Docker Berlin Meetup June 2015: Docker powering Radical Agility @ Zalando Tech
-
Upload
henning-jacobs -
Category
Technology
-
view
1.109 -
download
3
Transcript of Docker Berlin Meetup June 2015: Docker powering Radical Agility @ Zalando Tech
DockerPowering Radical AgilityDocker Berlin Meetup [email protected] @try_except_
DOCKER-BASED DEPLOYMENT
STUPS CLOUD PLATFORM
HISTORY
RADICAL AGILITY & ARCHITECTURE PRINCIPLES
AGENDA
15 countries3 fulfillment centers15+ million active customers2.2+ billion € revenue 2014130+ million visits per month8.000+ employees
ONE OF EUROPE’S LARGEST ONLINE FASHION RETAILERS
Visit us: tech.zalando.com
~70% of all applications
WAR deployment
Single deployment tool
On-premise data center
MAIN PRODUCTION STACK SINCE 2010
AWS
STUPS
DOCKERDEPLOY
SSH ACCESS
AUDIT REPORTS
FULL AWS ACCESS
A PLATFORM ON TOP OF AMAZON WEB SERVICES
AUTONOMY AND COMPLIANCE
STUPS offers maximum freedom for developers while enabling near-real-time audit compliance for every single application.
One AWS account per Team
Deployment with Docker
Managed SSH Access
REST/OAuth 2.0 mandatory
Supports Traceability of Changes
STUPS IN A NUTSHELL
Public Internet
*.foo.example.org *.bar.example.org
Team “Foo” Team “Bar”ELB ELB
EC2Instance
EC2InstanceEC2
InstanceEC2Instance
EC2InstanceEC2
InstanceData Center LB
EC2InstanceEC2
InstanceLegacyInstances
ISOLATED AWS ACCOUNTS
FROM zalando/openjdk:8u40-b09-4
EXPOSE 8080
COPY target/hello-world.jar /COPY target/scm-source.json / CMD java $(java-dynamic-memory-opts) ↲ -jar /hello-world.jar
DOCKERFILE
$ docker build -t ↲ pierone.example.org/myteam/hello-world:0.2 .
$ pierone loginGetting OAuth2 token "pierone".. OKStoring Docker client configuration in ~/.dockercfg.. OK
$ docker push pierone.example.org/myteam/hello-world:0.2
DOCKER BUILD & PUSH
$ pierone tags myteam hello-world
Team │Artifact │Tag │Created│By | myteam hello-world 0.1-andre-test 13d ago ahartmann
myteam hello-world 0.1 3d ago ahartmann
myteam hello-world 0.2 3m ago hjacobs
$ pierone scm myteam hello-world 0.2
Tag│Author │URL │Revision │Status│Created│By |
0.2 hjacobs git:git@github.. 442b7502 10m ago hjacobs
VERIFY IMAGE UPLOAD
PIER ONE DOCKER REGISTRY✓ S3 backend to store images ✓ OAuth2 integration ✓ Team repositories ✓ Immutable tags & scm-source.json ✓ JVM-based (Clojure) ✓ Command line interface (Python)
SENZA: DEFINITION YAML
SenzaInfo:
StackName: hello-world
Parameters:
- ImageVersion:
Description: "Docker image version of Hello World."
SenzaComponents:
- Configuration:
Type: Senza::StupsAutoConfiguration # auto-detect network setup
- AppServer: # will create a launch configuration and ASG with scaling triggers
Type: Senza::TaupageAutoScalingGroup
InstanceType: t2.micro
SecurityGroups: [app-hello-world]
ElasticLoadBalancer: AppLoadBalancer
TaupageConfig:
runtime: Docker
source: "stups/hello-world:{{Arguments.ImageVersion}}"
ports:
8080: 8080
SENZA: STACK DEPLOYMENT
$ senza create hello-world.yaml 1 0.2
Generating Cloud Formation template.. OK
Creating Cloud Formation stack hello-world-1.. OK
$ senza events hello-world.yaml 1Stack Name│Ver.│Resource Type │Resource ID │Status │Status Reason │Event Time
hello-world 1 CloudFormation::Stack hello-world-1 CREATE_IN_PROGRESS User Initiated 10m ago
...
hello-world 1 CloudFormation::Stack hello-world-1 CREATE_COMPLETE 6m ago
docker run -d --log-driver=syslog ↲ --restart=on-failure:10 ↲ -e DB_SUBNAME=.. ↲ -v /meta:/meta:ro ↲ -e CREDENTIALS_DIR=/meta/credentials ↲ -p 8080:8080 -p 7979:7979 ↲ -u 999 ↲ pierone.example.org/stups/pierone:0.5
TAUPAGE: DOCKER COMMAND LINE
docker run .. --log-driver=syslog ..
/etc/rsyslog.d/24-application.conf:syslogtag, startswith, "docker" ↲ /var/log/application.log
/etc/logrotate.d/..Don’t forget log rotation..
TAUPAGE: DOCKER SYSLOG
ZMON APPLIANCE
*.foo.example.org *.bar.example.org
Team “Foo” Team “Bar”
EC2Instance
EC2InstanceEC2
InstanceEC2
Instance
ZMON Appliance
ZMON Appliance
KairosDB
EC2Instance
EC2Instance
ZMONController
ELB ELB
● Ubuntu & OpenJDK base image● Log to STDOUT● Config via environ. vars (+ KMS decryption)● Non-root execution● Persistence via EBS mounts● Immutable stacks, no orchestration● DNS endpoints, etcd e.g. for Hystrix streams
RECAP: DOCKER IN STUPS
STUPS Frontpagehttp://stups.ioSTUPS Documentationhttp://docs.stups.ioGitHub Repositorieshttps://github.com/zalando-stupsTrying out Senza and Taupagehttp://docs.stups.io/en/latest/user-guide/standalone-deployment.html
LINKS
● ELB forinbound traffic
● NAT instancesfor outbound
● HTTPS Only● Internal subnets
for app instances
DMZ DMZ DMZ
internalinternal
eu-west-1a eu-west-1b eu-west-1c
ELB
EC2
internal
EC2
NAT
STUPS: AWS ACCOUNT VPC SETUP
Pier One Docker Reg.
build
approve
EC2 Instances
Docker Container
Application “myapp”issue_management: Jira
Application Version “1.0”artifact: docker/myart:1.0
Taupage AMI
Ticket System
Kio Application RegistryTicket System
SCM
Image “docker/myart:1.0”commit: afb123Issue “ABC-123”
spec: [...]
Commit “afb123”msg: ABC-123..
✓ specs approved✓ artifact tested✓ artifact approved
STUPS: TRACEABILITY