SlideShare una empresa de Scribd logo

Shrinking the container_zurich_july_2018

E
Ewan Slater

My talk to the Zurich Docker meetup (25/07/18) on microcontainers, smith and crashcart

Tecnología
1 de 83
Descargar para leer sin conexión
Shrinking the Container @ewanslater
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 3
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Take - aways • Make smaller things • Only pack what you need • Use the smallest container 4
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 7
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Software 12
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Responsibility 13
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 14
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | When I wrote FORTRAN… 15 £140
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | When I wrote FORTRAN… 16 £140 £40
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | When I wrote FORTRAN… 17 £140 £40 £100
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | The less you care about, The Happier you are 18
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Enterprise Software • Multiple responsibilities • Difficult to deploy • Difficult to scale 19
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Lack of Agility • “too big too fail”  “too difficult to change” – Technical risk – Political risk • “it would take us two years to deploy hello world” – Public sector customer Finland 20
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 21
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 22
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | All the Little Things • Want better apps? • Make smaller things • Have them know as little as possible about each other 24 Talk by Sandi Metz https://youtu.be/8bZh5LMaSmE
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Make smaller things* * Things == Objects || Services || Applications 25
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Small things* are easy to change * Things == Objects || Services || Applications 26
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 27 Monoliths  Microservices
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Microservices • Do one thing well • Loosely coupled • Choreography > Orchestration • Business capabilities not tech layers 28
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Infrastructure 36
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 39
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Diminished Responsibility Server • Hardware • OS • Multiple services and applications VM • OS • Single service or application (typically) Container • Single service or application 43
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | A Case Study 44
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | SaaS Startup • Monolithic Rails app • Running on VMs • Inflexible scaling (whole app only) • Measure inflexibility in $ • Need to – Improve Scalability – Improve Utilisation – Lower Costs 45
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Splitting the Monolith • Refactor app • Set of Microservices • Image per Microservice • Choreography 46
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Result • Fine – grained scalability • Event – driven • Improved utilisation • Lower costs 47
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Houston, we have an opportunity… 48
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | …and a challenge… 49
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | “Docker makes building containers a breeze. Just put a standard Dockerfile into your folder, run the docker ‘build’ command, and shazam! Your container image is built! The downside of this simplicity is that it’s easy to build huge containers full of things you don’t need—including potential security holes.” - Sandeep Dinesh, Google Developer Advocate (see https://goo.gl/76GPcd) 51
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Containers @ Oracle 52
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Operational Differences • Immutability • Rebuild / Redeploy vs Patching • Build toolchain vs Config Management tools 53
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Worst Practices • Developers without operational awareness • Multiple applications per container • Container Bloat • Handling of security vulnerabilities 54
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Security Matters • Privilege escalation – Whole Linux user space  bigger attack surface – Compromise app  expose other vectors • Vulnerability management – Can’t patch a running container – What does the app really need to run? – What do I really need to patch? 55
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Size Matters • Large images – Often > 1GB in size – FROM Debian – Alpine can help, but brings it’s own problems • Bloat – "You wanted a banana but what you got was a gorilla holding the banana and the entire jungle" – Joe Armstrong 57
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Enter Microcontainers 58
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | A Microcontainer • Contains only – Single executable – Dependencies (of the executable) • Runs with a read only root filesystem • Files are all owned and read by a single user 59
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Result • Small image • Fast, easy distribution • Smaller attack surface • Certainty over vulnerabilities 60
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 62
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | containers lean
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Builder Pattern • Development Dockerfile – Creates “fat” development image • Production Dockerfile – Creates “lean” production image • Build script to extract and copy • Difficult to maintain • Messy 64
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Multi Stage Builds • Single Dockerfile • Create successive images – (can use different bases) • Copy from imagen to imagen+1 • Single, final image 65 Since Docker 17.05
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | If I had a hammer… • Single layer • Automatic Dependency Resolution • Enables best practice: – Single user – Idempotent builds – More secure images • No overlayfs 69
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Smith • Open Source – Apache License 2.0 – Universal Permissive License • Command line tool for – Building Microcontainer images • yum repos • rpm files – Shrinking existing containers • Standard image in  Microcontainer image out 71 http://github.com/oracle/smith
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Process • If shrinking – Download image in OCI format – Or point to URL • Define a smith.yaml file • Run smith • Upload in OCI format to Docker repo 72
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | How it works: Packages new OCI image Creates single layer Loads library search paths and recursively copies dependencies Copies out files from paths in smith.yaml Unpacks layers 75
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | For best results • Build a Big Fat Image • Hammer it with Smith • Easier & quicker than Multi Stage Build – YMMV 80 (unless you have a self contained binary)
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | What if…? 81
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Don’t… • Run sshd • Login with ssh • Embed debug tools • Docker exec to get prompt 82
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Challenges • Can’t just mount a directory into the container on the fly – Restart - may be difficult to recreate conditions • Most tools expect to be in their own directory • Paths • Library conflicts 85
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Requirements • Debug tools happy with alternate location • Static library dependencies  avoid conflict with container libraries • Focus on solving problem, not hacking container. 86
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Crashcart • Open Source – Apache License 2.0 – Universal Permissive License • Simple command line tool • “Sideloads” an image with Linux binaries (debug tools) into an existing container 87 http://github.com/oracle/crashcart
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Crashcart • Attach to pid of container • Mounts crashcart image • Run binaries from crashcart image • Detach & unmount 88
Whatever works best for you
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Get involved • Fork Smith and Crashcart on GitHub • Try the labs for Smith and Crashcart • Get in touch via Slack • Contribute 90
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Take - aways • Make smaller things • Only pack what you need • Use the smallest container • Benefits – Simplicity – Agility – Security 92
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 93 ewan.slater@oracle.com @ewanslater https://plus.google.com/+EwanSlater
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Questions? 94
Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 95
Shrinking the container_zurich_july_2018

