SlideShare a Scribd company logo

ContainerSched 2017 "Continuous Delivery with Containers: The Good, the Bad, and the Ugly"

Download as PPTX, PDF
Daniel Bryant, profile picture
Daniel Bryant

The document discusses continuous delivery with containers. It covers the impact of containers on continuous delivery pipelines, including that container images become the single binary in the pipeline. It also discusses challenges like adding important metadata to container images and validating container constraints. The document provides recommendations for aspects of continuous delivery like developing in container-based environments, testing individual components and integration, and deploying container-based applications.

Technology
1 of 63
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
Continuous Delivery with Containers: The Good, the Bad, and the Ugly Daniel Bryant @danielbryantuk
Containers: Expectations versus reality 29/09/2017 @danielbryantuk “DevOps”
Setting the scene… • Continuous delivery is a large topic • No business focus today (value stream etc) • PaaS and Serverless are super interesting… • But I’m assuming you’re all-in on containers • Focusing today on the process and tooling • No live coding today • Mini-book contains more details (thanks nginx!) 29/09/2017 @danielbryantuk bit.ly/2jWDSF7
TL;DR – Containers and CD • Container image becomes the build pipeline ‘single binary’ • Adding metadata to containers images is vital, but challenging • Must validate container constraints (NFRs) • Cultivate container ‘mechanical sympathy’ 29/09/2017 @danielbryantuk
@danielbryantuk • Independent Technical Consultant, CTO at SpectoLabs • Architecture, DevOps, Java, microservices, cloud, containers • Continuous Delivery (CI/CD) advocate • Leading change through technology and teams 29/09/2017 @danielbryantuk
Continuous Delivery 29/09/2017 @danielbryantuk
Continuous Delivery • Produce valuable and robust software in short cycles • Optimising for feedback and learning • Not (necessarily) Continuous Deployment 29/09/2017 @danielbryantuk
Creation of a build pipeline is mandatory for continuous delivery 29/09/2017 @danielbryantuk
29/09/2017 @danielbryantuk
The Impact of containers on CD 29/09/2017 @danielbryantuk
Container technology (and CD) • OS-level virtualisation • cgroups, namespaces, rootfs • Package and execute software • Container image == ‘single binary’ 29/09/2017 @danielbryantuk
29/09/2017 @danielbryantuk
29/09/2017 @danielbryantuk
Creating a pipeline for containers 29/09/2017 @danielbryantuk
29/09/2017 @danielbryantuk
Make your dev environment like production • Develop locally or copy/code in container • Must build/test containers locally • Perform (at least) happy path tests 29/09/2017 @danielbryantuk
Quick Aside: Running *entire* system locally 29/09/2017 @danielbryantuk https://news.ycombinator.com/item?id=13960107 https://opencredo.com/working-locally-with-microservices/ https://www.datawire.io/telepresence/ | https://hoverfly.io/
Make your dev environment like production • Develop locally or copy/code in container • Must build/test containers locally • Perform (at least) happy path tests • Use identical base images from production • With same configuration 29/09/2017 @danielbryantuk
Lesson learned: Dockerfile content is super important • OS choice • Configuration • Build artifacts • Exposing ports • Java • JDK vs JRE and Oracle vs OpenJDK? • Golang • Statically compiled binary in scratch? • Python • Virtualenv? 29/09/2017 @danielbryantuk
Please talk to the sysadmin people: Their operational knowledge is invaluable 29/09/2017 @danielbryantuk
Different test and prod containers? • Create “test” version of container • Full OS (e.g. Ubuntu) • Test tools and data • Easy to see app/configuration drift • Use test sidecar containers instead • ONTEST proposal by Alexi Ledenev 29/09/2017 @danielbryantuk http://blog.terranillius.com/post/docker_testing/
Docker multi-stage builds 29/09/2017 @danielbryantuk http://blog.alexellis.io/mutli-stage-docker-builds/ https://github.com/moby/moby/pull/31257 https://github.com/moby/moby/pull/32063
29/09/2017 @danielbryantuk
Building images with Jenkins • My report covers this • Build as usual… • Build Docker Image • Cloudbees Docker Build and Publish Plugin • Push image to registry 29/09/2017 @danielbryantuk
Storing in an image registry (DockerHub) 29/09/2017 @danielbryantuk
Metadata – Beware of “latest” Docker Tag • Beware of the ‘latest’ Docker tag • “Latest” simply means • the last build/tag that ran without a specific tag/version specified • Ignore “latest” tag • Version your tags, every time • danielbryantuk/test:2.4.1 29/09/2017 @danielbryantuk
Lesson learned: Metadata is valuable • Application metadata • Version / GIT SHA • Build metadata • Build date • Image name • Vendor • Quality metadata • QA control, signed binaries, ephemeral support • Security profiles (AppArmor), Security audited etc 29/09/2017 @danielbryantuk
Metadata - Adding Labels at build time • Docker Labels • Add key/value data to image 29/09/2017 @danielbryantuk
