Container Camp 2015

We were at Container Camp at the Barbican (here in London) last Friday (11/09). The venue was not far from base, so we could nip back the office if there were any problems with the new infrastructure (with proper Chef servers). Everything was running smoothly and we enjoyed the event, but some of the participants were not so lucky and had to leave because the database server that never crashes decided to crash on that Friday afternoon… it’s tough to be a sysadmin.

One of the speakers did a quick survey of the audience (about 150) and it seems that about half are using containers and, of those, most are using them in production. Interesting.

At Sandtable we use containers in production: running Docker on Mesos/Marathon and also with Rancher.

Speaking of Rancher, it was good to chat with the Rancher guys. Rancher should be out of beta by the end of the year, and it will stay free. But they will also offer a hosted solution. They mentioned that they may also look to somehow integrate Rancher with Mesos, but that is all we know at this point.

One of our system problems at the moment is container monitoring. In this space, we spoke to the Italians from Sysdig. Their Sysdig Cloud solution looks nice with plenty of metrics and a lot of details. It isn’t free however. They also did a demo of their open source tools that was pretty impressive (you wouldn’t expect less from the folks behind Wireshark).

After listening to the talks, we are going to try Prometheus first, as it’s a monitoring solution that looks flexible, seems popular, and it’s open source. Also one of the speakers mentioned it integrates with cAdvisor, which we’re using. We have basic container monitoring in place.

What did the speakers talk about?

There were a couple of talks about running containers on bare metal instead of running them on VMs for performance. Creative and interesting solutions like VMware Bonneville project were mentioned.

There were several talks about service discovery and container networking in general. We particularly appreciated the talk from Arjan Schaaf, particularly because he wasn’t trying to sell a product like most of the speakers. He did a comparison of Weave, Flannel and Project Calico’s performance on AWS and Azure using different types of instances. The result of his experiment was that AWS was doing a better job than Azure concerning network performance and that Flannel VXLAN was the most performant. Project Calico was in the middle. And he always seemed disappointed that Weave wasn’t doing better. But as he said, performance shouldn’t be your only criterion as those solutions have different features that may match your needs.

We had a talk about LXD, which is a container hypervisor from Canonical. Good to know that Docker isn’t the only option.

At the lunch break, we had a five minute talk on Flocker that allows to move your Docker volumes from one server to another using zfs. Looks promising.

A speaker also mentioned that they moved from ECS to Marathon and it was much faster … not surprising.

To finish the day there were interesting talks about security and performance (the poor sysadmins rescuing their servers missed them). In particular, a great talk from Diogo Mónica (Security Lead @ Docker) about Docker Content Trust using Notary. Following his advice, you are sure to pull the right image.

There was also a really interesting talk from Ben Hall with lots of useful tips on how to run Docker containers more securely and told us about elasticsearch container being hacked.

To finish, Juan Batiz-Benet made us realise that our Docker images were too big and it was ridiculous to download them millions of time and would be much better if we had peer-to-peer.

Overall, we enjoyed our time at Container Camp. We appreciated the quality of the talks with speakers coming from all around the world. Thanks to the organisers and sponsors, we hope to see you again next year.

Leave a comment

Please prove that you are human: