevOps Indonesia
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016
Phil Estes
 
Configuration Management and Transforming Legacy Applications in the Enterpri...
Configuration Management and Transforming Legacy Applications in the Enterpri...Configuration Management and Transforming Legacy Applications in the Enterpri...
Configuration Management and Transforming Legacy Applications in the Enterpri...
Docker, Inc.
 
Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...
Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...
Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...
Docker, Inc.
 
DCEU 18: State of the Docker Engine
DCEU 18: State of the Docker EngineDCEU 18: State of the Docker Engine
DCEU 18: State of the Docker Engine
Docker, Inc.
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
Docker, Inc.
 

What's hot (20)

Docker Meetup 08 03-2016
Docker Meetup 08 03-2016Docker Meetup 08 03-2016
Docker Meetup 08 03-2016
 
DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy  DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy
 
Security Tips to run Docker in Production
Security Tips to run Docker in ProductionSecurity Tips to run Docker in Production
Security Tips to run Docker in Production
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
 
Continuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & KontenaContinuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & Kontena
 
Containerizing a REST API and Deploying to Kubernetes
Containerizing a REST API and Deploying to KubernetesContainerizing a REST API and Deploying to Kubernetes
Containerizing a REST API and Deploying to Kubernetes
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development Pipeline
 
Running Docker in Production - The Good, the Bad and The Ugly
Running Docker in Production - The Good, the Bad and The UglyRunning Docker in Production - The Good, the Bad and The Ugly
Running Docker in Production - The Good, the Bad and The Ugly
 
Windows Server Containers- How we hot here and architecture deep dive
Windows Server Containers- How we hot here and architecture deep diveWindows Server Containers- How we hot here and architecture deep dive
Windows Server Containers- How we hot here and architecture deep dive
 
DockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for DevelopersDockerCon EU 2015: Deploying and Managing Containers for Developers
DockerCon EU 2015: Deploying and Managing Containers for Developers
 
Jenkins & IaC
Jenkins & IaCJenkins & IaC
Jenkins & IaC
 
Modernizing .NET Apps
Modernizing .NET AppsModernizing .NET Apps
Modernizing .NET Apps
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EE
 
Docker, what's next ?
Docker, what's next ?Docker, what's next ?
Docker, what's next ?
 
Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016Innovating Out In The Open - OSCON 2016
Innovating Out In The Open - OSCON 2016
 
Configuration Management and Transforming Legacy Applications in the Enterpri...
Configuration Management and Transforming Legacy Applications in the Enterpri...Configuration Management and Transforming Legacy Applications in the Enterpri...
Configuration Management and Transforming Legacy Applications in the Enterpri...
 
Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...
Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...
Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...
 
DCEU 18: State of the Docker Engine
DCEU 18: State of the Docker EngineDCEU 18: State of the Docker Engine
DCEU 18: State of the Docker Engine
 
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
 

Similar to Dockers zero to hero

Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and docker
Fabio Fumarola
 
The State of Linux Containers
The State of Linux ContainersThe State of Linux Containers
The State of Linux Containers
inside-BigData.com
 
Docker dDessi november 2015
Docker dDessi november 2015Docker dDessi november 2015
Docker dDessi november 2015
Massimiliano Dessì
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
WSO2
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
Imesh Gunaratne
 
Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualization
WSO2
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
DevOps.com
 
Containers and workload security an overview
Containers and workload security an overview Containers and workload security an overview
Containers and workload security an overview
Krishna-Kumar
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetes
Ted Jung
 
2 Linux Container and Docker
2 Linux Container and Docker2 Linux Container and Docker
2 Linux Container and Docker
Fabio Fumarola
 
Develop with linux containers and docker
Develop with linux containers and dockerDevelop with linux containers and docker
Develop with linux containers and docker
Fabio Fumarola
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned  Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
RightScale
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production Cloud
Salman Baset
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Phil Estes
 
WTF my container just spawned a shell!
WTF my container just spawned a shell!WTF my container just spawned a shell!
WTF my container just spawned a shell!
Sysdig
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
Phil Estes
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
Jérôme Petazzoni
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
Henryk Konsek
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Sysdig
 
