Running Docker in Production - The Good, the Bad and The Ugly

45
Docker in Production The Good, The Bad and The Ugly Jari Kolehmainen, CTO & Co-founder

Transcript of Running Docker in Production - The Good, the Bad and The Ugly

Page 1: Running Docker in Production - The Good, the Bad and The Ugly

Docker in ProductionThe Good, The Bad and The Ugly

Jari Kolehmainen, CTO & Co-founder

Page 2: Running Docker in Production - The Good, the Bad and The Ugly

© 2016 Kontena, Inc.

Page 3: Running Docker in Production - The Good, the Bad and The Ugly

Pick the Right Path

Page 4: Running Docker in Production - The Good, the Bad and The Ugly
Page 5: Running Docker in Production - The Good, the Bad and The Ugly

Options

DIY?Rent?

Platform?

Page 6: Running Docker in Production - The Good, the Bad and The Ugly
Page 7: Running Docker in Production - The Good, the Bad and The Ugly

DIY?

Do-It-YourselfSounds like fun?

Page 8: Running Docker in Production - The Good, the Bad and The Ugly
Page 9: Running Docker in Production - The Good, the Bad and The Ugly

DON’TDO IT

(unless you are forced)

Page 10: Running Docker in Production - The Good, the Bad and The Ugly

Rent?

AWS ECSAzure Container Service

Google Container Engine

Page 11: Running Docker in Production - The Good, the Bad and The Ugly
Page 12: Running Docker in Production - The Good, the Bad and The Ugly

Rent

”I don’t want to maintain anything”

Works for some use cases

Page 13: Running Docker in Production - The Good, the Bad and The Ugly

Platform?

Docker Swarm (the new one)Kubernetes

KontenaDCOS

Page 14: Running Docker in Production - The Good, the Bad and The Ugly
Page 15: Running Docker in Production - The Good, the Bad and The Ugly

Platform

Most features built-inLess maintenance

Battle tested

Page 16: Running Docker in Production - The Good, the Bad and The Ugly

Docker Engine

Page 17: Running Docker in Production - The Good, the Bad and The Ugly

Docker Engine

Tweak defaultsNeeds “janitors”

Prefer container “native” hosts

Page 18: Running Docker in Production - The Good, the Bad and The Ugly

Docker Engine

Graphdriver of the day: overlay2Engine plugins: run outside

Keep engine & kernel up-to-date

Page 19: Running Docker in Production - The Good, the Bad and The Ugly

Docker Engine

3rd parties might cause side-effects

Systemd <> Overlay networksCadvisor <> Docker mounts

Page 20: Running Docker in Production - The Good, the Bad and The Ugly

CI/CD Pipeline

Page 21: Running Docker in Production - The Good, the Bad and The Ugly
Page 22: Running Docker in Production - The Good, the Bad and The Ugly

Pipeline

BuildTest

Deploy

Page 23: Running Docker in Production - The Good, the Bad and The Ugly

Pipeline

Script everythingVersion control everything

Yes, everything

Page 24: Running Docker in Production - The Good, the Bad and The Ugly

Everything but secrets.

Page 25: Running Docker in Production - The Good, the Bad and The Ugly

Tools for pipeline

DroneJenkins

Gitlab CI

Page 26: Running Docker in Production - The Good, the Bad and The Ugly

Pipeline Example

Page 27: Running Docker in Production - The Good, the Bad and The Ugly

1. Git Push2. Trigger Build 3. Push Docker Image

4. Trigger Deploy

5a. Deploy to Staging 5b. Deploy to Production

Pull Docker Image

Page 28: Running Docker in Production - The Good, the Bad and The Ugly

Security

Page 29: Running Docker in Production - The Good, the Bad and The Ugly
Page 30: Running Docker in Production - The Good, the Bad and The Ugly

Security

Security patchingNetwork access

Secret managementAudit

Page 31: Running Docker in Production - The Good, the Bad and The Ugly

Patching

Container “native” OSConfiguration management

Image scanning

Page 32: Running Docker in Production - The Good, the Bad and The Ugly

Network Security

Overlay (SDN) networksNetwork segments/policies

Firewalls

Page 33: Running Docker in Production - The Good, the Bad and The Ugly

Secret Management

Keep secrets outUse platform provider solutionIntegrate 3rd party solution to

pipeline

Page 34: Running Docker in Production - The Good, the Bad and The Ugly

Audit

Audit logsContainer logs

Alerts

Page 35: Running Docker in Production - The Good, the Bad and The Ugly

Prepare for Chaos

Page 36: Running Docker in Production - The Good, the Bad and The Ugly
Page 37: Running Docker in Production - The Good, the Bad and The Ugly

But why?

