dockerizing php apps - aurelijus banelis · how to dockerize introduction development production...

Aurelijus Banelis

Dockerizing PHP Apps

ŠiauliaiPHP2019-01-31

http://auginte.com

https://www.nfq.lt/

Aurelijus Banelis

PGP 0x320205E7539B6203130D C446 1F1A 2E50 D6E33DA8 3202 05E7 539B 6203

Backend/[email protected]

https://www.nfq.lt/

https://pgp.mit.edu/pks/lookup?op=vindex&search=0x320205E7539B6203

https://pgp.mit.edu/pks/lookup?op=vindex&search=0x320205E7539B6203

https://aurelijus.banelis.lt/

http://auginte.com

https://www.facebook.com/NFQAcademy

AdaptingPHP applicationsto be used with

docker

Why to dockerizeWhat is dockerHow to dockerize

Introduction

Development

Production

Context/AlternativesWhat I really likedWhat I do not like

Deploying to AWSLogging challenges

Development bottleneck

Confidence/tooling bottleneck

Provisioning speed bottleneck

Illustration: https://home24.tech.blog/2018/05/28/home24-presenting-at-tableau-cinema-tour/

https://home24.tech.blog/2018/05/28/home24-presenting-at-tableau-cinema-tour/

Monolith (VirtualBox) → SplitDevelopment bottleneck




Jenkins (time based) → CircleCIConfidence/tooling bottleneck




Release coordination → AWS servicesProvisioning speed bottleneck




Bottleneck to grow




The need for better virtualization tools




The need for better virtualization tools

docker?

We migrated to dockerUsing docker extensively at

We migrated to dockerUsing docker extensively at

I would do the same againRight decision for current scaleFuture opportunities


Introduction

Development

Production



Tool to run in isolated environmentMany ifs in kernel = cgroupsNot VirtualBox, not unikernel

Open source tool backed by Docker IncContainer hosting and premium serviceImproved by community (AWS, K8s)


Introduction

Development

Production



docker build . -t siauliaiphp-exampledocker run -p 8080:80 siauliaiphp-example

https://gist.github.com/aurelijusb/6f6b1c86c440ce527250193ffcae62d7

docker build . -t siauliaiphp-exampledocker run -p 8080:80 siauliaiphp-example



docker build . -t siauliaiphp-exampledocker run -p 8080:80 siauliaiphp-exampleSimple?



docker build . -t siauliaiphp-exampledocker run -p 8080:80 siauliaiphp-exampleSimple?But for simple cases


Multiple containers

Development tools

PHP extensions

xDebug support

...https://github.com/nfqakademija/docker/blob/master/php/Dockerfile

https://github.com/nfqakademija/docker/blob/master/php/Dockerfile


Multiple containers

Development tools

PHP extensions

xDebug support


More configuration



Multiple containers

Development tools

PHP extensions

xDebug support


More configurationBut infrastructure

as a code



https://github.com/nfqakademija/docker/blob/master/docker-compose.yml

Multiple containers

Development tools

PHP extensions

xDebug support


Docker wayLogging stdout/stderrConfiguration via ENV

Kill-it-not-heal-it….




Introduction

Development

Production



Docker Featuretoggle

IDE in cloud

Run & pray

Virtual box

Not many alternativesFor isolated environments

https://www.home24.de/

https://www.hometogo.com/

https://aws.amazon.com/cloud9/

https://www.rookout.com/


Introduction

Development

Production



Person

Team

Community

Sandboxed development environmentHigh quality mocks (real MySql, wireshark)True integration/acceptance testsDockerfile→docker-compose→custom tooling

Experimenting with new software saferNo trash, no sensitive informationEasy to swap (DynamoDB local vs dynalite)Install/compile on your machine? Seriously?