Kubernetes - training micro-dragons without getting burnt
Kubernetes -  training micro-dragons without getting burntKubernetes -  training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burnt
Amir Moghimi
 

Similar to Dockers zero to hero (20)

Linux containers and docker
Linux containers and dockerLinux containers and docker
Linux containers and docker
 
The State of Linux Containers
The State of Linux ContainersThe State of Linux Containers
The State of Linux Containers
 
Docker dDessi november 2015
Docker dDessi november 2015Docker dDessi november 2015
Docker dDessi november 2015
 
Evolution of Linux Containerization
Evolution of Linux Containerization Evolution of Linux Containerization
Evolution of Linux Containerization
 
Evoluation of Linux Container Virtualization
Evoluation of Linux Container VirtualizationEvoluation of Linux Container Virtualization
Evoluation of Linux Container Virtualization
 
Revolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualizationRevolutionizing the cloud with container virtualization
Revolutionizing the cloud with container virtualization
 
The Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote WorldThe Future of Security and Productivity in Our Newly Remote World
The Future of Security and Productivity in Our Newly Remote World
 
Containers and workload security an overview
Containers and workload security an overview Containers and workload security an overview
Containers and workload security an overview
 
Container & kubernetes
Container & kubernetesContainer & kubernetes
Container & kubernetes
 
2 Linux Container and Docker
2 Linux Container and Docker2 Linux Container and Docker
2 Linux Container and Docker
 
Develop with linux containers and docker
Develop with linux containers and dockerDevelop with linux containers and docker
Develop with linux containers and docker
 
Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned  Real-World Docker: 10 Things We've Learned
Real-World Docker: 10 Things We've Learned
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production Cloud
 
Tokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityTokyo OpenStack Summit 2015: Unraveling Docker Security
Tokyo OpenStack Summit 2015: Unraveling Docker Security
 
WTF my container just spawned a shell!
WTF my container just spawned a shell!WTF my container just spawned a shell!
WTF my container just spawned a shell!
 
Docker London: Container Security
Docker London: Container SecurityDocker London: Container Security
Docker London: Container Security
 
Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...Containerization is more than the new Virtualization: enabling separation of ...
Containerization is more than the new Virtualization: enabling separation of ...
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
 
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Lions, Tigers and Deers: What building zoos can teach us about securing micro...
Lions, Tigers and Deers: What building zoos can teach us about securing micro...
 
Kubernetes - training micro-dragons without getting burnt
Kubernetes -  training micro-dragons without getting burntKubernetes -  training micro-dragons without getting burnt
Kubernetes - training micro-dragons without getting burnt
 

More from Nicolas De Loof

Quand Internet sera gouvernée par les |chats> de Shrödinger
Quand Internet sera gouvernée par les |chats> de ShrödingerQuand Internet sera gouvernée par les |chats> de Shrödinger
Quand Internet sera gouvernée par les |chats> de Shrödinger
Nicolas De Loof
 
Quand Internet sera gouvernée par les |chats> de Shrödinger
Quand Internet sera gouvernée par les |chats> de ShrödingerQuand Internet sera gouvernée par les |chats> de Shrödinger
Quand Internet sera gouvernée par les |chats> de Shrödinger
Nicolas De Loof
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge
Nicolas De Loof
 
( jenkins, docker ) -> { Continuous Delivery }
( jenkins, docker ) -> { Continuous Delivery }( jenkins, docker ) -> { Continuous Delivery }
( jenkins, docker ) -> { Continuous Delivery }
Nicolas De Loof
 
Docker slaves
Docker slavesDocker slaves
Docker slaves
Nicolas De Loof
 
Orchestrate Continuous Delivery with Jenkins and Docker
Orchestrate Continuous Delivery with Jenkins and DockerOrchestrate Continuous Delivery with Jenkins and Docker
Orchestrate Continuous Delivery with Jenkins and Docker
Nicolas De Loof
 
