oreilly sacon 2016 "a practical guide for continuous delivery with containers"

66
(A Practical Guide to) Continuous Delivery with Containers Daniel Bryant @danielbryantuk

Upload: daniel-bryant

Post on 25-Jan-2017

1.065 views

Category:

Technology


1 download

TRANSCRIPT

Page 1: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

(A Practical Guide to)Continuous Delivery with Containers

Daniel Bryant @danielbryantuk

Page 2: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Setting the scene…• Continuous delivery is a large topic

• Focusing on the process and tooling• Rather than each explicit step

• My O’Reilly mini-book will provide step-by-step instructions

• Assuming basic knowledge of Docker

Page 3: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Today…• Continuous Delivery (CD)

• The impact of containers on CD

• Creating a container pipeline

• Migrations: Architectural guidance

• Lessons learned the hard way

Page 4: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

@danielbryantuk• Chief Scientist at OpenCredo, CTO at SpectoLabs

• Agile, architecture, CI/CD, DevOps

• Java, Go, JS, microservices, cloud, containers

• Leading change through the application of technology and teams

• London Java Community Associate• InfoQ Editor, DZone MVB, O’Reilly…• Conference regular: Devoxx, JavaOne, QCon…

Page 5: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Continuous Delivery

Page 6: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Continuous Delivery

• Produce valuable and robust software in short cycles

• Optimising for feedback and learning

• Not (necessarily) Continuous Deployment

Page 7: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Creation of a build pipeline is mandatory for continuous delivery

Page 8: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 9: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

The Impact of Containers on CD

Page 10: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Containers: Expectations versus reality

“DevOps”

Page 11: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Container technology• OS-level virtualisation• cgroups, namespaces, rootfs

• Technology to package and execute software

• The container image becomes the source of truth

• Mechanical sympathy is vital

Page 12: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

We’ll focus on Docker today• Docker images are built via a Dockerfile

• docker build –t danielbryantuk/test:1.4

• Publish images• docker push danielbryantuk/test:1.4

• Download images• docker pull danielbryantuk/test:1.4

• Run an image as a container• docker run –p 80:80 danielbryantuk/test:1.4

Page 13: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 14: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 15: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Quick interuption: Microservices…• Containers and microservices are

complementary

• Not covering details for deploying microservices today

• But if you are interested:• Consumer-based contracts • Service virtualisation• Synthetic transactions and semantic

monitoring https://specto.io/blog/recipe-for-designing-building-testing-microservices.html

Page 16: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 17: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 18: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 19: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Creating a Pipeline for Containers

Page 20: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 21: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Make your dev environment like production• Develop locally or copy/code in container

• Ensure language runtime/SDK is synced

• Must build/test containers locally• Perform (at least) happy path tests before

pushing code• All tests should be runnable locally

Page 22: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

What to put in the Dockerfile

• OS choice• Exposed to OS (often implictly?)• Choose lightweight OS if possible e.g. Alpine, Debian

Jessie

• Configuration

• Build artifacts

• Exposing ports

• Java• JDK vs JRE• Oracle vs OpenJDK

• Golang• Statically compiled binary

• Python• Virtualenv

Page 23: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Please talk to the sysadmin people:Their operational knowledge is invaluable

Page 24: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Different dev and test containers?• Test container• Full OS (e.g. Ubuntu)• JDK • Test tools• Test data

• Easy to see configuration drift

• Interesting ONTEST proposal by Alexi Ledenev

http://blog.terranillius.com/post/docker_testing/

Page 25: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 26: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Building images with Jenkins• Standard Jenkins Java

• Gradle or Maven• SonarQube for code quality

• (Optionally) push to artifact repo• Nexus and Artifactory support Java artifacts

and Docker images

• Build Docker Image• Cloudbees Docker Build and Publish Plugin

Page 27: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 28: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Storing in an image registry (DockerHub)

Page 29: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 30: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

A little context…

Page 31: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Introducing Docker Compose

Page 32: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Testing: Jenkins Pipeline as Code

Page 33: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Testing: Jenkins Pipeline as Code

Page 34: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 35: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Jenkins ‘BlueOcean’ Beta

Page 36: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 37: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Docker Compose & Jenkins Pipelines

Page 38: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Testing: Functional• Automate all the things!• Deploy to realistic environments