Recomendados

Java and Serverless - A Match Made In Heaven, Part 1
Java and Serverless - A Match Made In Heaven, Part 1Java and Serverless - A Match Made In Heaven, Part 1
Java and Serverless - A Match Made In Heaven, Part 1Curity
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Rogue Wave Software
 
Oracle - Continuous Delivery NYC meetup, June 07, 2018
Oracle - Continuous Delivery NYC meetup, June 07, 2018Oracle - Continuous Delivery NYC meetup, June 07, 2018
Oracle - Continuous Delivery NYC meetup, June 07, 2018Oracle Developers
 
Microservices at Scale with Istio
Microservices at Scale with IstioMicroservices at Scale with Istio
Microservices at Scale with IstioJesse Butler
 
JDD2014: Enforcing architecture patterns with static code analysis - Pablo Ba...
JDD2014: Enforcing architecture patterns with static code analysis - Pablo Ba...JDD2014: Enforcing architecture patterns with static code analysis - Pablo Ba...
JDD2014: Enforcing architecture patterns with static code analysis - Pablo Ba...PROIDEA
 
Tecnologias Oracle em Docker Containers On-premise e na Nuvem
Tecnologias Oracle em Docker Containers On-premise e na NuvemTecnologias Oracle em Docker Containers On-premise e na Nuvem
Tecnologias Oracle em Docker Containers On-premise e na NuvemBruno Borges
 
Melhore o Desenvolvimento do Time com DevOps na Nuvem
Melhore o Desenvolvimento do Time com DevOps na NuvemMelhore o Desenvolvimento do Time com DevOps na Nuvem
Melhore o Desenvolvimento do Time com DevOps na NuvemBruno Borges
 
Microservices + Oracle: A Bright Future
Microservices + Oracle: A Bright FutureMicroservices + Oracle: A Bright Future
Microservices + Oracle: A Bright FutureKelly Goetsch
 

Recomendados

Java and Serverless - A Match Made In Heaven, Part 1
Java and Serverless - A Match Made In Heaven, Part 1Java and Serverless - A Match Made In Heaven, Part 1
Java and Serverless - A Match Made In Heaven, Part 1Curity
 
Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Open source applied - Real world use cases (Presented at Open Source 101)
Open source applied - Real world use cases (Presented at Open Source 101)Rogue Wave Software
 
Oracle - Continuous Delivery NYC meetup, June 07, 2018
Oracle - Continuous Delivery NYC meetup, June 07, 2018Oracle - Continuous Delivery NYC meetup, June 07, 2018
Oracle - Continuous Delivery NYC meetup, June 07, 2018Oracle Developers
 
Microservices at Scale with Istio
Microservices at Scale with IstioMicroservices at Scale with Istio
Microservices at Scale with IstioJesse Butler
 
