Deep Dive into Docker Containers for Rails Developers

by Christopher Rigor

This talk, titled "Deep Dive into Docker Containers for Rails Developers," presented by Christopher Rigor at RailsConf 2017 and sponsored by Engine Yard, explores the intricacies of Docker containers specifically for Ruby on Rails developers. Rigor begins by discussing the significance of containers in modern development, noting their growing popularity and the need to understand their internals for effective deployment in production environments.

Key Points:
- Introduction to Containers: Containers are described as lightweight alternatives to virtual machines that provide environment isolation using Linux kernel features—namespaces and cgroups. This allows developers to run applications in a controlled environment without the overhead of a full VM.
- Reasons for Using Containers: Rigor lists several advantages, including the ability to scale applications easily, mitigate dependency issues, and enhance deployment velocity. For Rails developers, using containers can simplify the process of running applications across different environments and swiftly manage multiple server setups.
- Container Internals: The talk dives into the internal mechanisms of containers, explaining how they are built using namespaces for process isolation and cgroups for resource management. Rigor emphasizes that containers are effectively processes that share the same host but operate in isolated environments.
- Practical Implementation: Rigor outlines a suggested approach to deploying a Rails application within a container, involving setting up namespaces and applying resource limits to manage the application efficiently. He provides detailed examples, demonstrating how to configure network interfaces and manage dependencies within the container setup.
- Security Considerations: Security is a vital topic, with Rigor discussing the importance of employing multiple layers of security. He covers the use of Linux security modules like AppArmor and SELinux, capabilities management, and the significance of namespace isolation to protect host resources.
- Running Containers in Production: The talk concludes with insights into orchestration systems like Kubernetes, which automate the management of containers in production. Rigor highlights the need for developers to leverage established platforms to abstract the complexities of container management while still maximizing the advantages containers offer.

In summary, Rigor inspires Rails developers to explore the container ecosystem, emphasizing the maturity of technologies available and encouraging the use of containers for building scalable, production-ready applications. While cautioning against running databases in containers due to potential risks, he advocates for deploying Rails applications within them to take advantage of their scalability and efficiency.

Deep Dive into Docker Containers for Rails Developers by Christopher Rigor

This is a sponsored talk by Engine Yard.

Containers have gained popularity the past few years but they have been around much longer than that. In this talk, we'll dive into the internals of a container. If you have used or heard about Docker containers but are unsure how they work, this talk is for you.

You’ll also learn how to run Rails in production-ready container environments like Kubernetes.

RailsConf 2017

00:00:11.650 hey we're about to begin it's good to see that the room is not

00:00:17.689 you know over booked so no one's getting dragged attitude welcome to Engine Yard sponsored talk

00:00:25.880 deep dive into docker containers for rails developers so that's a mouthful so

00:00:32.419 let's take a look at the title of deep

00:00:37.730 dive it is me and my wife scuba diving in the Philippines where advanced open

00:00:45.440 water is certified and it's beautiful underwater and when you go deeper it's

00:00:52.130 actually even more beautiful so we're going to talk about docker containers

00:00:57.829 who among you have you stalker before it's good it's more than half but who

00:01:06.289 among us use a container but not docker

00:01:11.290 okay we got one two okay so this is not an introduction to the dollar talk but

00:01:18.409 we were we will look into dapper I'm sorry container internals bracelets

00:01:25.010 well what what are containers made off so and then I have to be specific that

00:01:33.080 or as to make sure it's for real developers because when they announced

00:01:39.189 announced Wilcox will be in Phoenix so I was just thinking oh no a lot of Phoenix

00:01:44.420 jokes right so you've probably heard a lot of your strokes already right like so there's seven Phoenix one of the

00:01:50.540 organizers and you know the Phoenix framework some people have move on to other languages or frameworks that's

00:01:57.140 fine you know but we're here you know say that you know we you know we use

00:02:02.420 rails and a lot of people still do this is sponsored by engineers were very work

00:02:08.299 for and we're celebrating our 10 years this year so please join us tonight

00:02:15.499 the there will be a party tonight at 7:00 p.m. so please and we also have a boost tomorrow and on

00:02:23.240 a Thursday so engineer it's a great way to run your rails applications where you

00:02:29.240 can easily scale from one to hundreds of servers right uh we have ten years of

00:02:34.250 Ruby on Rails optimizations on top of AWS and you know we have top-notch 24/7

00:02:40.820 support so but let's get into the talk these are the topics that we're going to

