going d s k prod like a pro
play

Going D/S/K Prod Like A Pro BRET FISHER Docker Captain, DevOps - PowerPoint PPT Presentation

Jul 12, 2023 •234 likes •1.51k views

Going D/S/K Prod Like A Pro BRET FISHER Docker Captain, DevOps Dude, Creator of Docker Mastery bretfisher.com/docker @bretfisher Going D/S/K Prod Like A Pro BRET FISHER Docker Captain, DevOps Dude, Creator of Docker Mastery

  1. Good Defaults: Swarm Architectures ● Simple sizing guidelines based off: ○ Docker internal testing ○ Docker reference architectures ○ Real world deployments ○ Swarm3k lessons learned

  4. Baby Swarm: 1-Node

  5. Baby Swarm: 1-Node ● "docker swarm init" done! ● Solo VM's do it, so can Swarm ● Gives you more features then docker run ● bret.show/babyswarm

  6. HA Swarm: 3-Node

  7. HA Swarm: 3-Node ● Minimum for HA ● All Managers ● One node can fail ● Use when very small budget ● Pet projects or Test/CI

  8. Biz Swarm: 5-Node

  9. Biz Swarm: 5-Node ● Better high-availability ● All Managers ● Two nodes can fail ● My minimum for uptime that affects $$$

  10. Flexy Swarm: 10+ Nodes

  11. Flexy Swarm: 10+ Nodes ● 5 dedicated Managers ● Workers in DMZ ● Anything beyond 5 nodes, stick with 5 Managers and rest Workers ● Control container placement with labels + constraints

  12. Swole Swarm: 100+ Nodes

  13. Swole Swarm: 100+ Nodes ● 5 dedicated managers ● Resize Managers as you grow ● Multiple Worker subnets on Private/DMZ ● Control container placement with labels + constraints

  14. Don't Turn Cattle into Pets

  15. Don't Turn Cattle into Pets ● Assume nodes will be replaced ● Assume containers will be recreated ● Automate any host customization ● Every time you SSH into a server 🐽🔬

  16. Reasons for Multiple Clusters

  17. Reasons for Multiple Clusters Bad Reasons ● Different hardware configurations (or OS!) ● Different subnets or security groups ● Different availability zones ● Security boundaries for compliance

  18. Reasons for Multiple Clusters Bad Reasons Good Reasons ● Learning: Run Stuff on Test ● Different hardware Swarm configurations (or OS!) ● Geographical boundaries ● Different subnets or security groups ● Management boundaries using Docker API (or Docker ● Different availability zones EE RBAC, or other auth plugin) ● Security boundaries for compliance

  19. What About Windows Server 2019? ● Hard to be "Windows Only Swarm", mix with Linux nodes ● Much of those tools are Linux only ● Windows = Less choice, but easier path ● My recommendation: ○ Managers on Linux ○ Reserve Windows for Windows-exclusive workloads ● Swarm is more stable, Kubernetes is still early days

  20. DevSecOps: Making Friends With InfoSec ● Good: Just putting apps in Docker vs. host = ○ Whiltelist of Linux kernel capabilities ✔ ○ AppLocker profile enabled ✔ ○ SecComp profile enabled ✔ ● USER appname: App is not container root (e.g. node/python) ● User Namespaces: Container root isn't root (turn on per host) ● More basics at: bret.show/securityfirst

  21. DevSecOps: Shift Left Security ● Scan, Scan, Scan. ● Scan for CVE's in git: snyk.io ● Scan for CVE's in image builds: MicroScanner ● Scan for CVE's in images: Trivy

  22. DevSecOps: Content Trust ● Only used scanned images ● Only allow running of signed images ● Only used signed code

  23. DevOps: Focus On Outcomes, Not Tools

  24. DevOps: Focus On Outcomes, Not Tools ● Only change/implement what:

  25. DevOps: Focus On Outcomes, Not Tools ● Only change/implement what: ○ Gives you back a measurable chunk of time

  26. DevOps: Focus On Outcomes, Not Tools ● Only change/implement what: ○ Gives you back a measurable chunk of time ○ Greatly improves MTTR

  27. DevOps: Focus On Outcomes, Not Tools ● Only change/implement what: ○ Gives you back a measurable chunk of time ○ Greatly improves MTTR ○ Greatly improves deployment frequency

  28. DevOps: Focus On Outcomes, Not Tools ● Only change/implement what: ○ Gives you back a measurable chunk of time ○ Greatly improves MTTR ○ Greatly improves deployment frequency ● NO to everything else!

