selecting a container image registry for production - microservices meetup feb 2017
TRANSCRIPT
nirmata
Selec%ngaContainerImageRegistryforProduc%onDeployments
MicroservicesMeetup–2/9/2017
RiteshPatel
2
• Co-founder@Nirmata
• Developer,ProductMgmt./Mktg.,CustomerSuccess
• PreviouslyatBrocade,TrapezeNetworks,Nortel
• MBA–UCBerkeley(Haas),MS–MichiganState
• EnjoyMovies,Food,Travelling,Golf
• @riteshdp,[email protected]
Aboutme:
3
• WhatisanImageRegistry?
• RequirementsforProducVonDeployments
• ComparingRegistries• DockerHub• AmazonECR• JFrogArVfactory
Agenda
4
PACKAGE DEPLOY
• Eclipse• IntelliJ…
• GitHub• Bitbucket• …
• Jenkins• Bamboo• …
• DockerHub• ArVfactory• AmazonECR
• Kubernetes• Mesos• Swarm• AmazonECS• Nirmata
DevOpsPipeline
5
• RegistryisserviceresponsibleforstoringanddistribuVngDockerimages
• Aregistrycontainsoneormorerepositories
• ArepositoryisacollecVonofrelatedimages(e.g.aserviceoranapplicaVon)
• AtagisanalphanumericidenVfiera^achedtoimageswithinarepository(e.g.,14.04orstable)
• ImagedigestisacomputedSHA256hashoftheimagemanifest
WhatisanImageRegistry?
6
• AuthenVcaVon&AuthorizaVon• LDAP,SAML,Oauth• Granularaccesscontrol&tracking
• Security• ImageScanning
• Performance• MulV-sitedeployments
• Resiliency• ZeroDataLoss
• Scale• Highthroughput
• WorkflowIntegraVons
• Price
RequirementsforProduc%onDeployments
7
• Defaultregistrywhenyouinstalldockerengine• CollaboraVonmodelsimilartoGitHub
• Individualcollaboratorscanbeaddedforeachrepo• CanalsocreateorganizaVons&groupswithinorgs
• IntegrateswithGithubandBitbuckettoautomaVcallybuildnewimagesfromDockerfile• Canlinkrepositoriestocreatebuildpipelines• Canconfigurewebhookswhicharetriggereduponsuccessfulupdatestoarepository• SecurityScanningavailable(ataddiVonalcost)• Pricing:usagebased
DockerHubPros• FamiliarcollaboraVonmodel• Easytouse• IntegraVonswithGitHub&
Bitbucket• Extensible• Inexpensive
Cons• Lackofinsightintoregistry
usage• NoLDAP,SAML,Oauth• Lacksfinegrainedaccess
control• Performancemaybe
inconsistent
8
• FullymanagedofferingbyAWS• Offersveryfine-grainedpermissionsandaccesscontrolviaIAM• IntegratedwithAmazonEC2ContainerService(ECS)• UsesAWSS3-4ninesofup-Vmeand11ninesfordatadurability• SuperiorperformanceifusingAWS• Pricing:basedonstorageandbandwidth
AmazonEC2ContainerRegistryPros• FamiliartoAWSusers• TightintegraVonwithECS• Highavailability• Usagebasedpricing
Cons• Lackofinsightintoregistry
usage• Difficulttousewithdocker
client• PotenVallyexpensiveifnot
usinginAWS
9
• UniversalArVfactRepositoryManagerthatfullysupportssonwarepackagescreatedbyanylanguageortechnology
• Cluster,HighAvailabilitysupported• ReplicaVontoanotherinstanceofArVfactory(mulV-site)
• Finegrainedaccesscontrol• IntegrateswithLDAP,AcVveDirectory,SAML,Crowd…
• Richmetadatacapability&comprehensivesearch
• IntegraVonswithallmajorDevOps&CI/CDtools
• SecurityScanningavailable(viaX-Ray)
• FlexibledeploymentopVons:SaaSandon-prem
• Pricing:Startsaround1K/yr(SaaS)
JFrogAr%factoryPros• SupportsdifferentarVfacts• Easytouse• HA,mulV-site• FlexibledeploymentopVons• OutoftheboxintegraVons
Cons• On-premversionneedsto
bemanaged• Couldbeexpensive
10
• RegistryforuseinproducVonneedstobe:• Secure• Reliable• HighPerformance
• SeveralopVonsavailableforanenterprisegraderegistry
• Selecttheregistrythatbestmeetsyourneeds&fitswellinyourDevOpspipeline
Summary
RiteshPatel:[email protected]
nirmata
Thank-you!h^ps://try.nirmata.io
@nirmataCloud