Wrap-up from the Amsterdam Software CircusMartijn Gijsberti Hodenpijl
It was clear that the buzzwords of the conference were docker and microservices. There were various vendors which presented tooling around Docker, a number of talks about Docker security. Micro services was mentioned in almost every presentation. But it is clear that micro services only make sense in a devops organisation. The developer has many hats. The complexity of modern software development is overwhelming. There is a desire for overview and new API/services which leverage the complexity of underlying systems.
Keynote Adrian Cockcroft
Adrian talked about the relation between doves, architecture and how the management can create a context where doves culture and scalable architecture can evolve.
Some points from the keynote:
- It is done when the product is retired
- No procedures but system as systems evolve and behave
- Teams build their systems secure when they feel the pain (short feedback loops)
- The size of a microservice should fit in your head
- About migration to micro services - Solve the biggest risk with smallest experiment
- The salary of an engineer should be based on its market value (!)
Docker security Tips and tricks
Adrian Mouat of Container-solutions talk showed how tricky Docker security is. He gave a some advices and trips how to avoid the most common security breaches when building a container. For instance that it is better to store secrets in a separate vault of key-value store and not store them in the container. Also do not use environment variables with security sensitive information - the variables are shared with all the containers. I learned that you really have to know what you are doing if you are using Docker. Adrian said that some companies use Docker in production with the Docker containers are encapsulated in VMs. He gave also a presentation about Docker security for the Docker meetup in Schuberg [http://container-solutions.com/docker-provenance-talk-amsterdam-docker-meetup/ ]. In the meetup he claimed that Docker cannot be used in production. But things are moving fast in Docker world. He gave it now a draw between VMs and Docker. Personally I was not completely convinced, because you can do a lot of things wrong in Docker without even knowing.
Docker Content Trust - Notary
For instance, you do not have a guarantee that the content of a Docker container is actually from the provider of the container. A man-in-the-middle attack can redirect to another container or the content can be corrupted by a hack of the Docker registry. Docker security specialist Dioga Monica gave an energic presentation about Notary (https://github.com/docker/notary) which provides a solution for Docker content trust. With Notary publishers can sign their content offline. The tools uses a sophicated mechanisme with four keys, of which one of the key (the root key) validates the other three keys. I am not a security specialist, but I think the tool can be applied in other types of registries (for instance an Nexus or an application store). Dioga simulated in a live demo the two types of attacks and showed how Notary noticed the attacks and did not give permission to run the compromised containers. I was impressed by the demo. See also https://blog.docker.com/tag/docker-notary/ and http://www.cmswire.com/information-management/docker-engineer-our-containers-are-secure/
Microservices and container orchestration
There were several presentations about new tools for orchestration of containers with microservices. Seth Vargo of Hashicorp gave a presentation about Consul, and I learned that Consul can do a lot more than service discovery. With Consul you can make the infrastructure more resilient, because Consule can monitor AND act. For instance Consul can restart services when they are down. Consul has a detailed history of all the actions. Kelsey Hightower of CoreOS gave a nice demonstration of how Kubernetes can autoscale Nxinx containers, depending on the amount of traffic. Cisco and Microsoft also gave their presentations, which IHMO were not so convincing. They presentend one-size-fits-all solutions (services). Mesos (Mesoshpere) and Clocker (Cloudsoft) gave also presentations about Docker orchestration. It was a bit overwhelming.
Microservices development and testing
I liked the presentation of two guys from Springer about continuous delivery pipeline for microservices. They showed with a simple script the developer could provision a deployment workflow in Go/CD (Thoughtworks). Rather similar to the workflow plugin of Jenkins. The started a tools team 10 months ago and now provide for several teams in Springer the infrastructrure for continuous integration and deployment. They use Docker for testing but real VMs in production. They started small, with a single project and gradually builded the capacity. They are now have to learn how to step out of the reactive mode and really build for the longer term.
Use your common sense or not ?
In order to deal with all the complexity of the containers and microservices you have to make your head clear. Dave Allen of the book Gettings things done promoted his method, which is based on a very simple order of things. The order is purpose, vision, ideas, execution and next action. If you want more clarity, zoom out. If you want more things done, zoom in. Daniel Bryant of OpenCredo gave a dynamic presenation about one of my favourite books - Thinking, Fast and Slow of Daniel Kahneman. The book is about we can tricked by our common sense or intuition (system 1). During the presentation he gave an hugh number of tips and references to books. The slides can be found on slideshare (http://www.slideshare.net/dbryant_uk/sc-2015-thinking-fast-and-slow-with-software-development)
During the conference I did live drawing and placed the drawings on flickr - https://t.co/k0KknRPoEP
It was great fun!