  29. DevOps: Focus On Outcomes, Not Tools ● Only change/implement what: ○ Gives you back a measurable chunk of time ○ Greatly improves MTTR ○ Greatly improves deployment frequency ● NO to everything else! ● More at bret.show/humandevops

  30. Outsource Well-Defined Plumbing

  31. Outsource Well-Defined Plumbing ● Beware the "not implemented here" syndrome

  32. Outsource Well-Defined Plumbing ● Beware the "not implemented here" syndrome ● My formula for "Do we use SaaS/Commercial"?

  33. Outsource Well-Defined Plumbing ● Beware the "not implemented here" syndrome ● My formula for "Do we use SaaS/Commercial"? ○ If it's a challenge to implement and maintain

  34. Outsource Well-Defined Plumbing ● Beware the "not implemented here" syndrome ● My formula for "Do we use SaaS/Commercial"? ○ If it's a challenge to implement and maintain ○ + SaaS/commercial market is mature

  35. Outsource Well-Defined Plumbing ● Beware the "not implemented here" syndrome ● My formula for "Do we use SaaS/Commercial"? ○ If it's a challenge to implement and maintain ○ + SaaS/commercial market is mature ○ = Opportunities for outsourcing

  36. Outsourcing: For Your Consideration

  37. Outsourcing: For Your Consideration ● Image registry

Recommend

Presentation 2016 SC ORGANISATION CONSULTING PROD SRL Share Capital: 270 000 euros

Presentation 2016 SC ORGANISATION CONSULTING PROD SRL Share Capital: 270 000 euros

Presentation 2016 SC ORGANISATION CONSULTING PROD SRL Share Capital: 270 000 euros J40/15720/20.08.2007 - CUI: RO22286079 www.ocprodgroup.com OC PROD - HR Consulting Founded in 2005, OC Prod is the first HR Company and International

545 views • 9 slides
Common constraint mistakes SU P P LY C H AIN AN ALYTIC S IN P YTH ON Aaren St u bber eld S

Common constraint mistakes SU P P LY C H AIN AN ALYTIC S IN P YTH ON Aaren St u bber eld S

Common constraint mistakes SU P P LY C H AIN AN ALYTIC S IN P YTH ON Aaren St u bber eld S u ppl y Chain Anal y tics Mgr . Dependent demand constraint Conte x t Prod u ction Plan Planning for 2 prod u cts ( A , and B ) Planning for prod u

805 views • 43 slides
C u stomer and prod u ct segmentation basics MAC H IN E L E AR N IN G FOR MAR K E TIN G IN P

C u stomer and prod u ct segmentation basics MAC H IN E L E AR N IN G FOR MAR K E TIN G IN P

C u stomer and prod u ct segmentation basics MAC H IN E L E AR N IN G FOR MAR K E TIN G IN P YTH ON Karolis Urbonas Head of Anal y tics & Science , Ama z on Data format # Customer by product/service matrix wholesale.head() MACHINE

510 views • 37 slides
and nd Pr Prod oduct ctivity EU H2020 Centre of of Excellenc nce (CoE)

and nd Pr Prod oduct ctivity EU H2020 Centre of of Excellenc nce (CoE)

Perf erfor ormance e Opti Optimisa sation on and nd Pr Prod oduct ctivity EU H2020 Centre of of Excellenc nce (CoE) 1 Oc Octob ober 2015 31 March h

678 views • 32 slides
and nd Pr Prod oduct ctivity EU H2020 Center r of of Excellence (CoE)

and nd Pr Prod oduct ctivity EU H2020 Center r of of Excellence (CoE)

Perf erfor ormance e Opti Optimization on and nd Pr Prod oduct ctivity EU H2020 Center r of of Excellence (CoE) 1 Oc Octobe ber 2015 31 March h 2018

604 views • 10 slides
Prod oducin ing g screen con ontent for or re refugee childre ren in Europe: : Au

Prod oducin ing g screen con ontent for or re refugee childre ren in Europe: : Au

Prod oducin ing g screen con ontent for or re refugee childre ren in Europe: : Au Authorship, authentici city, and re remediation 18 th International Migration Conference, TU Cologne, 21-23 June 2018 Jeanette Steemers (Kings

214 views • 19 slides
We are FIL M SERVI CE (THA AILAND) a a prod duction co ompany based in Bangkok k,

We are FIL M SERVI CE (THA AILAND) a a prod duction co ompany based in Bangkok k,

We are FIL M SERVI CE (THA AILAND) a a prod duction co ompany based in Bangkok k, Thail land. We W wor rk close ely with h cinem matograph hers and p producers to provide e the m most cost- effective m means to p

