Connecting Containers

Building a PaaS with Docker and Kubernetes

Presented by
Katie Miller / @codemiller
Steve Pousty / @TheSteve0

Deployment Styles

Wait and See
request server >> wait >> wait some more >> request deployment >> while (environment issues) { reattempt deployment >> wait } >> in production
Resource Loop
request server >> wait >> request deployment >> in production >> app fails under load >> request server...
Procure Cure
attempt to navigate IT Service Desk software >> fail >> acquire server on the sly >> in "production"
Friends in High Places
failure in production >> call in Chuck Norris >> Norris whispers "you better run" >> the app runs

Aims

  • Freedom to choose best tool for the job, without config headaches
  • Fast, easy, reproducible deployments, made up of small components wired together (à la microservices)
  • Ability to scale pieces of a solution independently, to meet changing demand
  • End battles between Dev and Ops; automated deployment pipeline; CI/CD
  • Security and the ability to respond quickly to issues

Platform as a Service

Reasons to Rebuild

Act on lessons from the past three years of running a PaaS
New technologies to build on, including Docker image-based packaging and large associated ecosystem

The New Stack

Why touch the OS

Change happens!

Virtualisation and then Cloud

A lot of experience with Linux and the growth of containers

RPM-OSTree

A system to compose RPMs on a server side into an OSTree repository

Minimal System

Best supported kernel in the world

All the System Utilities you need and nothing else

Containers first-class citizens

Made for running containers

Includes a console for management

Wins

Fast boot: OS with just the good parts
Container management and security is its speciality
Friggin' awesome kernel

Defining Container

  • In Docker parlance, a container is a running instance of an image
  • Based on Linux containers (namespaces, control groups)
  • Combines file system layers into a "Union File System"
  • Includes all of the components necessary to run a process, store persistent data, or both

Containers vs. VMs

Container Operations

Instantiate a Docker container with docker run:

$ docker run -i -t centos /bin/bash
bash-4.1# exit
exit

 
List running and exited docker processes with docker ps:

$ docker ps -l
CONTAINER ID  IMAGE                  COMMAND      CREATED         STATUS      NAMES
7c4ef3596fa5  centos:latest  "/bin/bash"  49 seconds ago  Exited (0)  grave_newton

 
Rejoin containers with docker attach:

$ docker start grave_newton
grave_newton
$ docker attach grave_newton
bash-4.1# exit
exit

'Diffing' a Container

Add a label to a docker container and install wget:

$ docker run -i -t --name="add_wget" centos /bin/bash
bash-4.1# yum install -y wget
...
bash-4.1# exit

Run a diff on the container after it has run:

$ docker diff add_wget
C /.bash_history
C /etc
A /etc/wgetrc
C /tmp
C /usr
C /usr/bin
A /usr/bin/wget
C /usr/share
C /usr/share/doc
A /usr/share/doc/wget-1.12
...

Containers as Daemons

A docker container runs until:

  • The process inside it exits or
  • You stop it with docker stop <container_name>

Linking Containers

  • Containers on the same host can be linked together
  • Links between containers are not accessible outside the host
  • Links are shared via ENV and /etc/hosts

Docker: Pros and Cons

PROS:

  • Extreme application portability
  • Very easy to create and work with derivative images
  • Fast boot on containers
    

CONS:

  • Host-centric solution; not aware of anything else
  • No higher-level provisioning
  • No usage tracking / reporting

Wins

Efficient resource usage
BYOB - bring your own bits
A standard way for people to make container images
Huge ecosystem

kubernetes:

Greek for 'pilot' or 'helmsman'
"a system for managing containerised applications across multiple hosts"
declarative model
open source project by Google

Terminology and Architecture

Concepts

  • pod: colocated group of Docker containers that share an IP and storage volumes
  • service: provides a single, stable name for set of pods and acts as basic load balancer
  • replication controller: manages the lifecycle of pods and ensures specified number are running
  • label: used to organise and select groups of objects

Components

  • cluster: compute resources on top of which containers are built
  • node: Docker host running kubelet (node agent) and proxy services
  • master: hosts cluster-level control services, including the API server, scheduler, and controller manager
  • etcd: distributed key-value store used to persist Kubernetes system state

Wins

Runtime and operational management of containers

Manage related Docker containers as a unit
Container communication across hosts
Availability and scalability through automated deployment and monitoring of pods and their replicas, across hosts

Rebuilding OpenShift

Design Goal

Kubernetes provides a
container runtime

OpenShift provides the
DevOps and team environment

Concepts

  • application: one or more pods linked together by services; distinct, interconnected components
  • config: collection of objects describing combination of pods, services, replication controllers, environment variables, and other components
  • template: parameterised version of config for generalised reuse
  • build config: object defining source code URI, authentication for change notifications (webhooks), and build type (source-to-image or docker-builder)
  • deployment: image and settings for it: replication controller, trigger policies, and deployment strategy

Features

  • Ability to build, manage, and deliver application descriptions at scale
  • Turning source code into new deployable components
  • Support for common workflows, the application lifecycle, and teams
    • Integration of CI/CD flows into Kubernetes; trigger builds manually or from code, app, or image changes
    • Support for projects and multi-user usage and tracking; default network isolation based on team access control

Demo

Wins

Build a single artifact containing the dependency chain for reproducible deployments
Share common technology stacks and common patterns for rolling out changes
Efficiently manage thousands of applications, auto-scaling components independently and updating them en masse
Easily provision new resources at scale and subdivide them for teams
Responsive, change-aware platform supports fault-tolerant, automated, and repeatable builds and deployments

Conclusion

  • We covered A LOT
  • For us, it's the Linux story again - come build with us!
  • Your world as a sys admin or developer is looking bright
    • Use containers to have an agreed upon way to managage server bits
    • We can automate some annoying things - i.e. dev env creation or autoscaling
    • Template an entire application - infra and code
    • OpenShift packages all this technology into one nice package

References and Resources

Connecting Containers

http://containers.codemiller.com

Presented by
Katie Miller / @codemiller
Steve Pousty / @TheSteve0

Runs on Kubernetes Presentation Source