00:02:48.650 talk about the reasons for using containers what are containers made off and how do

00:02:53.930 you run containers in production so

00:02:59.960 there are a lot of uses for containers but here we're going to focus specifically about on deploying your

00:03:07.550 rails apps in a container I remember when I started Ruby of died 2006 or a

00:03:14.420 few years after one of the most popular deployment tool back then was cappuccino

00:03:19.460 and it probably still is in some shape or form we still use that the Capistrano

00:03:27.110 way of doing things at engineered we have deployed a lot of real applications

00:03:32.390 using Capistrano you know big customers big applications and it works and she

00:03:38.180 even still works until now but here I'm going to try to discuss why why you

00:03:44.480 should you know put your rails app in in a container so we've got the channel you

00:03:49.730 SSH into a server if you're using gets they're going to do a git clone it pull

00:03:55.700 install the gem we compile our assets and maybe run migrations and it's fine

00:04:00.800 it works you know we have big apps using that approach and it works so but sometimes

00:04:06.160 when github goes down then no one would be able to deploy right this is not an

00:04:12.170 OP on github we use them it's a great service but when they go down a lot of

00:04:17.810 people notice right because a lot of people use them so we get a lot of tickets actually when you know and it

00:04:25.010 goes down nothing strong with an engineer platform but then get up goes down a lot of our customers can't deploy

00:04:31.690 that's only a small small reason though why you should why

00:04:37.500 you should use the container but let's take a look at what's involved in using a container here you will see that you

00:04:44.790 still need to install Ruby install the packages copier code install the jams

00:04:51.180 quick on Baracus it's very similar to Capistrano rightly so you're not not a

00:04:57.060 silver bullet that would that would remove all these steps right just still

00:05:04.170 doing it but now you're putting it in a container and once you have that container your server needs only to know

00:05:12.480 how to ran that container right it doesn't even know what's inside it just when were in that container and you

00:05:19.290 could run it with other containers it could be another rails app if you have

00:05:24.420 another one you could run it on the same server or it could even be something like Redis or or a database although you

00:05:33.240 know our DBA is here and T you wouldn't like that you shouldn't ruin your database entertainer but it is possible

00:05:39.330 all right whatever you put inside it and your host knows how to run it then it

00:05:46.050 should work then you could also have multiple servers there's no real world

00:05:52.050 analogy to this but you could duplicate a container easily you could run it on multiple servers so now when you try to

00:05:59.610 scale and you know the rails can scale right you just run a lot of different

00:06:05.610 servers and then on those servers you run your containers so containers start

00:06:11.310 faster and you'll be able to easily run

00:06:16.320 your run any code that you could put in a container which makes the whole process faster like your developers will

00:06:22.740 be able to release those faster in staging or in production and you know

00:06:27.990 you get a focus on on your your business problem but what are containers there

00:06:36.300 are a few descriptions that I keep on hearing when people discuss containers

00:06:41.780 when it first is the lightweight VM

00:06:46.830 and a lot of people don't like this description and because it's technically technically a container is not a virtual

00:06:54.630 machine when you have a virtual machine you you you could have a host for

00:07:01.860 example that's using this running Linux and you could have a virtual machine that it's a Windows box right you could

00:07:09.510 have a guest that that is different from your host but with containers when you

00:07:16.080 have a limit so you could only have Linux containers there are windows containers but we're not going to

00:07:22.710 discuss them that's outside the scope of the talk so we're specifically looking at Linux

00:07:28.680 containers but I like this description that it's the lightweight VM because of what I described earlier it is in a

00:07:37.230 container you could put everything on it in fact you need to put Ruby you need to

00:07:42.750 put your packages like if you have my sequel client libraries you need to put

00:07:48.840 those inside your container so for me it's a good description so likely VM

00:07:57.110 next is features on steroids so hatred

00:08:02.510 if you have a directory for example you could make that your your new root you

00:08:09.750 would still be using the same Linux kernel so that means it's technically

00:08:14.760 one OS but if you have different subdirectory ascend you change your routing to that you know you could do a

00:08:21.510 lot of interesting things like let's take a look at this so here I'm going I

00:08:30.240 have a little bloom - of server for able to directory and just pause that and you

00:08:39.210 could see that the directories on on that Ubuntu 1704 word you know they're

00:08:45.720 similar to what you can see in your in your Linux box right but here they're

