59
Aurelijus Banelis Dockerizing PHP Apps KaunasPHP 2019-02-20

Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

  • Upload
    others

  • View
    9

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Aurelijus Banelis

Dockerizing PHP Apps

KaunasPHP2019-02-20

Page 3: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

AdaptingPHP applicationsto be used with

docker

Page 4: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWSLogging challenges

Page 5: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWSLogging challenges

Page 6: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Development bottleneck

Confidence/tooling bottleneck

Provisioning speed bottleneck

Illustration: https://home24.tech.blog/2018/05/28/home24-presenting-at-tableau-cinema-tour/

Page 7: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Monolith (VirtualBox) → SplitDevelopment bottleneck

Confidence/tooling bottleneck

Provisioning speed bottleneck

Page 8: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Development bottleneck

Jenkins (time based) → CircleCIConfidence/tooling bottleneck

Provisioning speed bottleneck

Page 9: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Development bottleneck

Confidence/tooling bottleneck

Release coordination → AWS servicesProvisioning speed bottleneck

Page 10: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Monolith (VirtualBox) → SplitDevelopment bottleneck

Jenkins (time based) → CircleCIConfidence/tooling bottleneck

Release coordination → AWS servicesProvisioning speed bottleneck

Bottleneck to grow

Page 11: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Monolith (VirtualBox) → SplitDevelopment bottleneck

Jenkins (time based) → CircleCIConfidence/tooling bottleneck

Release coordination → AWS servicesProvisioning speed bottleneck

The need for better virtualization tools

Page 12: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Monolith (VirtualBox) → SplitDevelopment bottleneck

Jenkins (time based) → CircleCIConfidence/tooling bottleneck

Release coordination → AWS servicesProvisioning speed bottleneck

The need for better virtualization tools

docker?

Page 13: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

We migrated to dockerUsing docker extensively at

Page 14: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

We migrated to dockerUsing docker extensively at

I would do the same againRight decision for current scaleFuture opportunities

Page 15: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWSLogging challenges

Page 16: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Tool to run in isolated environmentMany ifs in kernel = cgroupsNot VirtualBox, not unikernel

Open source tool backed by Docker IncContainer hosting and premium serviceImproved by community (AWS, K8s)

Page 17: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWSLogging challenges

Page 18: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting
Page 19: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting
Page 20: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

docker build . -t kaunasphp-exampledocker run -p 8080:80 kaunasphp-example

Page 21: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

https://gist.github.com/aurelijusb/6f6b1c86c440ce527250193ffcae62d7

docker build . -t kaunasphp-exampledocker run -p 8080:80 kaunasphp-example

Page 22: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

https://gist.github.com/aurelijusb/6f6b1c86c440ce527250193ffcae62d7

docker build . -t kaunasphp-exampledocker run -p 8080:80 kaunasphp-exampleSimple?

Page 23: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

https://gist.github.com/aurelijusb/6f6b1c86c440ce527250193ffcae62d7

docker build . -t kaunasphp-exampledocker run -p 8080:80 kaunaphp-exampleSimple?But for simple cases

Page 24: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Multiple containers

Development tools

PHP extensions

xDebug support

...https://github.com/nfqakademija/docker/blob/master/php/Dockerfile

Page 25: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Multiple containers

Development tools

PHP extensions

xDebug support

...https://github.com/nfqakademija/docker/blob/master/php/Dockerfile

More configuration

Page 26: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Multiple containers

Development tools

PHP extensions

xDebug support

...https://github.com/nfqakademija/docker/blob/master/php/Dockerfile

More configurationBut infrastructure

as a code

Page 28: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWSLogging challenges

Page 29: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWSLogging challenges

Page 30: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Docker Featuretoggle

IDE in cloud

Run & pray

Virtual box

Not many alternativesFor isolated environments

Page 31: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWSLogging challenges

Page 32: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Person

Team

Community

Page 33: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Sandboxed development environmentHigh quality mocks (real MySql, wireshark)True integration/acceptance testsDockerfile→docker-compose→custom tooling

Experimenting with new software saferNo trash, no sensitive informationEasy to swap (DynamoDB local vs dynalite)Install/compile on your machine? Seriously?

