Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

OpenRheinRuhr 2018 - Ops hates containers! Why?

368 vues

Publié le

“Docker, Docker, Docker, Docker,…” developers really love Docker. Usually one sees the no longer need for configuration management, the easy way to spin up a platform on a laptop, the low resource footprint. But how do you deploy laptops in data centers?

This talk will give you an insight how we (more Ops then Dev) started to learn (and love) containers, the issues we saw when running them in larger scale and how Ops people should start dealing with Container technologies.

Publié dans : Internet
  • Login to see the comments

  • Soyez le premier à aimer ceci

OpenRheinRuhr 2018 - Ops hates containers! Why?

  1. 1. Ops hates containers. Why? Martin Alfke - example42 GmbH
  2. 2. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH !2 Developers say: • Ops are responsible for • base container image • running container • staging containers • container security Customer meeting with Dev, Sec and Ops
  3. 3. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Customer meeting with Dev, Sec and Ops !3 Security / Developer dialogue: • Security: • “Dev must ensure security” • “Dev must name Kernel capabilities and CGroup settings” • Developers: • “what is CGroup settings?” • Security: • “We probably should meet when we all know the basics.”
  4. 4. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH DOCKER DOCKER DOCKER DOCKER DOCKER DOCKER !4 Image: wikimedia.org
  5. 5. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Container Myths !5 • No need for configuration management - anywhere • Easier to build, deploy and run • Easier to test and verify • Easier to fix issues Image: tatlin
  6. 6. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Container Myths - Part 2 !6 • No need to check status and health? • No need to identify security? • No need to login, no need for logs? • No need for dedicated hardware, runs on cloud? Image: tatlin
  7. 7. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Container de-mystified !7 • It is just a change-root, delivered as a ‘package’ • Build steps are layers like VCS commits • Containers need infrastructure • Containers are managed like binaries Image: tatlin
  8. 8. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Container Runtime !8 • People start with docker because it is easy • docker pull / docker run • like curl -k | sudo bash Image: tatlin
  9. 9. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH OPS, NET, SEC: Act! !9 Simple can be harder than complex: You have to work hard to get your thinking clean to make it simple. But it's worth it in the end because once you get there, you can move mountains. - Steve Jobs [BusinessWeek, May 25, 1998]
  10. 10. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH OPS, NET, SEC: Act! !10 • Mainframe • PC • VM • Container Image: example42 GmbH
  11. 11. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH OPS, NET, SEC: Act! !11 • Uptime decreasing • Maintenance increasing Image: example42 GmbH
  12. 12. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH OPS, NET, SEC: Act! !12 • Staff does not scale with platform Image: example42 GmbH
  13. 13. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH OPS, NET, SEC: Act! !13 • 100% Automation ! Image: example42 GmbH
  14. 14. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH OPS, NET, SEC: Act! !14 • 80/20 - Pattern: Image: tatlin
  15. 15. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH OPS, NET, SEC: Act! !15 • 80/20 - Pattern: • 80% time spending on 20% not automated Image: tatlin
  16. 16. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Containers !16 Image: wikimedia.org
  17. 17. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Understanding containers !17 • Short living instances • 12factor (http://12factor.net) • Persistant vs volatile data • Single node view Image: tatlin
  18. 18. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Troubleshoot containers !18 • registry and container build process • docker down • docker in docker Image: tatlin
  19. 19. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Using containers !19 • CI/CD Pipelines • Build Processes • Dashboards • Puppet Infrastructure(!) (https:// github.com/puppetlabs/ pupperware/) Image: tatlin
  20. 20. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Container Management !20 Image: wikimedia.org
  21. 21. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Understanding container management !21 • Multi node container runtime • Orchestration • Network (Egress / Ingress / Proxy) • Maintenance Image: tatlin
  22. 22. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Troubleshoot container management !22 • Kill a node / container • Why running an CM API service as container might be a bad idea? • Misconfiguration • Upgrades Image: tatlin
  23. 23. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Managing container orchestration !23 Installation and configuration of an application stack. • Puppet • Ansible • Chef • Saltstack Image: tatlin
  24. 24. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Commercial container management !24 • Self hosted vs Managed • everybody does K8s? Image: tatlin
  25. 25. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Other container management !25 • Mesos/Aurora/Marathon • Titus (Netflix) • Docker Swarm • Nomad/Terraform • CoreOS / rkt Image: tatlin
  26. 26. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Was there something in the past? !26 Image: tatlin
  27. 27. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Containers and CfgMgmt !27 • Where do you run your databases? • Can you move everything to containers? • What about legacy applications? Image: tatlin
  28. 28. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Containers and Monitoring !28 • Dynamic Resources need dynamic monitoring solution • Global platform and service health • Some monitoring tools for containers: sysdig, cAdvisor, Puppet Discovery, Prometheus Image: tatlin
  29. 29. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Containers and Hardware !29 • Serverless does not mean no hardware • Opsless does not mean no Ops • Check with finance (CAPEX vs. OPEX) Image: tatlin
  30. 30. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Conclusion !30 Image: tatlin
  31. 31. Ops hates containers! Why? OpenRheinRuhr 2018 - Martin Alfke © example42 GmbH Conclusion !31 • Containers adoption increases. • Ops people: start learning, stop play and complaining. • Security first - even on PoC • Automate everything • Choose your container tools and environments. Image: tatlin
  32. 32. Ops hate not having full control of their systems. Not containers. Martin Alfke - example42 GmbH

×