TIAD 2016 : Application delivery in a container world
Download as PPTX, PDF1 like465 views
This document discusses application delivery in a container world. It summarizes using Docker from development to production, including local development, continuous integration, deploying to servers using schedulers like Kubernetes and ECS, service discovery using tools like Consul, and updating applications safely using blue-green deployments and feature toggling. It then demonstrates these concepts using Docker, AWS ECS, Consul, and Consul Template to deploy a voting application.
More Related Content
What's hot (20)
Similar to TIAD 2016 : Application delivery in a container world (20)
More from The Incredible Automation Day (20)
Recently uploaded (20)
TIAD 2016 : Application delivery in a container world
- 1. Application delivery in a container world 4 octobre 2016 . #TIAD . @tiadparis
- 2. # TIAD@ tiadparis Who am I? 2 Laurent Bernaille @d2si • Linux background • Cloud enthousiast • Opensource advocate • Love discovering, building (and breaking…) new things • Passionate about the ongoing IT transformations @lbernail
- 3. # TIAD@ tiadparis Docker from development to production 3 • Local development • Docker and Continuous integration • Deploying to servers: scheduling containers • Multi-server setup: service discovery • Updating my application safely: Blue green deployment • Dynamically enable/disable features: Feature toggling
- 4. # TIAD@ tiadparis Demo • Local Build • Run locally (docker-compose) • Update code • Commit • Intregration with travis to publish image to ECR registry docker build -t demotiad/vote:0.1 --build-arg version=0.1 vote docker tag demotiad/vote:0.1 demotiad/vote:latest specific version tag ARG for label Alias image to latest ARG version ADD Dockerfile /Dockerfile LABEL eu.d2-si.python_version="2.7" LABEL eu.d2-si.application="vote" LABEL eu.d2-si.version="${version}" Metadata about the image Amazon ECR
- 5. # TIAD@ tiadparis 5 Bastion eu-west-1a Public subnets Let’s create an environment in AWS to deploy Private subnets NAT GW Public subnets Private subnets eu-west-1b Public subnets Private subnets eu-west-1c
- 6. # TIAD@ tiadparis Scheduling How do I run my containers? • Manual : ssh / docker run • Automated: ansible How do I choose a host? • Static (see before) • With a generic scheduler (Mesos, Nomad) • With a specialized scheduler (Kubernetes, ECS, Swarm) Choosing your scheduler • Most complete: Kubernetes • Kubernetes and Swarm provide more than scheduling - Higher level of abstraction - Control networking - Really worth looking into once if you have run production workloads for a while - hosts: redis tasks: - name: Run redis docker_container: name: redis image: redis - hosts: app tasks: - name: Run app docker name: vote image: demotiad/vote Demo: ECS (good integration with AWS / terraform, simple)
- 7. # TIAD@ tiadparis Service discovery How do my containers find each other when I have multiple hosts? • Static: set up /etc/hosts entries in containers • Rely on service discovery from scheduler * Kubernetes * Swarm > Big assumptions on the nework, intrusive (overlay, proxy, iptables) • Use a separate tool for service discovery + More control + Can be used for non-containers workloads (and for communication with them) - An additional tool to manage app redis redis ? - hosts: redis tasks: - name: Run redis docker_container: name: redis image: redis - hosts: app tasks: - name: Run app docker name: vote image: demotiad/vote etc_hosts: redis: 10.0.0.4 Demo: Consul (one of the reference standalone solution)
- 8. # TIAD@ tiadparis 8 Bastion Public subnets NAT GW Public subnets Public subnets CAg (UI) CS CS CS Let’s create a consul cluster
- 9. # TIAD@ tiadparis ECS 9 Bastion Public subnets NAT GW Public subnets Public subnets ECS ECS EFS file system EFS Mount target EFS Mount target EFS Mount target /mnt/efs /mnt/efs /mnt/efs Deploy ECS servers CAg (UI) CS CS CS
- 10. # TIAD@ tiadparis ECS 10 Bastion Public subnets NAT GW Public subnets Public subnets CAg (UI) CS CS CS ECS ECS EFS file system EFS Mount target EFS Mount target EFS Mount target /mnt/efs /mnt/efs /mnt/efs CAg RG Cad CAg RG Cad CAg RG Cad docker events We need some services on all nodes
- 11. # TIAD@ tiadparis ECS 11 Bastion Public subnets NAT GW Public subnets Public subnets CAg (UI) CS CS CS ECS ECS EFS file system EFS Mount target EFS Mount target EFS Mount target /mnt/efs /mnt/efs /mnt/efs CAg RG Cad CAg RG Cad CAg RG Cad docker events Let’s start two containers Rd Ash redis?
