Containerize Web Application and CI/CD with VSTS & ACS

Van Dinh Phuc (Philip Van)Phucvd.ce@gmail.com

https://www.meetup.com/docker-hanoi/docker-hanoi.slack.com / @Philip

Ping Me

Van Dinh Phuc (Philip Van)Personal email: Phucvd.ce@gmail.comGithub : @phucvdb Skype: @phucvdbTechnology Domain: ◼Virtualization & Cloud Technologies focus on infrastructure (VDI, EUC, IaaS,

PaaS)◼Linux Container◼Innovation Technologies

My current job: Cloud Solution Architect – FSO.CLI.R&D

Agenda

◼General Information◼How to containerize your application ◼How to deploy the application to ACS?◼How to make a CI/CD pipeline in VSTS & ACS◼What is my problem when using VSTS & ACS?◼ Q&A

General Information

The new Microsoft

Docker & Microsoft PartnerShip

◼The Commercially Supported Docker Engine aka “CS Docker Engine”, Docker, Inc.’s tested, validated, and supported package of Docker Engine, will be available to Windows Server 2016 customers at no additional cost◼Microsoft will provide Windows Server 2016

customers enterprise support for CS Docker Engine, backed by Docker, Inc◼Docker and Microsoft will jointly promote Docker

Datacenter to enable IT Pros to secure the Windows Server software supply chain and manage containerized Windows Server workloads, whether on-prem, in the cloud, or hybrid.

How to containerize your application

Docker?

Docker containers wrap up a piece of software in a complete filesystem that contains everything it needs to run: code, runtime, system tools, system libraries – anything you can install on a server

Why Developers CareBuild once…(finally) run anywhere*◼ A clean, safe, hygienic and portable runtime environment for your app.◼ No worries about missing dependencies, packages and other pain points during

subsequent deployments.◼ Run each app in its own isolated container, so you can run various versions of libraries

and other dependencies for each app without worrying◼ Automate testing, integration, packaging…anything you can script ◼ Reduce/eliminate concerns about compatibility on different platforms, either your own

or your customers. ◼ Cheap, zero-penalty containers to deploy services? A VM without the overhead of a

VM? Instant replay and reset of image snapshots? That’s the power of Docker

Source: dotcloud.com

Why Devops Cares?

Configure once…run anything◼Make the entire lifecycle more efficient, consistent, and repeatable◼Increase the quality of code produced by developers. ◼Eliminate inconsistencies between development, test, production, and customer

environments◼Support segregation of duties◼Significantly improves the speed and reliability of continuous deployment and

continuous integration systems◼Because the containers are so lightweight, address significant performance, costs,

deployment, and portability issues normally associated with VMs

Source: dotcloud.com

Docker vs Packages Manager for shipping

Shipping, before Docker Shipping, after Docker• Ship packages: deb, rpm, gem, jar, homebrew...• Dependency hell.• "Works on my machine."• Base deployment often done from scratch

(debootstrap...) and unreliable.

• Ship container images with all their dependencies.

• Images are bigger, but they are broken down into layers.

• Only ship layers that have changed.• Save disk, network, memory usage.

What is a container?

In 4 bullet points:◼Containers share the host kernel◼Containers use the kernel ability to group processes for resource control◼Containers ensure isolation through namespaces◼Containers feel like lightweight VMs (lower footprint, faster), but are not

Virtual Machines!

Source: http://docker-saigon.github.io/post/Docker-Internals/

Docker Images

docker run -d -p 80:80 yeasy/simple-web

◼An image is a filesystem and parameters to use at runtime. It doesn’t have state and never changes◼A container is a running instance of

an image

How to start with Docker ?

◼Docker Toolbox◼Docker for Window/MAC◼Vietnamese product: Teracy-Dev (Link)◼Azure Container Service / EC2 Container service

Docker – Ecosystem support

https://www.mindmeister.com/656846411#slideshow

Demo

◼Hand-on about Docker for Window◼Using Visual studio Code with Docker for Window◼Dockerize a .net core

How to deploy the application to ACS?

What is Azure Container Service?

Azure Container Service Release: 19/04/2016To create, configure, and manage a cluster of virtual machines that are preconfigured to run containerized applications and provide a container hosting environment by using open-source tools and technologies that are popular among our customers todaySupported orchestration tools:◼DC/OS◼Docker Swarm◼Kubernetes Docker-Host supproted:◼Linux◼Windows (Preview with Kubernetes)

Azure Container Service (cont.)

ACS Deployment

Azure CLI 2.0

ACS – DC/OS

ACS - Swarm

ACS – Kubernetes (Preview)

How to connect to ACS Cluster

◼Creating an SSH tunnel from Linux, OS X, and Windows◼DC/OS

◼DC/OS: http://localhost/◼Marathon: http://localhost/marathon◼Mesos: http://localhost/mesos

◼Docker Swarm

# ssh sample sudo ssh -L 80:localhost:80 -f -N azureuser@acsexamplemgmt.japaneast.cloudapp.azure.com -p 2200

# ssh samplessh -L 2375:localhost:2375 -f -N azureuser@acsexamplemgmt.japaneast.cloudapp.azure.com -p 2200export DOCKER_HOST=:2375

https://docs.microsoft.com/en-us/azure/container-service/container-service-connect

How to connect to ACS Cluster ? (cont.)Kubernetes ClusterStep 1: Installing kubectl

Step 2: Installing kubectl credentials

or

Step 3: Access via kubectl

# Linux or OS Xaz acs kubernetes install-cli [--install-location=/some/directory/kubectl]

# Windowsaz acs kubernetes install-cli [--install-location=C:\some\directory\kubectl.exe]

az acs kubernetes get-credentials --resource-group=<cluster-resource-group> --name=<cluster-name>

mkdir $HOME/.kube/configscp azureuser@<master-dns-name>:.kube/config $HOME/.kube/config

kubectl get nodeskubectl proxy

Demo

◼Provision an ACS Cluster (kubernetes)◼Access to Kubernetes Master◼Run the .net sample on Kubernetes ACS

ACS Engine & Registry

ACS Engine

◼Open Source Project on GH https://github.com/Azure/acs-engine◼Configure template to meet your needs◼Basis for clustered deployed via the ACS API◼Contributions from the community with improvements and new features will have a

natural path into ACS

When do you should use ACS-Engine?

