[container world 2017] the questions you're afraid to ask about containers
TRANSCRIPT
#CONTAINERWORLD
Using the right container tech for the jobor, the questions you’re too afraid to ask about containers
@DustinKirkland
@DustinKirkland
EMPLOYEES
London
BostonShanghai
Taipei
800+COUNTRIES
47+FOUNDED
2004
Beijing
Austin
Tokyo
@DustinKirkland
What’s all the hype about?
Containers have been around forever…
They’re just little VMs,aren’t they?
asked no one, ever.
@DustinKirkland
virtual machines
process containers
application containers
machine containers
Taxonomy
@DustinKirkland
Should I run my PAAS on top of my IAAS?
Or should I run my IAAS on top of my PAAS?
asked no one, ever.
@DustinKirkland
$ conjure-up kubernetes
One command to deploy a complete Kubernetes on Ubuntu 16.04 LTS
@DustinKirkland
If we take a VMrunning on IaaS,
and run it on PaaSin a Docker container,
does that mean the app is now “dockerized”?
asked no one, ever.
@DustinKirkland
● SwissCom’s new workloads are “dockerized”
● Was 400 VMs running 400 databases
● Now 20 VMs running 400 Databases
● DBaaS through the organization
● Build, Ship, Run mentality within the IT organization
Source: https://www.docker.com/use-cases/infrastructure-optimization
@DustinKirkland
● Digitized transaction workflow, mathematically secured
● Shared, replicated ledger● IBM Blockchain workloads
are “dockerized”● IBM Mainframe hardware● Ubuntu Linux● Docker images● Hyperledger software● Cutting edge technology● Lots of
run-to-completion, stateless number crunching
Source: http://www.ibm.com/blockchain/hyperledger.html
@DustinKirkland
● Mature, legacy code base, that generally “just works”
● No desire really to ever touch it again
● Linux, Apache, PHP, Postgres, on AWS -- should dockerize easily, right?
● Those were easy, but what about Cron? Logrotate? Vacuumdb? Backup? Package updates?
● DivItUp.com moved to LXD much more easily
@DustinKirkland
Does your new12-factor appimplement a
cloud-native designwith a microservice
architecture?
asked no one, ever.
@DustinKirkland Source: http://microservices.io/patterns/microservices.html
Microservice Architecture
@DustinKirkland
Can any of this container stuff
actually be used securely in production
in an enterprise environment?
asked no one, ever.
@DustinKirkland
Resource Control
Discretionary Access
Mandatory Access
Fine Grained Access
cgroups
namespaces
apparmor
seccomp
Container Security
# Count the CPUs and Memory availablelxc exec demo1 -- grep processor /proc/cpuinfolxc exec demo1 -- free
# Limit the container to 1 CPU and 128MB of Memlxc config set demo1 limits.cpu 1lxc config set demo1 limits.memory 128MBlxc stop demo1 && lxc start demo1
# Recount the CPUs and Memory availablelxc exec demo1 -- grep processor /proc/cpuinfolxc exec demo1 -- free