JDD2014: Enforcing architecture patterns with static code analysis - Pablo Ba...
JDD2014: Enforcing architecture patterns with static code analysis - Pablo Ba...JDD2014: Enforcing architecture patterns with static code analysis - Pablo Ba...
JDD2014: Enforcing architecture patterns with static code analysis - Pablo Ba...PROIDEA
 
Tecnologias Oracle em Docker Containers On-premise e na Nuvem
Tecnologias Oracle em Docker Containers On-premise e na NuvemTecnologias Oracle em Docker Containers On-premise e na Nuvem
Tecnologias Oracle em Docker Containers On-premise e na NuvemBruno Borges
 
Melhore o Desenvolvimento do Time com DevOps na Nuvem
Melhore o Desenvolvimento do Time com DevOps na NuvemMelhore o Desenvolvimento do Time com DevOps na Nuvem
Melhore o Desenvolvimento do Time com DevOps na NuvemBruno Borges
 
Microservices + Oracle: A Bright Future
Microservices + Oracle: A Bright FutureMicroservices + Oracle: A Bright Future
Microservices + Oracle: A Bright FutureKelly Goetsch
 
Java EE Arquillian Testing with Docker & The Cloud
Java EE Arquillian Testing with Docker & The CloudJava EE Arquillian Testing with Docker & The Cloud
Java EE Arquillian Testing with Docker & The CloudBruno Borges
 
Oracle Ravello Presentation 7Dec16 v1
Oracle Ravello Presentation 7Dec16 v1Oracle Ravello Presentation 7Dec16 v1
Oracle Ravello Presentation 7Dec16 v1Kurt Liu
 
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogicRakuten Group, Inc.
 
The Lie of a Benevolent Dictator; the Truth of a Working Democratic Meritocracy
The Lie of a Benevolent Dictator; the Truth of a Working Democratic MeritocracyThe Lie of a Benevolent Dictator; the Truth of a Working Democratic Meritocracy
The Lie of a Benevolent Dictator; the Truth of a Working Democratic MeritocracyRandy Bias
 
Delivering Mobile Apps to the Field with Oracle
Delivering Mobile Apps to the Field with OracleDelivering Mobile Apps to the Field with Oracle
Delivering Mobile Apps to the Field with OracleSimon Haslam
 
2017 State Enterprise Multi Cloud Webinar
2017 State Enterprise Multi Cloud Webinar2017 State Enterprise Multi Cloud Webinar
2017 State Enterprise Multi Cloud WebinarCloudify Community
 
Cache-Aside Cloud Design Pattern
Cache-Aside Cloud Design PatternCache-Aside Cloud Design Pattern
Cache-Aside Cloud Design PatternSiva Rama Krishna Chunduru
 
Enterprise Ready OpenStack, Wiekus Beukes, Oracle
Enterprise Ready OpenStack, Wiekus Beukes, OracleEnterprise Ready OpenStack, Wiekus Beukes, Oracle
Enterprise Ready OpenStack, Wiekus Beukes, OracleSriram Subramanian
 
Building and Deploying Cloud Native Applications
Building and Deploying Cloud Native ApplicationsBuilding and Deploying Cloud Native Applications
Building and Deploying Cloud Native ApplicationsManish Kapur
 
Polyglot! A Lightweight Cloud Platform for Java SE, Node, and More
Polyglot! A Lightweight Cloud Platform for Java SE, Node, and MorePolyglot! A Lightweight Cloud Platform for Java SE, Node, and More
Polyglot! A Lightweight Cloud Platform for Java SE, Node, and MoreShaun Smith
 
Lightweight Java in the Cloud
Lightweight Java in the CloudLightweight Java in the Cloud
Lightweight Java in the CloudBruno Borges
 
Container Native Development Tools - Talk by Mickey Boxell
Container Native Development Tools - Talk by Mickey BoxellContainer Native Development Tools - Talk by Mickey Boxell
Container Native Development Tools - Talk by Mickey BoxellOracle Developers
 
Sitecore development approach evolution – destination helix
Sitecore development approach evolution – destination helixSitecore development approach evolution – destination helix
Sitecore development approach evolution – destination helixPeter Nazarov
 
Lightweight Java in the Cloud
Lightweight Java in the CloudLightweight Java in the Cloud
Lightweight Java in the CloudShaun Smith
 
Oracle OCI APIs and SDK
Oracle OCI APIs and SDKOracle OCI APIs and SDK
Oracle OCI APIs and SDKPhil Wilkins
 
