View
267
Download
2
Category
Preview:
Citation preview
Docker in ProductionThe Good, The Bad and The Ugly
Jari Kolehmainen, CTO & Co-founder
© 2016 Kontena, Inc.
Pick the Right Path
Options
DIY?Rent?
Platform?
DIY?
Do-It-YourselfSounds like fun?
DON’TDO IT
(unless you are forced)
Rent?
AWS ECSAzure Container Service
Google Container Engine
Rent
”I don’t want to maintain anything”
Works for some use cases
Platform?
Docker Swarm (the new one)Kubernetes
KontenaDCOS
Platform
Most features built-inLess maintenance
Battle tested
Docker Engine
Docker Engine
Tweak defaultsNeeds “janitors”
Prefer container “native” hosts
Docker Engine
Graphdriver of the day: overlay2Engine plugins: run outside
Keep engine & kernel up-to-date
Docker Engine
3rd parties might cause side-effects
Systemd <> Overlay networksCadvisor <> Docker mounts
CI/CD Pipeline
Pipeline
BuildTest
Deploy
Pipeline
Script everythingVersion control everything
Yes, everything
Everything but secrets.
Tools for pipeline
DroneJenkins
Gitlab CI
Pipeline Example
1. Git Push2. Trigger Build 3. Push Docker Image
4. Trigger Deploy
5a. Deploy to Staging 5b. Deploy to Production
Pull Docker Image
Security
Security
Security patchingNetwork access
Secret managementAudit
Patching
Container “native” OSConfiguration management
Image scanning
Network Security
Overlay (SDN) networksNetwork segments/policies
Firewalls
Secret Management
Keep secrets outUse platform provider solutionIntegrate 3rd party solution to
pipeline
Audit
Audit logsContainer logs
Alerts
Prepare for Chaos
But why?
Hosts failEngines fail
Containers failYour app crashes
Ok, is all hope lost?
Rules for chaos
Allow hosts to dieTrust the scheduler
Use clustered databasesOutsource state if possible
Summary
Summary
Prepare properlyTweak defaults
Automate everythingUse battle tested solutions
QAAsk and get a shirt!!!
info@kontena.io
@kontenainc
slack.kontena.io
github.com/kontena/kontena
meetup.com/pro/kontena
www.kontena.io
Stay up to date!
Thank You!www.kontena.io
We are hiring!kontena.io/jobs
Recommended