Metadata - Adding Labels at build time • Microscaling Systems’ Makefile • Labelling automated builds on DockerHub (h/t Ross Fairbanks) • Create file ‘/hooks/build’ • label-schema.org • microbadger.com 29/09/2017 @danielbryantuk
Metadata - Adding Labels at runtime 29/09/2017 @danielbryantuk $ docker run -d --label uk.co.danielbryant.lbname=frontdoor nginx • Can ’docker commit’, but creates new image • Not possible to update running container • Docker Proposal: Update labels #21721
Liz Rice (and Aqua) to the rescue! 29/09/2017 @danielbryantuk github.com/aquasecurity/manifesto
External registry with metadata support 29/09/2017 @danielbryantuk
29/09/2017 @danielbryantuk
Component testing 29/09/2017 @danielbryantuk
Testing: Jenkins Pipeline (as code) 29/09/2017 @danielbryantuk
29/09/2017 @danielbryantuk
Testing individual containers 29/09/2017 @danielbryantuk
Integration testing 29/09/2017 @danielbryantuk
Introducing Docker Compose 29/09/2017 @danielbryantuk
Docker Compose & Jenkins Pipeline 29/09/2017 @danielbryantuk
Ephemeral Kubernetes Clusters • Kubernaut (WIP) • Manages a pool of clusters • ”Claim” a fresh cluster • Use Helm to install dependencies 29/09/2017 @danielbryantuk
Testing NFRs in the build pipeline • Performance and Load testing • Gatling / jmeter • Flood.io • Security testing • Findsecbugs / OWASP Dependency check • Bdd-security (OWASP ZAP) / Arachni • Gauntlt / Serverspec • Docker Bench for Security / CoreOS Clair 29/09/2017 @danielbryantuk
Delaying NFRs to the ‘Last Responsible Moment’ • Newsflash! • Sometimes the last responsible moment is up-front! • Containers / microservices don’t make this easier • Sometimes more difficult… 29/09/2017 @danielbryantuk
Mechanical sympathy: Docker and Java • Watch for JVM cgroup/taskset awareness • getAvailableProcessors() may incorrectly report the number of cpus in Docker (JDK-8140793) • Runtime.availableProcessors() ignores Linux taskset command (JDK-6515172) • Default fork/join thread pool sizes (and others) is based from host CPU count • Set container memory appropriately • JVM requirements = Heap size (Xmx) + Metaspace + JVM overhead • Account for native thread requirements e.g. thread stack size (Xss) • Entropy • Host entropy can soon be exhausted by crypto operations 29/09/2017 @danielbryantuk 44
Deployment 29/09/2017 @danielbryantuk skillsmatter.com/skillscasts/10668-looking-forward-to-daniel-bryant-talk docs.aws.amazon.com/elasticbeanstalk/latest/dg/using-features.deploy-existing-version.html
Observability is core to continuous delivery 29/09/2017 @danielbryantuk www.infoq.com/articles/monitoring-containers-at-scale
Containers are not a silver bullet 29/09/2017 @danielbryantuk
Moving to containers: Going all-in? 29/09/2017 @danielbryantuk OR
Should I build my own container platform? Probably not (Unless you are Google, AWS or IBM) Whatever you decide… push it through a pipeline ASAP! 29/09/2017 @danielbryantuk
Using containers does not obviate the need for good architectural practices 29/09/2017 @danielbryantuk
29/09/2017 @danielbryantuk https://speakerdeck.com/caseywest/containercon-north-america-cloud-anti-patterns
Summary 29/09/2017 @danielbryantuk
In summary • Continuous delivery is vitally important in modern architectures/ops • Container images must be the (single) source of truth within pipeline • And metadata added as appropriate… • Mechanical sympathy is important (assert properties in the pipeline) • Not all developers are operationally aware • The tooling is now becoming stable/mature • We need to re-apply existing CD practices with new technologies/tooling 29/09/2017 @danielbryantuk
Bedtime reading 29/09/2017 @danielbryantuk
Thanks for listening • Any questions? • Feel free to contact me • @danielbryantuk • daniel.bryant@tai-dev.co.uk 29/09/2017 @danielbryantuk bit.ly/2jWDSF7 Coming soon!
Bonus slides (for extra context) 29/09/2017 @danielbryantuk
Containerise an existing (monolithic) app? • For • We know the monolith well • Allows homogenization of the pipeline and deployment platform • Can be a demonstrable win for tech and the business • Against • Can be difficult (100+ line scripts) • Often not designed for operation within containers, nor cloud native • Putting lipstick on a pig? 29/09/2017 @danielbryantuk
Key lessons learned • Conduct an architectural review • Architecture for Developers, by Simon Brown • Architecture Interview, by Susan Fowler • Look for data ingress/egress • File system access • Support resource constraints/transience • Optimise for quick startup and shutdown • Evaluate approach to concurrency • Store configuration (secrets) remotely 29/09/2017 @danielbryantuk
New design patterns 29/09/2017 @danielbryantuk bit.ly/2efe0TP
Microservices… Containers and microservices are complementary Testing and deployment change 29/09/2017 @danielbryantuk https://specto.io/blog/recipe-for-designing-building-testing-microservices.html
29/09/2017 @danielbryantuk
29/09/2017 @danielbryantuk
29/09/2017 @danielbryantuk

