Thursday, December 29, 2016

Using Docker with your own Certificate Authority

You should be able to find several free Certificate Authorities in the wild. The most popular are probably Let's Encrypt or CACert. However, if for any reasons (restrictions, use of localhost, ability to automate...), you prefer to manage your own Certificate Authority, you will probably consider OpenSSL as a nice toolkit to build it. This blog presents a few useful commands. They are not intended, by any mean, to replace the official documentation but it might help to speed-up your initial setup and different scenarios.

If you own a CA, you could use it a lot with Docker... or not. I mean it could help. For instance, you could use it to secure a vault to store and share secrets. You could rely on a PKI to authenticate clients ans servers. You could also use it to encrypt HTTP protocol, including the access to your private registry. This blog will explore the latter scenario to illustrate how you can leverage your newly created Certificate Authority.
Important Note:
The example below relies on Fedora/Enterprise Linux; if you plan to use Debian, another Linux distribution, Windows or OSX, you should have to adapt the procedure to make it work.

Thursday, December 22, 2016

Provisioning Compute in Oracle Public Cloud with Terraform

Terraform is probably the most popular Cloud orchestrator today. At least, this is the one I prefer! It is easy to use, fast, it provides a nice way to simulate the addition/deletion of resources and it can be extended nicely. It is the perfect tool to kick-off Infrastructure with most providers as I've already discussed.

For a few days now, I've started to use Oracle Cloud again. I'm really enjoying the Container Services, by the way. Beyond the Database, Oracle has definitely made some tremendous progress with its IaaS. It is very powerful. When discovered I could use Terraform with the Compute Service, I could not resist... It took me less than 15 minutes to install it and use Terraform Provider for Oracle Compute Cloud. It just works fine with Terraform 0.8... You will find a few notes about it right below

Saturday, December 17, 2016

Service Discovery and Blue/Green Update with Docker

If you are a developer, a product owner or a project manager, love docker! It speeds up and eases everything:
  • It is a perfect match for 12-Factor applications and microservices development. Do you want Agile Management? Do you want to build large applications? Do you want to keep a clear separation of concerns? Do you want to scale your project with "divide and conquer"?
  • Thank to the Docker Hub, Docker Store and Github, it provides a huge amount of images you can easily pull, assemble and enhance to build the best experience to users. 
  • It is quite agnostic from your infrastructure or cloud provider. It allows to easily scale-out to handle load.
If you are an Ops, you can be even more happy! It is very likely you will get more work and challenges than ever. "Learn as you go", if you want...  Not only you should choose and deploy one of the many Docker Infrastructure from Kubernetes, Mesos/Marathon, Nomad, Swarm or AWS ECS but you will soon discover you need more to manage network, service registration/discovery, monitoring, repositories and deployment, blue/green updates, management of monoliths/singletons, secret management, incidents, failures and many more, including integration with other ecosystems.

I've started a small project I've called docker-mate to present to some of the challenges you might face when running Docker as well as tools you can use to address them. To make it simple, I've built it on top of docker-compose. Hopefully, you will like some of the demonstrations it provides, clone the project, open issues and provide new ideas. I wish you will like docker even more once you've seen some of the fantastic tools people are building to use it.