00:08:51.360 just sub directories and you could run th routes

00:08:58.550 you could run stage so let's just bring it again so you

00:09:04.800 having a bunch of directory you could see sure it into that and now you're

00:09:10.290 inside a different different OS right you think you're you're inside 17:04 so

00:09:17.850 I'll check slash real confident exists it exists on the host but not on the new

00:09:23.910 route so here I also have a Penta 7 sub directories and I could - root into that

00:09:32.040 and now you would see that it in its own if you could see the version of the OS

00:09:38.339 but since it's a pentose root I now have yum inside it so I have a new bundle box

00:09:46.800 but I have young running so it it all shared the same Linux kernel but you

00:09:54.000 could see that you could run whatever Easter oh you want so here at the end I

00:10:00.060 just have another directory give young and you could see their version so now I

00:10:07.320 have one one two I think it's 1604 LTS version but I've showed you see other

00:10:13.339 distros that I could run but using teachers and teachers is the one of the

00:10:20.010 things that the container uses you have file system cloud system isolation where

00:10:26.910 in variant inside it you can't see anything outside of it however it's not

00:10:32.970 built for isolation so you could see you could not see different files outside

00:10:38.579 but you know you could see other processes as I will show you later on but this was now this is a very old

00:10:45.300 technology usually released in 1982 and it was used mainly for testing or for

00:10:52.920 building software where you don't want to use any dependencies so it's like having your pristine OS inside your

00:11:00.870 existing OS so the third description is Ling spaces and see groups and it is the

00:11:09.240 the needs of the topic and what containers really are are paces and see groups these are kernel

00:11:16.350 features so if you've heard about ministries and figures namespaces your when your processes run inside a

00:11:23.010 namespace they think they're on their own system right they don't think that there's another system you know they

00:11:31.650 don't see the host there's there's a they see their their own system so the container you could look at it as a

00:11:37.770 different route the namespace and a see group right so there are tools to create

00:11:44.580 namespaces but we'll look first at a higher level higher level tools of the

00:11:51.210 create namespaces and these are the things that people are familiar with

00:11:56.600 calling the container runtimes LXE for example you know it has been popular and

00:12:04.530 it has subsisted before doctor a doctor at the beginning was using a legacy to create a container so the it was just a

00:12:13.020 wrapper for sure it provides a lot of different advantages but at the

00:12:18.480 beginning it was using Alex C then you also have rocket system B and spawn but

00:12:24.480 the end you're just creating namespaces and C groups so in one of the tools

00:12:30.860 added new features to the kernel they are using implants and C groups so when

00:12:40.020 you're in a container there's an allusion to the user that you are on a

00:12:45.690 different OS as I showed you earlier you know you think the processing fits in in

00:12:52.500 its own OS so then that is the goal for for what we for the containers right so

00:13:00.570 here we'll see the stage root again I'm using Ubuntu 1704 and you would see that

00:13:11.190 inside it I could see all the different processes that are running I just cleared the screen very quickly but I

00:13:17.730 could grab for top I could see that process inside that root and I could

00:13:23.790 kill it right so if someone in the host was running top and I'm inside the new route and I

00:13:29.430 killed it then well I'm sorry to that person running top so what namespace does right namespace

00:13:39.180 is what they do is provide you that isolation so first let's look at the people main space so I'm going to

00:13:47.430 introduce a tool called unshare or a program called and share that would

00:13:53.010 create the namespace so I'm going to combine that with with stage root so I'm

00:13:59.010 going to pay unshare make a new namespace for a big namespace patriot

00:14:07.170 boom to 1704 you can same thing going to mouth the prop file system and after I

00:14:13.500 run PS you would see that I only see the batch process and the actors the PS

00:14:20.519 process so now inside it well it thinks it's kid number one but in fact it's

00:14:28.019 it's not a you know process number one in the host system it's something else

00:14:33.450 so it's just map something else but inside that namespace which we created using and share it thinks it is

00:14:41.360 number one so now you've created a namespace that can't catch kill the

00:14:48.270 processes that are running on the host and why it's important when people run containers that are that were created by

00:14:55.890 someone else you don't want that container to be able to go to the host and just kill any process right so next

00:15:04.529 is the mounting base so when you create a mounting space you you inherit all the

00:15:11.820 amount points off the server of the host but then when you make changes to it the

00:15:18.329 host won't be affected so why is that important so when you create a new container or a new namespace doctor for

00:15:26.399 example changes the amount points for prom seats and death and so the