Développer en Java et en Caleçon
Développer en Java et en CaleçonDévelopper en Java et en Caleçon
Développer en Java et en Caleçon
Nicolas De Loof
 
Dockers zero to hero - (medium version)
Dockers zero to hero - (medium version)Dockers zero to hero - (medium version)
Dockers zero to hero - (medium version)
Nicolas De Loof
 
Docker bdxio
Docker bdxioDocker bdxio
Docker bdxio
Nicolas De Loof
 
Likebox - votre avis nous intéresse
Likebox - votre avis nous intéresseLikebox - votre avis nous intéresse
Likebox - votre avis nous intéresse
Nicolas De Loof
 
La révolution Docker
La révolution DockerLa révolution Docker
La révolution Docker
Nicolas De Loof
 
Cloud patterns - softshake 2013
Cloud patterns - softshake 2013Cloud patterns - softshake 2013
Cloud patterns - softshake 2013
Nicolas De Loof
 
Cloud patterns
Cloud patternsCloud patterns
Cloud patterns
Nicolas De Loof
 
Objectif cloud
Objectif cloudObjectif cloud
Objectif cloud
Nicolas De Loof
 
Doing Business with OpenSource - a short (unofficial) CloudBees story
Doing Business with OpenSource - a short (unofficial) CloudBees storyDoing Business with OpenSource - a short (unofficial) CloudBees story
Doing Business with OpenSource - a short (unofficial) CloudBees story
Nicolas De Loof
 
Ma forge++ : @Cloud
Ma forge++ : @CloudMa forge++ : @Cloud
Ma forge++ : @Cloud
Nicolas De Loof
 
Javavs net
Javavs netJavavs net
Javavs net
Nicolas De Loof
 
Opening opensource : The Jenkins Way
Opening opensource : The Jenkins WayOpening opensource : The Jenkins Way
Opening opensource : The Jenkins Way
Nicolas De Loof
 
Jenkins user meetup @paris
Jenkins user meetup @parisJenkins user meetup @paris
Jenkins user meetup @paris
Nicolas De Loof
 

More from Nicolas De Loof (19)

Quand Internet sera gouvernée par les |chats> de Shrödinger
Quand Internet sera gouvernée par les |chats> de ShrödingerQuand Internet sera gouvernée par les |chats> de Shrödinger
Quand Internet sera gouvernée par les |chats> de Shrödinger
 
Quand Internet sera gouvernée par les |chats> de Shrödinger
Quand Internet sera gouvernée par les |chats> de ShrödingerQuand Internet sera gouvernée par les |chats> de Shrödinger
Quand Internet sera gouvernée par les |chats> de Shrödinger
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge
 
( jenkins, docker ) -> { Continuous Delivery }
( jenkins, docker ) -> { Continuous Delivery }( jenkins, docker ) -> { Continuous Delivery }
( jenkins, docker ) -> { Continuous Delivery }
 
Docker slaves
Docker slavesDocker slaves
Docker slaves
 
Orchestrate Continuous Delivery with Jenkins and Docker
Orchestrate Continuous Delivery with Jenkins and DockerOrchestrate Continuous Delivery with Jenkins and Docker
Orchestrate Continuous Delivery with Jenkins and Docker
 
Développer en Java et en Caleçon
Développer en Java et en CaleçonDévelopper en Java et en Caleçon
Développer en Java et en Caleçon
 
Dockers zero to hero - (medium version)
Dockers zero to hero - (medium version)Dockers zero to hero - (medium version)
Dockers zero to hero - (medium version)
 
Docker bdxio
Docker bdxioDocker bdxio
Docker bdxio
 
Likebox - votre avis nous intéresse
Likebox - votre avis nous intéresseLikebox - votre avis nous intéresse
Likebox - votre avis nous intéresse
 
La révolution Docker
La révolution DockerLa révolution Docker
La révolution Docker
 
Cloud patterns - softshake 2013
Cloud patterns - softshake 2013Cloud patterns - softshake 2013
Cloud patterns - softshake 2013
 
