Upload
lviv-it-arena
View
164
Download
2
Embed Size (px)
Citation preview
Matthias Lübken
Container Patterns
@luebken
github.com/openshift/origin
projectatomic.io
github.com/opencontainers
“ Easily create lightweight, portable, self-sufficient containers
from any application.”
Since containers are a great way of package and deliver software …
What if we use containers to modularise our application?
“Containers […] are destined to become
analogous to objects in object-oriented software
systems”
“This makes a container not just a program, but rather, a part of a program.”
“A Container Is A
Function Call”.
Independently
releasableSeparate processing types
Different loadsDifferent teams
Reuse
Crash isolation
Use different languages / versions / libraries
POCs
1. Properties of a module container
Outline
2. Patterns for assembling these
github.com/luebken/container-patterns
“Module-Container”
A Module Container is
1. Linux process
2. API
3. Descriptive
4. Disposable
5. Immutable
6. Self-contained
7. Small
8. Adaptive
1. Linux Process
1. Linux Process• React to signals
• Return exit codes
• Use standard streams
• Handle arguments
Examples: module-container.md#1-linux-process
2. API
2. API• ENV variables
• Available ports
• Volume mounts
• Lifecycle hooks
Examples: module-container.md#2-api
3. Descriptive
3. Descriptive• Use standard labels (e.g. proposal generic labels)
• url, summary, vcs-url …
• Use custom labels:
• io.openshift.wants • io.openshift.expose-services
Examples: module-container.md#3-descriptive
Standardising Labels
• https://github.com/projectatomic/ContainerApplicationGenericLabels
• http://label-schema.org/rc1/
4. Disposable
4. Disposable
• Don’t rely on a particular instance
• Be aware of shots at your cattle
• Be robust against sudden deathExamples: module-container.md#4-disposable
5. Immutable
5. Immutable
• Don’t change your container after build
• Strive or a dev/prod parity
Examples: module-container.md#5-immutable
6. Self-contained
6. Self-contained
• Add dependencies on build time
• Sensible defaultsExamples: module-container.md#6-self-contained
7. Small
7. Small
• Don’t use large base images
• Use the minimal footprintExamples: module-container.md#6-small
8. Adaptive
8. Adaptive
• Anticipate the environment & react to change
• Software appliance
• Container reinitiates of config changes
• http://autopilotpattern.io
A Module Container is
1. Linux process
2. API
3. Descriptive
4. Disposable
5. Immutable
6. Self-contained
7. Small
8. Adaptive
1. Properties of a module container
Outline
2. Patterns for assembling these
nginxProxy
RailsFrontend
A Go Backend
A NodeBackend
nginxProxy
RailsFrontend
A Go Backend
A NodeBackend
Redis Cache
Logging Adapter
Service Ambassador
A group of closely related containers. Deployed as a single unit and share namespaces.
A NodeBackend
Redis Cache
Logging Adapter
Service Ambassador
Pattern: Sidecar / SidekickEnhance & extend the main container. K8S: transparently. Netflix: platform features.
UDSA NodeBackend
MAIN CONTAINER
RedisCache
SIDECAR
Pod
A NodeBackend
Redis Cache
Logging Adapter
Service Ambassador
Pattern: AdapterStandardise and normalize output. E.g. logging and metrics.
localhost or
A NodeBackend
MAIN CONTAINER
Monitoring Adapter
ADAPTER
Pod
A NodeBackend
Redis Cache
Logging Adapter
Service Ambassador
Proxy a local connection to the world: Service Discovery, Client Side LB, Circuit Breaker
A NodeBackend
MAIN CONTAINER
Service Discovery
AMBASSADOR
Pattern: Ambassador
localhost
(Pod)
Pattern: Container chainsDefined order of starting and stopping sidecar containers.
