Docker - Powering RA at Zalando
•
2 likes•2,292 views
Zalando's Jan Mußler points out how Docker helps to foster team autonomy while complying with company regulations. As an example he shows how Zalando Tech deploys onto its microservices infrastructure by using their open source platform STUPS (stups.io) along with Docker in their continuous delivery strategy. https://tech.zalando.com
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Docker - Powering RA at Zalando
Similar to Docker - Powering RA at Zalando (20)
More from Zalando Technology
More from Zalando Technology (8)
Recently uploaded
Recently uploaded (20)
Docker - Powering RA at Zalando
- 1. Docker - Powering RA at Zalando Docker Meetup - Dortmund 7.6.2016 | jan.mussler@zalando.de | @JanMussler
- 2. 15 countries 3 fulfillment centers 18+ million active customers 3.0+ billion € revenue 135+ million visits per month 1.000+ employees in tech Europe's Leading Fashion Platform Visit us: tech.zalando.com
- 4. Platform 80+ Engineering teams Platform team deploy Server needs Storage requests
- 8. STUPS
- 9. AWS STUPS DOCKER DEPLOY SSH ACCESS AUDIT REPORTS FULL AWS ACCESS STUPS: A PLATFORM ON TOP OF AMAZON WEB SERVICES
- 10. ➊ ➋ ➌ ➍ ➎
- 11. Internet *.abc.example.org *.xyz.example.org Team ABC Team XYZ ISOLATED AWS ACCOUNTS EC2EC2 ELBELB EC2
- 12. DEPLOYMENT
- 13. IMMUTABLE STACKS ELB myapp-1 myapp.example.org EC2 + Docker EC2 + Docker EC2 + Docker
- 14. IMMUTABLE STACKS ELB myapp-1 EC2 + Docker EC2 + Docker EC2 + Docker ELB myapp-2 EC2 + Docker EC2 + Docker myapp.example.org
- 15. ● Immutable AMI ● YAML user data ● Docker runtime ● Application logging: LogEntries, Scalyr, CloudWatch Logs ● Prometheus Node Agent for metrics ● KMS encrypted env vars TAUPAGE AMI
- 16. Taupage AMI
- 17. SENZA: DEFINITION YAML SenzaInfo: StackName: hello-world Parameters: - ImageVersion: Description: "Docker image version of Hello World." SenzaComponents: - Configuration: Type: Senza::StupsAutoConfiguration # auto-detect network setup - AppServer: # will create a launch configuration and ASG with scaling triggers Type: Senza::TaupageAutoScalingGroup InstanceType: t2.micro SecurityGroups: [app-hello-world] ElasticLoadBalancer: AppLoadBalancer TaupageConfig: runtime: Docker source: "stups/hello-world:{{Arguments.ImageVersion}}" ports: 8080: 8080
- 18. SENZA: STACK DEPLOYMENT $ senza create hello-world.yaml 1 0.2 Generating Cloud Formation template.. OK Creating Cloud Formation stack hello-world-1.. OK $ senza events hello-world.yaml 1 Stack Name│Ver.│Resource Type │Resource ID │Status │Status Reason │Event Time hello-world 1 CloudFormation::Stack hello-world-1 CREATE_IN_PROGRESS User Initiated 10m ago ... hello-world 1 CloudFormation::Stack hello-world-1 CREATE_COMPLETE 6m ago
- 20. SSH ACCESS
- 21. SSH ACCESS: TIME-LIMITED ACCESS TO ANY TEAM SERVER
- 22. LOGGING
- 24. Automation GOCD
- 25. Thoughtwork’s GOCD in action
- 26. GOCD - Pipeline example - configuration overlay
- 27. Plan - B
- 28. The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service. - oauth.net OAUTH 2.0?
- 29. ● Robustness & resilience ⇒ Cassandra, no SPOF ● Low latency for token validation ⇒ Token Info next to application ● Horizontal scalability ⇒ Cassandra, “stateless” Token Info PLAN B: GOALS - Build open source Oauth2 Provider
- 30. PLAN B: COMPLETE PICTURE bobalice create token Token Info validate Provider credential storage Revocation poll public keys poll revocation listsS3 call with Bearer token
- 31. Written in Go ~16 MB Docker image Stateless application CPU bound, Go 1.6 ~40x speedup for EC verify EC2 instance start to healthy: 45sec Scaling Token Info example
- 32. ZMON
- 33. Flexible and extendable: Checks & Alerts in Python Integrate: REST APIs, OAUTH2, AWS Auto Discovery Fully configurable via UI / API: no restarts required! Great for teams: team dashboards, alerts inheritance Fast/scaling metrics: Redis, KairosDB + Grafana3 Hackweek 2015 - iOS app and Android app ;-) ZMON - High Lights ;-)
- 37. Continued ...
- 38. Instance Metrics ● Memory usage ● Disk space usage ● CPU usage ● Application logs ● Application metrics Monitoring instances on AWS Scalyr Agent Log shipping Prometheus Node Agent :9100/metrics Taupage AMI (Ubuntu base) Application Container Go / Spring Boot / Cassandra Docker run time :8080 -> app :7979 -> metrics
- 39. Annotated Metric Data in Grafana
- 40. Annotated Metric Data in Grafana
- 41. Running same Docker Image everywhere
- 42. CLAIR - SQS
- 43. CoreOS’ Clair with PierOne - Static vulnerability analysis of images
- 46. Learnings?
- 47. ● AWS terminology and behavior ● OAuth2 + Security + Security Groups ● Ops can be hard -> SaaS? ● CF deployment takes time ● DNS load balancing and switching :-( ○ Remember timeout config …!! ○ ELB soso ... ● Great flexibility and power though A lot of input to cover ...
- 48. Zalando on Github: https://github.com/zalando STUPS online: https://stups.io ZMON Demo: https://demo.zmon.io Zalando Tech: https://tech.zalando.com