SlideShare uma empresa Scribd logo

Lessons Learned Building a Container App Library

A
Adnan Abdulhussein

In this talk, Adnan Abdulhussein will walk you through Bitnami's journey in maintaining our first handful of container images to the ~70 images of popular open-source apps we have available today. You will learn how to bend entrypoints to your will, improve security with non-root containers, reduce image sizes with multi-stage builds and optimised base images, and more!

Engenharia
1 de 27
Baixar para ler offline
Lessons learned building a container app library Adnan Abdulhussein | @prydonius
Who is Bitnami? Bitnami is the leader in packaged applications for any platform. ❯ End-to-end automated build & release ❯ 140+ Apps and language runtimes ❯ 1 million+ App instances deployed monthly ❯ Multi-format: Win/Mac/Linux, VM, Container, K8s chart ❯ Multi-cloud: configuration & deployment for every major cloud provider
What do we do? Build Deploy Maintain Components Packages Platforms Updates Automatically build, deploy and maintain applications for containers, cloud, VMs, or bare metal.
❯ Containers in Development mid-2014 Adopting Containers
How do I get my fancy zsh prompt? Can I add my SSH keys? My tmux configuration isn’t being copied in?? Is emacs installed? Adapting to the mindset...
First Set of Bitnami Images ❯ Released in mid-2015 ❯ 8 runtime and infrastructure images ❯ Source available on GitHub ❯ Automatic builds on Docker Hub ❯ Focus on documentation ❯ Dogfooding
"All in One" images ❯ Handful of apps: WordPress, Drupal, etc. ❯ Iterative approach to containerisation ❯ s6-overlay for multi-process supervision ❯ docker run -p 8080:80 bitnami/wordpress
One process per container task
Multi-Container Apps ❯ Split database from application containers ❯ Orchestrated using Docker Compose ❯ docker-compose up
Not scalable out-of-the-box ❯ Most apps not cloud/container-native ❯ File uploads stored in filesystem ❯ Reliance on .htaccess rules
Development Containers ❯ Released in mid-2016 ❯ Containerised popular frameworks ❯ Bring up a development environment in seconds ❯ Bootstraps new app if local directory empty ❯ Mounts local directory for editing locally and reloading server on changes
❯ Defined using ENTRYPOINT in the Dockerfile ❯ Runs on container startup ❯ Receives container's command (CMD) as arguments ❯ Typically used to start an interactive shell ❯ Useful for initialising volumes, writing configuration, waiting for services, etc. Container Entrypoints
❯ Could choose runtime binary to be the image entrypoint FROM bitnami/node:latest ENTRYPOINT ["node"] ❯ docker run mynode -e "console.log('hello!')" Container Entrypoints
if ! app_present; then log "Creating laravel application" cp -r /tmp/app/ / fi if ! dependencies_up_to_date; then log "Installing/Updating Laravel dependencies (composer)" composer update log "Dependencies updated" fi wait_for_db if ! fresh_container; then ... else setup_db log "Initialization finished" touch $INIT_SEM fi exec tini -- "$@" Container Entrypoints
❯ tini, dumb-init are simple init systems for containers ❯ These start as PID 1 and run a command as a child process ❯ Correctly handle process signals and reap zombie processes ❯ May not be needed soon ○ built-in to Docker with --init flag ○ Kubernetes' pause container Container init systems
Optimising Images
Smaller images smaller footprint, faster transmission and lower attack surface
Minideb ❯ Released in late-2016 ❯ ~50mb Debian base image ❯ Compatible with most software ❯ Familiar package manager with large library github.com/bitnami/minideb
Multi-stage builds ❯ Available in Docker 17.05+ ❯ Define build pipeline in Dockerfile ❯ Copy artifacts between stages ❯ Resulting image built from the final stage
FROM bitnami/node:6 as builder ENV NODE_ENV="production" COPY . /app WORKDIR /app RUN npm install # installs native extensions FROM bitnami/node:6-prod ENV NODE_ENV="production" COPY --from=builder /app /app WORKDIR /app EXPOSE 3000 CMD ["npm", "start"] Multi-stage builds
Non-Privileged Containers ❯ Following best practices from OpenShift ❯ Assume UID is unknown, GID is 0 (root) $ docker run --user 1001 bitnami/minideb id uid=1001 gid=0(root) groups=0(root) ❯ Files can have read-write-execute permissions for root group ❯ Services bind to non-privileged ports canihaznonprivilegedcontainers.info
Non-Privileged Containers $ docker run --user 1001 bitnami/minideb I have no name!@ec12f26b1857:/$
What's Next? ❯ Roll out non-privileged & multi-stage builds to all apps ❯ More docs and tutorials (docs.bitnami.com) ❯ Minimal Centos base image ❯ Container builds with Bazel ❯ Tools for Kubernetes: Helm, Kubeless
Thank You

