Docker in production

Tomáš Tomeček

This talk is NOT about

  • Talking about an existing deployment
  • Presenting experience with docker in production

This talk IS about

  • Steps needed for using containers in production
  • Expectations
  • Current state of docker ecosystem

This talk is presented by...

  • This guy
  • Ops Engineer
  • Docker project contributor
  • Container fanboy

Steps needed for using containers

Steps needed for using containers

  1. Build
  2. Distribute
  3. Deploy

Build

  • Containerize the application
    • Produce Dockerfile and run arguments
    • Usually easy
    • Except when it's not
    • Graphical applications, hardware devices, esoteric kernel features...

Build (2)

  • Image content
  • Create an image
    • Easy
    • Although...
    • Layer management (squashing)
    • Build-time secrets
    • And more... (see my DevConf talk)
  • Hierarchy

Distribute

  • As an archive
  • Via shared storage
  • Using Docker registry protocol
  • Figure out naming scheme

Deploy

  • The easiest one Just kidding
  • Version of docker engine matters
  • Single node setup
  • Multi node setup
  • Orchestrator
    • Managing the service
    • Networking
    • Storage
    • (Rolling) updates
    • Monitoring

Quick recap

  • Workflow
  • Base Images
  • CI / CD
  • Orchestrator pick

Expectations

Expectations — the good

  • Unified environment
  • Everything is automated
  • Everything is tracked
  • You are in control

Release with git tag, then sit back, relax and enjoy your beer.

Expectations — the bad

  • New type of infrastructure
  • New experience, new skills
  • Evolves quickly
  • Some issues are hard to resolve

State of the art

“Nobody cares about containers.”

Solomon Hykes, CTO of Docker Inc.

Dockercon 2016, Keynote, day 1

Technology Platform

docker 1.12

  • Built-in orchestration
  • Service API
  • Distributed application bundle — multi-container applications
  • New HEALTHCHECK instruction
  • --live-restore daemon flag
  • docker client binary and dockerd daemon

Let's talk stability & issues now

  • 80/20
  • Lots of code changes
  • Releases every 2-3 months
    • with minor releases after a major one
  • May be hard to reproduce
  • And even harder to fix

Let's talk stability & issues now (2)

  • Docker Daemon Hangs under load - #13885
  • [1.11.0] Possible deadlock on container object #22124
  • DNS queries sometimes get stuck since upgrading to 1.11.0 #22185
  • Internet connectivity drops in random container. #22144
  • Sometimes the device mapper is stuck in an infinite “mount/remount” loop #20401
  • Docker build that fails with overlay storage backend only? #12327
  • Overlayfs does not work with unix domain sockets #12080
  • "device or resource busy"

Summary

  • Docker engine has won containers
  • Orchestration battle has begun
  • Pick your platform
  • Open Container Initiative

Further reading

Questions are welcome!

github.com/TomasTomecek/flock2016-talk

@TomasTomec