![Page 1: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/1.jpg)
Continuous Delivery with Containers:The Good, the Bad, and the Ugly
Daniel Bryant @danielbryantuk
![Page 2: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/2.jpg)
Containers: Expectations versus reality
21/05/2018 @danielbryantuk
“DevOps”
![Page 3: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/3.jpg)
@danielbryantuk
• Independent Technical Consultant, Product Architect at Datawire• Architecture, DevOps, Java, microservices, cloud, containers
• Continuous Delivery (CI/CD) advocate
• Leading change through technology and teams
21/05/2018 @danielbryantuk
![Page 4: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/4.jpg)
Setting the scene…
• Continuous delivery is a large topic• No business focus today (value stream etc)• PaaS and Serverless are super interesting…• But I’m assuming you’re all-in on containers
• Focusing today on the process and tooling• No live coding today• Mini-book contains more details (thanks nginx!)
21/05/2018 @danielbryantuk
bit.ly/2jWDSF7
![Page 5: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/5.jpg)
TL;DR – Containers and CD
• Container image becomes the build pipeline ‘single binary’
• Adding metadata to containers images is vital, but challenging
• Must validate container constraints on system quality attributes (NFRs)
21/05/2018 @danielbryantuk
![Page 6: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/6.jpg)
Continuous Delivery 101
21/05/2018 @danielbryantuk
![Page 7: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/7.jpg)
Continuous Delivery
• Produce valuable and robust software in short cycles
• Optimising for feedback and learning
• Not (necessarily) Continuous Deployment
21/05/2018 @danielbryantuk
![Page 8: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/8.jpg)
Velocity (with stability) is key to business success
“Continuous delivery is achieved when stability and speed can satisfy business demand.
Discontinuous delivery occurs when stability and speed are insufficient.”
- Steve Smith (@SteveSmithCD)
21/05/2018 @danielbryantuk
![Page 9: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/9.jpg)
Creation of a build pipeline is mandatory for continuous delivery
21/05/2018 @danielbryantuk
![Page 10: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/10.jpg)
21/05/2018 @danielbryantuk
Feedback: - Was our initial
hypothesis proven?- How can we improve
business, architecture and ops?
![Page 11: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/11.jpg)
Stability
21/05/2018 @danielbryantuk
![Page 12: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/12.jpg)
21/05/2018 @danielbryantuk
![Page 13: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/13.jpg)
Speed
21/05/2018 @danielbryantuk
![Page 14: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/14.jpg)
21/05/2018 @danielbryantuk
Feedback: - Was our initial
hypothesis proven?- How can we improve
business, architecture and ops?
![Page 15: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/15.jpg)
The impact of containers on CD
21/05/2018 @danielbryantuk
![Page 16: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/16.jpg)
Container technology (and CD)
• OS-level virtualisation• cgroups, namespaces, rootfs
• Share the OS kernel
• Package and execute software
• Container image == ‘single binary’
21/05/2018 @danielbryantuk
![Page 17: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/17.jpg)
21/05/2018 @danielbryantuk
![Page 18: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/18.jpg)
21/05/2018 @danielbryantuk
![Page 19: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/19.jpg)
Should I build my own container platform?
Probably not(Unless you are Google, AWS or IBM)
Whatever you decide…push it through a pipeline ASAP!
21/05/2018 @danielbryantuk
![Page 20: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/20.jpg)
But what about microservices?
21/05/2018 @danielbryantuk
![Page 21: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/21.jpg)
21/05/2018 @danielbryantuk
Independent service deployment
PATTERN
https://www.slideshare.net/dbryant_uk/deliveragile-2018-continuous-
delivery-patterns-for-modern-architectures
![Page 22: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/22.jpg)
Working Locally
21/05/2018 @danielbryantuk
![Page 23: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/23.jpg)
21/05/2018 @danielbryantuk
![Page 24: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/24.jpg)
Make your dev environment like production
• Develop locally or copy/code in container
• Must build/test containers locally• Perform (at least) happy path tests
• Use identical base images from production• With same configuration
21/05/2018 @danielbryantuk
![Page 25: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/25.jpg)
Quick digression: Working remotely, locally…
21/05/2018 @danielbryantuk
https://opencredo.com/working-locally-with-microservices/
https://www.telepresence.io/
![Page 26: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/26.jpg)
Make your dev environment like production
• Develop locally or copy/code in container
• Must build/test containers locally• Perform (at least) happy path tests
• Use identical base images from production• With same configuration
21/05/2018 @danielbryantuk
![Page 27: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/27.jpg)
Lesson learned: Dockerfile content is super important
• OS choice (distroless?)
