Upload
adnan-abdulhussein
View
179
Download
1
Embed Size (px)
Citation preview
Lessons learned building a container app library
Adnan Abdulhussein | @prydonius
Who is Bitnami?Bitnami is the leader in packaged applications for any platform.
❯ End-to-end automated build & release
❯ 140+ Apps and language runtimes
❯ 1 million+ App instances deployed monthly
❯ Multi-format: Win/Mac/Linux, VM, Container, K8s chart
❯ Multi-cloud: configuration & deployment for every major cloud provider
What do we do?
Build Deploy Maintain
Components Packages Platforms Updates
Automatically build, deploy and maintain applications for containers, cloud, VMs, or bare metal.
❯ Containers in Development mid-2014
Adopting Containers
How do I get my fancy zsh prompt?
Can I add my SSH keys?
My tmux configuration isn’t being copied in??
Is emacs installed?
Adapting to the mindset...
First Set of Bitnami Images
❯ Released in mid-2015
❯ 8 runtime and infrastructure images
❯ Source available on GitHub
❯ Automatic builds on Docker Hub
❯ Focus on documentation
❯ Dogfooding
"All in One" images
❯ Handful of apps: WordPress, Drupal, etc.
❯ Iterative approach to containerisation
❯ s6-overlay for multi-process supervision
❯ docker run -p 8080:80 bitnami/wordpress
One process per containertask
Multi-Container Apps
❯ Split database from application containers
❯ Orchestrated using Docker Compose
❯ docker-compose up
Not scalable out-of-the-box
❯ Most apps not cloud/container-native
❯ File uploads stored in filesystem
❯ Reliance on .htaccess rules
Development Containers
❯ Released in mid-2016
❯ Containerised popular frameworks
❯ Bring up a development environment in seconds
❯ Bootstraps new app if local directory empty
❯ Mounts local directory for editing locally and reloading server on changes
❯ Defined using ENTRYPOINT in the Dockerfile
❯ Runs on container startup
❯ Receives container's command (CMD) as arguments
❯ Typically used to start an interactive shell
❯ Useful for initialising volumes, writing configuration, waiting for services, etc.
Container Entrypoints
❯ Could choose runtime binary to be the image entrypointFROM bitnami/node:latestENTRYPOINT ["node"]
❯ docker run mynode -e "console.log('hello!')"
Container Entrypoints
if ! app_present; then log "Creating laravel application" cp -r /tmp/app/ /fi
if ! dependencies_up_to_date; then log "Installing/Updating Laravel dependencies (composer)" composer update log "Dependencies updated"fi
wait_for_db
if ! fresh_container; then ...else setup_db log "Initialization finished" touch $INIT_SEMfi
exec tini -- "$@"
Container Entrypoints
❯ tini, dumb-init are simple init systems for containers
❯ These start as PID 1 and run a command as a child process
❯ Correctly handle process signals and reap zombie processes
❯ May not be needed soon
○ built-in to Docker with --init flag
○ Kubernetes' pause container
Container init systems
OptimisingImages
Smaller imagessmaller footprint,
faster transmissionand lower attack surface
Minideb
❯ Released in late-2016
❯ ~50mb Debian base image
❯ Compatible with most software
❯ Familiar package manager with large library
github.com/bitnami/minideb
Multi-stage builds
❯ Available in Docker 17.05+
❯ Define build pipeline in Dockerfile
❯ Copy artifacts between stages
❯ Resulting image built from the final stage
FROM bitnami/node:6 as builderENV NODE_ENV="production"COPY . /appWORKDIR /appRUN npm install # installs native extensions
FROM bitnami/node:6-prodENV NODE_ENV="production"COPY --from=builder /app /appWORKDIR /appEXPOSE 3000CMD ["npm", "start"]
Multi-stage builds
Non-Privileged Containers
❯ Following best practices from OpenShift
❯ Assume UID is unknown, GID is 0 (root)
$ docker run --user 1001 bitnami/minideb iduid=1001 gid=0(root) groups=0(root)
❯ Files can have read-write-execute permissions for root group
❯ Services bind to non-privileged ports
canihaznonprivilegedcontainers.info
Non-Privileged Containers
$ docker run --user 1001 bitnami/minideb
I have no name!@ec12f26b1857:/$
What's Next?
❯ Roll out non-privileged & multi-stage builds to all apps
❯ More docs and tutorials (docs.bitnami.com)
❯ Minimal Centos base image
❯ Container builds with Bazel
❯ Tools for Kubernetes: Helm, Kubeless
Thank You