What You Always Wanted to Know About Container Orchestration and Never Dared to Ask

© 2015 Mesosphere, Inc. All Rights Reserved.

WHAT YOU ALWAYS WANTED TO KNOW ABOUT CONTAINER ORCHESTRATION AND NEVER DARED TO ASK

1

Michael Hausenblas | All Things Open | Raleigh, NC | 2015-10-20


CONTAINERS ARE LIKE VMS, RIGHT?

2



3



4

No!

• dependency management for apps

• lightweight: startup time, avg. runtime, footprint

• pets vs cattle

https://blog.newrelic.com/2015/06/22/new-relic-data-docker-container-adoption/



5

Pets are individuals that you give names and when they get ill you nurse them back to health.

Cattle are anonymous, identical to other cattle you assign numbers and when they get ill → next one.

http://www.theregister.co.uk/2013/03/18/servers_pets_or_cattle_cern/

http://www.theregister.co.uk/2013/03/18/servers_pets_or_cattle_cern/


ARE CONTAINERS SECURE?

6



7



8

• containers share same kernel (!)

• namespaces ('user' almost there)

• lock down networking (e.g. Docker's --icc=false)



9

Don't bake credentials into Docker images!

Rather do …

$ docker run -d -e API_TOKEN=SECRET somedatabase

$ docker run -d -v $(pwd):/fsecret:/fsecret:ro somedatabase

Ideally, use a key-value (in-memory) store such as

Square's KeyWhiz, HashiCorp's Vault, or Crypt


SHOULD I REALLY BE USING A CONTAINER ORCHESTRATION TOOL?

10



11



12

Yes!

• No getting up at 3am to replace a HDD or deploy

an app onto a new server

• Elasticity (traffic, business needs, etc.)


HOW DO I LAUNCH 100,000 CONTAINERS?

13



14



15

• Are you Google? Facebook? Twitter?• Small is beautiful and containers at scale is hard

• But, what should I use?• For a handful of nodes:

Nomad, Kubernetes, Docker Swarm, Apache Mesos• For ~100 nodes:

Kubernetes, Apache Mesos• For 100s to 1000s nodes:

Apache Mesos

https://engineeringgutefrage.files.wordpress.com/2015/10/smallscalemesos.pdf

http://www.theplatform.net/2015/09/29/why-containers-at-scale-is-hard/


I ALREADY USE CHEF, PUPPET, ANSIBLE, SALTSTACK, ETC.—DO I REALLY NEED A CONTAINER ORCHESTRATION SYSTEM?

16



17



18

• It's really horses for courses• Base provisioning: CM tool of your choice• Container orchestration: Apache Mesos,

Kubernetes, Nomad, Docker Swarm


CONTAINER ORCHESTRATION, THAT'S FOR MICROSERVICES, OR?

19



20

© 2015 Mesosphere, Inc. All Rights Reserved. 21

• Orthogonal issues …• … however, many (successful) microservices

architectures I've seen are containerized• Worry first about the basics:

• Are you using Git?• Have you got your CI/CD pipeline set up?• How do you deploy your (container) images?


https://www.youtube.com/watch?v=C_WuUgTqgOc


THAT CONTAINER ORCHESTRATION THING THAT'S FOR ON-PREMISES, RIGHT?

22



23


• Nope, just different things are important• Think: provisioning (putting a box into a rack vs.

pressing a button)• Actually, many do hybrid cloud (on-premises +

cloud or inter-cloud)



BUT THERE ARE CERTAINLY SOME DOWNSIDES TO IT, I'M SURE!

25



26


• Mostly challenges of social nature (less people can

take of more stuff)

• Convince your colleagues and boss with:

The Phoenix Project


http://shop.oreilly.com/product/9780988262508.do




http://p24e.io

http://shop.oreilly.com/product/0636920039952.do https://manning.com/books/mesos-in-action

28





https://manning.com/books/mesos-in-action


AND NOW IT IS YOUR TURN …

29

Technology

What You Always Wanted to Know About Container Orchestration and Never Dared to Ask