00:15:31.740 containers won't have access to to the host to the host for example here the

00:15:38.850 container won't have access to the disk like that important well if you have access to the disk then you could

00:15:44.700 corrupt it and everyone running that container or every container running on

00:15:50.010 that host would have a problem so you don't want your containers to be able to access certain amount points and that's

00:15:56.250 where the mounting rates would help another Ling space that we'll look at is

00:16:01.830 user name space and this is actually a relatively new and even dr. only added

00:16:11.700 this maybe a few years ago so but this

00:16:17.070 is like speed mapping wherein when you're running inside a container are you when you're running as a user on a

00:16:26.100 container you you are actually a different user on the host so it's like kidnapping so a lot of containers run

00:16:32.010 its root inside you know you're running as the root user inside a container and

00:16:37.020 that could be a problem because when you're running a screw without user name

00:16:42.060 space you're also running a truth under hood and you know why that that's not

00:16:48.570 good right because if you have privileges on the house then you could do a lot of different things so when you

00:16:54.270 enable user name space you'll have roots inside the containers but you won't be rude outside so you're not you won't be

00:17:02.460 rude on the host next is the network namespace and inside

00:17:09.030 the container you will use your own network interfaces so it won't have any connection but what what a doctor does

00:17:16.920 for example is create these pairs and use a bridge on the host so now you have

00:17:23.189 one pair on the container one pair and the house and so it will be able to

00:17:28.430 you'll be able to have your network connection and we will show later on how

00:17:35.730 how that works and there are seven namespaces right now so we started with

00:17:41.160 Mount and the latest is the C group namespace and this is exactly more than

00:17:47.130 ten years in the making right so Mount was added at the group of kernel 2.4

00:17:54.780 and user for example with that is in 3.8 and C group recently was added in the

00:18:00.120 4.6 kernel so it wasn't you know there wasn't a there wasn't a just one time

00:18:08.910 we're in okay we're releasing containers they're really same spaces and they release it incrementally so let's take a

00:18:16.860 look at how you're going to use everything how you're going to combine everything to create your own container

00:18:22.020 and run rails inside it so we're going back to our same example you know

00:18:31.260 unshare but now we're I'm just showing here that you have a typical rails app

00:18:38.610 on you know on user source app so we're going to create namespaces using on

00:18:44.700 chair but now we're going to pass now UTS IPP Netscape and run state routes so

00:18:53.010 that it's what we've been running this whole talk and you're going to mount the

00:18:58.800 proc and then next I'm going to add a lot of environment variables but these

00:19:03.930 are just needed by by my fail fast like they have database URL and security base

00:19:09.560 I'm going to create just so it it's easier to see and now I'm going to run

00:19:16.920 bundle like that rails server to run my rails app so I'm now inside a container

00:19:25.320 and running a rails app right so I'm going to try to curl and see if I could

00:19:31.380 access that and you would see that it would fail because I haven't set up the

00:19:37.170 network B players that I mentioned you would see here there's only one loop that interface so now I have to create

00:19:44.310 those feeds pairs right so I'm on the second tab on the host and I'm going to create the veep's layers using the IP

00:19:50.730 command you just use H for the host hpid

00:19:56.310 and then see for the other pair so now I have two pairs I I put the C one and put

00:20:06.600 it on the process ID so that's the our part then I put the H five one four

00:20:12.570 zero on the duffer bridge that is running on the house so now you would see that there are two network

00:20:18.210 interfaces right so now I'm going to bring up those interfaces so bring bring

00:20:25.230 up the loopback interface going to bring up the other one pair one end of the

00:20:33.210 pair name is each name it is zero inside the container here I'm just going to add

00:20:40.830 an IP address of course you want to be able to connect to to your container using an IP from the bridge that I just

00:20:50.009 chose randomly and I'm going to add a route to be able to have connection

00:20:56.970 routing in through the bridge and after that I would be able to curl the rails

00:21:04.350 app inside a container but know that I'm using one the localhost or 127.0.0.1

00:21:26.869 that's the default now with five one and you would see that it's paid nine inside

00:21:34.919 the container but it's a different kid out on the host so this is the fit

00:21:40.139 namespace of a word so next is see

00:21:46.200 groups so see groups are used to limit resources like you could you could have

00:21:52.619 you could set a limit a memory limits a CPU limit or even access to devices

00:21:58.999 could also set a limit to the number of processors you can fork because they don't want to exhaust all the you know

