In this presentation we take you through the concept of virtualization which includes the different types of virtualizations, understanding the Docker as a software containerization platform like Docker's Architecture, Building and running custom images in Docker containers, Scalable container management services which include overview of Amazon ECS & kubernetes and how at LimeTray we harnessed the power of kubernetes for scalable automated deployment of our microservices.

1. Abhishek Chawla & Aneesh Devasthale
Software Engineers
LimeTray!
17th December MeetUp

2. Session Agenda
1. Introduction to the concept of virtualization and software containers
2. Understanding Docker as a software containerization platform
3. Scalable container management services
a. Overview of AWS ECR and ECS
b. Overview of kubernetes
4. Scaling Dockerized applications at LimeTray! With Kubernetes
5. Q&A
6. Problem Statement

3. Key Takeaways
1. How to run multiple isolated applications on a single host.
2. Run Docker containers on your local machine.
3. Learn about container orchestration platforms
4. Learn about deploying and managing microservices in production.

4. What is virtualization in computing?
• Technology that transforms hardware into software upon which other
software runs.

5. Types of Virtualizations
• Hardware Virtualization
• Server virtualization
• Software Virtualization
• Operating System level virtualization

6. Hardware virtualization
• Art of running multiple operating systems (guests) in same machine (host)
completely isolated from each other.
• Each guest operating system runs on its own ‘virtual machine’ controlled via
Hypervisor.
• Each virtual machine has its own kernel.
• Hypervisor - Manages these virtual machines in host operating system by allocating
hardware resources to them thereby allowing you to have several virtual machines
all working optimally on a single piece of computer hardware.
• Example hypervisors: Oracle VirtualBox, Vmware Workstation

7. CPU MEMORY STORAGE NIC
HYPERVISOR
VM VM VM VM
OS OS OS OS
kernel kernel kernel kernel
Hardware Virtualization Architecture
Applications Applications Applications Applications

8. Operating system level virtualization
• Virtualization is provided by the host Operating System
• Doesn’t use external hypervisor at all
• OS kernel itself performs all the functionalities of a fully virtualized
hypervisor by allowing existence of multiple user space instances called
as software containers.
• Examples : Linux Containers, Docker

9. Introduction to Software Containers
• A lightweight virtual machine
• Illusion of running multiple operating systems on a single machine sharing
same host kernel
• A linux container is itself a process in host operating system
• Makes use of namespace isolation and cgroups

10. Container versus virtual machine
1. Lightweight and fast : Occupies much less memory compared to host
VM’s.
2. Hardware resources like CPU and memory are shared between host
machine and container
3. Density - can install many more containers on host machine compared to
VM’s.
4. Much faster startup and shutdown since the kernel and hardware
resources are shared

11. APP1 APP2

12. What is Docker?
• Software containerization platform
• An extension of LXC’s capabilities
• Platform for packaging and running applications inside software containers

13. Advantages and use cases
• Simplifies distribution, shipping and deployment of applications
• Build once, run anywhere
• No worries of missing dependencies, installing and configuring the application during
subsequent deployments
• Each application runs in its own isolated container, thereby allowing running of multiple/similar
versions of same app/library in same host machine
• Easier to scale applications, application already packed and installed, just run it
• Easier to run you application as a failsafe long running service

14. Docker’s Architecture
• Client-Server Architecture
• Client - Communicates with docker host, gives it instructions to build,
run and distribute your applications
• Host - Communicates with clients via REST, Socket.
• Registry - A library of docker images, can be locally or publically
hosted.

