Aurelijus Banelis

Dockerizing PHP Apps

VilniusPHP2018-11-08

Aurelijus Banelis

PGP 0x320205E7539B6203130D C446 1F1A 2E50 D6E33DA8 3202 05E7 539B 6203

Backend/DevOpsaurelijus.banelis.ltaurelijus@banelis.lt

AdaptingPHP applicationsto be used with

docker

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWS

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWS

Monolith (VirtualBox) → SplitDevelopment bottleneck

Jenkins (time based) → CircleCIConfidence/tooling bottleneck

Release coordination → AWS servicesProvisioning speed bottleneck

Monolith (VirtualBox) → SplitDevelopment bottleneck

Jenkins (time based) → CircleCIConfidence/tooling bottleneck

Release coordination → AWS servicesProvisioning speed bottleneck

Need for better virtualization tools

Monolith (VirtualBox) → SplitDevelopment bottleneck

Jenkins (time based) → CircleCIConfidence/tooling bottleneck

Release coordination → AWS servicesProvisioning speed bottleneck

Need for better virtualization tools

docker?

We migrated to dockerUsing docker extensively at

Learning curve was highWere pioniers, added tooling around

I would do the same againRight decision for current scaleFuture opportunities

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWS

Tool to run in isolated environmentMany ifs in kernel = cgroupsNot VirtualBox, not unikernel

Open source tool backed by Docker IncContainer hosting and premium serviceImproved by community (AWS, K8s)

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWS

docker build . -t vilniusphp-exampledocker run -p 8080:80 vilniusphp-example

https://gist.github.com/aurelijusb/6f6b1c86c440ce527250193ffcae62d7

docker build . -t vilniusphp-exampledocker run -p 8080:80 vilniusphp-example

https://gist.github.com/aurelijusb/6f6b1c86c440ce527250193ffcae62d7

docker build . -t vilniusphp-exampledocker run -p 8080:80 vilniusphp-exampleSimple?

https://gist.github.com/aurelijusb/6f6b1c86c440ce527250193ffcae62d7

docker build . -t vilniusphp-exampledocker run -p 8080:80 vilniusphp-exampleSimple?But for simple cases

Multiple containers

Development tools

PHP extensions

xDebug support

...https://github.com/nfqakademija/docker/blob/master/php/Dockerfile

Multiple containers

Development tools

PHP extensions

xDebug support

...https://github.com/nfqakademija/docker/blob/master/php/Dockerfile

More configuration

Multiple containers

Development tools

PHP extensions

xDebug support

...https://github.com/nfqakademija/docker/blob/master/php/Dockerfile

More configurationBut infrastructure

as a code

https://github.com/nfqakademija/docker/blob/master/docker-compose.yml

Multiple containers

Development tools

PHP extensions

xDebug support

...https://github.com/nfqakademija/docker/blob/master/php/Dockerfile

Docker wayLogging stdout/stderrConfiguration via ENV

Kill-it-not-heal-it….

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWS

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWS

DockerFeaturetoggle

IDE in cloud

Run & pray

Virtual box

Not many alternativesFor isolated environments

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWS

Sandboxed development environmentHigh quality mocks (real MySql, wireshark)True integration/acceptance testsDockerfile→docker-compose→custom tooling

Experimenting with new software saferNo trash, no sensitive informationEasy to swap (DynamoDB local vs dynalite)Install/compile on your machine? Seriously?

Switching between branches/tasksLess issues with cache invalidationKill-it-not-heal-itData volumes = test data in branch

Infrastructure as a codeFixed versions, fixed php.ini+extensionsLess “works on my machine” = reproducibleMany bash scripts, configuration via ENV

Huge ecosystemPioniers are using and improvingAmazon, Google (K8s) is investingKnown issues and solutions in StackOverflow

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWS

High learning curve = blame dockerMisuse of the tool – isn’t docker silver bullet?Docker wraps – everyone blames the wrapperMany ways to install docker incorrectlyMounting vs copy-on-write operationNo Windows, more tooling/docs around

Not mature tooling / edge casesDownload private dependency: github token?Password protected SSH key? (Mac+Linux)CircleCI limited “remote docker”Host IP for xDebugEven more bash scripts/docs

Cache everything by designFull HDD because of docker imagesMissing log rotation (no “log-opts” by default)“Latest” tag, that is not immutableNetwork unreachable, since used by dockerDocker-clean sh, docker pull, RTFM

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWS

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWS

○ ECS (not yet K8s, AWS backed infrastructure/improvements, canary deployment by default)

○ ECR – uptime for downloads. Docker hub for development○ Task definition = docker-compose.yml○ PHP+Apache = PHP+Nginx (no big difference)○ Custom tooling for credentials via environment○ Spot-instances (currently for staging, targeting production)

PHP + Docker in productionMigrated Tier1 service – nobody noticed

AWS ECS PHP 7.2

Docker Apache

○ ECS (not yet K8s, AWS backed infrastructure/improvements, canary deployment by default)

○ ECR – uptime for downloads. Docker hub for development○ Task definition = docker-compose.yml○ PHP+Apache = PHP+Nginx (no big difference)○ Custom tooling for credentials via environment○ Spot-instances (currently for staging, targeting production)

PHP + Docker in productionMigrated Tier1 service – nobody noticed

AWS ECS PHP 7.2

Docker Apache

Amazon Web ServicesElastic Container ServiceHigh quality AWS integrationK8s on AWS then was not matureKnow-how (our Go apps in prod)

Naming in AWSDocker-compose → Task definitionContainer → TaskDocker Hub → ECR

Apache mod_phpPHP 7.2 log trimming in Nginx+FPMSingle process container – easierInternal service (no slow loris attack)No visible performance impact

Replica Daemon External

Logging

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWS

DockerFeaturetoggle

IDE in cloud

Run & pray

Virtual box

Docker:Good to understand

Use on demand

Aurelijus Banelis

Dockerizing PHP Apps

VilniusPHP2018-11-08

Thank youQuestions?

Further reading/references● https://www.docker.com/● https://hub.docker.com/ ● https://aws.amazon.com/ecs/● https://aws.amazon.com/ecr/ ● https://fluentbit.io/● https://www.home24.de/ ● https://home24.tech.blog/category/aws/● https://aws.amazon.com/blogs/opensource/network-load-balancer-support-in-kubernetes-1-9/