Oracle Ravello
Oracle Ravello Oracle Ravello
Oracle Ravello Andrey Akulov
 
Building Cloud Native Applications with Oracle Autonomous Database.
Building Cloud Native Applications with Oracle Autonomous Database.Building Cloud Native Applications with Oracle Autonomous Database.
Building Cloud Native Applications with Oracle Autonomous Database.Oracle Developers
 
Cloud Native Architecture Patterns Tutorial
Cloud Native Architecture Patterns TutorialCloud Native Architecture Patterns Tutorial
Cloud Native Architecture Patterns TutorialMatt Stine
 
GDPR- The Buck Stops Here
GDPR- The Buck Stops HereGDPR- The Buck Stops Here
GDPR- The Buck Stops HereKellyn Pot'Vin-Gorman
 
Supercharge your Code to get optimal Database Performance
Supercharge your Code to get optimal Database PerformanceSupercharge your Code to get optimal Database Performance
Supercharge your Code to get optimal Database Performancegvenzl
 
Serverless Kotlin
Serverless KotlinServerless Kotlin
Serverless KotlinDavid Delabassee
 
Functions and DevOps
Functions and DevOpsFunctions and DevOps
Functions and DevOpsShaun Smith
 

Más contenido relacionado

La actualidad más candente

Java EE Arquillian Testing with Docker & The Cloud
Java EE Arquillian Testing with Docker & The CloudJava EE Arquillian Testing with Docker & The Cloud
Java EE Arquillian Testing with Docker & The CloudBruno Borges
 
Oracle Ravello Presentation 7Dec16 v1
Oracle Ravello Presentation 7Dec16 v1Oracle Ravello Presentation 7Dec16 v1
Oracle Ravello Presentation 7Dec16 v1Kurt Liu
 
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogicRakuten Group, Inc.
 
The Lie of a Benevolent Dictator; the Truth of a Working Democratic Meritocracy
The Lie of a Benevolent Dictator; the Truth of a Working Democratic MeritocracyThe Lie of a Benevolent Dictator; the Truth of a Working Democratic Meritocracy
The Lie of a Benevolent Dictator; the Truth of a Working Democratic MeritocracyRandy Bias
 
Delivering Mobile Apps to the Field with Oracle
Delivering Mobile Apps to the Field with OracleDelivering Mobile Apps to the Field with Oracle
Delivering Mobile Apps to the Field with OracleSimon Haslam
 
2017 State Enterprise Multi Cloud Webinar
2017 State Enterprise Multi Cloud Webinar2017 State Enterprise Multi Cloud Webinar
2017 State Enterprise Multi Cloud WebinarCloudify Community
 
Enterprise Ready OpenStack, Wiekus Beukes, Oracle
Enterprise Ready OpenStack, Wiekus Beukes, OracleEnterprise Ready OpenStack, Wiekus Beukes, Oracle
Enterprise Ready OpenStack, Wiekus Beukes, OracleSriram Subramanian
 
Building and Deploying Cloud Native Applications
Building and Deploying Cloud Native ApplicationsBuilding and Deploying Cloud Native Applications
Building and Deploying Cloud Native ApplicationsManish Kapur
 
Polyglot! A Lightweight Cloud Platform for Java SE, Node, and More
Polyglot! A Lightweight Cloud Platform for Java SE, Node, and MorePolyglot! A Lightweight Cloud Platform for Java SE, Node, and More
Polyglot! A Lightweight Cloud Platform for Java SE, Node, and MoreShaun Smith
 
Lightweight Java in the Cloud
Lightweight Java in the CloudLightweight Java in the Cloud
Lightweight Java in the CloudBruno Borges
 
Container Native Development Tools - Talk by Mickey Boxell
Container Native Development Tools - Talk by Mickey BoxellContainer Native Development Tools - Talk by Mickey Boxell
Container Native Development Tools - Talk by Mickey BoxellOracle Developers
 
Sitecore development approach evolution – destination helix
Sitecore development approach evolution – destination helixSitecore development approach evolution – destination helix
Sitecore development approach evolution – destination helixPeter Nazarov
 
Lightweight Java in the Cloud
Lightweight Java in the CloudLightweight Java in the Cloud
Lightweight Java in the CloudShaun Smith
 
Oracle OCI APIs and SDK
Oracle OCI APIs and SDKOracle OCI APIs and SDK
Oracle OCI APIs and SDKPhil Wilkins
 