15. Docker’s Architecture

16. Docker images and layers
• Immutable snapshot of application installed in Linux based OS or Linux based OS itself.
• Can be built from scratch
• Can be downloaded via any Docker Registry
• Can be easily extended
• Every image extends a base image ex: ubuntu, centos, alpine ..
• Instructions to create an image are described in ‘Dockerfile’
• It's the docker images which make distribution and shipping of Dockerized applications a breeze

17. Docker images and layers
• Can be distributed via publically/privately hosted docker registry
• Each image consists of series of layers
• New layer built on every application update
• Layering makes it easier to distributes updates to a dockerized application since
only updated layer is transferred over the network

18. Docker Containers
• Runnable instance of an image, created when images are started with ‘run’
command
• if an image is a class, then a container is an instance of a class, a runtime object
• Image defines container’s contents and configuration details
• Containers can be started, stopped or deleted anytime
• Runs in complete isolation

19. Docker Containers
• Running containers add a read/write layer on top of the image
• Can enter into container using docker client API’s
• The persistence state of the container can be committed into a new image and is retained even
after the container is stopped
• Committing a container’s state creates a new image by adding an extra layer to the existing
image

20. Docker Registries
• Stored Docker images
• Can be publically or privately hosted
• Docker images can be pulled or pushed to/from these registries
• Popular Hosted Registries : Docker Hub, AWS ECR, google container registry, Azure
container registry

21. Docker Volumes
• Data directory which can be initialized within the container
• Can be initialized via image at runtime or configured in Dockerfile
• Data volume is shared with the host machine in /var/lib/docker/volumes directory
• Any change in data directory within the container is reflected in real-time in the host
machine and vice versa
• Can also mount a directory from your Docker engine’s host into a container
• This helps data volumes to be shared among multiple containers simultaneously
• Persist even if container is deleted

22. The Dockerfile
• Contains instructions for building docker images
• FROM - specifies base image
• RUN - Executes the command in new layer on top of current image and commits the result, examples :
• RUN mkdir /test, RUN apt-get update
• yum update && yum install wget -y &&
• yum -y install initscripts && yum clean all
• WORKDIR : Specifies the working directory for RUN, CMD, ENTRYPOINT, COPY and ADD instructions

23. The Dockerfile
• COPY - copies specified contents from host to docker image filesystem at specified path, example:
• COPY temp/test.txt /opt
• CMD - commands to be executed at the start of the container, can be overridden at the time of container start, examples:
• CMD java -jar test.jar
• CMD [“java”,”-jar”,”test.jar”]
• CMD ./script.sh
• EXPOSE - exposes the local container port on which the container will listen for connections, example: EXPOSE 8080

24. The Dockerfile
• ENTRYPOINT - commands to be executed at the start of the container, cannot be overridden at the time of
container start, examples:
• ENTRYPOINT java -jar test.jar
• ENTRYPOINT [“java”,”-jar”,”test.jar”]
• ENTRYPOINT ./script.sh
• Best practice - use ENTRYPOINT to set image’s main command and CMD to set default flags
• VOLUME - creates a mount point in the container mapped to the host directory, example VOLUME /data/db

25. Essential commands
• $ docker images
• Lists existing images on the host
• $ docker run -it <imageId/image tag>
• Run the image in a new container in interactive mode (enters into container)
• $ docker exec -it <containerId/name> /bin/bash
• Enters into container

26. Essential commands
• $ docker ps -a
• Lists existing containers with details on the host
• $ docker start <containerId/name>
• Starts a stopped container
• $ docker stop <containerId/name>.
• Stops a running container

27. Essential commands
• docker commit <containerId/name> repository:tag_name
• create a new image from existing image
• docker run -it <imageId/image tag> cmd
• Run docker image with a command
• docker rmi <imageName/repo:tag>
• Remove image

28. Essential commands
• Docker rm <containerId>
• Removes the container
• docker tag <imageID> abhidtu/dockertest:latest
• Tags the image
• docker login
• Login to dockerhub with your credentials
• docker push abhidtu/dockertest
• Push the local image a hosted registry

29. Essential commands
• docker pull abhidtu/dockertest
• Push the image from a hosted registry
• docker run -it -p host port:container port <imageId/image tag>
• Maps host port to container port
• Docker inspect <containerId/name>
• Lists down container details

30. Essential commands
• Docker run -it -v /temp <imageName/repo:tag>
• Mounts /temp directory inside the container, maps to host directory in
var/lib/docker/volumes
• Docker run -it -v /home/uname/temp:temp <imageName/repo:tag>
• Mounts /temp directory inside the container, maps to host directory /home/uname/temp