Switching between branches/tasksLess issues with cache invalidationKill-it-not-heal-itData volumes = test data in branch

Infrastructure as a codeFixed versions, fixed php.ini+extensionsLess “works on my machine” = reproducibleMany bash scripts, configuration via ENV

https://docs.docker.com/storage/volumes/

https://github.com/nfqakademija/docker/blob/master/docker-compose-tools.yml

Huge ecosystemPioniers are using and improvingAmazon, Google (K8s) is investingKnown issues and solutions in StackOverflow


Introduction

Development

Production



High learning curve = blame dockerMisuse of the tool – isn’t docker silver bullet?Docker wraps – everyone blames the wrapperMany ways to install docker incorrectlyMounting vs copy-on-write operationNo Windows, more tooling/docs around

Not mature tooling / edge casesDownload private dependency: github token?Password protected SSH key? (Mac+Linux)CircleCI limited “remote docker”Host IP for xDebugEven more bash scripts/docs

Cache everything by designFull HDD because of docker imagesMissing log rotation (no “log-opts” by default)“Latest” tag, that is not immutableNetwork unreachable, since used by dockerDocker-clean sh, docker pull, RTFM


Introduction

Development

Production



○ ECS (not yet K8s, AWS backed infrastructure/improvements, canary deployment by default)

○ ECR – uptime for downloads. Docker hub for development○ Task definition = docker-compose.yml○ PHP+Apache = PHP+Nginx (no big difference)○ Custom tooling for credentials via environment○ Spot-instances (currently for staging, targeting production)

PHP + Docker in productionMigrated Tier1 service – nobody noticed

AWS ECS PHP 7.2

Docker Apache

Amazon Web ServicesElastic Container ServiceAWS integration (E.g. spot-instances)K8s on AWS then was not matureKnow-how (our Go apps in prod)

Amazon Web ServicesElastic Container ServiceAWS integration (E.g. spot-instances)K8s on AWS then was not matureKnow-how (our Go apps in prod)

Naming in AWSDocker-compose → Task definitionContainer → TaskDocker Hub → ECR

Apache mod_phpPHP 7.2 log trimming in Nginx+FPMSingle process container – easierNo visible performance impactInternal service (no slow loris attack)


Introduction

Development

Production



Replica Daemon External

ECS Service types

Daemon

LogConfiguration: LogDriver: fluentd Options: fluentd-async-connect: "true" fluentd-buffer-limit: "32MB" mode: "non-blocking"

Daemon

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html

Replica Daemon External

Under investigation...Filebeat

https://www.elastic.co/products/beats/filebeat

https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-input-syslog.html


Introduction

Development

Production



DockerFeaturetoggle

IDE in cloud

Run & pray

Virtual box

Docker:Good to understand

Use on demand

Aurelijus Banelis

Dockerizing PHP Apps

ŠiauliaiPHP2019-01-31

Thank youQuestions?

http://auginte.com

https://www.nfq.lt/

Further reading/references● https://www.docker.com/● https://hub.docker.com/ ● https://aws.amazon.com/ecs/● https://aws.amazon.com/ecr/ ● https://fluentbit.io/● https://www.home24.de/ ● https://home24.tech.blog/category/aws/● https://aws.amazon.com/blogs/opensource/network-load-balancer-support-in-kubernetes-1-9/ ● https://docs.aws.amazon.com/AmazonECS/latest/developerguide/docker-volumes.html ● https://d1.awsstatic.com/whitepapers/microservices-on-aws.pdf ● https://justi.cz/security/2019/01/22/apt-rce.html ● https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-input-syslog.html ● https://d1.awsstatic.com/whitepapers/DevOps/running-containerized-microservices-on-aws.pdf

https://www.docker.com/

https://hub.docker.com/

https://aws.amazon.com/ecs/

https://aws.amazon.com/ecr/

https://fluentbit.io/

https://www.home24.de/

https://home24.tech.blog/category/aws/

https://aws.amazon.com/blogs/opensource/network-load-balancer-support-in-kubernetes-1-9/

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/docker-volumes.html

https://d1.awsstatic.com/whitepapers/microservices-on-aws.pdf

https://justi.cz/security/2019/01/22/apt-rce.html

https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-input-syslog.html

https://d1.awsstatic.com/whitepapers/DevOps/running-containerized-microservices-on-aws.pdf

dockerizing php apps - aurelijus banelis · how to dockerize introduction development production...

Documents