Docker in production

Tomáš Tomeček

This talk is NOT about

• Talking about an existing deployment
• Presenting experience with docker in production

This talk IS about

• Steps needed for using containers in production
• Expectations
• Current state of docker ecosystem

This talk is presented by...

• This guy
• Ops Engineer
• Docker project contributor
• Container fanboy

Steps needed for using containers

Steps needed for using containers

1. Build
2. Distribute
3. Deploy

Build

• Containerize the application
  • Produce Dockerfile and run arguments
  • Usually easy
  • Except when it's not
  • Graphical applications, hardware devices, esoteric kernel features...

Build (2)

• Image content
• Create an image
  • Easy
  • Although...
  • Layer management (squashing)
  • Build-time secrets
  • And more... (see my DevConf talk)
• Hierarchy

Distribute

• As an archive
• Via shared storage
• Using Docker registry protocol
• Figure out naming scheme

Deploy

• The easiest one Just kidding
• Version of docker engine matters
• Single node setup
• Multi node setup
• Orchestrator
  • Managing the service
  • Networking
  • Storage
  • (Rolling) updates
  • Monitoring

Quick recap

• Workflow
• Base Images
• CI / CD
• Orchestrator pick

Expectations

Expectations — the good

• Unified environment
• Everything is automated
• Everything is tracked
• You are in control

Release with git tag, then sit back, relax and enjoy your beer.

Expectations — the bad

• New type of infrastructure
• New experience, new skills
• Evolves quickly
• Some issues are hard to resolve

State of the art

“Nobody cares about containers.”

Solomon Hykes, CTO of Docker Inc.

Dockercon 2016, Keynote, day 1

Technology Platform

docker 1.12

• Built-in orchestration
• Service API
• Distributed application bundle — multi-container applications
• New HEALTHCHECK instruction
• --live-restore daemon flag
• docker client binary and dockerd daemon

Let's talk stability & issues now

• 80/20
• Lots of code changes
• Releases every 2-3 months
  • with minor releases after a major one
• May be hard to reproduce
• And even harder to fix

Let's talk stability & issues now (2)

• Docker Daemon Hangs under load - #13885
• [1.11.0] Possible deadlock on container object #22124
• DNS queries sometimes get stuck since upgrading to 1.11.0 #22185
• Internet connectivity drops in random container. #22144
• Sometimes the device mapper is stuck in an infinite “mount/remount” loop #20401
• Docker build that fails with overlay storage backend only? #12327
• Overlayfs does not work with unix domain sockets #12080
• "device or resource busy"

Summary

• Docker engine has won containers
• Orchestration battle has begun
• Pick your platform
• Open Container Initiative

Further reading

• /var/lib/docker on NFS
• Dockercon 2016 Keynote Day 1
• Distributed Application Bundles
• Deploy a service
• Docker 1.12 blog post
• Docker stacks and bundles
• docker: devicemapper fix for “device or resource busy” (EBUSY)
• Pull request: Adds ability to flatten image after build
• My talk: Is it hard to build a docker image?

Questions are welcome!

github.com/TomasTomecek/flock2016-talk

@TomasTomec