31. Building custom Docker images
Docker build -t <yourImageTag> <path to Dockerfile> - builds the docker
image with specified tag using instructions from Dockerfile in same
directory.
Builds images in layers and uses local cache if layer already exists

32. Running images in Docker containers
• Docker run <imageId/reop:tag> runs the image in a new container.
• Containers can be stopped, killed, started anytime

33. Pushing and pulling images from Docker Hub
• Steps to push/pull images from Docker Hub
• Docker login
• Docker push
• Docker pull

34. Scalable Container Management Services
1. Amazon ECS
2. Kubernetes
3. Docker Swarm
4. Azure Container Service

35. Amazon Elastic Container Registry
• Fully managed docker container registry
• Integrated with Amazon ECS
• eliminates the need to operate your own container repositories
• Repositories hosted in a scalable and highly available architecture
• Pay only for the data stored in repositories and transferred to internet

36. Amazon Elastic Container Service
• Highly scalable and fast container management service
• Easily deploy and scale Docker containers on cluster of EC2 instances
• Supports auto-scaling
• Create Task definitions using hosted Docker images
• Runt tasks or create services from this task definition to run on EC2 cluster
• Start service via aws console or aws-cli

38. Monolith to 40 Microservices in 3 months
With AWS and Kubernetes at LimeTray
• What We Do?
• Get restaurant's online.
• Provide them tools to engage better with their business.
• Help them operate as efficiently as possible.

39. Some of our clients

40. Our Tech Stack Looked Like...
• A PHP monolith application, supported by a few external
services.
• Scaling was tough.
• Low release velocity.
• Bad developer experience.
• Bad QA experience.

41. Microservices to the rescue
• Define service boundaries based on business domains.
• Isolated databases.
• Independent deployments.
• Establish a few standards without compromising on developer freedom.

42. Kubernetes to the rescue
• Production-Grade Container
Orchestration System by Google.
• Automates deployment, scaling, and
management of containerized
applications.

43. Kubernetes Architecture
• Master: Runs control plane
• Minions: Run your application containers

44. Kubernetes objects
• Services
• Deployments
• Replica Sets
• Pods

45. Challenges in the microservice world
• Environments
• Config
• Service discovery and networking
• Access
• Auto Scaling
• Automation
• Logging and Monitoring

46. Environments
• Have at least 3 isolated different environments.
• We called them test, staging and production.
• Kubernetes namespaces + different clusters.
Everybody has a testing environment. Some people are
lucky enough enough to have a totally separate
environment to run production in.

47. Config
• Manage environment specific
configuration
• Keep config independent of application.
• Combination of environment variables +
Secrets

48. Service Discovery & Networking
• Communication via HTTP APIs and Pub/Sub.
• Inter-service communication should not leak across
environment boundaries.
• Painless as possible for developers to write code that utilize
other services.
• KubeDNS: Use DNS Service’s IP to resolve DNS names.

49. Access Control
• Wanted an easy way to expose web based
applications on the internet. - LTProxy
• At the same time, restrict access to internal
core services.
• Service Types: ClusterIP / LoadBalancer
• Ingress via Nginx+KubeLego for
automating SSL cert generation.

50. Horizontal autoscaling
Launch instances basis CPU
usage/load.
Automatically scale down when
load goes down.
Alerts on autoscaling: lime-bot

51. Automation
• Set up a Jenkins Pipeline to automate deployments via Github webhooks.
• Versioned Docker image to ensure that the same code runs on all 3 envs.

52. Logging and Monitoring
• Elasticsearch + Kibana for application logs.
• Log collection via Fluentd
• Heapster + InfluxDB + Grafana for monitoring

54. We’re Hiring!
Liked what we do?
Come join us to be a part of more interesting challenges!
limetray.com/careers

55. Q&A

56. Problem Statement
1. Create a RESTful web API which prints 'hello' in the language and framework of your choice
2. Write the Dockerfile for this project, build the image and push it to AWS ECR
3. Create an ECS task with this image
4. Create an ECS optimized EC2 cluster
5. Deploy this task on the cluster as a service
6. Test the API