229 views • 20 slides
BI BIODI ODIVERSITY VERSITY CO CONS NSERVATI ERVATION ON IN IN CO COCO COA A PR PROD

BI BIODI ODIVERSITY VERSITY CO CONS NSERVATI ERVATION ON IN IN CO COCO COA A PR PROD

MAIN AINSTREAMING STREAMING BI BIODI ODIVERSITY VERSITY CO CONS NSERVATI ERVATION ON IN IN CO COCO COA A PR PROD ODUCTION CTION LA LANDSCAP DSCAPES ES Presented by Ernestina Osei-Peprah (Mrs.) Conservation Alliance

290 views • 16 slides
FOO OOD an and AG AGRICULTURAL AL PROD ODUCTS IN INDUSTRY an and TRAD ADE A. A.S.

FOO OOD an and AG AGRICULTURAL AL PROD ODUCTS IN INDUSTRY an and TRAD ADE A. A.S.

FOO OOD an and AG AGRICULTURAL AL PROD ODUCTS IN INDUSTRY an and TRAD ADE A. A.S. TARGID is a maj ajor producer of fruit juice concentrates, fruit purees/pulp, puree/pulp concentrates and FTNF aromas/flavors in Turkey. With an ever

199 views • 15 slides
W eight-of-Ev id ence Ap p roa ch for Risk Assessm ent of Toba cco Prod ucts Paige N. Wiecinski,

W eight-of-Ev id ence Ap p roa ch for Risk Assessm ent of Toba cco Prod ucts Paige N. Wiecinski,

W eight-of-Ev id ence Ap p roa ch for Risk Assessm ent of Toba cco Prod ucts Paige N. Wiecinski, Ph.D., D.A.B.T Slides Presented at CTPs Risk Assessment of Tobacco Products Public Workshop November 15, 2016 Altria Client Services l P.

431 views • 17 slides
Cold Cathode N N L U A A X I CARALUX CARALUX Internal illuminations Caralux Prod.

Cold Cathode N N L U A A X I CARALUX CARALUX Internal illuminations Caralux Prod.

Cold Cathode N N L U A A X I CARALUX CARALUX Internal illuminations Caralux Prod. S.R.L. Street Pechea nr. 6-6A Bucharest district 1 Phone: 021.2329387 Fax: 021.2329307 email: office@caralux.ro www.caralux.ro LUMINATOR REF.

476 views • 23 slides
we balance Europe 11/26/2017 1 Mod Modular ular Li Li-Ion Ion ce cell ll pr prod oduc

we balance Europe 11/26/2017 1 Mod Modular ular Li Li-Ion Ion ce cell ll pr prod oduc

we balance Europe 11/26/2017 1 Mod Modular ular Li Li-Ion Ion ce cell ll pr prod oduc uction tion with with zer ero CO o CO 2 foo ootp tprint rint 1. Why in Germany/Europe 2. Unique opportunity 3. Our sequential und parallel

376 views • 13 slides
Prod oducer Consum er Coop ooperation tow ow ards Develo lopin ing LNG Market in in A

Prod oducer Consum er Coop ooperation tow ow ards Develo lopin ing LNG Market in in A

Prod oducer Consum er Coop ooperation tow ow ards Develo lopin ing LNG Market in in A Asia ( Strategic ic r regula latio ions a and polic licie ies in T Thaila iland) International Convention Center Pamir H.

455 views • 11 slides
Who Broke Prod? Growing teams who can fail without fear Emma Button Co-founder, nubeGO.io

Who Broke Prod? Growing teams who can fail without fear Emma Button Co-founder, nubeGO.io

Who Broke Prod? Growing teams who can fail without fear Emma Button Co-founder, nubeGO.io @growerofawesome BAD STUFF HAPPENS SELF-DEFENCE Respond positively to feedback Stop seeking blame Photo: Silvia Izquierdo Improvem ement t Kata

534 views • 14 slides
Prod Pr oduc uctio tion Int Intel elligen igence ce GPU-Databases GP atabases for or

Prod Pr oduc uctio tion Int Intel elligen igence ce GPU-Databases GP atabases for or

Prod Pr oduc uctio tion Int Intel elligen igence ce GPU-Databases GP atabases for or Pre redict ctive ive Maint ntenance enance and d In-Line In Line Con ontr trolling olling in Autom omob obile le Manu nufactu facturi

491 views • 19 slides
January 25, 2018 ACL CL Disc scret etiona ionary ry Gran ant t Pr Prod oduc uct t Disc

January 25, 2018 ACL CL Disc scret etiona ionary ry Gran ant t Pr Prod oduc uct t Disc