Building Cloud Native Applications with Oracle Autonomous Database.
Building Cloud Native Applications with Oracle Autonomous Database.Building Cloud Native Applications with Oracle Autonomous Database.
Building Cloud Native Applications with Oracle Autonomous Database.Oracle Developers
 
Cloud Native Architecture Patterns Tutorial
Cloud Native Architecture Patterns TutorialCloud Native Architecture Patterns Tutorial
Cloud Native Architecture Patterns TutorialMatt Stine
 
Supercharge your Code to get optimal Database Performance
Supercharge your Code to get optimal Database PerformanceSupercharge your Code to get optimal Database Performance
Supercharge your Code to get optimal Database Performancegvenzl
 

La actualidad más candente (20)

Java EE Arquillian Testing with Docker & The Cloud
Java EE Arquillian Testing with Docker & The CloudJava EE Arquillian Testing with Docker & The Cloud
Java EE Arquillian Testing with Docker & The Cloud
 
Oracle Ravello Presentation 7Dec16 v1
Oracle Ravello Presentation 7Dec16 v1Oracle Ravello Presentation 7Dec16 v1
Oracle Ravello Presentation 7Dec16 v1
 
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic
[Rakuten TechConf2014] [C-5] Ichiba Architecture on ExaLogic
 
The Lie of a Benevolent Dictator; the Truth of a Working Democratic Meritocracy
The Lie of a Benevolent Dictator; the Truth of a Working Democratic MeritocracyThe Lie of a Benevolent Dictator; the Truth of a Working Democratic Meritocracy
The Lie of a Benevolent Dictator; the Truth of a Working Democratic Meritocracy
 
Delivering Mobile Apps to the Field with Oracle
Delivering Mobile Apps to the Field with OracleDelivering Mobile Apps to the Field with Oracle
Delivering Mobile Apps to the Field with Oracle
 
2017 State Enterprise Multi Cloud Webinar
2017 State Enterprise Multi Cloud Webinar2017 State Enterprise Multi Cloud Webinar
2017 State Enterprise Multi Cloud Webinar
 
Cache-Aside Cloud Design Pattern
Cache-Aside Cloud Design PatternCache-Aside Cloud Design Pattern
Cache-Aside Cloud Design Pattern
 
Enterprise Ready OpenStack, Wiekus Beukes, Oracle
Enterprise Ready OpenStack, Wiekus Beukes, OracleEnterprise Ready OpenStack, Wiekus Beukes, Oracle
Enterprise Ready OpenStack, Wiekus Beukes, Oracle
 
Building and Deploying Cloud Native Applications
Building and Deploying Cloud Native ApplicationsBuilding and Deploying Cloud Native Applications
Building and Deploying Cloud Native Applications
 
Polyglot! A Lightweight Cloud Platform for Java SE, Node, and More
Polyglot! A Lightweight Cloud Platform for Java SE, Node, and MorePolyglot! A Lightweight Cloud Platform for Java SE, Node, and More
Polyglot! A Lightweight Cloud Platform for Java SE, Node, and More
 
Lightweight Java in the Cloud
Lightweight Java in the CloudLightweight Java in the Cloud
Lightweight Java in the Cloud
 
Container Native Development Tools - Talk by Mickey Boxell
Container Native Development Tools - Talk by Mickey BoxellContainer Native Development Tools - Talk by Mickey Boxell
Container Native Development Tools - Talk by Mickey Boxell
 
Sitecore development approach evolution – destination helix
Sitecore development approach evolution – destination helixSitecore development approach evolution – destination helix
Sitecore development approach evolution – destination helix
 
Lightweight Java in the Cloud
Lightweight Java in the CloudLightweight Java in the Cloud
Lightweight Java in the Cloud
 
Oracle OCI APIs and SDK
Oracle OCI APIs and SDKOracle OCI APIs and SDK
Oracle OCI APIs and SDK
 
Oracle Ravello
Oracle Ravello Oracle Ravello
Oracle Ravello
 
Building Cloud Native Applications with Oracle Autonomous Database.
Building Cloud Native Applications with Oracle Autonomous Database.Building Cloud Native Applications with Oracle Autonomous Database.
Building Cloud Native Applications with Oracle Autonomous Database.
 
