The document summarizes Day 2 of DockerCon. It discusses Docker being ready for production use with solutions for building, shipping, and running containers. It highlights Docker Hub growth and improvements to quality. Business Insider's journey with Docker is presented, covering lessons learned around local development and using Puppet and Docker Hub. Future directions discussed include orchestration tools and image security.
4. • Works for everyone (developers, devops, & ops)
• Works everywhere (multi-arch, multi-OS, on & off prem)
• Extensible & Pluggable
• Solutions and roadmap
Security
Orchestration
Networking & storage
Workflows for developing, shipping, deploying/managing
• Real users
What does Docker in Production mean?
And that’s what this DockerCon is all about
Docker in Production
7. 3 Broad Categories of Commercial Solutions
Build/
Create
Ship/
Store
Run/
Manage
8. Built by assembling best tools
Build/
Create
Ship/
Store
Run/
Manage
• Developer Platform
• CI/CD integration
• Signing/Trust
• +++
• Trusted registries
• Official repositories
• Access control
• Policies
• +++
• Orchestration
• GUI
• Management
• Logging
• +++
9. Delivered in manner that works in production
Build/
Create
Ship/
Store
Run/
Manage
• Work both on premises and in the cloud
• Have to work well together
• Delivered with commercial support
• Available through channels & partners
• Priced & packaged to enable easy adoption
22. Laptop to the World w/ Docker
Chris Buckley
Director of DevOps
Business Insider
23. Summary
• About Me
- Working in Linux/systems administration for 14 years, specializing in
LAMP based businesses
• About Business Insider
-Mix of Bare Metal & AWS infrastructure, PHP, Go, MongoDB, Puppet,
Docker
25. Why Docker at Business Insider?
• Because it was fun…
- FreeBSD Jails, Linux Containers have been around a while
- Docker was a great way to really start playing with them at BI
• Quickly saw opportunities for applications
- Local development environments
- Keeping consistent environments from Local (it works on my
laptop??), Dev, Staging, through to Production
- Apps using same monolithic codebase able to be isolated and
segregated on the same bare metal / virtual stack
26. Our first steps…
• Started using it for building and shipping code
- Kept the same environment and software versions during
build as in production
- … No matter where the build ran
27. First long running application…
• Several applications were utilizing the same
infrastructure
- Memcached keys being overwritten & APC clashes caused
issues in several applications
• Isolated containers could fix this…
28. Shipping infrastructure… so many questions
• How do we ship the containers?
• Adding code inside or mounting a volume outside
• How to manage the container, keep it running in
cases of failure?
• Infrastructure heavily Puppetized
- Workflow was built around consistent instances with
updates applied as code (Puppet Server/Agent, Hiera)
30. Running the Containers
• Mounted application code using volumes
• Shipping code using temporary containers from Jenkins
• Long standing containers as Linux services, containers hosted
on Docker Hub
31. It works! Sort of...
• Our first application out on Docker, and
it worked (hurrah!)
• Docker Hub as the central repository for
our containers
• Porting production containers back to
Developers not so simple...
33. Lesson Learned: Build for Local
• Building for production first was grandiose but
misguided
• Porting it backwards for Devs to use not the right
path for us
• Bottleneck for Devs to start writing code
34. ConFIGuration
• Fig (now Docker Compose) was perfect
for our needs
• Complete stack defined in YAML
• Links, Ports, Volumes, Environment
variables all in one place
• Build container from a Dockerfile or
pull an image from Docker Hub (we did
both)
35. • Previous generations of Dev environments, average time to get a
single app up and running was ~1-2 days
• With our own Vagrant running Docker, with Fig/Compose, we cut
that down to a few hours (excluding any database imports)
• Allowed our Developers to start writing and committing code
much faster
New Developer up and running in (almost) no
time
36. • Fig / Compose was great for single host applications
• For multi host / distributed applications, we turned to using
containers as Linux services (upstart, SysV)
• Rolling our own upstart scripts for every container became a
real pain, even with our containers sitting in Docker Hub
Revisiting Production apps
37. • We went back to the Puppet approved Docker module to see what
we could do.
