Here are the slides from David Lutterkort's PuppetConf 2016 presentation called The Challenges with Container Configuration. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
6. Configuration is any input into infrastructure
It needs to be managed
over time and at scale
6
7. Core configuration management features:
❏ describe system aspects in isolation
❏ combine aspects into whole
❏ common format for querying
❏ bridge across entire infrastructure
7
20. require 'rubygems'
require 'sinatra'
require 'haml'
# Handle GET-request (Show the upload form)
get "/upload" do
haml :upload
end
# Handle POST-request (Receive and save the uploaded file)
post "/upload" do
File.open('uploads/' + params['myfile'][:filename], "w") do |f|
f.write(params['myfile'][:tempfile].read)
end
return "The file was successfully uploaded!"
end
22. require 'rubygems'
require 'sinatra'
require 'haml'
# Handle GET-request (Show the upload form)
get "/upload" do
haml :upload
end
# Handle POST-request (Receive and save the uploaded file)
post "/upload" do
File.open('uploads/' + params['myfile'][:filename], "w") do |f|
f.write(params['myfile'][:tempfile].read)
end
return "The file was successfully uploaded!"
end
23. $ docker run -d --read-only
-v /srv/lolcat/uploads:/app/uploads
lutter/lolcat
24. require 'rubygems'
require 'sinatra'
require 'haml'
# Handle GET-request (Show the upload form)
get "/upload" do
haml :upload
end
# Handle POST-request (Receive and save the uploaded file)
post "/upload" do
File.open('uploads/' + params['myfile'][:filename], "w") do |f|
f.write(params['myfile'][:tempfile].read)
end
return "The file was successfully uploaded!"
end
30. Given an image
❏ What machine built this image ?
❏ How do you run this image ?
❏ Who supports this image ?
❏ Does the image contain malware ?
30
31. Given a container
❏ Who built it ?
❏ How was it built ?
❏ What software does it contain ?
❏ Is the software up-to-date ?
31
32. FROM fedora:24
RUN dnf update -y &&
dnf install -y ruby rubygem-bundler &&
dnf clean all
COPY . /app
RUN cd /app && bundle install --path vendor/bundle
WORKDIR /app
VOLUME /app/uploads
EXPOSE 9292
CMD ["/usr/bin/bundle", "exec", "rackup"]
33. FROM fedora:24
RUN dnf update -y &&
dnf install -y ruby rubygem-bundler &&
dnf clean all
COPY . /app
RUN cd /app && bundle install --path vendor/bundle
WORKDIR /app
VOLUME /app/uploads
EXPOSE 9292
CMD ["/usr/bin/bundle", "exec", "rackup"]
Where did the base image come from ?
34. FROM fedora:24
RUN dnf update -y &&
dnf install -y ruby rubygem-bundler &&
dnf clean all
COPY . /app
RUN cd /app && bundle install --path vendor/bundle
WORKDIR /app
VOLUME /app/uploads
EXPOSE 9292
CMD ["/usr/bin/bundle", "exec", "rackup"]
What repositories and what package versions ?
35. FROM fedora:24
RUN dnf update -y &&
dnf install -y ruby rubygem-bundler &&
dnf clean all
COPY . /app
RUN cd /app && bundle install --path vendor/bundle
WORKDIR /app
VOLUME /app/uploads
EXPOSE 9292
CMD ["/usr/bin/bundle", "exec", "rackup"]
What was in this directory at build time ?
51. $ docker run -it lutter/alpine apk info -vv
musl-1.1.14-r12 - the musl c library (libc)
busybox-1.24.2-r11 - Size optimized toolbox of ...
alpine-baselayout-3.0.3-r0 - Alpine base dir ...
alpine-keys-1.1-r0 - Public keys for Alpine Linux ...
zlib-1.2.8-r2 - A compression/decompression Library
bash-4.3.42-r3 - The GNU Bourne Again shell
...
58. Schedulers/orchestrators isolate you from
❏ where individual containers run
❏ balancing due to new resources
❏ respawning due to failed resources
58
62. $ docker run -d -P
--label com.example.environment=production
-e constraint:storage==ssd --name db mysql
63. template:
metadata:
labels:
app: guestbook
tier: frontend
spec:
containers:
- name: php-redis
image: gcr.io/google-samples/gb-frontend:v4
resources:
requests:
cpu: 100m
memory: 100Mi
env:
- name: GET_HOSTS_FROM
value: dns
# If your cluster config does not include a dns service, then to
# instead access environment variables to find service host
# info, comment out the 'value: dns' line above, and uncomment the
# line below.
# value: env
ports:
- containerPort: 80
64. How do you manage properties
for all your hosts ?
64
73. $ kubectl get pod mypod -o yaml
| sed -e ‘s/(image:myimage):.*$/1:v4/’
| kubectl replace -f -
74. $ docker network create bob
ca7b185775966003d38ccbd9bba822fb570766e4bb
$ docker network create bob
Error response from daemon: network with name bob ...
77. “
The language to represent the data should be a simple, data-only
format such as JSON or YAML, and programmatic modification of
this data should be done in a real programming language, where
there are well-understood semantics, as well as good tooling.
Borg, Omega, and Kubernetes, ACM Queue, Volume 14 Issue 1 | http://queue.acm.org/detail.cfm?id=2898444
77
83. The difference between how you think a
system behaves and how it actually behaves
risks hard-to-debug production issues
83
84. Container use at scale and over time
requires meaningful abstraction
84
85. Configuration management as a discipline
provides tools to build those abstractions and
thereby minimize risk
85
86. 86
Project Blueshift booth
Exhibition Hall
Docker, Mesos, Kubernetes and Puppet? Don't Panic !
Deepak Giridharagopal, Thur, 4:45pm
Pulling the strings to containerize your life
Scott Coulton, Fri, 9:50am
Running Puppet software in Docker containers
Gareth Rushgrove, Fri, 1:30pm