• API-driven functional• REST-assured

• UI-driven functional• Selenium• Serenity BDD• Geb

Page 39: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Testing: NFRs• Execution (runtime)• Security• Observability

• Evolvability (static)• Testabillity• Maintainability• Scalability• Extensibility

Page 40: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Testing: NFRs• Security testing • Findsecbugs• OWASP Dependency check• Bdd-security (OWASP ZAP) / Arachni • Gauntlt / Serverspec• Docker Bench for Security / AQUA

• Performance and Load testing • Gatling / Jmeter• Flood.io

Page 41: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Special mention: Container security testing

Page 42: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 43: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Special mention: Fault tolerance testing

Page 44: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Fault tolerance

techblog.netflix.com/2016/10/netflix-chaos-monkey-upgraded.html github.com/tomakehurst/saboteur

Page 45: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Hoverfly• Lightweight Service virtualisation • Open source (Apache 2.0)• Go-based / single binary • Written by @Spectolabs

• Flexible API simulation• HTTP / HTTPS• Highly performant

Page 46: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

• Middleware• Remove PII• Rate limit• Add headers

• Middleware• Fault injection• Chaos monkey

Page 47: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Page 48: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Deploy• Test environments should represent

production (as much as possible)

• Fan-in infrastructure pipelines with applications as soon as possible

• Ask yourself: Do you really want to create a container platform?

Page 49: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk | @spoole167 49

Don’t underestimate the value of PaaS…

Page 50: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Post-deployment

Page 51: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk | @oakinger

When bad things happen, people are at the center

Page 52: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Monitoring is vital with continuous delivery• Host monitoring

• Container monitoring

• Application monitoring

https://github.com /Kentik/docker-monitor

Page 53: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Migrations: Architectural Guidance

Page 54: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Containerise the monolith?• For

• We know the monolith well

• Allows homogenization of the pipeline and deployment platform

• Can be a demonstrable win for tech and the business

• Against

• Can be difficult (100+ line scripts)

• Often not designed for operation within containers, nor cloud native

• Putting lipstick on a pig?

Page 55: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Key lessons learned• Conduct an architectural review

• Architecture for Developers, by Simon Brown• Architecture Interview, by Susan Fowler

• Look for data ingress/egress• File system access

• Support resource constraints/transience• Optimise for quick startup and shutdown • Evaluate approach to concurrency• Store configuration (secrets) remotely

Page 56: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Containers and cloud: Design for failure• Distributed Computing Principles• Jeff Hodges ‘Distributed Systems’ (bit.ly/1FeaVtt) • Scalable Web Architecture (bit.ly/1tt703O)• ‘For young bloods’ (bit.ly/1pKVepz)

• Design patterns• Timeouts / retries• Bulkheads / circuit-breakers

Page 57: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

New design patterns

bit.ly/2efe0TP

Page 58: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Using containers does not obviate the need for good architecture

Page 59: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

https://speakerdeck.com/caseywest/containercon-north-america-cloud-anti-patterns

Page 60: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Lessons Learned the Hard Way

Page 61: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Miscellaneous (but vital)• Beware of the ‘latest’ Docker tag• Properly version your containers

• Metadata is vital• Labels can be valuable• h/t MicroBadger

• www.notonthehighstreet.com case study and learnings• http://bit.ly/1PMlpIL

Page 62: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk | @spoole167 62

Mechanical sympathy: Docker and Java• Set container memory appropriately • JVM requirements = Heap size (Xmx) + Metaspace + JVM overhead• Account for native thread requirements e.g. thread stack size (Xss)• Default fork/join thread pool sizes (based from host CPU count)• Watch out for ulimits

• Entropy • Host entropy can soon be exhausted by crypto operations• –Djava.security.egd=file:/dev/urandom• Be aware of security ramifications

Page 63: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Summary

Page 64: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

In summary• Continuous delivery is vitally important in modern architectures/ops

• Container images must be the (single) source of truth within pipeline

• Mechanical sympathy is important (assert properties in the pipeline)• We’re now bundling more into our artifact (e.g. an OS)• Not all developers are operationally aware

• The tooling is now becoming stable/mature• We need to re-apply old CD practices with new technologies/tooling

Page 65: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Bedtime reading

Page 66: OReilly SACON 2016 "A Practical Guide for Continuous Delivery with Containers"

01/05/2023 @danielbryantuk

Thanks for listening

• Any questions?

• Feel free to contact me• @danielbryantuk• [email protected]