More Related Content

PPTX
CloudNativeLondon 2017: "What is a Service Mesh, and Do I Need One when Devel...
Daniel Bryant
 
PPTX
Going Cloud Native - It Takes a Platform
Chip Childers
 
PPTX
SATURN 2018 "Continuous Delivery with Containers" Extended 90 version
Daniel Bryant
 
PPTX
Intro to Knative
Christian Posta
 
PPTX
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
Daniel Bryant
 
PPTX
Accelerate your dev ops transformation with continuous automation
Mike Kavis
 
PDF
Intro - Cloud Native
Albert Suwandhi
 
PDF
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
Daniel Bryant
 
CloudNativeLondon 2017: "What is a Service Mesh, and Do I Need One when Devel...
Daniel Bryant
 
Going Cloud Native - It Takes a Platform
Chip Childers
 
SATURN 2018 "Continuous Delivery with Containers" Extended 90 version
Daniel Bryant
 
Intro to Knative
Christian Posta
 
HashiCorp Webinar: "Getting started with Ambassador and Consul on Kubernetes ...
Daniel Bryant
 
Accelerate your dev ops transformation with continuous automation
Mike Kavis
 
Intro - Cloud Native
Albert Suwandhi
 
DevXDay KubeCon NA 2021: "From Kubernetes to PaaS to Developer Control Planes"
Daniel Bryant
 

What's hot (20)

PPTX
deliver:Agile 2018 "Continuous Delivery Patterns for Modern Architectures"
Daniel Bryant
 
PPTX
Cloudstack container service
ShapeBlue
 
PDF
Build a cloud native app with OpenWhisk
Daniel Krook
 
PDF
Serverless architectures built on an open source platform
Daniel Krook
 
PPTX
linkerd: The Cloud Native Service Mesh
Dario Simonetti
 
PDF
JJUG CCC 2018 : Lessons Learned: Spring Cloud -> Docker -> Kubernetes
Mauricio (Salaboy) Salatino
 
