Dombat


Software Engineering, Security, Management & Leadership. I work for Microsoft as an Application Development Manager (ADM). Views are mine.

Dombat

Quick ramp-up in Containers & Orchestration

11th December 2019

I have a call tomorrow with a customer and it might partially be about containers. That's a bit vague I know.  I haven't fully learned about containers yet in my skills refresh (they're part of the exam I'm studying for AZ-203).  This blog is my learnings ready for the call which might be useful for someone else who needs to learn quickly!

This is basically finding out about Docker, Kubernetes, Azure and using them with Azure DevOps.

What are containers?

Containers are a solution to the problem of how to get software to run  reliably when moved from one computing environment to another. This  could be from a developer's laptop to a test environment, from a staging  environment into production, and perhaps from a physical machine in a  data center to a virtual machine in a private or public cloud.

Source: https://www.cio.com/article/2924995/what-are-containers-and-why-do-you-need-them.html

For those coming from virtualized environments, containers are often compared with virtual machines (VMs). You might already be familiar with VMs: a guest operating system such as Linux or Windows runs on top of a host operating system with virtualized access to the underlying hardware. Like virtual machines, containers allow you to package your application together with libraries and other dependencies, providing isolated environments for running your software services. As you’ll see below however, the similarities end here as containers offer a far more lightweight unit for developers and IT Ops teams to work with, carrying a myriad of benefits.

Source: https://cloud.google.com/containers/

What is Docker?

In a way, Docker is a bit like a virtual machine. But unlike a  virtual machine, rather than creating a whole virtual operating system,  Docker allows applications to use the same Linux kernel as the system  that they're running on and only requires applications be shipped with  things not already running on the host computer. This gives a  significant performance boost and reduces the size of the application.  And importantly, Docker is open source.  This means that anyone can contribute to Docker and extend it to meet  their own needs if they need additional features that aren't available  out of the box.

Source: https://opensource.com/resources/what-docker

What is Docker Enterprise?

Docker Enterprise is the industry-leading, standards-based container  platform for rapid development and progressive delivery of modern  applications. Only Docker delivers a consistent and secure  desktop-to-cloud application pipeline to Kubernetes environments in any  cloud, choice of tools and languages, and central point of collaboration  that simplifies and streamlines processes across dev and ops.

Source: https://www.docker.com/products/docker-enterprise

Didn't Docker Enterprise get sold?

Yes, here is some of the press release from Mirantis the new owner:

Campbell, Calif – November 13, 2019 – Mirantis,  the open cloud company, announced today its acquisition of Docker’s  Enterprise Platform business. Its industry leading container platform,  employees and hundreds of enterprise customers will accelerate Mirantis’  goal to deliver Kubernetes-as-a-Service with a consistent experience  for developers on any cloud and on-prem infrastructure. Terms of the  deal are confidential.  Docker Enterprise is the only  platform that enables developers to seamlessly build, share and safely  run any applications anywhere – from public cloud to hybrid cloud to the  edge. One third of Fortune 100 companies use Docker Enterprise as their  high-velocity innovation platform.

Source: https://www.mirantis.com/company/press-center/company-news/mirantis-acquires-docker-enterprise/

What is a Docker Swarm?

A Docker Swarm is a group of either physical or virtual machines that  are running the Docker application and that have been configured to  join together in a cluster. Once a group of machines have been clustered  together, you can still run the Docker commands that you're used to,  but they will now be carried out by the machines in your cluster. The  activities of the cluster are controlled by a swarm manager, and  machines that have joined the cluster are referred to as nodes.  Docker swarm is a container orchestration tool, meaning that it  allows the user to manage multiple containers deployed across multiple  host machines.

Source: https://www.sumologic.com/glossary/docker-swarm/

What is Docker Registry?

The Registry is a stateless, highly scalable server side application that stores and lets you distribute Docker images. The Registry is open-source, under the permissive Apache license. You should use the Registry if you want to: tightly control where your images are being stored, fully own your images distribution pipeline, integrate image storage and distribution tightly into your in-house development workflow

Source: https://docs.docker.com/registry/

Docker Trusted Registry (DTR) is a enteprise/paid version of Docker Registry with more features. See Docker Trusted Regsitry docs

What is Orchestration?

Think of a conductor of an ochestra, waving their wand around to get muscians to play their notes. The orchestrator is like the conductor, getting containers to do things. Here is the definition from https://en.wikipedia.org/wiki/Orchestration_(computing)

Definition of orchestration 

What is Kubernetes?