• Configuration
• Build artifacts
• Exposing ports, user
• Java• JDK vs JRE and Oracle vs OpenJDK?
• Golang• Statically compiled binary in scratch?
• Python• Virtualenv?
21/05/2018 @danielbryantuk
![Page 28: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/28.jpg)
Please talk to the sysadmin people:Their operational knowledge is invaluable
21/05/2018 @danielbryantuk
![Page 29: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/29.jpg)
Different test and prod containers?
• Create “test” version of container
• Full OS (e.g. Ubuntu)
• Test tools and data
• Easy to see app/configuration drift
• Use test sidecar containers instead
• ONTEST proposal by Alexi Ledenev
21/05/2018 @danielbryantuk
http://blog.terranillius.com/post/docker_testing/
![Page 30: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/30.jpg)
Docker multi-stage builds
21/05/2018 @danielbryantuk
https://docs.docker.com/develop/develop-images/multistage-build/https://github.com/GoogleContainerTools/distroless
![Page 31: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/31.jpg)
Building Artifacts
21/05/2018 @danielbryantuk
![Page 32: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/32.jpg)
21/05/2018 @danielbryantuk
![Page 33: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/33.jpg)
Building images with Jenkins
• My report covers this
• Build as usual…
• Build Docker Image• Cloudbees Docker Build and Publish Plugin
• Push image to registry
21/05/2018 @danielbryantuk
![Page 34: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/34.jpg)
Building in the Cluster?
21/05/2018 @danielbryantuk
https://github.com/GoogleContainerTools/kanikohttps://www.infoq.com/news/2018/03/jenkins-x-kubernetes
![Page 35: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/35.jpg)
Deployment
21/05/2018 @danielbryantuk
https://blog.hasura.io/draft-vs-gitkube-vs-helm-vs-ksonnet-vs-metaparticle-vs-skaffold-f5aa9561f948
![Page 36: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/36.jpg)
Building Artifacts: Metadata
21/05/2018 @danielbryantuk
![Page 37: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/37.jpg)
Lesson learned: Metadata is valuable
• Application metadata• Version / GIT SHA
• Build metadata• Build date• Image name• Vendor
• Quality metadata• QA control, signed binaries, ephemeral support• Security profiles (AppArmor), Security audited etc
21/05/2018 @danielbryantuk
![Page 38: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/38.jpg)
Metadata – Beware of “latest” Docker Tag
• Beware of the ‘latest’ Docker tag
• “Latest” simply means • the last build/tag that ran without
a specific tag/version specified
• Ignore “latest” tag• Version your tags, every time• danielbryantuk/test:2.4.1
21/05/2018 @danielbryantuk
![Page 39: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/39.jpg)
Metadata - Adding Labels at build time
• Docker Labels
• Add key/value data to image
21/05/2018 @danielbryantuk
![Page 40: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/40.jpg)
Metadata - Adding Labels at build time
• Microscaling Systems’ Makefile
• Labelling automated builds on DockerHub (h/t Ross Fairbanks)• Create file ‘/hooks/build’
• label-schema.org • microbadger.com
21/05/2018 @danielbryantuk
![Page 41: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/41.jpg)
Metadata - Adding Labels at runtime
21/05/2018 @danielbryantuk
$ docker run -d --labeluk.co.danielbryant.lbname=frontdoor nginx
• Can ’docker commit’, but creates new image
• Not possible to update running container
• Docker Proposal: Update labels #21721
![Page 42: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/42.jpg)
External registry with metadata support
21/05/2018 @danielbryantuk
![Page 43: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/43.jpg)
New Solution: Grafeas + Kritis
21/05/2018 @danielbryantuk
https://github.com/grafeas/grafeashttps://www.infoq.com/news/2018/05/grafeas-kritis-security
![Page 44: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/44.jpg)
Grafeas Metadata “kinds” (Schema)
21/05/2018 @danielbryantuk
![Page 45: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/45.jpg)
21/05/2018 @danielbryantuk
![Page 46: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/46.jpg)
Grafeas Metadata “kinds” (Schema)
21/05/2018 @danielbryantuk
![Page 47: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/47.jpg)
21/05/2018 @danielbryantuk
![Page 48: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/48.jpg)
Quality Assurance
21/05/2018 @danielbryantuk
![Page 49: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/49.jpg)
21/05/2018 @danielbryantuk
![Page 50: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/50.jpg)
Validating Container Structure
21/05/2018 @danielbryantuk
https://github.com/GoogleContainerTools/container-structure-testhttps://github.com/GoogleContainerTools/container-diff
![Page 51: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/51.jpg)
Quality Assurance: Functional
21/05/2018 @danielbryantuk
![Page 52: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/52.jpg)
Testing (in Production??)