Page 34: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting
Page 35: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Switching between branches/tasksLess issues with cache invalidationKill-it-not-heal-itData volumes = test data in branch

Infrastructure as a codeFixed versions, fixed php.ini+extensionsLess “works on my machine” = reproducibleMany bash scripts, configuration via ENV

Page 37: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Huge ecosystemPioniers are using and improvingAmazon, Google (K8s) is investingKnown issues and solutions in StackOverflow

Page 38: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWSLogging challenges

Page 39: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

High learning curve = blame dockerMisuse of the tool – isn’t docker silver bullet?Docker wraps – everyone blames the wrapperMany ways to install docker incorrectlyMounting vs copy-on-write operationNo Windows, more tooling/docs around

Page 40: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting
Page 41: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Not mature tooling / edge casesDownload private dependency: github token?Password protected SSH key? (Mac+Linux)CircleCI limited “remote docker”Host IP for xDebugEven more bash scripts/docs*

*Newest docker-compose supports secrets

Page 42: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting
Page 43: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Cache everything by designFull HDD because of docker imagesMissing log rotation (no “log-opts” by default)“Latest” tag, that is not immutableNetwork unreachable, since used by dockerdocker system prune, docker pull, RTFM

Page 44: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWSLogging challenges

Page 45: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWSLogging challenges

Page 46: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

○ ECS (not yet K8s, AWS backed infrastructure/improvements, canary deployment by default)

○ ECR – uptime for downloads. Docker hub for development○ Task definition = docker-compose.yml○ PHP+Apache = PHP+Nginx (no big difference)○ Custom tooling for credentials via environment○ Spot-instances (currently for staging, targeting production)

PHP + Docker in productionMigrated Tier1 service – nobody noticed

AWS ECS PHP 7.2

Docker Apache

Page 47: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

○ ECS (not yet K8s, AWS backed infrastructure/improvements, canary deployment by default)

○ ECR – uptime for downloads. Docker hub for development○ Task definition = docker-compose.yml○ PHP+Apache = PHP+Nginx (no big difference)○ Custom tooling for credentials via environment○ Spot-instances (currently for staging, targeting production)

PHP + Docker in productionMigrated Tier1 service – nobody noticed

AWS ECS PHP 7.2

Docker Apache

Page 48: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Amazon Web ServicesElastic Container ServiceAWS integration (E.g. spot-instances)K8s on AWS then was not matureKnow-how (our Go apps in prod)

Page 49: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Amazon Web ServicesElastic Container ServiceAWS integration (E.g. spot-instances)K8s on AWS then was not matureKnow-how (our Go apps in prod)

Naming in AWSDocker-compose → Task definitionContainer → TaskDocker Hub → ECR

Page 50: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Apache mod_phpPHP 7.2 log trimming in Nginx+FPMSingle process container – easierNo visible performance impactInternal service (no slow loris attack)

Page 51: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWSLogging challenges

Page 52: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Replica Daemon External

ECS Service types

Page 53: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Daemon

Page 54: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

LogConfiguration: LogDriver: fluentd Options: fluentd-async-connect: "true" fluentd-buffer-limit: "32MB" mode: "non-blocking"

Daemon

Page 56: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWSLogging challenges

Page 57: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

DockerFeaturetoggle

IDE in cloud

Run & pray

Virtual box

Docker:Good to understand

Use on demand

Page 58: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Aurelijus Banelis

Dockerizing PHP Apps

KaunasPHP2019-02-20

Thank youQuestions?

Page 59: Dockerizing PHP Apps - Aurelijus Banelis · PHP+Apache = PHP+Nginx (no big difference) Custom tooling for credentials via environment Spot-instances (currently for staging, targeting

Further reading/references● https://www.docker.com/● https://hub.docker.com/ ● https://aws.amazon.com/ecs/● https://aws.amazon.com/ecr/ ● https://fluentbit.io/● https://www.home24.de/ ● https://home24.tech.blog/category/aws/● https://aws.amazon.com/blogs/opensource/network-load-balancer-support-in-kubernetes-1-9/ ● https://docs.aws.amazon.com/AmazonECS/latest/developerguide/docker-volumes.html ● https://d1.awsstatic.com/whitepapers/microservices-on-aws.pdf ● https://justi.cz/security/2019/01/22/apt-rce.html ● https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-input-syslog.html ● https://d1.awsstatic.com/whitepapers/DevOps/running-containerized-microservices-on-aws.pdf