DockerCon Day 2WelcomeBen Golub – CEO@golubbe
• Works for everyone (developers, devops, & ops)• Works everywhere (multi-arch, multi-OS, on & off
prem)• Extensible & Pluggable• Solutions and roadmap
Security
Orchestration
Networking & storage
Workflows for developing, shipping, deploying/managing
• Real users
What does Docker in Production mean?
And that’s what this DockerCon is all about
Docker in Production
The Layers
Open Standards
Plumbing
Developer Platform
Business Solutions
Implement
Integrate
Augment
The Layers
Open Standards
Plumbing
Developer Platform
Business Solutions
OCF, OCP
1.7 , Swarm (+ Mesos, ECS), Compose, Machine, Plugins (Weave, ClusterHQ),++
runC, Notary
Today
3 Broad Categories of Commercial Solutions
Build/Create
Ship/Store
Run/Manage
Built by assembling best tools
Build/Create
Ship/Store
Run/Manage
• Developer Platform• CI/CD integration• Signing/Trust• +++
• Trusted registries• Official repositories• Access control• Policies• +++
• Orchestration• GUI• Management• Logging• +++
Delivered in manner that works in production
Build/Create
Ship/Store
Run/Manage
• Work both on premises and in the cloud• Have to work well together• Delivered with commercial support• Available through channels & partners• Priced & packaged to enable easy adoption
((Ben introduces Marianna here)
Since launching Docker Hub 12 months ago …
150,000repos
500+ million
pulls
240,000users
3/22
/13
5/23
/13
7/24
/13
9/24
/13
11/2
5/13
1/26
/14
3/29
/14
5/30
/14
7/31
/14
10/1
/14
12/2
/14
2/2/
15
4/5/
15
6/6/
15 -
50,000
100,000
150,000
200,000
250,000
4/29
/13
6/25
/13
8/21
/13
10/1
7/13
12/1
3/13
2/8/
14
4/6/
14
6/2/
14
7/29
/14
9/24
/14
11/2
0/14
1/16
/15
3/14
/15
5/10
/15
-
40,000
80,000
120,000
160,000
5/6/
13
7/4/
13
9/1/
13
10/3
0/13
12/2
8/13
2/25
/14
4/25
/14
6/23
/14
8/21
/14
10/1
9/14
12/1
7/14
2/14
/15
4/14
/15
6/12
/15
-
100,000,000
200,000,000
300,000,000
400,000,000
500,000,000
2014 2015 2014 2015 2014 2015
60+ millionpulls
Docker Hub
Dev & QA ColleaguesDevelopers
QA
Build & Ship
13,000organizations
Laptop to the World w/ DockerChris BuckleyDirector of DevOpsBusiness Insider
Summary
• About Me
- Working in Linux/systems administration for 14 years, specializing in LAMP based businesses
• About Business Insider
-Mix of Bare Metal & AWS infrastructure, PHP, Go, MongoDB, Puppet, Docker
The JourneyBusiness Insider’s beginnings with Docker
Why Docker at Business Insider?
• Because it was fun… - FreeBSD Jails, Linux Containers have been around a while
- Docker was a great way to really start playing with them at BI
• Quickly saw opportunities for applications- Local development environments
- Keeping consistent environments from Local (it works on my laptop??), Dev, Staging, through to Production
- Apps using same monolithic codebase able to be isolated and segregated on the same bare metal / virtual stack
Our first steps…
• Started using it for building and shipping code- Kept the same environment and software versions
during build as in production- … No matter where the build ran
First long running application…
• Several applications were utilizing the same infrastructure
- Memcached keys being overwritten & APC clashes caused issues in several applications
• Isolated containers could fix this…
Shipping infrastructure… so many questions• How do we ship the containers?
• Adding code inside or mounting a volume outside
• How to manage the container, keep it running in cases of failure?