Cloud Native Architecture Patterns Tutorial
Cloud Native Architecture Patterns TutorialCloud Native Architecture Patterns Tutorial
Cloud Native Architecture Patterns Tutorial
 
GDPR- The Buck Stops Here
GDPR- The Buck Stops HereGDPR- The Buck Stops Here
GDPR- The Buck Stops Here
 
Supercharge your Code to get optimal Database Performance
Supercharge your Code to get optimal Database PerformanceSupercharge your Code to get optimal Database Performance
Supercharge your Code to get optimal Database Performance
 

Similar a Shrinking the container_zurich_july_2018

Functions and DevOps
Functions and DevOpsFunctions and DevOps
Functions and DevOpsShaun Smith
 
Oracle Modern AppDev Approach to Cloud & Container Native App
Oracle Modern AppDev Approach to Cloud & Container Native AppOracle Modern AppDev Approach to Cloud & Container Native App
Oracle Modern AppDev Approach to Cloud & Container Native AppPaulo Alberto Simoes ∴
 
DevOps Supercharged with Docker on Exadata
DevOps Supercharged with Docker on ExadataDevOps Supercharged with Docker on Exadata
DevOps Supercharged with Docker on ExadataMarketingArrowECS_CZ
 
Diagnose Your Microservices
Diagnose Your MicroservicesDiagnose Your Microservices
Diagnose Your MicroservicesMarcus Hirt
 
Serverless patterns
Serverless patternsServerless patterns
Serverless patternsJesse Butler
 
Solaris 11.4 launch
Solaris 11.4 launchSolaris 11.4 launch
Solaris 11.4 launchScott Lynn
 
Using MySQL Containers
Using MySQL ContainersUsing MySQL Containers
Using MySQL ContainersMatt Lord
 
Delivering Mobile Apps to the Field with Oracle JET
Delivering Mobile Apps to the Field with Oracle JETDelivering Mobile Apps to the Field with Oracle JET
Delivering Mobile Apps to the Field with Oracle JETSimon Haslam
 
Randstad Docker meetup - Serverless
Randstad Docker meetup - ServerlessRandstad Docker meetup - Serverless
Randstad Docker meetup - ServerlessDavid Delabassee
 
AMIS Oracle OpenWorld & CodeOne Review - Pillar 1 - Data (5 november 2018)
AMIS Oracle OpenWorld & CodeOne Review - Pillar 1 - Data (5 november 2018)AMIS Oracle OpenWorld & CodeOne Review - Pillar 1 - Data (5 november 2018)
AMIS Oracle OpenWorld & CodeOne Review - Pillar 1 - Data (5 november 2018)Lucas Jellema
 
Microcontainers and Tools for Hardcore Container Debugging
Microcontainers and Tools for Hardcore Container DebuggingMicrocontainers and Tools for Hardcore Container Debugging
Microcontainers and Tools for Hardcore Container DebuggingOracle Developers
 
Persistent storage with containers By Kaslin Fields
Persistent storage with containers By Kaslin FieldsPersistent storage with containers By Kaslin Fields
Persistent storage with containers By Kaslin FieldsOracle Developers
 
Microservices and Container
Microservices and ContainerMicroservices and Container
Microservices and ContainerWolfgang Weigend
 
Why citizen developers should be your new best friend - Oracle APEX
Why citizen developers should be your new best friend - Oracle APEXWhy citizen developers should be your new best friend - Oracle APEX
Why citizen developers should be your new best friend - Oracle APEXDavidPeake15
 

Similar a Shrinking the container_zurich_july_2018 (20)

Serverless Kotlin
Serverless KotlinServerless Kotlin
Serverless Kotlin
 
Functions and DevOps
Functions and DevOpsFunctions and DevOps
Functions and DevOps
 
Oracle Modern AppDev Approach to Cloud & Container Native App
Oracle Modern AppDev Approach to Cloud & Container Native AppOracle Modern AppDev Approach to Cloud & Container Native App
Oracle Modern AppDev Approach to Cloud & Container Native App
 
DevOps Supercharged with Docker on Exadata
DevOps Supercharged with Docker on ExadataDevOps Supercharged with Docker on Exadata
DevOps Supercharged with Docker on Exadata
 
Diagnose Your Microservices
Diagnose Your MicroservicesDiagnose Your Microservices
Diagnose Your Microservices
 
Serverless patterns
Serverless patternsServerless patterns
Serverless patterns
 
Solaris 11.4 launch
Solaris 11.4 launchSolaris 11.4 launch
Solaris 11.4 launch
 
Using MySQL Containers
Using MySQL ContainersUsing MySQL Containers
Using MySQL Containers
 
Multi Stage Docker Build
Multi Stage Docker Build Multi Stage Docker Build
Multi Stage Docker Build
 
