Docker in Production

Robert Lemke

CEO FlownativeProject Founder Neosrobert@flownative.com@robertlemke

Docker Toolboxwww.docker.com/docker-toolbox

Docker Betabeta.docker.com

A quickDocker 101

Docker just for dev? What are the benefits?

Containers are Unix processes, not lightweight virtual machines.

One image per application and its dependencies.

site: image: tianon/true volumes: - /applicationapplication: image: eu.gcr.io/flownative-beach/beach-php-application-gateway:latest ports: - "8180:80" - "8122:22" volumes: - ./.Docker/secrets:/secrets - ./.Docker/configuration:/configuration volumes_from: - site environment: - BEACH_FLOW_BASE_CONTEXT=Development - BEACH_APPLICATION_USER_SERVICE_ENABLE=false

what's different in production?

monitoring deployment debugging

security backupstorage

the host

which operating system?

provisioning

Docker Machine

resource "aws_instance" "www1" { ami = "${lookup(var.amis, var.region)}" availability_zone = "${var.region}a" instance_type = "t2.micro" subnet_id = "${aws_subnet.kubenet_craft.id}"

associate_public_ip_address = true tags { Name = "www1.${var.regioncode}.flownative.net" } } resource "aws_route53_record" "kubemaster" { zone_id = "${var.flownativenet_zone_id}" name = "www1.${var.regioncode}" type = "A" ttl = "60" records = [ "${aws_instance.www1.private_ip}"] }

images

use your own images

choose a base image

security! size

fitness

private repositories

hub.docker.comquay.io

Google CloudAWS

gitlab.com

sudo docker build -t beta.gcr.io/myproject/nginx:$BUILD_ID . sudo docker tag -f beta.gcr.io/myproject/nginx:$BUILD_ID beta.gcr.io/myproject/nginx

sudo docker login -u _json_key -p "$(cat …json)" -e x@y.com https://beta.gcr.io sudo docker push beta.gcr.io/myproject/nginx:latest sudo docker push beta.gcr.io/myproject/nginx:$BUILD_ID

composition

Docker Compose

decouple …

nginx: image: flownative/nginx:latest external_links: - cargo_jenkins_1 ports: - "443:443" volumes: - data/certs/STAR_flownative_com.key:/etc/nginx/certs/flownative/docker-registry/STAR_flownative_com.key - data/certs/STAR_flownative_com-ssl-bundle.crt:/etc/nginx/certs/flownative/docker-registry/STAR_flownative_com-ssl-bundle.crt volumes_from: - cargo_jenkins_1 restart: always

jenkins: build: "docker-jenkins" restart: always volumes: - data/jenkins:/var/jenkins_home - /var/run/docker.sock:/var/run/docker.sock - /usr/bin/docker:/usr/bin/docker ports: - "8080:8080"

deployment

#!/bin/bashssh ubuntu@foo.flownative.net "cd ~/docker; sudo docker-compose -p cargo -f docker-compose-nginx.yml stop"ssh ubuntu@foo.flownative.net "cd ~/docker; sudo docker-compose -p cargo -f docker-compose-nginx.yml rm -f"scp ./docker-compose-nginx.yml ubuntu@cargo.flownative.net:/home/ubuntu/docker/ssh ubuntu@foo.flownative.net "cd ~/docker; sudo docker-compose -p cargo -f docker-compose-nginx.yml build"ssh ubuntu@foo.flownative.net "cd ~/docker; sudo docker-compose -p cargo -f docker-compose-nginx.yml up -d"

How would you design your infrastructure if you couldn’t login? Ever.

scheduling

DockerCloud

DockerCloud

apiVersion: v1 kind: ReplicationControllermetadata: name: "neos-wwwneosio-elasticsearch-1"spec: replicas: 1 selector: account: "neos" project: "wwwneosio" stage: "production" type: "elasticsearch" version: "1" template: metadata: labels: account: "neos" project: "wwwneosio" stage: "production" type: "elasticsearch" version: "1" spec: containers: - name: elasticsearch image: docker.flownative.com/flownative/elasticsearch:1 ports: - containerPort: 9200 resources: requests: memory: "100Mi" cpu: "10m" limits: memory: "800Mi" cpu: "500m" env: - name: ELASTICSEARCH_CLUSTER_NAME value: "neos-wwwneosio"

apiVersion: v1kind: Servicemetadata: name: elasticsearch-628f1e05 labels: account: "neos" project: "wwwneosio" stage: "production" type: "elasticsearchmaster"spec: type: NodePort ports: - name: elasticsearchrestapi port: 9200 targetPort: 9200 - name: elasticsearchtransport port: 9300 targetPort: 9300 selector: account: "neos" project: "wwwneosio" stage: "production" type: "elasticsearchmaster"

service discovery

persistent data

host volume network filesystem cloud storages data-only containers

monitoring

Docker statsdocker stats $(docker ps | awk '{if(NR>1) print $NF}')

tips&tricks

PaaS?your own?

what do you want to work on? Host maintenance?

Where to start?

develop images locally use Docker Compose (deploy with a script + Docker Compose) start using Docker Cloud / Giant Swarm look into Kubernetes on Google Cloud rehearse backup, monitoring, debugging learn ~

Docker in Production

Containers will fundamentally change the way we ship web applications.

Containers will fundamentally change the way we develop web applications.

robert@flownative.com www.flownative.com

@robertlemke

share your thoughts