Recomendados

Development environments in seconds using Bitnami containers
Development environments in seconds using Bitnami containersDevelopment environments in seconds using Bitnami containers
Development environments in seconds using Bitnami containersAdnan Abdulhussein
 
Telepresence - Seamless Development Environments on Kubernetes
Telepresence - Seamless Development Environments on KubernetesTelepresence - Seamless Development Environments on Kubernetes
Telepresence - Seamless Development Environments on KubernetesAdnan Abdulhussein
 
Continuous Delivery to Kubernetes Using Helm
Continuous Delivery to Kubernetes Using HelmContinuous Delivery to Kubernetes Using Helm
Continuous Delivery to Kubernetes Using HelmAdnan Abdulhussein
 
Kubernetes CI/CD with Helm
Kubernetes CI/CD with HelmKubernetes CI/CD with Helm
Kubernetes CI/CD with HelmAdnan Abdulhussein
 
Thinking One Step Further with Time-saving DevOps Tools with Open Telekom Clo...
Thinking One Step Further with Time-saving DevOps Tools with Open Telekom Clo...Thinking One Step Further with Time-saving DevOps Tools with Open Telekom Clo...
Thinking One Step Further with Time-saving DevOps Tools with Open Telekom Clo...Bitnami
 
Container Orchestration using Kubernetes
Container Orchestration using KubernetesContainer Orchestration using Kubernetes
Container Orchestration using KubernetesHesham Amin
 
DevOps: Kubernetes + Helm with Azure
DevOps: Kubernetes + Helm with AzureDevOps: Kubernetes + Helm with Azure
DevOps: Kubernetes + Helm with AzureJessica Deen
 
DevOps with Kubernetes and Helm - OSCON 2018
DevOps with Kubernetes and Helm - OSCON 2018DevOps with Kubernetes and Helm - OSCON 2018
DevOps with Kubernetes and Helm - OSCON 2018Jessica Deen
 

Recomendados

Development environments in seconds using Bitnami containers
Development environments in seconds using Bitnami containersDevelopment environments in seconds using Bitnami containers
Development environments in seconds using Bitnami containersAdnan Abdulhussein
 
Telepresence - Seamless Development Environments on Kubernetes
Telepresence - Seamless Development Environments on KubernetesTelepresence - Seamless Development Environments on Kubernetes
Telepresence - Seamless Development Environments on KubernetesAdnan Abdulhussein
 
Continuous Delivery to Kubernetes Using Helm
Continuous Delivery to Kubernetes Using HelmContinuous Delivery to Kubernetes Using Helm
Continuous Delivery to Kubernetes Using HelmAdnan Abdulhussein
 
Kubernetes CI/CD with Helm
Kubernetes CI/CD with HelmKubernetes CI/CD with Helm
Kubernetes CI/CD with HelmAdnan Abdulhussein
 
Thinking One Step Further with Time-saving DevOps Tools with Open Telekom Clo...
Thinking One Step Further with Time-saving DevOps Tools with Open Telekom Clo...Thinking One Step Further with Time-saving DevOps Tools with Open Telekom Clo...
Thinking One Step Further with Time-saving DevOps Tools with Open Telekom Clo...Bitnami
 
Container Orchestration using Kubernetes
Container Orchestration using KubernetesContainer Orchestration using Kubernetes
Container Orchestration using KubernetesHesham Amin
 
DevOps: Kubernetes + Helm with Azure
DevOps: Kubernetes + Helm with AzureDevOps: Kubernetes + Helm with Azure
DevOps: Kubernetes + Helm with AzureJessica Deen
 