- 12. # TIAD@ tiadparis ECS 12 Bastion Public subnets NAT GW Public subnets Public subnets CAg (UI) CS CS CS ECS ECS EFS file system EFS Mount target EFS Mount target EFS Mount target /mnt/efs /mnt/efs /mnt/efs/redis CAg RG Cad CAg RG Cad CAg RG Cad Let’s deploy our application: backends Red Ctmpl+Nginx Ctmpl+Nginx
- 13. # TIAD@ tiadparis A few notes on ECS ECS tasks • run « manually » (part of ECS servers bootstrap here) • Consist of one or several related containers (« pod ») • Consul Agent / Registrator / cAdvisor ECS services • Run a given number of tasks on the cluster • Ensure they remain running • Scheduling * find host with capacity * try to run tasks of the same service on different nodes / AZ - Redis : 1 - Haproxy + Consul Template : 2 Persistency • No solution for dynamic volume migration • We use EFS and mount an EFS sub-directory inside containers with data
- 14. # TIAD@ tiadparis Consul template • Watch for entries in consul • Generate configuration based on these entries • Here * Generate nginx configuration * Start nginx as a child process * Reload nginx when configuration as changed server { location / { proxy_pass http://{{key_or_default "routes/vote" "blue”}}; } } server { location / { proxy_pass http://blue; } } key routes/vote ? • Let’s create routes/vote and set it to green
- 15. # TIAD@ tiadparis ECS 15 Bastion Public subnets NAT GW Public subnets Public subnets CAg (UI) CS CS CS ECS ECS EFS file system EFS Mount target EFS Mount target EFS Mount target /mnt/efs /mnt/efs /mnt/efs/redis CAg RG Cad CAg RG Cad CAg RG Cad Red Ctmpl+Nginx Ctmpl+Nginx Deploy our app Vote: http://tiad.awsdemo.d2-si.eu AppApp
- 16. # TIAD@ tiadparis How did nginx find the containers? upstream green { {{ range service "votegreen" }} server {{.Address}}:{{.Port}};{{end}} } upstream green { server 10.255.128.166:32769; server 10.255.129.118:32770; } service votegreen ?
- 17. # TIAD@ tiadparis ECS 17 Bastion Public subnets NAT GW Public subnets Public subnets CAg (UI) CS CS CS ECS ECS EFS file system EFS Mount target EFS Mount target EFS Mount target /mnt/efs /mnt/efs /mnt/efs/redis CAg RG Cad CAg RG Cad CAg RG Cad Red Ctmpl+Nginx Ctmpl+Nginx AppApp What about a new version? App App
- 18. # TIAD@ tiadparis Blue Green deployment HA P HA P AppApp App App routes/vote: green Test before switching Acces blue containers directly Use custom header: X-Color map $http_x_color $color { "green" "green"; "blue" "blue"; default "{{= key_or_default "routes/vote" "blue”}}"; } server { location / { proxy_pass http://$color; } } X-color = blue?
- 19. # TIAD@ tiadparis When ok switch HA P HA P AppApp App App routes/vote: blue Dynamic parameters Get title from consul params/title/blue title=get_param("title",color,"Hello TIAD")
- 20. # TIAD@ tiadparis Feature toggling HA P HA P AppApp App App routes/vote: blue features/containerid/blue Switch on/off features Release code not validated yet Simplify branch management (always ship trunk) Advanced use cases Canary deployment (x% users) Specific users only if is_enabled_feature("containerid",color): message=message+" on container "+ hostname « Always Ship Trunk » (Paul Hammond, Velocity 2010) « Feature Toggles » (Martin Fowler 2016: http://martinfowler.com/articles/feature-toggles.htm)
- 21. # TIAD@ tiadparis Conclusion and perspectives Going into production with docker • With containers OPS and DEV are closer than ever • Continuous Integration as a source for images • Service discovery will be a challenge => Not specific to containers but to microservices in general A few other (somewhat unrelated) notes • Docker in production will require experienced sysadmins • Avoid putting stateful (db) services in containers • Security (image sources, container permissions)
- 22. # TIAD@ tiadparis Thank you @lbernail Look at / Fork the code of this demo on github https://github.com/lbernail/demotiad Questions ?