Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
Aurelijus Banelis
PGP 0x320205E7539B6203130D C446 1F1A 2E50 D6E33DA8 3202 05E7 539B 6203
Backend/[email protected]
AdaptingPHP applicationsto be used with
docker
Why to dockerizeWhat is dockerHow to dockerize
Introduction
Development
Production
Context/AlternativesWhat I really likedWhat I do not like
Deploying to AWSLogging challenges
Why to dockerizeWhat is dockerHow to dockerize
Introduction
Development
Production
Context/AlternativesWhat I really likedWhat I do not like
Deploying to AWSLogging challenges
Development bottleneck
Confidence/tooling bottleneck
Provisioning speed bottleneck
Illustration: https://home24.tech.blog/2018/05/28/home24-presenting-at-tableau-cinema-tour/
Monolith (VirtualBox) → SplitDevelopment bottleneck
Confidence/tooling bottleneck
Provisioning speed bottleneck
Development bottleneck
Jenkins (time based) → CircleCIConfidence/tooling bottleneck
Provisioning speed bottleneck
Development bottleneck
Confidence/tooling bottleneck
Release coordination → AWS servicesProvisioning speed bottleneck
Monolith (VirtualBox) → SplitDevelopment bottleneck
Jenkins (time based) → CircleCIConfidence/tooling bottleneck
Release coordination → AWS servicesProvisioning speed bottleneck
Bottleneck to grow
Monolith (VirtualBox) → SplitDevelopment bottleneck
Jenkins (time based) → CircleCIConfidence/tooling bottleneck
Release coordination → AWS servicesProvisioning speed bottleneck
The need for better virtualization tools
Monolith (VirtualBox) → SplitDevelopment bottleneck
Jenkins (time based) → CircleCIConfidence/tooling bottleneck
Release coordination → AWS servicesProvisioning speed bottleneck
The need for better virtualization tools
docker?
We migrated to dockerUsing docker extensively at
We migrated to dockerUsing docker extensively at
I would do the same againRight decision for current scaleFuture opportunities
Why to dockerizeWhat is dockerHow to dockerize
Introduction
Development
Production
Context/AlternativesWhat I really likedWhat I do not like
Deploying to AWSLogging challenges
Tool to run in isolated environmentMany ifs in kernel = cgroupsNot VirtualBox, not unikernel
Open source tool backed by Docker IncContainer hosting and premium serviceImproved by community (AWS, K8s)
Why to dockerizeWhat is dockerHow to dockerize
Introduction
Development
Production
Context/AlternativesWhat I really likedWhat I do not like
Deploying to AWSLogging challenges
docker build . -t kaunasphp-exampledocker run -p 8080:80 kaunasphp-example
https://gist.github.com/aurelijusb/6f6b1c86c440ce527250193ffcae62d7
docker build . -t kaunasphp-exampledocker run -p 8080:80 kaunasphp-example
https://gist.github.com/aurelijusb/6f6b1c86c440ce527250193ffcae62d7
docker build . -t kaunasphp-exampledocker run -p 8080:80 kaunasphp-exampleSimple?
https://gist.github.com/aurelijusb/6f6b1c86c440ce527250193ffcae62d7
docker build . -t kaunasphp-exampledocker run -p 8080:80 kaunaphp-exampleSimple?But for simple cases
Multiple containers
Development tools
PHP extensions
xDebug support
...https://github.com/nfqakademija/docker/blob/master/php/Dockerfile
Multiple containers
Development tools
PHP extensions
xDebug support
...https://github.com/nfqakademija/docker/blob/master/php/Dockerfile
More configuration
Multiple containers
Development tools
PHP extensions
xDebug support
...https://github.com/nfqakademija/docker/blob/master/php/Dockerfile
More configurationBut infrastructure
as a code
Why to dockerizeWhat is dockerHow to dockerize
Introduction
Development
Production
Context/AlternativesWhat I really likedWhat I do not like
Deploying to AWSLogging challenges
Why to dockerizeWhat is dockerHow to dockerize
Introduction
Development
Production
Context/AlternativesWhat I really likedWhat I do not like
Deploying to AWSLogging challenges
Docker Featuretoggle
IDE in cloud
Run & pray
Virtual box
Not many alternativesFor isolated environments
Why to dockerizeWhat is dockerHow to dockerize
Introduction
Development
Production
Context/AlternativesWhat I really likedWhat I do not like
Deploying to AWSLogging challenges
Person
Team
Community
Sandboxed development environmentHigh quality mocks (real MySql, wireshark)True integration/acceptance testsDockerfile→docker-compose→custom tooling
Experimenting with new software saferNo trash, no sensitive informationEasy to swap (DynamoDB local vs dynalite)Install/compile on your machine? Seriously?
