Docker & Kubernetes Simplified
Google Developer Expert
🐍 Developer Advocate @ Nexmo
GDG Durham Organiser @ gdgdurham
Effects of DevOps
The adoption of DevOps culture, tools and agile engineering practices has, among other things, the nice effect of increasing the collaboration between the roles of development and operations. One of the main problems of the past (but also today in some realities) is that the dev team tended to be uninterested in the operation and maintenance of a system once it was handed over to the ops team, while the latter tended to be not really aware of the system’s business goals and, therefore, reluctant in satisfying the operational needs of the system (also referred to as “whims of developers”).
"The promise behind software containers is essentially the same. Instead of shipping around a full operating system and your software (and maybe the software that your software depends on), you simply pack your code and its dependencies into a container that can then run anywhere — and because they are usually pretty small, you can pack lots of containers onto a single computer."
- Containers make it easier for developers to know that their software will run, no matter where it is deployed.
- They also enable what’s often called “microservices.” Instead of having one large monolithic application, microservices break down applications into multiple small parts that can talk to each other.
- This means different teams can more easily work on different parts of an application and, as long as they make no major changes to how those applications interact, they can work independently of each other.
- That makes developing software faster and testing it for possible errors easier.
- Docker containers are not virtual machines
- Docker containers don’t provide bare-metal speed (you will still see some overhead if you need that kind of speed but it will get you close enough!)
- Docker containers are stateless and immutable
DOCKER CONTAINERS ARE NOT MICROSERVICES!!!!
To manage all of these containers, you need a great tool like Kubernetes that helps you push those containers out to different machines, makes sure that they run and lets you spin up a few more containers with a specific application when demand increases. And if you want containers to know about each other, you also still need some way of setting up a virtual network, too, that can assign IP addresses to every container.
HOW ABOUT SECURITY?
Some best practices...
- Know and control the source and content of your images
- Eradicate vulnerabilities before container deployment
- Hardening container images, daemons, and the host environment : (IE. Restrict access, remove noncritical native services from the production host so you force all access through containers)
- Use secrets: passwords, SSH private keys, SSL/TLS certificates, connection strings, and other data that should not be transmitted via clear text nor stored unencrypted.
- Use your sane judgment... if not sure... don't rush it to prod
Docker & Kubernetes Resources
Containers & Security 101: Docker & Kubernetes Simplified
By Super Diana