Cloud patterns
Cloud patternsCloud patterns
Cloud patterns
 
Objectif cloud
Objectif cloudObjectif cloud
Objectif cloud
 
Doing Business with OpenSource - a short (unofficial) CloudBees story
Doing Business with OpenSource - a short (unofficial) CloudBees storyDoing Business with OpenSource - a short (unofficial) CloudBees story
Doing Business with OpenSource - a short (unofficial) CloudBees story
 
Ma forge++ : @Cloud
Ma forge++ : @CloudMa forge++ : @Cloud
Ma forge++ : @Cloud
 
Javavs net
Javavs netJavavs net
Javavs net
 
Opening opensource : The Jenkins Way
Opening opensource : The Jenkins WayOpening opensource : The Jenkins Way
Opening opensource : The Jenkins Way
 
Jenkins user meetup @paris
Jenkins user meetup @parisJenkins user meetup @paris
Jenkins user meetup @paris
 

Recently uploaded

Accident detection system project report.pdf
Accident detection system project report.pdfAccident detection system project report.pdf
Accident detection system project report.pdf
Kamal Acharya
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
ijaia
 
OOPS_Lab_Manual - programs using C++ programming language
OOPS_Lab_Manual - programs using C++ programming languageOOPS_Lab_Manual - programs using C++ programming language
OOPS_Lab_Manual - programs using C++ programming language
PreethaV16
 
Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
Atif Razi
 
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
shadow0702a
 
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Sinan KOZAK
 
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICSUNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
vmspraneeth
 
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
Paris Salesforce Developer Group
 
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
MadhavJungKarki
 
5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf
AlvianRamadhani5
 
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
ijseajournal
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
ydzowc
 
Open Channel Flow: fluid flow with a free surface
Open Channel Flow: fluid flow with a free surfaceOpen Channel Flow: fluid flow with a free surface
Open Channel Flow: fluid flow with a free surface
Indrajeet sahu
 
Digital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptxDigital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptx
aryanpankaj78
 
AI-Based Home Security System : Home security
AI-Based Home Security System : Home securityAI-Based Home Security System : Home security
AI-Based Home Security System : Home security
AIRCC Publishing Corporation
 
Pressure Relief valve used in flow line to release the over pressure at our d...
Pressure Relief valve used in flow line to release the over pressure at our d...Pressure Relief valve used in flow line to release the over pressure at our d...
Pressure Relief valve used in flow line to release the over pressure at our d...
cannyengineerings
 
Transformers design and coooling methods
Transformers design and coooling methodsTransformers design and coooling methods
Transformers design and coooling methods
Roger Rozario
 
Introduction to Computer Networks & OSI MODEL.ppt
Introduction to Computer Networks & OSI MODEL.pptIntroduction to Computer Networks & OSI MODEL.ppt
Introduction to Computer Networks & OSI MODEL.ppt
Dwarkadas J Sanghvi College of Engineering
 
Height and depth gauge linear metrology.pdf
Height and depth gauge linear metrology.pdfHeight and depth gauge linear metrology.pdf
Height and depth gauge linear metrology.pdf
q30122000
 
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
upoux
 

Recently uploaded (20)

Accident detection system project report.pdf
Accident detection system project report.pdfAccident detection system project report.pdf
Accident detection system project report.pdf
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
 
OOPS_Lab_Manual - programs using C++ programming language
OOPS_Lab_Manual - programs using C++ programming languageOOPS_Lab_Manual - programs using C++ programming language
OOPS_Lab_Manual - programs using C++ programming language
 
Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
 
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
Use PyCharm for remote debugging of WSL on a Windo cf5c162d672e4e58b4dde5d797...
 