- https://forge.puppetlabs.com/garethr/docker
• Turns out, it met a lot of our needs (Thanks Gareth!)
• Handled image versions, runtime configurations, links, startup
dependencies, all in a nicely packaged init.d script
- Packaged as a class we could fill the blanks using Hiera, and pull the
images from Docker Hub
Puppet Forge + Docker Hub == WIN
38. An example Puppet class, using the
Docker Puppet Forge module, showing
several containers, linking,
environment options, and
dependencies on other containers
services starting first.
42. • Current system is pretty good, but we want to take orchestration to
the next phase
- Investigating different tools
• Docker Machine/Swarm/Compose
• Kubernetes
• Mesosphere DCOS
• EC2 Container Service
• CoreOS/Fleetctl
• Diving deeper into triggered/automated builds
- Docker Hub automated builds
- Jenkins Docker plugins for building containers
What’s next for Business Insider + Docker?
43. Summary
• Leverage what you know and have
- No need to completely reinvent the wheel with your infrastructure
• There is no wrong way to experiment
- Docker ecosystem is vast, you’ll find what works for you
• Have fun with it!
-If we can’t enjoy what we do, what’s the point?
56. 5 FREE Private Repos
Only for DockerCon Attendees
Coupon Code:
dockercon2015
57. “Which capabilities are required to run Docker
in production?”
1. Support
2. On-premise registry
3. Networking
4. Security
5. Directory integration
65. Current State –
Monolithic, Stand
alone application
IAM
RDMS
API
Analytics
App-Business
Logic
LB
IAM
RDMS
API
Report
IAM
RDMS
API
Search
IAM
RDMS
API
Analytics
Application 1 Application 2 Application 3 Application 4
BusinessLogic
App-Business
Logic
LB
App-Business
Logic
LB
App-Business
Logic
LB
Services
66. Target State –
Business focused
abstracted from
the common
platform
IAM
API
Analytics
Data Services
Search/Reports
Security
Cloud Infrastructure
Business
Logic
Platform
Application 1
BusinessLogicServices
Business
Logic
Application 2
Business
Logic
Application 3
Business
Logic
Application 4
69. Benefits
• Improved customer-centric services
• Increased time-to-market
• Reduced cost
• Creates opportunities for new business
• Target state of 2 week production
sprints for platform and new
applications
• Decrease time for security review
70. Next Steps
• Image governance through provenance
• Inserting secrets in containers with Keywhiz
https://square.github.io/keywhiz/
• Container networking
• Plugins for Interlock (nginx, external, stats)
• API for Interlock for deeper integration
• “Docker Security”
11:45am @ Yerba Buena 9
Diogo Monica and Nathan McCauley
71. “Which capabilities are required to run Docker
in production?”
1. Support
2. On-premise registry
3. Networking
4. Security
5. Directory integration
77. Distributed Apps: What’s Next?
Michael Farber
EVP Innovation, Booz-Allen
@BoozAllen
Jason McGee
Cloud CTO, IBM
@jrmcgee
Mark Russinovich
CTO, Microsoft Azure
@markrussinovich
81. Openness Innovation
Docker | Microsoft
Since last year at DockerCon…
Docker
extensions
in Microsoft Azure
Docker client
for Windows
Docker VM
image
in Azure
ASP.NET 5
Preview
Docker image
Orchestration
in Azure
Visual Studio 2015
tools for
Docker: Preview
Windows Server
Containers showcase
Libswarm support
84. “As a sysadmin, how should I manage Dockerized apps in prod?”
“What tools can help me easily scale-up my apps?”
“What’s the Docker-recommended way to use Engine, Swarm,
Compose, and other technologies in production?”
“How can Ops make it easy – and secure - to give
Devs self-serve access to approved images?”
“I need better visibility into where my containers
are running and how they’re performing…”