21/05/2018 @danielbryantuk
martinfowler.com/bliki/TestPyramid.htmlhttps://medium.com/@copyconstruct/testing-microservices-the-sane-way-9bb31d158c16
![Page 53: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/53.jpg)
Component testing
21/05/2018 @danielbryantuk
![Page 54: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/54.jpg)
Testing: Jenkins Pipeline (as code)
21/05/2018 @danielbryantuk
![Page 55: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/55.jpg)
21/05/2018 @danielbryantuk
![Page 56: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/56.jpg)
Testing individual containers
21/05/2018 @danielbryantuk
![Page 57: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/57.jpg)
Integration testing
21/05/2018 @danielbryantuk
![Page 58: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/58.jpg)
Introducing Docker Compose
21/05/2018 @danielbryantuk
![Page 59: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/59.jpg)
Quality Assurance: Nonfunctional
21/05/2018 @danielbryantuk
![Page 60: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/60.jpg)
Testing NFRs in the build pipeline
• Architecture
• Performance and Load testing • Gatling / jmeter / Flood.io
• Security testing • Findsecbugs / OWASP Dependency check• Bdd-security (OWASP ZAP) / Arachni• Gauntlt / Serverspec• Docker Bench for Security / CoreOS Clair
21/05/2018 @danielbryantuk
![Page 61: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/61.jpg)
Architectural Visibility
21/05/2018 @danielbryantuk
![Page 62: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/62.jpg)
Quick digression: Testing Architecture
21/05/2018 @danielbryantuk
https://www.archunit.org/
![Page 63: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/63.jpg)
Performance/soak testing
21/05/2018 @danielbryantuk
![Page 64: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/64.jpg)
Mechanical sympathy: Docker and Java
• Watch for JVM cgroup/taskset awareness (with JDK <= 8) • getAvailableProcessors() may incorrectly report the number of cpus in Docker (JDK-8140793)
• Runtime.availableProcessors() ignores Linux taskset command (JDK-6515172)
• Default fork/join thread pool sizes (and others) is based from host CPU count
• Set container memory appropriately • JVM requirements = Heap size (Xmx) + Metaspace + JVM overhead• Account for native thread requirements e.g. thread stack size (Xss)
• Entropy • Host entropy can soon be exhausted by crypto operations and /dev/random blocks• -Djava.security.egd=file:/dev/./urandom (notes on this)
21/05/2018 @danielbryantuk 64
![Page 65: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/65.jpg)
Security Visibility: Basic Code Scanning
21/05/2018 @danielbryantuk
![Page 66: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/66.jpg)
Dependency Scanning
21/05/2018 @danielbryantuk
www.owasp.org/index.php/OWASP_Dependency_Check
![Page 67: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/67.jpg)
Static Image Scanning
21/05/2018 @danielbryantuk
github.com/arminc/clair-scanner
![Page 68: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/68.jpg)
Verifying Container/Platform Security
21/05/2018 @danielbryantuk
https://github.com/docker/docker-bench-securityhttps://github.com/aquasecurity/kube-benchhttps://github.com/Shopify/kubeaudit
![Page 69: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/69.jpg)
Delaying NFRs to the ‘Last Responsible Moment’
Newsflash!Sometimes the
last responsible moment is up-front
Modern platforms/architectures don’t necessarily make this easier
21/05/2018 @danielbryantuk
![Page 70: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/70.jpg)
Quality Assurance: Post-Deploy
21/05/2018 @danielbryantuk
![Page 71: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/71.jpg)
Observability is core to continuous delivery
21/05/2018 @danielbryantuk