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
 
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICSUNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
UNIT 4 LINEAR INTEGRATED CIRCUITS-DIGITAL ICS
 
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
 
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
1FIDIC-CONSTRUCTION-CONTRACT-2ND-ED-2017-RED-BOOK.pdf
 
5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf
 
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
 
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
原版制作(Humboldt毕业证书)柏林大学毕业证学位证一模一样
 
Open Channel Flow: fluid flow with a free surface
Open Channel Flow: fluid flow with a free surfaceOpen Channel Flow: fluid flow with a free surface
Open Channel Flow: fluid flow with a free surface
 
Digital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptxDigital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptx
 
AI-Based Home Security System : Home security
AI-Based Home Security System : Home securityAI-Based Home Security System : Home security
AI-Based Home Security System : Home security
 
Pressure Relief valve used in flow line to release the over pressure at our d...
Pressure Relief valve used in flow line to release the over pressure at our d...Pressure Relief valve used in flow line to release the over pressure at our d...
Pressure Relief valve used in flow line to release the over pressure at our d...
 
Transformers design and coooling methods
Transformers design and coooling methodsTransformers design and coooling methods
Transformers design and coooling methods
 
Introduction to Computer Networks & OSI MODEL.ppt
Introduction to Computer Networks & OSI MODEL.pptIntroduction to Computer Networks & OSI MODEL.ppt
Introduction to Computer Networks & OSI MODEL.ppt
 
Height and depth gauge linear metrology.pdf
Height and depth gauge linear metrology.pdfHeight and depth gauge linear metrology.pdf
Height and depth gauge linear metrology.pdf
 
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
一比一原版(uofo毕业证书)美国俄勒冈大学毕业证如何办理
 