DevOps with Kubernetes and Helm - OSCON 2018
DevOps with Kubernetes and Helm - OSCON 2018DevOps with Kubernetes and Helm - OSCON 2018
DevOps with Kubernetes and Helm - OSCON 2018Jessica Deen
 
Continous Delivery to Kubernetes using Helm
Continous Delivery to Kubernetes using HelmContinous Delivery to Kubernetes using Helm
Continous Delivery to Kubernetes using HelmBitnami
 
Testing strategies for Docker containers
Testing strategies for Docker containersTesting strategies for Docker containers
Testing strategies for Docker containersAlexei Ledenev
 
Kubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen FisherKubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen FisherDoiT International
 
Scaling Jenkins with Kubernetes by Ami Mahloof
Scaling Jenkins with Kubernetes by Ami MahloofScaling Jenkins with Kubernetes by Ami Mahloof
Scaling Jenkins with Kubernetes by Ami MahloofDoiT International
 
Development Swarm Cluster
Development Swarm ClusterDevelopment Swarm Cluster
Development Swarm ClusterAlexei Ledenev
 
Running Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWSRunning Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWSDoiT International
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.
 
Efficient Parallel Testing with Docker by Laura Frank
Efficient Parallel Testing with Docker by Laura FrankEfficient Parallel Testing with Docker by Laura Frank
Efficient Parallel Testing with Docker by Laura FrankDocker, Inc.
 
DevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm WebinarDevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm WebinarCodefresh
 
Building CI/CD Pipelines with Jenkins and Kubernetes
Building CI/CD Pipelines with Jenkins and KubernetesBuilding CI/CD Pipelines with Jenkins and Kubernetes
Building CI/CD Pipelines with Jenkins and KubernetesJanakiram MSV
 
CI/CD Pipeline mit Gitlab CI und Kubernetes
CI/CD Pipeline mit Gitlab CI und KubernetesCI/CD Pipeline mit Gitlab CI und Kubernetes
CI/CD Pipeline mit Gitlab CI und Kubernetesinovex GmbH
 
Helm at reddit: from local dev, staging, to production
Helm at reddit: from local dev, staging, to productionHelm at reddit: from local dev, staging, to production
Helm at reddit: from local dev, staging, to productionGregory Taylor
 
Serverless on Kubernetes
Serverless on KubernetesServerless on Kubernetes
Serverless on KubernetesSebastien Goasguen
 
Lean Cloud Starterkit - Beta
Lean Cloud Starterkit - BetaLean Cloud Starterkit - Beta
Lean Cloud Starterkit - BetaDennis Seidel
 
Helm - Application deployment management for Kubernetes
Helm - Application deployment management for KubernetesHelm - Application deployment management for Kubernetes
Helm - Application deployment management for KubernetesAlexei Ledenev
 
Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroKublr
 
GIDS 2019: Developing Apps with Containers, Functions and Cloud Services
GIDS 2019: Developing Apps with Containers, Functions and Cloud ServicesGIDS 2019: Developing Apps with Containers, Functions and Cloud Services
GIDS 2019: Developing Apps with Containers, Functions and Cloud ServicesPatrick Chanezon
 
CI Implementation with Kubernetes at LivePerson by Saar Demri
CI Implementation with Kubernetes at LivePerson by Saar DemriCI Implementation with Kubernetes at LivePerson by Saar Demri
CI Implementation with Kubernetes at LivePerson by Saar DemriDoiT International
 
Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.
 
ContainerDayVietnam2016: Hybrid and Automation System Architecture
ContainerDayVietnam2016: Hybrid and Automation System ArchitectureContainerDayVietnam2016: Hybrid and Automation System Architecture
ContainerDayVietnam2016: Hybrid and Automation System ArchitectureDocker-Hanoi
 
Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Arun prasath
 
A Shift from Monolith to Microservice using Docker
A Shift from Monolith to Microservice using DockerA Shift from Monolith to Microservice using Docker
A Shift from Monolith to Microservice using DockerAjeet Singh Raina
 

Mais conteúdo relacionado

Mais procurados

Continous Delivery to Kubernetes using Helm
Continous Delivery to Kubernetes using HelmContinous Delivery to Kubernetes using Helm
Continous Delivery to Kubernetes using HelmBitnami
 
Testing strategies for Docker containers
Testing strategies for Docker containersTesting strategies for Docker containers
Testing strategies for Docker containersAlexei Ledenev
 
Kubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen FisherKubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen FisherDoiT International
 
Scaling Jenkins with Kubernetes by Ami Mahloof
Scaling Jenkins with Kubernetes by Ami MahloofScaling Jenkins with Kubernetes by Ami Mahloof
Scaling Jenkins with Kubernetes by Ami MahloofDoiT International
 
Development Swarm Cluster
Development Swarm ClusterDevelopment Swarm Cluster
Development Swarm ClusterAlexei Ledenev
 
Running Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWSRunning Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWSDoiT International
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.
 