Hosts failEngines fail

Containers failYour app crashes

Page 38: Running Docker in Production - The Good, the Bad and The Ugly

Ok, is all hope lost?

Page 39: Running Docker in Production - The Good, the Bad and The Ugly

Rules for chaos

Allow hosts to dieTrust the scheduler

Use clustered databasesOutsource state if possible

Page 40: Running Docker in Production - The Good, the Bad and The Ugly

Summary

Page 41: Running Docker in Production - The Good, the Bad and The Ugly

Summary

Prepare properlyTweak defaults

Automate everythingUse battle tested solutions

Page 42: Running Docker in Production - The Good, the Bad and The Ugly

QAAsk and get a shirt!!!

Page 43: Running Docker in Production - The Good, the Bad and The Ugly

[email protected]

@kontenainc

slack.kontena.io

github.com/kontena/kontena

meetup.com/pro/kontena

www.kontena.io

Stay up to date!

Page 44: Running Docker in Production - The Good, the Bad and The Ugly

Thank You!www.kontena.io

Page 45: Running Docker in Production - The Good, the Bad and The Ugly

We are hiring!kontena.io/jobs


The ugly, the bad, and the not-so-bad Gilles Durantonsiteresources.worldbank.org/EXTPREMNET/Resources/489960-1338997241035/Growth...The ugly, the bad, and the not-so-bad Gilles Duranton

The ugly, the bad, and the not-so-bad Gilles Durantonsiteresources.worldbank.org/EXTPREMNET/Resources/489960-1338997241035/Growth...The ugly, the bad, and the not-so-bad Gilles Duranton

Node Security: The Good, Bad & Ugly

Node Security: The Good, Bad & Ugly

Wifi the good bad and ugly

Wifi the good bad and ugly

Predictions - Good, bad, and ugly

Predictions - Good, bad, and ugly

The Good the Bad the Ugly

The Good the Bad the Ugly

Pair Programming: Good, Bad and Ugly

Pair Programming: Good, Bad and Ugly

Viral marketing good bad and ugly

Viral marketing good bad and ugly

Good, Bad or Ugly?

Good, Bad or Ugly?

The Bad & The Ugly

The Bad & The Ugly

The good, The Bad, The Ugly

The good, The Bad, The Ugly

Roofing: The Good, Bad, & Ugly - PDA Good BAD UGLY... · 2018-10-15 · Roofing: The Good, Bad, & Ugly Polyurea is a great product for roofing until it isn’t By: David T. DeStefano

Roofing: The Good, Bad, & Ugly - PDA Good BAD UGLY... · 2018-10-15 · Roofing: The Good, Bad, & Ugly Polyurea is a great product for roofing until it isn’t By: David T. DeStefano

Solr on Docker - the Good, the Bad and the Ugly

Solr on Docker - the Good, the Bad and the Ugly

Good Bad Ugly Issue 4 - Fashion

Good Bad Ugly Issue 4 - Fashion

DataFrames: The Good, Bad, and Ugly

DataFrames: The Good, Bad, and Ugly

QR Codes (Good Bad Ugly)

QR Codes (Good Bad Ugly)

Good, Bad, Ugly

Good, Bad, Ugly

Open Apps - Good, Bad or Ugly?

Open Apps - Good, Bad or Ugly?

The GOOD the BAD the UGLY WS-CDL: the GOOD the BAD the UGLY.

The GOOD the BAD the UGLY WS-CDL: the GOOD the BAD the UGLY.

The Good, The Bad & The Ugly

The Good, The Bad & The Ugly

The Good The Bad The Ugly

The Good The Bad The Ugly