Switching between branches/tasksLess issues with cache invalidationKill-it-not-heal-itData volumes = test data in branch
Infrastructure as a codeFixed versions, fixed php.ini+extensionsLess “works on my machine” = reproducibleMany bash scripts, configuration via ENV
Huge ecosystemPioniers are using and improvingAmazon, Google (K8s) is investingKnown issues and solutions in StackOverflow
Why to dockerizeWhat is dockerHow to dockerize
Introduction
Development
Production
Context/AlternativesWhat I really likedWhat I do not like
Deploying to AWSLogging challenges
High learning curve = blame dockerMisuse of the tool – isn’t docker silver bullet?Docker wraps – everyone blames the wrapperMany ways to install docker incorrectlyMounting vs copy-on-write operationNo Windows, more tooling/docs around
Not mature tooling / edge casesDownload private dependency: github token?Password protected SSH key? (Mac+Linux)CircleCI limited “remote docker”Host IP for xDebugEven more bash scripts/docs*
*Newest docker-compose supports secrets
Cache everything by designFull HDD because of docker imagesMissing log rotation (no “log-opts” by default)“Latest” tag, that is not immutableNetwork unreachable, since used by dockerdocker system prune, docker pull, RTFM
Why to dockerizeWhat is dockerHow to dockerize
Introduction
Development
Production
Context/AlternativesWhat I really likedWhat I do not like
Deploying to AWSLogging challenges
Why to dockerizeWhat is dockerHow to dockerize
Introduction
Development
Production
Context/AlternativesWhat I really likedWhat I do not like
Deploying to AWSLogging challenges
○ ECS (not yet K8s, AWS backed infrastructure/improvements, canary deployment by default)
○ ECR – uptime for downloads. Docker hub for development○ Task definition = docker-compose.yml○ PHP+Apache = PHP+Nginx (no big difference)○ Custom tooling for credentials via environment○ Spot-instances (currently for staging, targeting production)
PHP + Docker in productionMigrated Tier1 service – nobody noticed
AWS ECS PHP 7.2
Docker Apache
○ ECS (not yet K8s, AWS backed infrastructure/improvements, canary deployment by default)
○ ECR – uptime for downloads. Docker hub for development○ Task definition = docker-compose.yml○ PHP+Apache = PHP+Nginx (no big difference)○ Custom tooling for credentials via environment○ Spot-instances (currently for staging, targeting production)
PHP + Docker in productionMigrated Tier1 service – nobody noticed
AWS ECS PHP 7.2
Docker Apache
Amazon Web ServicesElastic Container ServiceAWS integration (E.g. spot-instances)K8s on AWS then was not matureKnow-how (our Go apps in prod)
Amazon Web ServicesElastic Container ServiceAWS integration (E.g. spot-instances)K8s on AWS then was not matureKnow-how (our Go apps in prod)
Naming in AWSDocker-compose → Task definitionContainer → TaskDocker Hub → ECR
Apache mod_phpPHP 7.2 log trimming in Nginx+FPMSingle process container – easierNo visible performance impactInternal service (no slow loris attack)
Why to dockerizeWhat is dockerHow to dockerize
Introduction
Development
Production
Context/AlternativesWhat I really likedWhat I do not like
Deploying to AWSLogging challenges
Replica Daemon External
ECS Service types
Daemon
LogConfiguration: LogDriver: fluentd Options: fluentd-async-connect: "true" fluentd-buffer-limit: "32MB" mode: "non-blocking"
Daemon
Replica Daemon External
Under investigation...Filebeat
Why to dockerizeWhat is dockerHow to dockerize
Introduction
Development
Production
Context/AlternativesWhat I really likedWhat I do not like
Deploying to AWSLogging challenges
DockerFeaturetoggle
IDE in cloud
Run & pray
Virtual box
Docker:Good to understand
Use on demand
Aurelijus Banelis
Dockerizing PHP Apps
KaunasPHP2019-02-20
Thank youQuestions?
Further reading/references● https://www.docker.com/● https://hub.docker.com/ ● https://aws.amazon.com/ecs/● https://aws.amazon.com/ecr/ ● https://fluentbit.io/● https://www.home24.de/ ● https://home24.tech.blog/category/aws/● https://aws.amazon.com/blogs/opensource/network-load-balancer-support-in-kubernetes-1-9/ ● https://docs.aws.amazon.com/AmazonECS/latest/developerguide/docker-volumes.html ● https://d1.awsstatic.com/whitepapers/microservices-on-aws.pdf ● https://justi.cz/security/2019/01/22/apt-rce.html ● https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-input-syslog.html ● https://d1.awsstatic.com/whitepapers/DevOps/running-containerized-microservices-on-aws.pdf