#CONTAINERWORLD

Using the right container tech for the jobor, the questions you’re too afraid to ask about containers

@DustinKirkland

@DustinKirkland

Canonical is the company behind Ubuntu

@DustinKirkland

EMPLOYEES

London

BostonShanghai

Taipei

800+COUNTRIES

47+FOUNDED

2004

Beijing

Austin

Tokyo

@DustinKirkland

What’s all the hype about?

Containers have been around forever…

They’re just little VMs,aren’t they?

asked no one, ever.

@DustinKirkland

virtual machines

process containers

application containers

machine containers

Taxonomy

@DustinKirkland

let’s see a quick demo

@DustinKirkland

Should I run my PAAS on top of my IAAS?

Or should I run my IAAS on top of my PAAS?

asked no one, ever.

@DustinKirkland

Kubernetes on top of OpenStack

DockerKubernetesOpenStackLXDMAASBare Metal

LXD

@DustinKirkland

OpenStack on top of Kubernetes

DockerOpenStackKubernetesLXDMAASBare Metal

LXD

@DustinKirkland

Kubernetes along with OpenStack

DockerKubernetes + OpenStack

LXDMAASBare Metal

LXD

@DustinKirkland

$ conjure-up kubernetes

One command to deploy a complete Kubernetes on Ubuntu 16.04 LTS

@DustinKirkland

Just how fast are containers, really?

asked no one, ever.

@DustinKirkland

let’s run some benchmarks

@DustinKirkland

If we take a VMrunning on IaaS,

and run it on PaaSin a Docker container,

does that mean the app is now “dockerized”?

asked no one, ever.

@DustinKirkland

let’s break that down

@DustinKirkland

IaaS

PaaS

@DustinKirkland

let’s look at a workload

@DustinKirkland

● SwissCom’s new workloads are “dockerized”

● Was 400 VMs running 400 databases

● Now 20 VMs running 400 Databases

● DBaaS through the organization

● Build, Ship, Run mentality within the IT organization

Source: https://www.docker.com/use-cases/infrastructure-optimization

@DustinKirkland

● Digitized transaction workflow, mathematically secured

● Shared, replicated ledger● IBM Blockchain workloads

are “dockerized”● IBM Mainframe hardware● Ubuntu Linux● Docker images● Hyperledger software● Cutting edge technology● Lots of

run-to-completion, stateless number crunching

Source: http://www.ibm.com/blockchain/hyperledger.html

@DustinKirkland

● Mature, legacy code base, that generally “just works”

● No desire really to ever touch it again

● Linux, Apache, PHP, Postgres, on AWS -- should dockerize easily, right?

● Those were easy, but what about Cron? Logrotate? Vacuumdb? Backup? Package updates?

● DivItUp.com moved to LXD much more easily

@DustinKirkland

Does your new12-factor appimplement a

cloud-native designwith a microservice

architecture?

asked no one, ever.

@DustinKirkland

12-factor cloud-native micro-service, huh?

@DustinKirkland Source: http://microservices.io/patterns/microservices.html

Microservice Architecture

@DustinKirkland Source: http://12factor.net

12-factor app

@DustinKirkland

Cloud Native Design

Source: https://pivotal.io/cloud-native

@DustinKirkland

Can any of this container stuff

actually be used securely in production

in an enterprise environment?

asked no one, ever.

@DustinKirkland

Resource Control

Discretionary Access

Mandatory Access

Fine Grained Access

cgroups

namespaces

apparmor

seccomp

Container Security

# Count the CPUs and Memory availablelxc exec demo1 -- grep processor /proc/cpuinfolxc exec demo1 -- free

# Limit the container to 1 CPU and 128MB of Memlxc config set demo1 limits.cpu 1lxc config set demo1 limits.memory 128MBlxc stop demo1 && lxc start demo1

# Recount the CPUs and Memory availablelxc exec demo1 -- grep processor /proc/cpuinfolxc exec demo1 -- free

Ubuntu in production

@DustinKirkland

How do you ensure patches get applied

everywhere?

asked no one, ever.

@DustinKirkland

let’s recreate new stateless containers

@DustinKirkland

let’s update stateful containers

@DustinKirkland

@DustinKirkland@DustinKirkland

Using the right container tech for the jobor, the questions you’re too afraid to ask about containers

Container WorldSanta Clara, CAFebruary 21, 2017