Delivering Mobile Apps to the Field with Oracle JET
Delivering Mobile Apps to the Field with Oracle JETDelivering Mobile Apps to the Field with Oracle JET
Delivering Mobile Apps to the Field with Oracle JET
 
Randstad Docker meetup - Serverless
Randstad Docker meetup - ServerlessRandstad Docker meetup - Serverless
Randstad Docker meetup - Serverless
 
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Data
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: DataAMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Data
AMIS Oracle OpenWorld en Code One Review 2018 - Pillar 1: Data
 
AMIS Oracle OpenWorld & CodeOne Review - Pillar 1 - Data (5 november 2018)
AMIS Oracle OpenWorld & CodeOne Review - Pillar 1 - Data (5 november 2018)AMIS Oracle OpenWorld & CodeOne Review - Pillar 1 - Data (5 november 2018)
AMIS Oracle OpenWorld & CodeOne Review - Pillar 1 - Data (5 november 2018)
 
Microcontainers and Tools for Hardcore Container Debugging
Microcontainers and Tools for Hardcore Container DebuggingMicrocontainers and Tools for Hardcore Container Debugging
Microcontainers and Tools for Hardcore Container Debugging
 
Autonomous Data Warehouse
Autonomous Data WarehouseAutonomous Data Warehouse
Autonomous Data Warehouse
 
Csa container-security-in-aws-dw
Csa container-security-in-aws-dwCsa container-security-in-aws-dw
Csa container-security-in-aws-dw
 
Persistent storage with containers By Kaslin Fields
Persistent storage with containers By Kaslin FieldsPersistent storage with containers By Kaslin Fields
Persistent storage with containers By Kaslin Fields
 
ADW Topic.pdf
ADW Topic.pdfADW Topic.pdf
ADW Topic.pdf
 
Microservices and Container
Microservices and ContainerMicroservices and Container
Microservices and Container
 
Why citizen developers should be your new best friend - Oracle APEX
Why citizen developers should be your new best friend - Oracle APEXWhy citizen developers should be your new best friend - Oracle APEX
Why citizen developers should be your new best friend - Oracle APEX
 

Último

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfOverkill Security
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024The Digital Insurer
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Último (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

