Post on 11-Aug-2020
Daniël van Gils @folding beauty daniel@cloud66.com
www.cloud66.com
!"
How the hell do I run Microservices Docker in Production?...
and will it scale?
OpsDev
Design
Developer Advocate
Build, deploy and maintain any application on any server, on the cloud provider of your choice or bring your own servers.
Running Docker in production for almost 1½ years for our customers.
We simplify DevOps.
Researched how our customers are using Docker.
Daniël van Gils @folding beauty daniel@cloud66.com
www.cloud66.com
!"
How the hell do I run Docker in Production?...
and will it scale?
#
$
%
#1 the right container image
#2 containers in production
$$
api / ruby
static / middleman
whatsapp api / python
AI / tensor flowhidden service / tor
chat bot / go
analytics / R
bigdata / java
iot / c++
NOISE
$docker run alpine echo 'hello world’
you don’t know what kind of skills you need
production
you know what kind of skill you need
you think you know your gained all the skills
but you don’t know
time
skill
s
$
&&
containers
$ $$$$$
$
bin/libs
os
#
bin/libs bin/libs
'
(
)*
#
&server
os
bin/libs
(
+
&&
cloud/VM
os
bin/libs
#
'
(
&os
bin/libs
'
(
cloud/VM
#
'
(
)*
containers
##(
server
dev
ops
ops
ops
dev dev+
simple
complex
%Minimal Lovable Service
technology
%♥
NOISE
- service
$ containers
server cluster(s)&
image$%
$$
= code
= docker file
= docker engine
= platform
$
build
ship
deploy
#containerisation
'
(
)*
the containerisation machine
$$$
'you can’t polish a turd
#
$
containerisation
(
).
$$$ =
dev » test » stage » production
small - secure - performant - stable - immutable
%Minimal Lovable Service Image
SMALL SECURE
PERFORMANT STABLE
IMMUTABLE
$%
SMALL Start with the smallest minimal image you can find. Remove compile time dependencies. Remove packages you don’t need. Run stats for the image.
$%
SMALL SECURE
PERFORMANT STABLE
IMMUTABLE
$%
SECURE Remove all the secrets. Patch to the latest security updates. Run the image with the right UID. Test the image.
$%
SMALL SECURE
PERFORMANT STABLE
IMMUTABLE
$%
PERFORMANT Optimise code. Memory and cpu usage. One process. Load testing.
$%
SMALL SECURE
PERFORMANT STABLE
IMMUTABLE
$%
STABLE Lock the image version. Lock the runtime version(s). Tag your image. Proper logging. Image guideline for your team.
$%
SMALL SECURE
PERFORMANT STABLE
IMMUTABLE
$%
IMMUTABLE Use volumes wisely. Loosely coupled. Don’t use databases inside a image. Use external services for persistency.
$%
dev » test » stage » production
small - secure - performant - stable - immutable
%Minimal Lovable Service Image
How the hell do I run Docker in Production?...
and will it scale?
-
$%
$ 0
monolith containerisation ± 70 %
monolith 1x
monolith image FAT
-
$%
$
0
API first containerisation ± 20%
$%
$api 1x
frontend 1x
image frontend FAT
image api FAT
-
$%
$
0
splitting monolith containerisation ± 6%
$%api 6x
frontend 1x $%
$
workers 10x
$$$$$$$$$
image frontend FAT
image api THIN
image workers THIN
$$$$$$
-
$%
10
$%A 6x
B 12x $%
$
C 10x
$$$$$$$$$
image B THIN
image A THIN
image C THIN
$$$$$$
microservice architecture ± 4%
$$$$$$$
$$$$$
message queue
people
good service
%
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY
0
DEV/OPS/DESIGN FLOW Have an image guideline. Create a workflow using the same image in all the software cycle stages. From design to production mimic the environment. Test heavily.
20
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY
3
ORCHESTRATION Isolation of services. Make use of the resource available. Self healing. Load distribution. Adding nodes to your cluster.
23
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY
4
DISCOVERY Find your services and datasources with minimal code change. Versioning of running services. Automagically update discovery when new services are online or scaled up/down.
24
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING/SCHEDULING DATA MANAGMENT MONITORING SECURITY
5
SCALING/SCHEDULING Scale your containers. Scale your docker cluster. Scale your on/off jobs. Failover groups. Cross cloud clusters. Load balancing.
25
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY
DATA MANAGEMENT Backup and restores. Clustering. Verify your backups. Run natively not in a container.
2
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY
6
MONITORING Get all the statistics of resources (mem/load/net/res) used. Aggregating of logs. Debugging your containers.
26
DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING DATA MANAGMENT MONITORING SECURITY2
SECURITY Intrusion detection and prevention systems. Denial of service protection. Firewalling. Failover groups. Segregate container groups VPC / bastion servers. Verification of images.
22
'start small & smart - scale up later
#
$
containerisation
(
7.
$$$
SMALL SECURE PERFORMANT STABLEIMMUTABLE
$%DEV/OPS/DESIGN FLOW ORCHESTRATION DISCOVERY SCALING/SCHEDULING DATA MANAGMENT MONITORING SECURITY
#
MLI PLATFORM CONTAINERS AS A SERVICE
When you get DevOps right, Microservices architecture right and creating the right minimal lovable Image and having the right platform to run containers. Ohh man, the future is bright and you don’t go to hell!
%
Daniël van Gils @folding beauty daniel@cloud66.com
www.cloud66.com
!"
www.cloud66.com blog.cloud66.com habitus.io startwithdocker.com
ready for your quest?
thank you