www.infoq.com/articles/monitoring-containers-at-scale
![Page 72: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/72.jpg)
Canarying and Synthetic Txns
21/05/2018 @danielbryantuk
https://blog.getambassador.io/canary-deployments-a-b-testing-and-microservices-with-ambassador-f104d0458736https://martinfowler.com/bliki/SyntheticMonitoring.html
![Page 73: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/73.jpg)
Choas Engineering/Testing
21/05/2018 @danielbryantuk
https://github.com/asobti/kube-monkey https://www.infoq.com/news/2018/01/powerfulseal-chaos-kubernetes
![Page 74: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/74.jpg)
When bad things happen, people are always involved…
21/05/2018 @danielbryantuk | @oakinger
![Page 75: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/75.jpg)
HealthCare.gov
21/05/2018 @danielbryantuk
![Page 76: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/76.jpg)
Mikey Dickerson's Hierarchy of Reliability
21/05/2018 @danielbryantuk
www.infoq.com/news/2015/06/too-big-to-fail
![Page 77: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/77.jpg)
Containers are not a silver bullet
21/05/2018 @danielbryantuk
![Page 78: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/78.jpg)
Moving to containers: Going all-in?
21/05/2018 @danielbryantuk
OR
![Page 79: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/79.jpg)
Containerise an existing (monolithic) app?
• For
• We know the monolith well
• Allows homogenization of the pipeline and deployment platform
• Can be a demonstrable win for tech and the business
• Against
• Can be difficult (100+ line scripts)
• Often not designed for operation within containers, nor cloud native
• Putting lipstick on a pig?
21/05/2018 @danielbryantuk
![Page 80: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/80.jpg)
Key lessons learned
• Conduct an architectural review • Architecture for Developers, by Simon Brown• Architecture Interview, by Susan Fowler
• Look for data ingress/egress• File system access
• Support resource constraints/transience• Optimise for quick startup and shutdown • Evaluate approach to concurrency• Store configuration (secrets) remotely
21/05/2018 @danielbryantuk
![Page 81: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/81.jpg)
Using containers does not get rid of the need for good architectural practices
21/05/2018 @danielbryantuk
![Page 82: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/82.jpg)
21/05/2018 @danielbryantuk
https://speakerdeck.com/caseywest/containercon-north-america-cloud-anti-patterns
![Page 83: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/83.jpg)
Summary
21/05/2018 @danielbryantuk
![Page 84: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/84.jpg)
In summary
• Continuous delivery is vitally important in modern architectures/ops
• Container images must be the (single) source of truth within pipeline• And metadata added as appropriate…
• Mechanical sympathy is important (assert properties in the pipeline)• Not all developers are operationally aware
• The tooling is now becoming stable/mature• We need to re-apply existing CD practices with new technologies/tooling
21/05/2018 @danielbryantuk
![Page 85: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/85.jpg)
Thanks for listening…
Twitter: @danielbryantukEmail: [email protected]
Writing: https://www.infoq.com/profile/Daniel-Bryant
Talks: https://www.youtube.com/playlist?list=PLoVYf_0qOYNeBmrpjuBOOAqJnQb3QAEtM
21/05/2018 @danielbryantuk
bit.ly/2jWDSF7
Coming soon!
![Page 86: Continuous Delivery with Containers: The Good, the …€¢Independent Technical Consultant, Product Architect at Datawire •Architecture, DevOps, Java, microservices, cloud, containers](https://reader036.vdocument.in/reader036/viewer/2022062600/5b39b68c7f8b9a40428ed49a/html5/thumbnails/86.jpg)
Bedtime reading
21/05/2018 @danielbryantuk