Shrinking the container_zurich_july_2018

  • 1.
  • 3. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 3
  • 4. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Take - aways • Make smaller things • Only pack what you need • Use the smallest container 4
  • 5.
  • 6. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 7
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Software 12
  • 12. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Responsibility 13
  • 13. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 14
  • 14. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | When I wrote FORTRAN… 15 £140
  • 15. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | When I wrote FORTRAN… 16 £140 £40
  • 16. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | When I wrote FORTRAN… 17 £140 £40 £100
  • 17. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | The less you care about, The Happier you are 18
  • 18. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Enterprise Software • Multiple responsibilities • Difficult to deploy • Difficult to scale 19
  • 19. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Lack of Agility • “too big too fail”  “too difficult to change” – Technical risk – Political risk • “it would take us two years to deploy hello world” – Public sector customer Finland 20
  • 20. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 21
  • 21. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 22
  • 22. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | All the Little Things • Want better apps? • Make smaller things • Have them know as little as possible about each other 24 Talk by Sandi Metz https://youtu.be/8bZh5LMaSmE
  • 23. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Make smaller things* * Things == Objects || Services || Applications 25
  • 24. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Small things* are easy to change * Things == Objects || Services || Applications 26
  • 25. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 27 Monoliths  Microservices
  • 26. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Microservices • Do one thing well • Loosely coupled • Choreography > Orchestration • Business capabilities not tech layers 28
  • 27.
  • 28.
  • 29. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Infrastructure 36
  • 30. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 39
  • 31. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Diminished Responsibility Server • Hardware • OS • Multiple services and applications VM • OS • Single service or application (typically) Container • Single service or application 43
  • 32. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | A Case Study 44
  • 33. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | SaaS Startup • Monolithic Rails app • Running on VMs • Inflexible scaling (whole app only) • Measure inflexibility in $ • Need to – Improve Scalability – Improve Utilisation – Lower Costs 45
  • 34. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Splitting the Monolith • Refactor app • Set of Microservices • Image per Microservice • Choreography 46
  • 35. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Result • Fine – grained scalability • Event – driven • Improved utilisation • Lower costs 47
  • 36. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Houston, we have an opportunity… 48
  • 37. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | …and a challenge… 49
  • 38.
  • 39. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | “Docker makes building containers a breeze. Just put a standard Dockerfile into your folder, run the docker ‘build’ command, and shazam! Your container image is built! The downside of this simplicity is that it’s easy to build huge containers full of things you don’t need—including potential security holes.” - Sandeep Dinesh, Google Developer Advocate (see https://goo.gl/76GPcd) 51
  • 40. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Containers @ Oracle 52
  • 41. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Operational Differences • Immutability • Rebuild / Redeploy vs Patching • Build toolchain vs Config Management tools 53
  • 42. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Worst Practices • Developers without operational awareness • Multiple applications per container • Container Bloat • Handling of security vulnerabilities 54
  • 43. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Security Matters • Privilege escalation – Whole Linux user space  bigger attack surface – Compromise app  expose other vectors • Vulnerability management – Can’t patch a running container – What does the app really need to run? – What do I really need to patch? 55
  • 44. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Size Matters • Large images – Often > 1GB in size – FROM Debian – Alpine can help, but brings it’s own problems • Bloat – "You wanted a banana but what you got was a gorilla holding the banana and the entire jungle" – Joe Armstrong 57
  • 45. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Enter Microcontainers 58
  • 46. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | A Microcontainer • Contains only – Single executable – Dependencies (of the executable) • Runs with a read only root filesystem • Files are all owned and read by a single user 59
  • 47. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Result • Small image • Fast, easy distribution • Smaller attack surface • Certainty over vulnerabilities 60
  • 48.
  • 49. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 62
  • 50. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | containers lean
  • 51. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Builder Pattern • Development Dockerfile – Creates “fat” development image • Production Dockerfile – Creates “lean” production image • Build script to extract and copy • Difficult to maintain • Messy 64
  • 52. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Multi Stage Builds • Single Dockerfile • Create successive images – (can use different bases) • Copy from imagen to imagen+1 • Single, final image 65 Since Docker 17.05
  • 53.
  • 54.
  • 55.
  • 56. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | If I had a hammer… • Single layer • Automatic Dependency Resolution • Enables best practice: – Single user – Idempotent builds – More secure images • No overlayfs 69
  • 57.
  • 58. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Smith • Open Source – Apache License 2.0 – Universal Permissive License • Command line tool for – Building Microcontainer images • yum repos • rpm files – Shrinking existing containers • Standard image in  Microcontainer image out 71 http://github.com/oracle/smith
  • 59. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Process • If shrinking – Download image in OCI format – Or point to URL • Define a smith.yaml file • Run smith • Upload in OCI format to Docker repo 72
  • 60.
  • 61.
  • 62. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | How it works: Packages new OCI image Creates single layer Loads library search paths and recursively copies dependencies Copies out files from paths in smith.yaml Unpacks layers 75
  • 63.
  • 64.
  • 65.
  • 66.
  • 67. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | For best results • Build a Big Fat Image • Hammer it with Smith • Easier & quicker than Multi Stage Build – YMMV 80 (unless you have a self contained binary)
  • 68. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | What if…? 81
  • 69. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Don’t… • Run sshd • Login with ssh • Embed debug tools • Docker exec to get prompt 82
  • 70.
  • 71.
  • 72. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Challenges • Can’t just mount a directory into the container on the fly – Restart - may be difficult to recreate conditions • Most tools expect to be in their own directory • Paths • Library conflicts 85
  • 73. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Requirements • Debug tools happy with alternate location • Static library dependencies  avoid conflict with container libraries • Focus on solving problem, not hacking container. 86
  • 74. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Crashcart • Open Source – Apache License 2.0 – Universal Permissive License • Simple command line tool • “Sideloads” an image with Linux binaries (debug tools) into an existing container 87 http://github.com/oracle/crashcart
  • 75. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Crashcart • Attach to pid of container • Mounts crashcart image • Run binaries from crashcart image • Detach & unmount 88
  • 77. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Get involved • Fork Smith and Crashcart on GitHub • Try the labs for Smith and Crashcart • Get in touch via Slack • Contribute 90
  • 78.
  • 79. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Take - aways • Make smaller things • Only pack what you need • Use the smallest container • Benefits – Simplicity – Agility – Security 92
  • 80. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 93 ewan.slater@oracle.com @ewanslater https://plus.google.com/+EwanSlater
  • 81. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | Questions? 94
  • 82. Copyright © 2018, Oracle and/or its affiliates. All rights reserved. | 95