00:22:06.269 all the the process the number of process you could run and you know this

00:22:12.779 word see groups were added on the 2.6 kernel so let's take a look at how

00:22:19.919 you're going to set a memory limit so that so at the beginning it's just

00:22:28.200 the same you know we we just create the

00:22:33.539 namespaces so we're we're doing the same thing at the beginning creating the

00:22:39.750 mounds videos namespaces and then I'm

00:22:45.210 going to mount the proc and then the environment variables that we'll need

00:22:52.669 but before running before running the before running Puma we're going to use P

00:23:00.720 groups to set up a memory limit so here

00:23:05.760 I'm using C groups and so here I'm using

00:23:14.340 the seats FSC group memory which is the C group file system it's already mounted

00:23:21.600 on my box I think it was done by system B so unlike main space is wearing you

00:23:27.990 used unshare as the program the creating spaces with see groups you actually just

00:23:33.900 interface with with a file system with with the secret file system so I create

00:23:40.080 a directory create the rails directory and you would see that if you you know I

00:23:47.850 just created a directory but after creating it it creates all this house for me and those are the limits that I

00:23:55.620 could use you would see memory limit there and other other things so what I

00:24:03.330 need to do now is get the process ID of my container so I'll get the process ID

00:24:14.070 of bash so that's one zero four five is there and I'm going to put it inside

00:24:20.450 rails flashbacks and tasks on on C

00:24:28.169 groups are the processes right so I'm saying process one zero four five eight

00:24:33.360 should be under the rail C group I so there's nothing special with it I created the real seeker right and I'm

00:24:41.580 going to pay 40 megabytes we'll go to

00:24:47.280 real memory limit in bytes right so who

00:24:53.250 wants to guess if that's enough for a real publication it's a very basic real

00:24:58.560 application so now I'm back to my container and I'm going to run Puma so

00:25:04.230 I'm going to run bundle exec real server and it says it's killed right so it out

00:25:10.950 I mean we did with a limit of 40 megabytes or Puma process can start so

00:25:18.690 now I'm going to increase that to 80 megabytes and let's see if it works so

00:25:24.480 this is a do rails app so I think this would do this would work right so now

00:25:31.650 you could create a you know could run that process and you would see here that Pumas runnin so that's that's how you

00:25:40.200 use cgroups with with your real cat so

00:25:48.540 next description and the last one and this is the most the the most accurate description is containers for processors

00:25:56.040 so you might have present they're not VM they are processes and this is you know

00:26:01.200 the correct description and if you take away nothing else from this stuff is you

00:26:09.630 know you could lock run a lot of processors as you know but containers make it easier to run those processes

00:26:16.470 together on the same host so let's take a look at this next video you can see

00:26:24.960 that I have a lot of Puma processes right so and then I'm just showing you

00:26:30.390 that the pig I'm not sure if that's easy to read but the pede namespaces so you could check the namespaces on on the

00:26:38.220 profile system they're all different so I'm just showing you that this processes are all in different namespaces right

00:26:47.040 but they are namespaces and what interesting is I have a lot of pluma processes running I don't have even Ruby

00:26:54.660 installed on the hose right so their host does it needs to have anything in

00:27:01.140 fact there's an OS core OS or I think they've renamed it to container Linux

00:27:06.840 that Eva doesn't even have a packed package manager because they want you to

00:27:12.510 run everything in containers so here I'm trying okay run all the promo processes

00:27:18.030 you want I think I'm using the same version so this is same container but you could run whatever Ruby version you

00:27:25.410 want whatever app server you want you could you know mix and match puma

00:27:30.570 unicorn and it it is all containers make it all easier to do all that so you know

00:27:40.440 Oh containers are processes but containers being a new route of having

00:27:48.960 namespace and C groups they're not actually enough we have whenever you

00:27:54.030 create containers you have to make sure you know how to secure them so let's

00:27:59.940 talk about containers security the the

00:28:05.940 way security works with containers if you apply layers of them there's just no one setting that would make all their

00:28:13.170 containers secure like you have to run a number of different things to make sure they are secure for example we have app

00:28:21.480 armor this Linux security module or if your host doesn't support it SP Linux

00:28:28.429 and it limits the actions that a given program can take so it provides a lot of

00:28:34.410 limitations on on the container but

00:28:39.480 actually if you start using the user name spaces a user name space some of

00:28:44.910 these some of these restrictions from up-armored are not needed anymore but