PDF
Containers vs serverless - Navigating application deployment options
Daniel Krook
 
PPTX
DevOps Moves To Production (Lori MacVittie)
Red Hat Developers
 
PPTX
Cloud Native Architectures with an Open Source, Event Driven, Serverless Plat...
Daniel Krook
 
PDF
Serverless in production (O'Reilly Software Architecture)
Yan Cui
 
PDF
Journey from on prem to the cloud with kubernetes
LibbySchulze
 
PPTX
Serverless Event-Driven Programming: Are We Ready for the Paradigm Shift?
Ben Kehoe
 
PDF
stackconf 2021 | Platform as a Product
NETWAYS
 
PDF
ADDO 2020: "The past, present, and future of cloud native API gateways"
Daniel Bryant
 
PPTX
Event sourcing your React-Redux applications
Maurice De Beijer [MVP]
 
PDF
Workshop: Develop Serverless Applications with IBM Cloud Functions
Daniel Krook
 
PDF
Building serverless applications with Apache OpenWhisk
Daniel Krook
 
PDF
Ambassador: Building a Control Plane for Envoy
Ambassador Labs
 
PDF
Building serverless applications with Apache OpenWhisk and IBM Cloud Functions
Daniel Krook
 
PPTX
Cloud-Native Application Debugging with Envoy and Service Mesh
Christian Posta
 
deliver:Agile 2018 "Continuous Delivery Patterns for Modern Architectures"
Daniel Bryant
 
Cloudstack container service
ShapeBlue
 
Build a cloud native app with OpenWhisk
Daniel Krook
 
Serverless architectures built on an open source platform
Daniel Krook
 
linkerd: The Cloud Native Service Mesh
Dario Simonetti
 
JJUG CCC 2018 : Lessons Learned: Spring Cloud -> Docker -> Kubernetes
Mauricio (Salaboy) Salatino
 
Containers vs serverless - Navigating application deployment options
Daniel Krook
 
DevOps Moves To Production (Lori MacVittie)
Red Hat Developers
 
Cloud Native Architectures with an Open Source, Event Driven, Serverless Plat...
Daniel Krook
 
Serverless in production (O'Reilly Software Architecture)
Yan Cui
 
Journey from on prem to the cloud with kubernetes
LibbySchulze
 
Serverless Event-Driven Programming: Are We Ready for the Paradigm Shift?
Ben Kehoe
 
stackconf 2021 | Platform as a Product
NETWAYS
 
ADDO 2020: "The past, present, and future of cloud native API gateways"
Daniel Bryant
 
Event sourcing your React-Redux applications
Maurice De Beijer [MVP]
 
Workshop: Develop Serverless Applications with IBM Cloud Functions
Daniel Krook
 
Building serverless applications with Apache OpenWhisk
Daniel Krook
 
Ambassador: Building a Control Plane for Envoy
Ambassador Labs
 
Building serverless applications with Apache OpenWhisk and IBM Cloud Functions
Daniel Krook
 
Cloud-Native Application Debugging with Envoy and Service Mesh
Christian Posta
 
Ad

Similar to ContainerSched 2017 "Continuous Delivery with Containers: The Good, the Bad, and the Ugly" (20)

PPTX
Devoxx 2017 "Continuous Delivery with Containers: The Good, the Bad, and the ...
Daniel Bryant
 
PPTX
Continuous Delivery with Containers: The Good, the Bad, and the Ugly - Daniel...
Codemotion
 
PPTX
Codemotion Rome 2018 "Continuous Delivery with Containers: The Good, the Bad ...
Daniel Bryant
 
PPTX
vJUG 2017 "Continuous Delivery with Java and Docker: The Good, the Bad, and t...
Daniel Bryant
 
PPTX
Continuous Delivery with Containers: The Good, the Bad, and the Ugly
Daniel Bryant
 