Kubernetes is a portable, extensible, open-source platform for  managing containerized workloads and services, that facilitates both  declarative configuration and automation. It has a large, rapidly  growing ecosystem. Kubernetes services, support, and tools are widely  available.  The name Kubernetes originates from Greek, meaning  helmsman or pilot. Google open-sourced the Kubernetes project in 2014.  Kubernetes builds upon a decade and a half of experience that Google has with running production workloads at scale, combined with best-of-breed ideas and practices from the community.

Source: https://kubernetes.io/docs/concepts/overview/what-is-kubernetes

This is an interesting article about the differences between Docker Swarm and Kubernetes.

What is Azure Kubernetes Service (AKS)

The fully managed Azure Kubernetes Service (AKS) makes deploying and  managing containerized applications easy. It offers serverless  Kubernetes, an integrated continuous integration and continuous delivery  (CI/CD) experience, and enterprise-grade security and governance. Unite  your development and operations teams on a single platform to rapidly  build, deliver, and scale applications with confidence.

Source: https://azure.microsoft.com/en-us/services/kubernetes-service/

What are Azure Dev Spaces?

Azure Dev Spaces provides a rapid, iterative Kubernetes development  experience for teams in Azure Kubernetes Service (AKS) clusters. Azure  Dev Spaces also allows you to debug and test all the components of your  application in AKS with minimal development machine setup, without  replicating or mocking up dependencies.  Azure Dev Spaces helps teams to focus on the development and rapid  iteration of their microservice application by allowing teams to work  directly with their entire microservices architecture or application  running in AKS. Azure Dev Spaces also provides a way to independently  update portions of your microservices architecture in isolation without  affecting the rest of the AKS cluster or other developers. Azure Dev  Spaces is for development and testing in lower-level development and  testing environments and is not intended to run on production AKS  clusters.

Source: https://docs.microsoft.com/en-us/azure/dev-spaces/about

Dev Spaces can help team collaboration by everyone using the same Kubernetes cluster. Having a production like local environment with many microservices and containers would be really difficult to create and maintain, so this tutorial can show you how to do it.

Managing Secrets when working with Azure Dev Spaces

Your services might require certain passwords, connection strings,  and other secrets, such as for databases or other secure Azure services.  By setting the values of these secrets in configuration files, you can  make them available in your code as environment variables.  These must  be handled with care to avoid compromising the security of the secrets.  Azure Dev Spaces provides two recommended, streamlined options for  storing secrets in Helm charts generated by the Azure Dev Spaces client  tooling: in the values.dev.yaml file, and inline directly in azds.yaml. It's not recommended to store secrets in values.yaml.  Outside of the two approaches for Helm charts generated by the client  tooling defined in this article, if you create your own Helm chart, you  can use the Helm chart directly to manage and store secrets.

Source: https://docs.microsoft.com/en-us/azure/dev-spaces/how-to/manage-secrets

What is Helm?

Helm helps you manage Kubernetes applications — Helm Charts help you  define, install, and upgrade even the most complex Kubernetes  application. Charts are easy to create, version, share, and publish — so start using Helm and stop the copy-and-paste.

Source: https://helm.sh/

Uisng a Helm repository in Azure Dev Spaces https://docs.microsoft.com/en-us/azure/dev-spaces/how-to/use-private-helm-repo

Azure Turorials

Microsoft Azure have provided several 5-minute tutorials to quickly learn how to get up to speed on application development for AKS

Is there any free training?

Microsoft Lean has this free course that lasts just under an hour to get up to speed in these topics:

  • Run containers in Azure Container Instances
  • Control what happens when your container exits
  • Use environment variables to configure your container when it starts
  • Attach a data volume to persist data when your container exits
  • Learn some basic ways to troubleshoot issues on your Azure containers

I have heard of Azure Service Fabric, what is it?

Too be honest, I'm not 100% sure! This Microsoft documentation says:

Azure Service Fabric is a distributed systems platform that makes it  easy to package, deploy, and manage scalable and reliable microservices  and containers. Developers and administrators can avoid complex  infrastructure problems and focus on implementing mission-critical,  demanding workloads that are scalable, reliable, and manageable. Learn  how to use Azure Service Fabric with our quickstarts, tutorials, and  samples.

It sounds like another orchestrator! This stackoverflow question has an excellent answer.

Software Engineer with interests in security and business processes.

View Comments