Dockers zero to hero

  • 2.
  • 3.
  • 4. Who are you ? ! ! ✓ Dev ✓ Integration/Test ✓ Acceptance / Qualif ✓ Sysdamin / Ops
  • 6. DEV ✓Exact reproduction for target environment ! ! ! !
  • 8. DEV ✓Quickly get third party tools up-and-running
  • 10. Test ✓ Define build / test infra in your SCM
  • 11. QA ✓ Quickly get low-cost iso-production environment
  • 13. Dev/Ops a WAR archive is NOT what a sysadmin expect as delivery ! ! +
  • 14. best DevOps tool so far (imho)
  • 15. Separation of concern Inside container /var/log/myapp ! ! ! On host /mnt/backup/myapp/log
  • 16. Separation of concerns Inside container /var/log/myapp VOLUME ! ! ! On host /mnt/backup/myapp/log
  • 17. Ops ✓ Manage hardware / infrastructure ✓ Monitoring / backups - Not apps « implementation details »
  • 18. ✓ Develop simplest possible solution ✓ Configuration is a runtime constraint - Not extra-extra-flexibile application ! ! new WebServer().start(8080); Dev
  • 20. Continuous Delivery •100% Reproducible environments « docker build . » to replace « mvn install » Dockerfile build WAR from sources Dockerfile run acceptance test suite Dockerfile build deployable container docker run COPY
  • 22. Pour quoi ? ! ✓ Cloud ! ✓ devices more to come soon … ! ✓ on-premises
  • 23. docker @ Cloud •« build and deploy » PaaS ! ! ! ! •binaries-based PaaS
  • 24. “ Everything at Google, from Search to Gmail, is packaged and run in a Linux container. ! Each week we launch more than 2 billion container instances across our global data centers, and the power of containers has enabled both more reliable services and higher, more-­‐efficient scalability. “ http://googlecloudplatform.blogspot.fr/2014/06/an-update-on-container-support-on-google-cloud-platform.html Google and Containers
  • 25. your VM your docker image Managed VM Compute Engine your app AppEngine runtime Google Managed VM flexibility management
  • 29. Diviser pour mieux régner Stop the monolithes ! ! ! ! ! ! ! !
  • 30. Diviser pour mieux régner embrace Micro-services ‣ « the unix way » ‣ domain focussed ‣ quick release cycles ‣ segregate resources ! ! http://yobriefca.se/blog/2013/04/29/micro-service-architecture/ !
  • 32. sample : syslog host rsyslog /dev/log /tmp/syslogdev logger "hello" /dev/log http://jpetazzo.github.io/2014/08/24/syslog-docker/
  • 33. durée de vie Un serveur ou une VM : des mois, voir plus ! Un (ou des) containeur(s) : parfois juste quelques minutes !
  • 35. Upgrades ! Upgrade applicatif = build d’une nouvelle image
  • 37. pimp my Dockerfile Dockerfile BUILD chef-solo Dockerfile COPY /cookbooks
  • 38. Orchestrate Docker load balancer - hosts: web webapp webapp cache monitoring database replica sudo: yes tasks: - name: run tomcat servers docker: image=webapp ports=8080
  • 41. Ops is cool now ! #o
  • 43. CoreOS Système hôte minimaliste (160Mb RAM) cluster-ready service discovery etcd cgroup + systemd boot in ~ seconds
  • 45. schedule state N replicas for a service pod = containers tied together service discovery & routage ! Kubernetes
  • 46.
  • 47. and (lots) more « orchestration » Kubelet maestro-ng Shipper Fleet Hellios Centurion
  • 48. images: - name: jenkins_master source: ryfow/jenkins:0.2 type: Default ports: - host_port: '9080' container_port: '8080' proto: TCP volumes: - host_path: "/var/jenkins" container_path: "/var/jenkins_home" - name: jenkins_slave_1 source: ryfow/docker-jenkins-slave:0.2 type: Default links: - service: jenkins_master alias: jenkins environment: - variable: SLAVE_NAME value: slave1 { "containers":[ { "name":"rockmongo", "count":1, "image":"openshift/centos-rockmongo", "publicports":[{"internal":80,"external":6060}], "links":[{"to":"mongodb"}] }, { "name":"mongodb", "count":1, "image":"openshift/centos-mongodb", "publicports":[{"internal":27017}] } ] } name: demo registries: my-private-registry: registry: https://my-private-registry/v1/ ships: vm1.ore1: {ip: c414.ore1.domain.com} vm2.ore2: {ip: c415.ore2.domain.com, docker_port: 4243} services: zookeeper: image: zookeeper:3.4.5 instances: zk-1: ship: vm1.ore1 ports: {client: 2181, peer: 2888, leader_election: 3888} volumes: /var/lib/zookeeper: /data/zookeeper limits: memory: 1g cpu: 2
  • 49. Distribute Docker images •DockerHub private registry •Run your own internal registry (docker image) •Docker load/save with CM •Dogistry / s3
  • 50. Monitoring •collect cgroup metrics •cAdvisor •dedicated docker plugin LogScape
  • 56. container security Containers are NOT secured ! ! ! ! ! ! http://blog.docker.com/2014/07/new-dockercon-video-docker- security-renamed-from-docker-and-selinux/
  • 57. do you care ? Treat containers like regular services ! ✓ drop privileges as soon as possible ✓ run as non-root as much as possible ✓ treat root within container as root on host ✓ don’t run untrusted container
  • 58. drop capabilities capabilities - overview of Linux capabilities ! Description ! For the purpose of performing permission checks, traditional UNIX implementations distinguish two categories of processes: privileged processes (whose effective user ID is 0, referred to as superuser or root), and unprivileged processes (whose effective UID is nonzero). Privileged processes bypass all kernel permission checks, while unprivileged processes are subject to full permission checking based on the process's credentials (usually: effective UID, effective GID, and supplementary group list). ! Starting with kernel 2.2, Linux divides the privileges traditionally associated with superuser into distinct units, known as capabilities, which can be independently enabled and disabled. Capabilities are a per-thread attribute. ! CAP_NET_ADMIN, CAP_SYS_ADMIN, …
  • 59. User Name Space Map non root user to root within container
  • 60. AppArmor / SELinux http://stopdisablingselinux.com/
  • 61. Multi Category Security (MCS) Protect containers from each other
  • 65. de facto Standard Adoption both for Cloud and on-premises ! ! ! ! !
  • 66. Extensibility Alt. backends (AUFS is not an approved linux patch) ‣ devicemapper ‣ BTRFS ‣ ZFS ‣ … ! Alt. implementations ‣ Solaris Zones ‣ BSD Jails
  • 69. security signature & authorization
  • 70.
  • 72.
  • 73. Q?