Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Docker for the enterprise

707 vues

Publié le

A presentation about container technology for the enterprise held at Ekito's geek breakfast the 4th of November 2016.

Publié dans : Technologie
  • Soyez le premier à commenter

Docker for the enterprise

  1. 1. Docker for the Enterprise @bertpoller ekito
  2. 2. Your Enterprise
  3. 3. Today’s strategic challenges Business Agility, Increased pace of delivery, Customer satisfaction • Low MTBIAMSH (Mean Time Between Idea and making Stuff happen)
  4. 4. Today’s strategic challenges Multiplication of smaller bespoke applications • WOA, SOA, Micro Services • Multiplication of front ends • Products are SaaS newly instantiated for each new customer
  5. 5. Today’s strategic challenges Ever increasing volumes of data and processing • Limited data center capacity • Ops efforts scale at best linearly with increased volume • Push for cloud deployments: private + public
  6. 6. Obstacles to overcome WaterScrumFall • Dev teams adopt iterative methodologies • The organization as a whole cannot keep up with Dev Team pace • Symptoms • Delivery to production still takes weeks • Upfront IT resource provisioning at the beginning of a project • Ticket based IT services deemed too slow for Dev teams • Difficulties in maintaining IT services catalogues with ever changing demands http://bit.ly/waterscrumfall
  7. 7. Obstacles to overcome Unaligned objectives and incentives between Devs and Ops • Devs seek implementing new features and hence introduce change • Ops seek stability, robustness, availability of systems they manage
  8. 8. Obstacles to overcome Hybrid clouds are complex • Different operating models between public cloud providers and private clouds • No real private cloud infrastructure • A Virtualized server infrastructure is not a private cloud
  9. 9. Keys to solve these challenges Break up organizational silos • Think in terms of products not projects • Construct multidisciplinary teams around products • Make Devs and Ops cooperate in these teams • But also other business stake holders
  10. 10. Keys to solve these challenges Align Dev and Ops objectives; increase customer satisfaction • Error Budget = 100% Availability – Service Level Objective • Use budget for • Feature changes and functional regressions (Dev) • Service Reliability Engineering (Ops) • When the error budget is consumed • New features must wait until the budget is recharged • Only bug fixes go into production
  11. 11. Keys to solve these challenges Construct an agile self-service infrastructure platform
  12. 12. Docker to the rescue
  13. 13. The challenge Source : https://github.com/mfilotto/docker-presentation/
  14. 14. Containers… Source : https://github.com/mfilotto/docker-presentation/
  15. 15. A Container System for Code Source : https://github.com/mfilotto/docker-presentation/
  16. 16. But we’ve got virtualization already like in…VMWare
  17. 17. Virtualization vs. Containers Virtualization Containers Containers are isolated but share OS and bins/ libraries, where appropriate
  18. 18. Isolation using Linux Features namespaces • pid, • mnt, • net, • uts, • Ipc, • user cgroups • memory • cpu • blkio • devices
  19. 19. Docker appeals for its… • Deployment Speed / Agility – minimal requirements for running the application, enabling quick and lightweight deployment • Portability – Independent self-sufficient application bundles Run across machines without compatibility issues • Reuse – Versioning, archiving, sharing, roll backs to previous versions of an application. Platform configurations as code • Efficiency - compared to classical virtualization, workloads can be run at higher densities thanks to avoided OS overhead Source: https://www.upguard.com/articles/docker-vs.-vmware-how-do-they-stack-up
  20. 20. Trade off … Speed vs. Isolation • Shared kernel between containers • OS-based isolation vs. hardware-based isolation in classical virtualization • Detractors often use this as argument for saying : “Docker is not safe”