• Infrastructure heavily Puppetized- Workflow was built around consistent instances with
updates applied as code (Puppet Server/Agent, Hiera)
- Business Insider DevOps
“Let’s give it a shot…”
Running the Containers
• Mounted application code using volumes
• Shipping code using temporary containers from Jenkins
• Long standing containers as Linux services, containers hosted on Docker Hub
It works! Sort of...• Our first application out on Docker,
and it worked (hurrah!)
• Docker Hub as the central repository for our containers
• Porting production containers back to Developers not so simple...
The LessonsBusiness Insider’s lessons with Docker
Lesson Learned: Build for Local
• Building for production first was grandiose but misguided
• Porting it backwards for Devs to use not the right path for us
• Bottleneck for Devs to start writing code
ConFIGuration• Fig (now Docker Compose) was
perfect for our needs
• Complete stack defined in YAML
• Links, Ports, Volumes, Environment variables all in one place
• Build container from a Dockerfile or pull an image from Docker Hub (we did both)
• Previous generations of Dev environments, average time to get a single app up and running was ~1-2 days
• With our own Vagrant running Docker, with Fig/Compose, we cut that down to a few hours (excluding any database imports)
• Allowed our Developers to start writing and committing code much faster
New Developer up and running in (almost) no time
• Fig / Compose was great for single host applications
• For multi host / distributed applications, we turned to using containers as Linux services (upstart, SysV)
• Rolling our own upstart scripts for every container became a real pain, even with our containers sitting in Docker Hub
Revisiting Production apps
• We went back to the Puppet approved Docker module to see what we could do.
- https://forge.puppetlabs.com/garethr/docker
• Turns out, it met a lot of our needs (Thanks Gareth!)
• Handled image versions, runtime configurations, links, startup dependencies, all in a nicely packaged init.d script
- Packaged as a class we could fill the blanks using Hiera, and pull the images from Docker Hub
Puppet Forge + Docker Hub == WIN
An example Puppet class, using the Docker Puppet Forge module, showing several
containers, linking, environment options, and dependencies on
other containers services starting first.
Dev + Ops Workflow Pre-Docker
DevOps Workflow Post-Docker
The FutureBusiness Insider’s roadmap with Docker
• Current system is pretty good, but we want to take orchestration to the next phase
- Investigating different tools• Docker Machine/Swarm/Compose• Kubernetes• Mesosphere DCOS• EC2 Container Service• CoreOS/Fleetctl
• Diving deeper into triggered/automated builds- Docker Hub automated builds- Jenkins Docker plugins for building containers
What’s next for Business Insider + Docker?
Summary
• Leverage what you know and have
- No need to completely reinvent the wheel with your infrastructure
• There is no wrong way to experiment
- Docker ecosystem is vast, you’ll find what works for you
• Have fun with it!
- If we can’t enjoy what we do, what’s the point?
Thank youChris Buckley
Twitter: @ChrisBuckleySA
Today
Quality
Docker Hub
Faster Pulls60% Less
Bandwidth
v1 v20%
25%
50%
75%
100%
v1 v20%
25%
50%
75%
100%
80% Fewer Requests
Docker HubDashboard: 2.0x
SpeedupSearch: 1.6x Speedup
Current New0
6,000
12,000
Current New0
3,000
6,000
9,000
Docker HubMore Reliable
Docker Hub Security
Authentication microservice
One-time use Build hosts
Content-addressable images
On-going scanning & audits
Public Beta
hub-beta.docker.com
5 FREE Private ReposOnly for DockerCon Attendees
Coupon Code:dockercon2015
“Which capabilities are required to run Docker in production?”
