Post on 21-Mar-2017
Daniël van Gils Developer Advocate
@foldingbeauty daniel@cloud66.com
www.cloud66.com
!
"
Running Microservices in Production with Docker
= public/private/hybrid = yours
Services
#
> 4000 serversEasy Ops tools build for Devs
• The services are easy to replace.
• Services are organized around capabilities, e.g., user
interface front-end, recommendation, logistics, billing, etc.
• Services can be implemented using different programming
languages, databases, hardware and software environment,
depending on what fits best.
microservice architecture
$$$$
$$$
$$
$
$
$
%
$#
$$
%
$#
$$
%
$#
$$
%
$#
$$
NOISE
$docker run alpine echo 'hello world’
production
?
$docker-compose up -d
time
skill
s
&
$
#
#1 the right container image
#2 containers in production
$$
microservice example
% service
$ containers
server cluster(s)'
image$#
$$
= code
= docker file
= docker engine
= platform
$
build
ship
deploy
%
$#
% %test test
$# $#dev machine
continuous
integration
continuous
deployment
( (
))
code *
service *
% $
$
api
%
$# $#
workermessage
queue%frontend
request work
status update
microservice example
% $
$
%
$# $#I can bake 1 donut in x seconds.
message queue%
I want 5 donuts
request 5 donuts
donuts are baking donuts are ready
I know how to receive orders and give orders to baking minions.
https://github.com/cloud66-samples/webinar_codefresh
+
$$$
%
$#
$$
%
$#
$$
%
$#
$$
%
$#
$$
%
$#
$$
%
$#
$$
%
$#
$$
%
$#
$$
%
$#
$$
isolated test
%
$#
$$
isolated test
(API)
%
$#
$$
isolated test
(WORKER)
%
$#
$$
integration test + development
%
$#
$$
%
$#
$$
%
$#
$$
&containerization
,
-
./
the containerization machine
$$$
,you can’t polish a turd
&
$
containerization
-
.0
$$$ =
$#
“The right image should be the same in all your environments.”
$#
“The right tests should be the same in all your environments.”
$#
“I didn't have time to create a slim image, so I created a fat one instead.”
$#
“The right image needs at least 5 kisses” kiss = keep an image s…, smart ass
slim secure speedy stable set
SLIM Start with the smallest minimal image you can find and trust. Remove compile time dependencies. Remove packages you don’t need. Squash layers to reduce size. Run stats for the image. habitus.io blog.cloud66.com
$#
SLIM SECURE SPEEDY STABLE
SET
$#
SECURE Remove all the secrets. Patch to the latest security updates. Run the image with the right UID. Test the image. https://github.com/docker/docker-bench-security
$#
SMALL SECURE SPEEDY STABLE
SET
$#
SPEEDY Optimize code. Memory and cpu usage. One process. Load testing.
$#
SLIM SECURE SPEEDY STABLE
SET
$#
STABLE Lock the image version. Lock the runtime version(s). Tag your image. Proper logging.
$#
SLIM SECURE SPEEDY STABLE
SET
$#
SET Use volumes wisely, use external services for persistency, don’t abuse host system. Loosely coupled. Remove things which are hard to maintain in production.
$#
Reality Check!
%
$#
$ 2
monolith containerization ± 70 % (multi tenant)
monolith 1x
monolith image FAT
%
$#
$
2
API first containerization ± 20%
$#
$api 1x
frontend 1x
image frontend FAT
image api FAT
%
$#
$
2
splitting monolith containerization ± 6%
$#api 6x
frontend 1x $#
$
workers 10x
$$$$$$$$$
image frontend FAT
image api THIN
image workers THIN
$$$$$$
%
$#
32
$#A 6x
B 12x $#
$
C 10x
$$$$$$$$$
image B THIN
image A THIN
image C THIN
$$$$$$
microservice architecture ± 4%
$$$$$$$
$$$$$
message queue
$#
microservice microimage microplatform?
law of conservation of energy?
LIFE CYCLE
$#ORCHESTRATION DISCOVERY
SECURITY
SCALING
DATA MANAGEMENT
MONITORING
SCHEDULING
Choose your platform wisely.
LIFE CYCLE
$#ORCHESTRATION DISCOVERY
SECURITY
SCALING
DATA MANAGEMENT
MONITORING
SCHEDULING
LIFE CYCLE
$#ORCHESTRATION DISCOVERY
SECURITY
SCALING
DATA MANAGEMENT
MONITORING
SCHEDULING
LIFECYCLE Have an image guideline. Create a workflow using the same image in all the software cycle stages. From design to production mimic the environment. Test heavily.
42
LIFE CYCLE
$#ORCHESTRATION DISCOVERY
SECURITY
SCALING
DATA MANAGEMENT
MONITORING
SCHEDULING
ORCHESTRATION Provisioning nodes. Networking. Isolation of services. Self healing. iOi = Infrastructure on Infrastructure.
45
LIFE CYCLE
$#ORCHESTRATION DISCOVERY
SECURITY
SCALING
DATA MANAGEMENT
MONITORING
SCHEDULING
DISCOVERY Find your services and datasources with minimal code change. Versioning of running services. Automagically update discovery when services come and go.
46
LIFE CYCLE
$#ORCHESTRATION DISCOVERY
SECURITY
SCALING
DATA MANAGEMENT
MONITORING
SCHEDULING
SCALING/SCHEDULING Scale your service (= more running containers). Scale your nodes. Scale your on/off jobs. Failover groups. Hybrid infrastructure. Load balancing.
47
LIFE CYCLE
$#ORCHESTRATION DISCOVERY
SECURITY
SCALING
DATA MANAGEMENT
MONITORING
SCHEDULING
DATA MANAGEMENT Backup and restores. Clustering. Verify your backups.
4
LIFE CYCLE
$#ORCHESTRATION DISCOVERY
SECURITY
SCALING
DATA MANAGEMENT
MONITORING
SCHEDULING
MONITORING Get all the statistics of resources (mem/load/net/res) used. Aggregating of logs. Key debugging ingredient.
48
LIFE CYCLE
$#ORCHESTRATION DISCOVERY
SECURITY
SCALING
DATA MANAGEMENT
MONITORING
SCHEDULING
SECURITY Node and Engine level. Intrusion detection and prevention systems. DoS protection. Firewall. Segregate container groups Verification of images.
44
Choose your platform wisely.
When you get DevOps, Testing, Microservices architecture right and creating the right minimal lovable Image and having the right platform to run containers. Happy Camper.
#
THANK YOU www.cloud66.com (free docker in production platform trial) www.codefresh.com www.habitus.io (open source docker build flow tool) startwithdocker.com (easy starter for docker) https://github.com/cloud66-samples/webinar_codefresh
```
$#
Daniël van Gils Developer Advocate
@foldingbeauty daniel@cloud66.com
www.cloud66.com
!
"