A NodeBackend
MAIN CONTAINER
StorageConfig
SIDECAR
Discovery
SIDECAR
NetworkConfig
SIDECAR
(Pod)
SummaryModule container 1. Linux process 2. API 3. Descriptive 4. Disposable 5. Immutable 6. Self-contained 7. Small
Assembling • Sidecar • Adapter • Ambassador • Chains
Properties of a module container.
Patterns of assembling
github.com/luebken/container-patterns @luebken
Credits• https://www.flickr.com/photos/skynoir/8241460998 (Cover image)
• https://www.flickr.com/photos/amlz/8664728590 (Lego)
• https://www.flickr.com/photos/guidedbycthulhu/6810361241 (Socket)
• https://www.flickr.com/photos/seektan/2074853585/ (Label)
• https://www.flickr.com/photos/gullevek/2122873934 (Trash)
• https://www.flickr.com/photos/grantmac/4852826923 (Lock)
• https://www.flickr.com/photos/mhirano/13236048424 (Hand)
Old slides
Other image guidelines
General Docker image guidelines by the OpenShift team
• Reuse images
• Maintain compatibility within tags
• Avoid multiple processes
• Use exec in wrapper scripts
• Clean temporary files
• Place instructions in the proper order
• Mark important ports
• Set Environment Variables
• Avoid Default Passwords
• Avoid SSHD
• Use volumes for persistent data
https://docs.openshift.com/container-platform/3.3/creating_images/guidelines.html
Guidance for Docker Image Authors by Project Atomic
• Use MAINTAINER
• Know the difference between CMD and ENTRYPOINT
• Always use exec in wrapper scripts
• Always EXPOSE important ports
• Use Volumes appropriately
• Use USER
http://www.projectatomic.io/docs/docker-image-author-guidance/
Best practices for writing Dockerfiles by Docker
• Containers should be ephemeral
• Use a .dockerignore file
• Avoid installing unnecessary packages
• Run only one process per container
• Minimize the number of layers
• Sort multi-line arguments
• Build cache
https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/
Container Patterns• For designing “cloud” applications.
• Container runtime agnostic.
• Are there general applicable patterns?
• How would we describe them?
• What are concrete examples and best-practices?
Differentiate Not app per container Not host container
Related Work
• 12factor.net apps
• Cloud-native application architectures:Matt Stine Free Ebook
• Microservices
• Continuous Delivery
Closely Related Work
nginxProxy
RailsFrontend
A Go Backend
A NodeBackend
An Application
POC github.com/luebken/container-api
nginxProxy
RailsFrontend
A Go Backend
A NodeBackend
Redis Cache
Logging Adapter
Service Ambassador
TODO clean up notes
Links / Referenceshttp://blog.james-carr.org/2013/09/04/parameterized-docker-containers/ https://docs.docker.com/articles/dockerfile_best-practices/ http://tldp.org/LDP/abs/html/exitcodes.html (Exit Codes for “Proper Linux Process”) http://www.theregister.co.uk/2013/03/18/servers_pets_or_cattle_cern/ (Pets vs Cattle) http://www.projectatomic.io/docs/docker-image-author-guidance/ (Dockerfile) http://www.hokstad.com/docker/patterns (Dev patterns) http://blog.kubernetes.io/2015/06/the-distributed-system-toolkit-patterns.html (Composite Patterns) http://static.googleusercontent.com/media/research.google.com/de//pubs/archive/43438.pdf (Borg by
Google inspiration for Kubernetes / Pods) http://techblog.netflix.com/2014/11/prana-sidecar-for-your-netflix-paas.html (Sidecar Netflix)
WALK THROUGH
Other / old slides
More info: ● https://docs.giantswarm.io/fundamentals/user-services/container-injection/ ● https://docs.giantswarm.io/fundamentals/user-services/service-discovery/
Example: Service Discovery @ Giant Swarm
Reasons for splitting upIndependently releasable Separate processing types Different loads Different teams Reuse of containers Crash isolation Different release cycles Use different languages / versions / libraries