PPTX
O'Reilly 2016: "Continuous Delivery with Containers: The Trials and Tribulati...
OpenCredo
 
PPTX
O'Reilly/Nginx 2016: "Continuous Delivery with Containers: The Trials and Tri...
Daniel Bryant
 
PPTX
OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"
Daniel Bryant
 
PPTX
CodeOne SF 2018 "Continuous Delivery with Containers: Lessons Learned"
Daniel Bryant
 
PDF
Introduction to Containers: From Docker to Kubernetes and everything in-between
All Things Open
 
PDF
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Open
 
PDF
DevOpsCon 2017 "Continuous Delivery with Containers"
Daniel Bryant
 
PPTX
DockerCon EU 2018 "Continuous Delivery with Docker and Java"
Daniel Bryant
 
PDF
DCEU 18: Continuous Delivery with Docker Containers and Java: The Good, the B...
Docker, Inc.
 
PDF
JAXLondon 2017 "Continuous Delivery with Containers and Java"
Daniel Bryant
 
PDF
Introduction to Containers - From Docker to Kubernetes and everything in between
All Things Open
 
PPTX
CodeOne 2019: "Continuous Delivery with Docker and Java"
Daniel Bryant
 
PDF
Introduction to Containers - From Docker to Kubernetes and everything in between
All Things Open
 
PPT
Containers 101
Jim Van Fleet
 
PDF
Continuous Delivery With Containers
All Things Open
 
Devoxx 2017 "Continuous Delivery with Containers: The Good, the Bad, and the ...
Daniel Bryant
 
Continuous Delivery with Containers: The Good, the Bad, and the Ugly - Daniel...
Codemotion
 
Codemotion Rome 2018 "Continuous Delivery with Containers: The Good, the Bad ...
Daniel Bryant
 
vJUG 2017 "Continuous Delivery with Java and Docker: The Good, the Bad, and t...
Daniel Bryant
 
Continuous Delivery with Containers: The Good, the Bad, and the Ugly
Daniel Bryant
 
O'Reilly 2016: "Continuous Delivery with Containers: The Trials and Tribulati...
OpenCredo
 
O'Reilly/Nginx 2016: "Continuous Delivery with Containers: The Trials and Tri...
Daniel Bryant
 
OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"
Daniel Bryant
 
CodeOne SF 2018 "Continuous Delivery with Containers: Lessons Learned"
Daniel Bryant
 
Introduction to Containers: From Docker to Kubernetes and everything in-between
All Things Open
 
All Things Containers - Docker, Kubernetes, Helm, Istio, GitOps and more
All Things Open
 
DevOpsCon 2017 "Continuous Delivery with Containers"
Daniel Bryant
 
DockerCon EU 2018 "Continuous Delivery with Docker and Java"
Daniel Bryant
 
DCEU 18: Continuous Delivery with Docker Containers and Java: The Good, the B...
Docker, Inc.
 
JAXLondon 2017 "Continuous Delivery with Containers and Java"
Daniel Bryant
 
Introduction to Containers - From Docker to Kubernetes and everything in between
All Things Open
 
CodeOne 2019: "Continuous Delivery with Docker and Java"
Daniel Bryant
 
Introduction to Containers - From Docker to Kubernetes and everything in between
All Things Open
 
Containers 101
Jim Van Fleet
 
Continuous Delivery With Containers
All Things Open
 
Ad

More from Daniel Bryant (20)

PDF
ITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
Daniel Bryant
 
PDF
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
Daniel Bryant
 
PDF
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
Daniel Bryant
 
PDF
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Daniel Bryant
 
PPTX
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
Daniel Bryant
 
PDF
Fall 22: "From Kubernetes to PaaS to... err, what's next"
Daniel Bryant
 
PDF
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Daniel Bryant
 
PDF
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
Daniel Bryant
 
PDF
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
Daniel Bryant
 
PDF
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
PDF
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
Daniel Bryant
 