Efficient Parallel Testing with Docker by Laura Frank
Efficient Parallel Testing with Docker by Laura FrankEfficient Parallel Testing with Docker by Laura Frank
Efficient Parallel Testing with Docker by Laura FrankDocker, Inc.
 
DevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm WebinarDevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm WebinarCodefresh
 
Building CI/CD Pipelines with Jenkins and Kubernetes
Building CI/CD Pipelines with Jenkins and KubernetesBuilding CI/CD Pipelines with Jenkins and Kubernetes
Building CI/CD Pipelines with Jenkins and KubernetesJanakiram MSV
 
CI/CD Pipeline mit Gitlab CI und Kubernetes
CI/CD Pipeline mit Gitlab CI und KubernetesCI/CD Pipeline mit Gitlab CI und Kubernetes
CI/CD Pipeline mit Gitlab CI und Kubernetesinovex GmbH
 
Helm at reddit: from local dev, staging, to production
Helm at reddit: from local dev, staging, to productionHelm at reddit: from local dev, staging, to production
Helm at reddit: from local dev, staging, to productionGregory Taylor
 
Lean Cloud Starterkit - Beta
Lean Cloud Starterkit - BetaLean Cloud Starterkit - Beta
Lean Cloud Starterkit - BetaDennis Seidel
 
Helm - Application deployment management for Kubernetes
Helm - Application deployment management for KubernetesHelm - Application deployment management for Kubernetes
Helm - Application deployment management for KubernetesAlexei Ledenev
 
Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroKublr
 
GIDS 2019: Developing Apps with Containers, Functions and Cloud Services
GIDS 2019: Developing Apps with Containers, Functions and Cloud ServicesGIDS 2019: Developing Apps with Containers, Functions and Cloud Services
GIDS 2019: Developing Apps with Containers, Functions and Cloud ServicesPatrick Chanezon
 
CI Implementation with Kubernetes at LivePerson by Saar Demri
CI Implementation with Kubernetes at LivePerson by Saar DemriCI Implementation with Kubernetes at LivePerson by Saar Demri
CI Implementation with Kubernetes at LivePerson by Saar DemriDoiT International
 
Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.
 
ContainerDayVietnam2016: Hybrid and Automation System Architecture
ContainerDayVietnam2016: Hybrid and Automation System ArchitectureContainerDayVietnam2016: Hybrid and Automation System Architecture
ContainerDayVietnam2016: Hybrid and Automation System ArchitectureDocker-Hanoi
 

Mais procurados (20)

Continous Delivery to Kubernetes using Helm
Continous Delivery to Kubernetes using HelmContinous Delivery to Kubernetes using Helm
Continous Delivery to Kubernetes using Helm
 
Testing strategies for Docker containers
Testing strategies for Docker containersTesting strategies for Docker containers
Testing strategies for Docker containers
 
Kubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen FisherKubernetes @ Nanit by Chen Fisher
Kubernetes @ Nanit by Chen Fisher
 
Scaling Jenkins with Kubernetes by Ami Mahloof
Scaling Jenkins with Kubernetes by Ami MahloofScaling Jenkins with Kubernetes by Ami Mahloof
Scaling Jenkins with Kubernetes by Ami Mahloof
 
Development Swarm Cluster
Development Swarm ClusterDevelopment Swarm Cluster
Development Swarm Cluster
 
Running Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWSRunning Production-Grade Kubernetes on AWS
Running Production-Grade Kubernetes on AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Efficient Parallel Testing with Docker by Laura Frank
Efficient Parallel Testing with Docker by Laura FrankEfficient Parallel Testing with Docker by Laura Frank
Efficient Parallel Testing with Docker by Laura Frank
 
DevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm WebinarDevOps with Azure, Kubernetes, and Helm Webinar
DevOps with Azure, Kubernetes, and Helm Webinar
 
Building CI/CD Pipelines with Jenkins and Kubernetes
Building CI/CD Pipelines with Jenkins and KubernetesBuilding CI/CD Pipelines with Jenkins and Kubernetes
Building CI/CD Pipelines with Jenkins and Kubernetes
 
CI/CD Pipeline mit Gitlab CI und Kubernetes
CI/CD Pipeline mit Gitlab CI und KubernetesCI/CD Pipeline mit Gitlab CI und Kubernetes
CI/CD Pipeline mit Gitlab CI und Kubernetes
 
Helm at reddit: from local dev, staging, to production
Helm at reddit: from local dev, staging, to productionHelm at reddit: from local dev, staging, to production
Helm at reddit: from local dev, staging, to production
 
Serverless on Kubernetes
Serverless on KubernetesServerless on Kubernetes
Serverless on Kubernetes
 
Lean Cloud Starterkit - Beta
Lean Cloud Starterkit - BetaLean Cloud Starterkit - Beta
Lean Cloud Starterkit - Beta
 
Helm - Application deployment management for Kubernetes
Helm - Application deployment management for KubernetesHelm - Application deployment management for Kubernetes
Helm - Application deployment management for Kubernetes
 
Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with Velero
 
GIDS 2019: Developing Apps with Containers, Functions and Cloud Services
GIDS 2019: Developing Apps with Containers, Functions and Cloud ServicesGIDS 2019: Developing Apps with Containers, Functions and Cloud Services
GIDS 2019: Developing Apps with Containers, Functions and Cloud Services
 
CI Implementation with Kubernetes at LivePerson by Saar Demri
CI Implementation with Kubernetes at LivePerson by Saar DemriCI Implementation with Kubernetes at LivePerson by Saar Demri
CI Implementation with Kubernetes at LivePerson by Saar Demri
 
Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
ContainerDayVietnam2016: Hybrid and Automation System Architecture
ContainerDayVietnam2016: Hybrid and Automation System ArchitectureContainerDayVietnam2016: Hybrid and Automation System Architecture
ContainerDayVietnam2016: Hybrid and Automation System Architecture
 

Semelhante a Lessons Learned Building a Container App Library

Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Arun prasath
 
A Shift from Monolith to Microservice using Docker
A Shift from Monolith to Microservice using DockerA Shift from Monolith to Microservice using Docker
A Shift from Monolith to Microservice using DockerAjeet Singh Raina
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT CampusAjeet Singh Raina
 
Introduction to Docker - Vellore Institute of Technology
Introduction to Docker - Vellore Institute of TechnologyIntroduction to Docker - Vellore Institute of Technology
Introduction to Docker - Vellore Institute of TechnologyAjeet Singh Raina
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014Carlo Bonamico
 
Docker - A high level introduction to dockers and containers
Docker - A high level introduction to dockers and containersDocker - A high level introduction to dockers and containers
Docker - A high level introduction to dockers and containersDr Ganesh Iyer
 
Practical Introduction To Linux
Practical Introduction To LinuxPractical Introduction To Linux
Practical Introduction To LinuxZeeshan Rizvi
 
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)Alexandre Roman
 
Demystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDemystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDr Ganesh Iyer
 
Docker - Der Wal in der Kiste
Docker - Der Wal in der KisteDocker - Der Wal in der Kiste
Docker - Der Wal in der KisteUlrich Krause
 
Scaleable PHP Applications in Kubernetes
Scaleable PHP Applications in KubernetesScaleable PHP Applications in Kubernetes
Scaleable PHP Applications in KubernetesRobert Lemke
 
Docker module 1
Docker module 1Docker module 1
Docker module 1Liang Bo
 
Docker intro
Docker introDocker intro
Docker introspiddy
 
PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...
PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...
PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...Puppet
 

Semelhante a Lessons Learned Building a Container App Library (20)

Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment Docker - Demo on PHP Application deployment
Docker - Demo on PHP Application deployment
 
A Shift from Monolith to Microservice using Docker
A Shift from Monolith to Microservice using DockerA Shift from Monolith to Microservice using Docker
A Shift from Monolith to Microservice using Docker
 