  21. 21. Docker is not safe - well, Really ? Are all your VMs 100% up to date? Really? • VMs present a larger attack surface than Linux containers • Contaminated containers can be quickly destroyed and restarted • Docker tools allow for end to end security policy enforcement – for all containers (layered build approach, build automation, security scanning, trusted registries, container scheduling)
  22. 22. Trade off… Ephemeral vs. Stateful workloads • Docker works best with stateless applications • Every application must eventually persist its state (Databases) • Additional efforts and planning is required when setting up a multi-node production level Docker cluster
  23. 23. Isn’t this a bit like Java EE or OSGI ?
  24. 24. Isn’t this a bit like Java EE or OSGI ? EARs, WARs, JARs package applications in deployment artifacts • Middleware centric – you need an application server • Limited to Java eco system • Programming language lock-in • Programming model lock-in (Java EE / OSGI) • Also applies to more recent packaging formats, such as WebPacks
  25. 25. Ok but I’m already using Heroku… • PaaS • Build packs : Java, Node, Ruby,… • Intuitive UI / UX … nice ! • Source code is held in the repository - no built artifact • Docker • Is a shipping format • Can be used with Docker tool chain to build a more generic PaaS / CaaS
  26. 26. XaaS – Pyramid Software as a Service Platform as a Service Infrastructure as a Service Container as a Service Too high Too low Product Teams IT Ops Team
  27. 27. Docker Mission
  28. 28. Image Layers
  29. 29. Service Composition
  30. 30. Docker Mission
  31. 31. Docker Trusted Registry
  32. 32. Example CI / CD pipeline
  33. 33. Circle CI
  34. 34. Security Governance Its like a virus scanner for built containers • Can be integrated in your CI/CD pipeline • Scans for threads in defined policy files and CVC databases • Docker Security Scanning • CoreOS Clair • OpenSCAP container compliance • Redhat Atomic Scan • …
  35. 35. Docker Mission
  36. 36. Running a CaaS infrastructure
  37. 37. Linux Container Ecosystem
  38. 38. Docker Cluster Orchestration
  39. 39. Services, Routing and Load Balancing S_1 S_2 LB Overlay network App Scale Docker Host Docker Host Docker Host Service The scalable service pattern
  40. 40. Services, Routing and Load Balancing The scalable service pattern • Services scale instances of a container across the cluster • Comprises a load balancer and an overlay network to connect containers • Allows things like rolling updates and rollbacks • Exists in many schedulers: Kubernetes, Mesos… • Was introduced in Docker V1.12 Swarm mode • Not compatible with Docker Compose • Requires new Distributed Application Bundle – still experimental
  41. 41. Services, Routing and Load Balancing • Workaround prior to Docker 1.12 compatible with Compose V2
  42. 42. Services, Routing and Load Balancing Domain based routing
  43. 43. Persistent workloads Backend Network App Docker Host Docker Host Docker Host DB Frontend Network Local storage local local local
  44. 44. Persistent workloads Backend Network App Docker Host Docker Host Docker Host DB Frontend Network DB ??? Local storage local local
  45. 45. Persistent workloads Backend Network App Docker Host Docker Host Docker Host DB Frontend Network DB Data Sync Volume plugin Volume plugin Volume plugin Volume plugin, distributed or externalized storage
  46. 46. Persistent workloads • Usage of volume plugins is encouraged • Decouples Product Teams from underlying storage solution • Connect to external block storage (SAN, NAS, Cloud Provider Block Storage) • Network based file systems between Docker Hosts • GlusterFS, Flocker, Infinit.sh, PortWorx, CEPH
  47. 47. PaaS style self service access • For Product Teams • Intuitive UI / UX experience • Role based access (RBAC) integration with Enterprise IAM • Groups, virtual environments • Integrates with private repositories, CI/CD • OpenShift, Rancher, Docker Datacenter…
  48. 48. Conclusion
  49. 49. Conclusion • Docker = Linux Containers + a Complete toolset • Large eco system (Kubernetes, MesoSphere, CoreOS, Rancher…) • Orchestration engine choice depends on your use cases • Limited risk on vendor lock-in: Docker Containers are de facto standard • Instead of growing your own cluster, see what the ecosystem can provide • Start small, grow steadily
  50. 50. Ils nous font confiance