PDF
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Daniel Bryant
 
PDF
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
Daniel Bryant
 
PDF
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Daniel Bryant
 
PDF
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Daniel Bryant
 
PDF
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
Daniel Bryant
 
PDF
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
Daniel Bryant
 
PDF
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
Daniel Bryant
 
PDF
Ambassador Fest: "Kubernetes Workflow 101: The Big Picture of Idea to an API ...
Daniel Bryant
 
PDF
GOTOpia 2020: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
ITKonekt 2023: The Busy Platform Engineers Guide to API Gateways
Daniel Bryant
 
CraftConf 2023 "Microservice Testing Techniques: Mocks vs Service Virtualizat...
Daniel Bryant
 
PlatformCon 23: "The Busy Platform Engineers Guide to API Gateways"
Daniel Bryant
 
Java Meetup 23: 'Debugging Microservices "Remocally" in Kubernetes with Telep...
Daniel Bryant
 
DevRelCon 2022: "Is Product Led Growth (PLG) the “DevOps” of the DevRel World"
Daniel Bryant
 
Fall 22: "From Kubernetes to PaaS to... err, what's next"
Daniel Bryant
 
Building Microservice Systems Without Cooking Your Laptop: Going “Remocal” wi...
Daniel Bryant
 
KubeCrash 22: Debugging Microservices "Remocally" in Kubernetes with Telepres...
Daniel Bryant
 
JAX London 22: Debugging Microservices "Remocally" in Kubernetes with Telepre...
Daniel Bryant
 
CloudBuilders 2022: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 
KubeCon EU 2022: From Kubernetes to PaaS to Err What's Next
Daniel Bryant
 
Devoxx UK 22: Debugging Java Microservices "Remocally" in Kubernetes with Tel...
Daniel Bryant
 
JAX London 2021: Jumpstart Your Cloud Native Development: An Overview of Prac...
Daniel Bryant
 
Container Days: Easy Debugging of Microservices Running on Kubernetes with Te...
Daniel Bryant
 
Canadian CNCF: "Emissary-ingress 101: An introduction to the CNCF incubation-...
Daniel Bryant
 
MJC 2021: "Debugging Java Microservices Running on Kubernetes with Telepresence"
Daniel Bryant
 
LJC 4/21"Easy Debugging of Java Microservices Running on Kubernetes with Tele...
Daniel Bryant
 
GOTOpia 2/2021 "Cloud Native Development Without the Toil: An Overview of Pra...
Daniel Bryant
 
Ambassador Fest: "Kubernetes Workflow 101: The Big Picture of Idea to an API ...
Daniel Bryant
 
GOTOpia 2020: "The Past, Present, and Future of Cloud Native API Gateways"
Daniel Bryant
 

Recently uploaded (20)

PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
KodekX | Application Modernization Development
KodekX
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Teaching material agriculture food technology
LiaRayya
 
breach-and-attack-simulation-cybersecurity-india-chennai-defenderrabbit-2025....
defencerabbit Team
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 

ContainerSched 2017 "Continuous Delivery with Containers: The Good, the Bad, and the Ugly"