Introduction to Docker - VIT Campus
Introduction to Docker - VIT CampusIntroduction to Docker - VIT Campus
Introduction to Docker - VIT Campus
 
Introduction to Docker - Vellore Institute of Technology
Introduction to Docker - Vellore Institute of TechnologyIntroduction to Docker - Vellore Institute of Technology
Introduction to Docker - Vellore Institute of Technology
 
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...
 
codemotion-docker-2014
codemotion-docker-2014codemotion-docker-2014
codemotion-docker-2014
 
Docker - A high level introduction to dockers and containers
Docker - A high level introduction to dockers and containersDocker - A high level introduction to dockers and containers
Docker - A high level introduction to dockers and containers
 
Practical Introduction To Linux
Practical Introduction To LinuxPractical Introduction To Linux
Practical Introduction To Linux
 
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
La sécurité avec Kubernetes et les conteneurs Docker (June 19th, 2019)
 
Demystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDemystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data Scientists
 
Docker - Der Wal in der Kiste
Docker - Der Wal in der KisteDocker - Der Wal in der Kiste
Docker - Der Wal in der Kiste
 
Scaleable PHP Applications in Kubernetes
Scaleable PHP Applications in KubernetesScaleable PHP Applications in Kubernetes
Scaleable PHP Applications in Kubernetes
 
Demystifying Docker101
Demystifying Docker101Demystifying Docker101
Demystifying Docker101
 
Demystifying Docker
Demystifying DockerDemystifying Docker
Demystifying Docker
 
Introduction Into Docker Ecosystem
Introduction Into Docker EcosystemIntroduction Into Docker Ecosystem
Introduction Into Docker Ecosystem
 
Docker module 1
Docker module 1Docker module 1
Docker module 1
 
Docker intro
Docker introDocker intro
Docker intro
 
PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...
PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...
PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...
 
Docker at CrowdTwist
Docker at CrowdTwistDocker at CrowdTwist
Docker at CrowdTwist
 
Docker 101
Docker 101 Docker 101
Docker 101
 

Último

Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdfKamal Acharya
 
Rums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdfRums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdfsmsksolar
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdfKamal Acharya
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaOmar Fathy
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
Bridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptxBridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptxnuruddin69
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsvanyagupta248
 
Engineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesEngineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesRAJNEESHKUMAR341697
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayEpec Engineered Technologies
 
Air Compressor reciprocating single stage
Air Compressor reciprocating single stageAir Compressor reciprocating single stage
Air Compressor reciprocating single stageAbc194748
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxSCMS School of Architecture
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"mphochane1998
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersMairaAshraf6
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptDineshKumar4165
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdfKamal Acharya
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptMsecMca
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdfKamal Acharya
 

Último (20)

Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
Rums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdfRums floating Omkareshwar FSPV IM_16112021.pdf
Rums floating Omkareshwar FSPV IM_16112021.pdf
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Bridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptxBridge Jacking Design Sample Calculation.pptx
Bridge Jacking Design Sample Calculation.pptx
 
AIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech studentsAIRCANVAS[1].pdf mini project for btech students
AIRCANVAS[1].pdf mini project for btech students
 
Engineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesEngineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planes
 
Standard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power PlayStandard vs Custom Battery Packs - Decoding the Power Play
Standard vs Custom Battery Packs - Decoding the Power Play
 
Air Compressor reciprocating single stage
Air Compressor reciprocating single stageAir Compressor reciprocating single stage
Air Compressor reciprocating single stage
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxS1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 
Integrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - NeometrixIntegrated Test Rig For HTFE-25 - Neometrix
Integrated Test Rig For HTFE-25 - Neometrix
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
Hostel management system project report..pdf
Hostel management system project report..pdfHostel management system project report..pdf
Hostel management system project report..pdf
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 

