docker in the wild
TRANSCRIPT
1
Docker in the Wild
Chris Mague / Shokunin
3/4/2016
2
Today's Talk
Background The Good The Bad In development In CD pipelines In production Conclusion
3
“Everyone needs a daily dose of Vitamin No”
-Reiko
4
Why Virtualize at all?
- Big machine – small service- Migration possible- Legacy uses - Simpler provisioning- Isolation
5
Background
- Virtualization- VM vs Container- Jails- Solaris Zones- Cgroups in Linux- LXC- Docker
6
The Good
7
Good Reasons to use Docker
0) Immutable1) fast startup times2) lightweight3) good tools4) great with microservices
8
The Bad
9
Docker Downsides
0) Immutable1) requires Linux2) only runs one process3) tooling is awful (especially on not Linux)4) troubleshooting is hard5) need to rethink how you develop/deploy
10
Immutable
“these are snowflakes – chives are identical” - Dinner Rush
11
In Development
12
But where do these containers come from?
There are some high quality containers available for download!
13
Downloading things off the Internets
14
D-I-Y
15
Better Solution from Hashicorp- use puppet/chef/salt/ansible- still can use shell scripts- output a variety of formats - AMI - GCE - Droplets - Virtual box - Openstack - Docker - QEMU - Parallels (see, you can change your mind later)
16
Running Containers
Docker Composer - relatively simple - works great on a dev
machine - docker specific
17
Better Solution from Hashicorp (2)- Runs Docker Containers- Modular / Variables can be set- Controls a variety of services - Consul - GCE - Droplets - Mailgun - Postgres/Mysql - Datadog - PowerDNS - Heroku (see, you can change your mind later)
18
19
In CI/CD – Example Jenkins Pipeline
20
Now we come to scaling...
Treat a bunch of hardware as a big local docker instance
21
Or Amazon
22
Better Solution from Hashicorp (3) So do you work for them or something??
- Job scheduler - Docker - Java - Binary - QEMU- Cron scheduler- Orchestration- Service discovery integration
23
Job Specification
24
New problem – Discovery!
25
Better Solution from Hashicorp (4)
- single binary- Raft consensus / HA- Gossip protocol- Rest API- DNS Interface- Key/Value store- Locking- vs Zookeeper/Etcd
26
DNS Discovery
27
frontend http bind 0.0.0.0:80 capture request header Host len 500
{{range services}}{{ if .Tags | contains "web-service" }} acl host_{{ .Name }} hdr_beg(host) -i {{ .Name }}. use_backend {{ .Name }} if host_{{ .Name }}{{end}}{{end}}
{{range services}}{{ if .Tags | contains "web-service" }}backend {{ .Name }} mode http balance roundrobin option httpchk HEAD / HTTP/1.0\r\nHost:\ {{ .Name }}.test\r\nUser-
agent:\ HAPROXY-CHECK {{range service .Name}} server {{.Node}} {{.Address}}:{{.Port}} check inter 5s rise 2 fall 2{{end}}{{end}}{{end}}
frontend http bind 0.0.0.0:80 capture request header Host len 500
acl host_tabinin hdr_beg(host) -i tabinin. use_backend tabinin if host_tabinin
backend tabinin mode http balance roundrobin option httpchk HEAD / HTTP/1.0\r\nHost:\ tabinin.test\r\nUser-agent:\ HAPROXY-
CHECK server qatcd-nomad-2.example.com 172.19.58.171:27722 check inter 5s rise 2 fall 2 server qatcd-nomad-3.example.com 172.19.58.172:42417 check inter 5s rise 2 fall 2
Config File / Templates
28
Feature Flags – Consul generated file
29
In Production
A few things have to change...
30
Cattle vs. Pets
Pets: - have cute names - take them to the vet - care and feeding
Cattle: - replace it...
31
SLAs/KPIs become critical
- If my service returns a response in < 200ms 95% of the time...
- If my error rate > 2% over a 5 minute window...
32
Monitoring / Telemetry must follow
33
Logging is now your primary method of troubleshooting
34
New Problem
- You can deploy too fast……
Which one of the 10 deploys caused the issue and which one fixed it?
Two deployment windows a day 11:00 and 3:00 means everyone is on hand and able to jump in if there's an issue
35
Conclusion (1)
You are going to end up with an infrastructure that consists of Docker-ized and other types of services
Accordingly, pick the tool set that is the most flexible! (my bias is clear here...)
36
Conclusion (2)Docker is worth it for some things:- application servers- stateless applications- development environment
Don't bother:- data stores- slow moving monolithic apps