  • 1. Continuous Delivery with Containers: The Good, the Bad, and the Ugly Daniel Bryant @danielbryantuk
  • 2. Containers: Expectations versus reality 29/09/2017 @danielbryantuk “DevOps”
  • 3. Setting the scene… • Continuous delivery is a large topic • No business focus today (value stream etc) • PaaS and Serverless are super interesting… • But I’m assuming you’re all-in on containers • Focusing today on the process and tooling • No live coding today • Mini-book contains more details (thanks nginx!) 29/09/2017 @danielbryantuk bit.ly/2jWDSF7
  • 4. TL;DR – Containers and CD • Container image becomes the build pipeline ‘single binary’ • Adding metadata to containers images is vital, but challenging • Must validate container constraints (NFRs) • Cultivate container ‘mechanical sympathy’ 29/09/2017 @danielbryantuk
  • 5. @danielbryantuk • Independent Technical Consultant, CTO at SpectoLabs • Architecture, DevOps, Java, microservices, cloud, containers • Continuous Delivery (CI/CD) advocate • Leading change through technology and teams 29/09/2017 @danielbryantuk
  • 7. Continuous Delivery • Produce valuable and robust software in short cycles • Optimising for feedback and learning • Not (necessarily) Continuous Deployment 29/09/2017 @danielbryantuk
  • 8. Creation of a build pipeline is mandatory for continuous delivery 29/09/2017 @danielbryantuk
  • 10. The Impact of containers on CD 29/09/2017 @danielbryantuk
  • 11. Container technology (and CD) • OS-level virtualisation • cgroups, namespaces, rootfs • Package and execute software • Container image == ‘single binary’ 29/09/2017 @danielbryantuk
  • 14. Creating a pipeline for containers 29/09/2017 @danielbryantuk
  • 16. Make your dev environment like production • Develop locally or copy/code in container • Must build/test containers locally • Perform (at least) happy path tests 29/09/2017 @danielbryantuk
  • 17. Quick Aside: Running *entire* system locally 29/09/2017 @danielbryantuk https://news.ycombinator.com/item?id=13960107 https://opencredo.com/working-locally-with-microservices/ https://www.datawire.io/telepresence/ | https://hoverfly.io/
  • 18. Make your dev environment like production • Develop locally or copy/code in container • Must build/test containers locally • Perform (at least) happy path tests • Use identical base images from production • With same configuration 29/09/2017 @danielbryantuk
  • 19. Lesson learned: Dockerfile content is super important • OS choice • Configuration • Build artifacts • Exposing ports • Java • JDK vs JRE and Oracle vs OpenJDK? • Golang • Statically compiled binary in scratch? • Python • Virtualenv? 29/09/2017 @danielbryantuk
  • 20. Please talk to the sysadmin people: Their operational knowledge is invaluable 29/09/2017 @danielbryantuk
  • 21. Different test and prod containers? • Create “test” version of container • Full OS (e.g. Ubuntu) • Test tools and data • Easy to see app/configuration drift • Use test sidecar containers instead • ONTEST proposal by Alexi Ledenev 29/09/2017 @danielbryantuk http://blog.terranillius.com/post/docker_testing/
  • 22. Docker multi-stage builds 29/09/2017 @danielbryantuk http://blog.alexellis.io/mutli-stage-docker-builds/ https://github.com/moby/moby/pull/31257 https://github.com/moby/moby/pull/32063
  • 24. Building images with Jenkins • My report covers this • Build as usual… • Build Docker Image • Cloudbees Docker Build and Publish Plugin • Push image to registry 29/09/2017 @danielbryantuk
  • 25. Storing in an image registry (DockerHub) 29/09/2017 @danielbryantuk
  • 26. Metadata – Beware of “latest” Docker Tag • Beware of the ‘latest’ Docker tag • “Latest” simply means • the last build/tag that ran without a specific tag/version specified • Ignore “latest” tag • Version your tags, every time • danielbryantuk/test:2.4.1 29/09/2017 @danielbryantuk
  • 27. Lesson learned: Metadata is valuable • Application metadata • Version / GIT SHA • Build metadata • Build date • Image name • Vendor • Quality metadata • QA control, signed binaries, ephemeral support • Security profiles (AppArmor), Security audited etc 29/09/2017 @danielbryantuk
  • 28. Metadata - Adding Labels at build time • Docker Labels • Add key/value data to image 29/09/2017 @danielbryantuk