Lessons Learned Building a Container App Library

  • 1.
  • 2. Lessons learned building a container app library Adnan Abdulhussein | @prydonius
  • 3. Who is Bitnami? Bitnami is the leader in packaged applications for any platform. ❯ End-to-end automated build & release ❯ 140+ Apps and language runtimes ❯ 1 million+ App instances deployed monthly ❯ Multi-format: Win/Mac/Linux, VM, Container, K8s chart ❯ Multi-cloud: configuration & deployment for every major cloud provider
  • 4. What do we do? Build Deploy Maintain Components Packages Platforms Updates Automatically build, deploy and maintain applications for containers, cloud, VMs, or bare metal.
  • 5.
  • 6. ❯ Containers in Development mid-2014 Adopting Containers
  • 7. How do I get my fancy zsh prompt? Can I add my SSH keys? My tmux configuration isn’t being copied in?? Is emacs installed? Adapting to the mindset...
  • 8.
  • 9. First Set of Bitnami Images ❯ Released in mid-2015 ❯ 8 runtime and infrastructure images ❯ Source available on GitHub ❯ Automatic builds on Docker Hub ❯ Focus on documentation ❯ Dogfooding
  • 10. "All in One" images ❯ Handful of apps: WordPress, Drupal, etc. ❯ Iterative approach to containerisation ❯ s6-overlay for multi-process supervision ❯ docker run -p 8080:80 bitnami/wordpress
  • 11. One process per container task
  • 12. Multi-Container Apps ❯ Split database from application containers ❯ Orchestrated using Docker Compose ❯ docker-compose up
  • 13. Not scalable out-of-the-box ❯ Most apps not cloud/container-native ❯ File uploads stored in filesystem ❯ Reliance on .htaccess rules
  • 14. Development Containers ❯ Released in mid-2016 ❯ Containerised popular frameworks ❯ Bring up a development environment in seconds ❯ Bootstraps new app if local directory empty ❯ Mounts local directory for editing locally and reloading server on changes
  • 15. ❯ Defined using ENTRYPOINT in the Dockerfile ❯ Runs on container startup ❯ Receives container's command (CMD) as arguments ❯ Typically used to start an interactive shell ❯ Useful for initialising volumes, writing configuration, waiting for services, etc. Container Entrypoints
  • 16. ❯ Could choose runtime binary to be the image entrypoint FROM bitnami/node:latest ENTRYPOINT ["node"] ❯ docker run mynode -e "console.log('hello!')" Container Entrypoints
  • 17. if ! app_present; then log "Creating laravel application" cp -r /tmp/app/ / fi if ! dependencies_up_to_date; then log "Installing/Updating Laravel dependencies (composer)" composer update log "Dependencies updated" fi wait_for_db if ! fresh_container; then ... else setup_db log "Initialization finished" touch $INIT_SEM fi exec tini -- "$@" Container Entrypoints
  • 18. ❯ tini, dumb-init are simple init systems for containers ❯ These start as PID 1 and run a command as a child process ❯ Correctly handle process signals and reap zombie processes ❯ May not be needed soon ○ built-in to Docker with --init flag ○ Kubernetes' pause container Container init systems
  • 20. Smaller images smaller footprint, faster transmission and lower attack surface
  • 21. Minideb ❯ Released in late-2016 ❯ ~50mb Debian base image ❯ Compatible with most software ❯ Familiar package manager with large library github.com/bitnami/minideb
  • 22. Multi-stage builds ❯ Available in Docker 17.05+ ❯ Define build pipeline in Dockerfile ❯ Copy artifacts between stages ❯ Resulting image built from the final stage
  • 23. FROM bitnami/node:6 as builder ENV NODE_ENV="production" COPY . /app WORKDIR /app RUN npm install # installs native extensions FROM bitnami/node:6-prod ENV NODE_ENV="production" COPY --from=builder /app /app WORKDIR /app EXPOSE 3000 CMD ["npm", "start"] Multi-stage builds
  • 24. Non-Privileged Containers ❯ Following best practices from OpenShift ❯ Assume UID is unknown, GID is 0 (root) $ docker run --user 1001 bitnami/minideb id uid=1001 gid=0(root) groups=0(root) ❯ Files can have read-write-execute permissions for root group ❯ Services bind to non-privileged ports canihaznonprivilegedcontainers.info
  • 25. Non-Privileged Containers $ docker run --user 1001 bitnami/minideb I have no name!@ec12f26b1857:/$
  • 26. What's Next? ❯ Roll out non-privileged & multi-stage builds to all apps ❯ More docs and tutorials (docs.bitnami.com) ❯ Minimal Centos base image ❯ Container builds with Bazel ❯ Tools for Kubernetes: Helm, Kubeless