◼multiple agent pools where each agent pool can specify:◼standard or premium VM Sizes,◼node count,◼Virtual Machine ScaleSets or Availability Sets,◼Storage Account Disks or Managed Disks (under private preview),

◼Docker cluster sizes of 1200◼Custom VNET

How to use ACS Engine◼Before starting ensure you have generated a valid SSH Public/Private key pair.◼edit examples/kubernetes.json and fill in the blanks.◼run acs-engine examples/kubernetes.json to generate the templates in the

_output/Kubernetes-UNIQUEID directory. The UNIQUEID is a hash of your master's FQDN prefix.◼now you can use the azuredeploy.json and azuredeploy.parameters.json for deployment as

described in deployment usage.$ azure login $ azure account set "<SUBSCRIPTION NAME OR ID>" $ azure config mode arm $ azure group create \ --name="<RESOURCE_GROUP_NAME>" \ --location="<LOCATION>" $ azure group deployment create \ --name="<DEPLOYMENT NAME>" \ --resource-group="<RESOURCE_GROUP_NAME>" \ --template-file="./_output/<INSTANCE>/azuredeploy.json" \ --parameters-file="./_output/<INSTANCE>/azuredeploy.parameters.json"

Scale an ACS Cluster

◼The number of agent nodes must be between 1 and 100, inclusive.◼Your cores quota can limit the number of agent nodes in a cluster.◼Agent node scaling operations are applied to an Azure virtual machine scale set that

contains the agent pool. In a DC/OS cluster, only agent nodes in the private pool are scaled by the operations shown in this article.◼Depending on the orchestrator you deploy in your cluster, you can separately scale the

number of instances of a container running on the cluster. For example, in a DC/OS cluster, use the Marathon UI to change the number of instances of a container application.◼Currently, autoscaling of agent nodes in a container service cluster is not supported◼How to scale : Azure Portal / Azure CLI 2.0 (Preview)

Azure Container Registry

https://azure.microsoft.com/en-us/blog/azure-container-registry-preview/

Azure Container Registry (cont.)

Azure Container Registry is a managed Docker registry service based on the open-source Docker Registry v2. Create and maintain Azure container registries to store and manage your private Docker container images

Key Features:◼Registry◼Storage Back-end: Azure Storage Account◼Identity Service: Azure Active Directory (sevice principal)

◼Repository: Multilevel repository namespaces.◼Image

Azure Container Registry (cont.)◼How to deploy an Azure Container Registry?◼Via Azure Portal: https://portal.azure.com/#create/Microsoft.ContainerRegistry◼Via Azure CLI:

◼Supported-Locations: West US, South Central US, West Europe, East US

◼Push and pull an image

az acr create -n myRegistry -g myResourceGroup -l southcentralus

# docker login myregistry-contoso.azurecr.io -u xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -p myPassword# docker pull nginx # docker tag nginx myregistry-exp.azurecr.io/samples/nginx# docker push myregistry-contoso.azurecr.io/samples/nginx# docker pull myregistry-contoso.azurecr.io/samples/nginx# docker run -it --rm -p 8080:80 myregistry-exp.azurecr.io/samples/nginx# docker rmi myregistry-contoso.azurecr.io/samples/nginx

ACS Engine - Demo

◼Install ACS-engine cmdlet on your laptop ◼Make an ARM Template to provision a Kubernetes by using the ACS-

Engine◼Compare the kubenetes by using acs-engine and kubernetes acs

How to make a CI/CD pipeline in VSTS & ACS

What is the Visual studio team service?

ProductionDevelopment

Operate + learnPlan

Develop + test Release

Requirements

Collaboration

Microsoft ALM framework

Microsoft ecosystem for Cloud Environment

Continuous delivery pipeline - A sample from Microsoft

CI /CD in my project with Docker on Azure

DevVSAgent-sn

Azure Container Registry

VSagentX

ACS

ContainerX

Access to application

EndUsers

Azure Load Balancer

Visual Studio Team Service

Push code

Demo

◼Create a Agile project in VSTS◼Upload your source code to VSTS◼Create & assign a backlog and work task◼Push a source code update ◼Create a build definition & release◼Present about how do the CI/CD work?

Docker on Azure App Service (Linux) - Preview

Azure App Service on Linux (Preview)◼Currently in Public Preview◼Run the web apps natively on a Linux platform.◼Support runtime stack:◼NodeJS◼PHP◼.net Core

◼LimitationsThis public preview is currently only available in the following regions:◼West US◼West Europe◼Southeast Asia

Does not have a Free or Shared tierWeb Apps on Linux must be created in a resource group that does not contain non-Linux web apps in the same region

What is my problem when using VSTS & ACS?

My problems

◼About ACS◼Cannot deploy ACS on the existing vNet◼How to make a hybrid model with Kubernetes ACS and Kubernetes On-

premise◼Support and SLA?◼About VSTS (before 2017)◼Need a downstream jobs as in Jenkin

Thanks you !