1. Support2. On-premise registry3. Networking4. Security5. Directory integration
Open Source Registry Downloads
6.5 million
Docker Trusted Registry
On-premise registry server
LDAP/Active Directory
integration
Role-based access control
Audit & events logging
Easy deploy, upgrade, & rollback
800+
https://flic.kr/p/dERZT6 - m01229
Current State – Monolithic, Stand alone application
IAM
RDMS
API
Analytics
App-Business
Logic
LB
IAM
RDMS
API
Report
IAM
RDMS
API
Search
IAM
RDMS
API
Analytics
Application 1 Application 2 Application 3 Application 4
Bus
ines
s Lo
gic
App-Business
Logic
LB
App-Business
Logic
LB
App-Business
Logic
LB
Ser
vice
s
Target State –Business focused
abstracted from the common platform IAM
API
Analytics
Data Services
Search/Reports
Security
Cloud Infrastructure
Business Logic
Platform
Application 1
Bus
ines
s Lo
gic
Ser
vice
s
Business Logic
Application 2
Business Logic
Application 3
Business Logic
Application 4
Demo Flow
Github Enterprise
Jenkins
Project Jellyfish/Po
rtal
ChefAWS/EC2RHEL 7.1SWARM
InterlockHAPROXY
Container(s)
Consul
Git Push
Docker Trusted Registry
Docker Trusted Registry
Demo
Benefits
• Improved customer-centric services • Increased time-to-market• Reduced cost• Creates opportunities for new business• Target state of 2 week production
sprints for platform and new applications
• Decrease time for security review
Next Steps
• Image governance through provenance• Inserting secrets in containers with Keywhiz
https://square.github.io/keywhiz/• Container networking• Plugins for Interlock (nginx, external, stats)• API for Interlock for deeper integration
• “Docker Security”11:45am @ Yerba Buena 9Diogo Monica and Nathan McCauley
“Which capabilities are required to run Docker in production?”
1. Support2. On-premise registry3. Networking4. Security5. Directory integration
Docker Engines Image Registry
Docker Trusted Registry
Docker HubRegistry
Commercial Support
Subscription
$150 per month
docker.com/solutions
Distributed Apps: What’s Next?
Distributed Apps: What’s Next?
Michael FarberEVP Innovation, Booz-
Allen@BoozAllen
Jason McGeeCloud CTO, IBM
@jrmcgee
Mark RussinovichCTO, Microsoft Azure@markrussinovich
The Road Ahead
2012 2013 2014 2015 2016 2017 2018 20190M
2M
4M
6M
8M
10M
12MWin-dowsLinuxUNIX
Worldwide x86 Server Unit Shipments
2012 2013 2014 2015 2016 2017 2018 20190M
2M
4M
6M
8M
10M
12MWin-dowsLinuxUNIX
Worldwide x86 Server Unit Shipments
Openness Innovation
Docker | Microsoft
Since last year at DockerCon…Docker extensions in Microsoft Azure
Docker client for Windows
Docker VM image in Azure
ASP.NET 5 Preview Docker image
Orchestration in Azure
Visual Studio 2015 tools for Docker: Preview
Windows Server Containers showcase
Libswarm support
Windows Server Containers
Demo
“As a sysadmin, how should I manage Dockerized apps in prod?”
“What tools can help me easily scale-up my apps?”
“What’s the Docker-recommended way to use Engine, Swarm, Compose, and other technologies in production?”
“How can Ops make it easy – and secure - to give Devs self-serve access to approved images?”
“I need better visibility into where my containers are running and how they’re performing…”
Project Orca
http://voices.suntimes.com
A Top-to-Bottom Integrated Stack
Docker Engine
Networking
Docker Compose
Docker Swarm
GUI
Security
… plus tools for installation, deployment, configuration, and updates
Hosts
Project OrcaDocker Hub Registry
Docker Trusted Registry
Ship Run
Demo
Hosts
Docker Swarm
GUI & Control
Project Orca
Docker Engines
Docker Hub Registry
Docker Trusted Registry
Docker Compose
Demo
Everything You Need To “Run”
Hosts
Docker Swarm
GUI & Control
Project Orca
Docker Engines
Docker Hub Registry
Docker Trusted Registry
Docker Compose
bit.ly/project-orca
Docker: Ready for Production
Docker: Ready for Production
Docker Hub
Docker Trusted Registry
ProjectOrca
CommercialSolutions
Docker: Ready for Production
Ecosystem Partners
Docker: Ready for Production
Have A Great DockerCon Day 2!
Thank you