California Health Advocates Monthly Educational Webinar January 25, 2018 ACL CL Disc scret etiona ionary ry Gran ant t Pr Prod oduc uct t Disc sclaimer imer Not otice This project was supported, in part by grant number

286 views • 10 slides
Che hemical ical Prod oduction ction Presented to Side event for Conference of States

Che hemical ical Prod oduction ction Presented to Side event for Conference of States

Int nternational ernational Worksh orkshop op on on Tre rend nds s in in Che hemical ical Prod oduction ction Presented to Side event for Conference of States Parties 21 28 November 2017 Cheng Tang Vice Chairperson, the

1.05k views • 74 slides
RE REIN INFOR FORCEM CEMENT ENT LE LEAR ARNI NING NG AS A PR AS A PROD ODUC UCTION

RE REIN INFOR FORCEM CEMENT ENT LE LEAR ARNI NING NG AS A PR AS A PROD ODUC UCTION

RE REIN INFOR FORCEM CEMENT ENT LE LEAR ARNI NING NG AS A PR AS A PROD ODUC UCTION TION TOOL OOL ON ON AAA AAA GA GAME MES Olivie ier r DELALL ALLEAU EAU & A Adrien n LOGU GUT 2017-10 10-18 18 AGENDA Project

1.04k views • 63 slides
2019 2019/20 /20 An n oi oil prod product dra uct drama SEB Commo SE Commodi diti

2019 2019/20 /20 An n oi oil prod product dra uct drama SEB Commo SE Commodi diti

2019 2019/20 /20 An n oi oil prod product dra uct drama SEB Commo SE Commodi diti ties es Resea esearch rch Bjarne Schieldrop Head of SEB Commodities Research Bjarne.schieldrop@seb.no +47 9248 9230 Hi Histori storica cal vi

968 views • 24 slides
Inject ctable m mod odified r release se prod oducts ts Dr Sotiris Michaleas, National

Inject ctable m mod odified r release se prod oducts ts Dr Sotiris Michaleas, National

Guideline on the pharmacokinetic and clinical evaluation of modified release dosage forms (EMA/CPMP/EWP/280/96 Corr1) Inject ctable m mod odified r release se prod oducts ts Dr Sotiris Michaleas, National Expert for the Greek National

579 views • 37 slides
Em Emer ergi ging ng Ma Major or Co Copp pper er Pr Prod oduc ucer er ORA PRODUC

Em Emer ergi ging ng Ma Major or Co Copp pper er Pr Prod oduc ucer er ORA PRODUC

ACN130 955 725 Em Emer ergi ging ng Ma Major or Co Copp pper er Pr Prod oduc ucer er ORA PRODUC ODUCTORA COPP OPPER ER PROJEC JECT LE CHI HILE February, 2013 Disclaimer This presentation is provided on the basis that

217 views • 20 slides
TORA PROD ODUCTOR ACN130 955 725 COPP PPER ER PROJ OJECT T CHILE CHI Diggers and Digge

TORA PROD ODUCTOR ACN130 955 725 COPP PPER ER PROJ OJECT T CHILE CHI Diggers and Digge

TORA PROD ODUCTOR ACN130 955 725 COPP PPER ER PROJ OJECT T CHILE CHI Diggers and Digge and Deale Dealers Confe s Conferenc nce Kalgoorlie, August 2013 Disclaimer This presentation is provided on the basis that neither the Company

897 views • 24 slides
Voic oice Diso e Disord rder ers ASHA / Ho How do do w we pr prod oduce ce voi oice

Voic oice Diso e Disord rder ers ASHA / Ho How do do w we pr prod oduce ce voi oice

ASHA / Voic oice Diso e Disord rder ers ASHA / Ho How do do w we pr prod oduce ce voi oice ce? You have two vocal cords, also called vocal folds, in your larynx, or voicebox. When you talk, air comes from your lungs,

747 views • 13 slides
RICE CE HUSK K AS AN ALTERN TERNATIV TIVE E ENER ERGY GY FOR OR CEME MENT NT PROD ODUC

RICE CE HUSK K AS AN ALTERN TERNATIV TIVE E ENER ERGY GY FOR OR CEME MENT NT PROD ODUC

RICE CE HUSK K AS AN ALTERN TERNATIV TIVE E ENER ERGY GY FOR OR CEME MENT NT PROD ODUC UCTION TION AND ITS S EFFECT CT ON ON THE CHEMI MICAL CAL PROPER OPERTIES TIES OF OF CEME MENT NT Agus Maryoto ( ) Gathot Heri

180 views • 14 slides

More recommend