  • 29. Metadata - Adding Labels at build time • Microscaling Systems’ Makefile • Labelling automated builds on DockerHub (h/t Ross Fairbanks) • Create file ‘/hooks/build’ • label-schema.org • microbadger.com 29/09/2017 @danielbryantuk
  • 30. Metadata - Adding Labels at runtime 29/09/2017 @danielbryantuk $ docker run -d --label uk.co.danielbryant.lbname=frontdoor nginx • Can ’docker commit’, but creates new image • Not possible to update running container • Docker Proposal: Update labels #21721
  • 31. Liz Rice (and Aqua) to the rescue! 29/09/2017 @danielbryantuk github.com/aquasecurity/manifesto
  • 32. External registry with metadata support 29/09/2017 @danielbryantuk
  • 35. Testing: Jenkins Pipeline (as code) 29/09/2017 @danielbryantuk
  • 40. Docker Compose & Jenkins Pipeline 29/09/2017 @danielbryantuk
  • 41. Ephemeral Kubernetes Clusters • Kubernaut (WIP) • Manages a pool of clusters • ”Claim” a fresh cluster • Use Helm to install dependencies 29/09/2017 @danielbryantuk
  • 42. Testing NFRs in the build pipeline • Performance and Load testing • Gatling / jmeter • Flood.io • Security testing • Findsecbugs / OWASP Dependency check • Bdd-security (OWASP ZAP) / Arachni • Gauntlt / Serverspec • Docker Bench for Security / CoreOS Clair 29/09/2017 @danielbryantuk
  • 43. Delaying NFRs to the ‘Last Responsible Moment’ • Newsflash! • Sometimes the last responsible moment is up-front! • Containers / microservices don’t make this easier • Sometimes more difficult… 29/09/2017 @danielbryantuk
  • 44. Mechanical sympathy: Docker and Java • Watch for JVM cgroup/taskset awareness • getAvailableProcessors() may incorrectly report the number of cpus in Docker (JDK-8140793) • Runtime.availableProcessors() ignores Linux taskset command (JDK-6515172) • Default fork/join thread pool sizes (and others) is based from host CPU count • Set container memory appropriately • JVM requirements = Heap size (Xmx) + Metaspace + JVM overhead • Account for native thread requirements e.g. thread stack size (Xss) • Entropy • Host entropy can soon be exhausted by crypto operations 29/09/2017 @danielbryantuk 44
  • 46. Observability is core to continuous delivery 29/09/2017 @danielbryantuk www.infoq.com/articles/monitoring-containers-at-scale
  • 47. Containers are not a silver bullet 29/09/2017 @danielbryantuk
  • 48. Moving to containers: Going all-in? 29/09/2017 @danielbryantuk OR
  • 49. Should I build my own container platform? Probably not (Unless you are Google, AWS or IBM) Whatever you decide… push it through a pipeline ASAP! 29/09/2017 @danielbryantuk
  • 50. Using containers does not obviate the need for good architectural practices 29/09/2017 @danielbryantuk
  • 53. In summary • Continuous delivery is vitally important in modern architectures/ops • Container images must be the (single) source of truth within pipeline • And metadata added as appropriate… • Mechanical sympathy is important (assert properties in the pipeline) • Not all developers are operationally aware • The tooling is now becoming stable/mature • We need to re-apply existing CD practices with new technologies/tooling 29/09/2017 @danielbryantuk
  • 55. Thanks for listening • Any questions? • Feel free to contact me • @danielbryantuk • daniel.bryant@tai-dev.co.uk 29/09/2017 @danielbryantuk bit.ly/2jWDSF7 Coming soon!
  • 56. Bonus slides (for extra context) 29/09/2017 @danielbryantuk
  • 57. Containerise an existing (monolithic) app? • For • We know the monolith well • Allows homogenization of the pipeline and deployment platform • Can be a demonstrable win for tech and the business • Against • Can be difficult (100+ line scripts) • Often not designed for operation within containers, nor cloud native • Putting lipstick on a pig? 29/09/2017 @danielbryantuk
  • 58. Key lessons learned • Conduct an architectural review • Architecture for Developers, by Simon Brown • Architecture Interview, by Susan Fowler • Look for data ingress/egress • File system access • Support resource constraints/transience • Optimise for quick startup and shutdown • Evaluate approach to concurrency • Store configuration (secrets) remotely 29/09/2017 @danielbryantuk
  • 59. New design patterns 29/09/2017 @danielbryantuk bit.ly/2efe0TP
  • 60. Microservices… Containers and microservices are complementary Testing and deployment change 29/09/2017 @danielbryantuk https://specto.io/blog/recipe-for-designing-building-testing-microservices.html