00:28:50.760 you know you still keep them so you just have another layer of security so next

00:28:59.760 is capabilities in the beginning there root and non root so if you're a regular

00:29:06.300 user you you don't have access or you don't have privileges privileges to do a

00:29:12.690 lot of things and later the introduced capabilities so a regular user would be

00:29:19.380 able to do something if it has privileges some privileges some

00:29:25.260 capabilities but not you know but not a full-fledged root user

00:29:31.800 so containers need some capabilities but

00:29:36.960 you don't want to give them all the capabilities so that's why I also

00:29:42.180 shouldn't run your containers of truth and while when limiting capabilities for

00:29:49.500 some containers then you ill limit what what those containers can do however how

00:29:56.220 do you know which capabilities to restrict containers and which capabilities not restrict in fact there

00:30:03.540 when you search github for example on docker you know there's so there's a lot of discussion on what capabilities do to

00:30:12.110 to allow her to deny so if there's no one answer like when you go to when you

00:30:18.990 use the LXE they give you some set of capabilities and when you use docker to give you another set so it's you know

00:30:25.830 it's different and the other is SATCOM

00:30:31.950 so this is a little external feature and it's filter system calls and soccer

00:30:38.670 for example disables for the for system calls out of three hundred plus like one

00:30:44.310 example of a system call it's locks it's open by handle add because when you use

00:30:49.860 that you could escape the container so then the you know the solution is just to disable that system call but again

00:30:57.660 which setting the you know should you blog or should you disable so those four

00:31:03.420 reports you can call how did they arrive at those list it you know it comes from

00:31:09.300 years of running you know the docker project engineer which you know which

00:31:15.570 system calls like at the beginning if there's a vulnerability of you know something some

00:31:23.400 calls will have to be disabled so the

00:31:31.590 last part is running containers in production so I've shown you you know

00:31:37.890 namespaces and C groups so I hope I've convinced you to look at namespace and

00:31:43.860 figure absord containers to run to run your real tab but I hope you don't go

00:31:50.100 you know from this stuff you know creating namespaces and C group on your own like running and share it because

00:31:56.880 more likely that would be not secured

00:32:01.940 and will have a lot of bugs for example I've shown you CH roots but

00:32:07.679 that's not even actually what Java is using they're using pivot roots which is more secure than th groups because I'd

00:32:14.760 say truth wasn't meant for for isolation right so you don't write your own it's

00:32:21.240 like I think it's like cryptography rays you don't write your own juju let the pros do it

00:32:27.770 so you continue a runtime I've shown you

00:32:34.289 a docker and rocket and that's exactly good if you're going to start running containers in production that's a

00:32:41.490 percept because they would create the namespaces see groups and they would

00:32:47.610 have default security for you but then you'll also have other problems

00:32:52.770 right what if the duffer daemon dies and you know I've had to restart Donecker a

00:32:59.610 lot of times and you know all your containers are gone like for what do you do with that which the site would be

00:33:05.669 down you know it'll be bad so you use something on top of it you know an

00:33:11.220 orchestration system and here you would have kubernetes mapper doppler soir you

00:33:19.620 could choose you like kubernetes when you run your containers this system

00:33:25.710 would choose to host with resources right so if you have an server and say I want to run this wheel cap

00:33:33.340 then or this container with a real tap and then kubernetes would choose okay you run it on widows because it has

00:33:40.210 memory then when a host dies when it when a server reboots or you know it

00:33:46.450 becomes unacceptable command it would then all the containers that are running

00:33:51.519 are their coats I'm going to move them to to another hose so with just the

00:33:57.190 darker with just a continual runtime you'd have to manage that yourself right

00:34:03.130 so if that's why even docker has swarmed because they know it's just running docker and its own and one server is not

00:34:10.810 not enough then kubernetes also provides your downtime deploy you know if you

00:34:16.450 have containers then you you want to be able to create new containers and with

00:34:22.270 newer versions but all of this still need an image right which I didn't talk

00:34:30.550 or it gave the the technical details you still have to create that image right I

00:34:35.849 tell you it's all Ruby install the packages copy your code install the gems

00:34:41.679 but you know how do you do that and some people they just don't want to do that of course you could automate this right

00:34:47.770 you know a lot of you are using or board and half or using docker or containers with the Opera so you know you could use

00:34:53.919 dollar bills and there's a lot of autumn automation that you could use you could

00:34:59.740 tie them up with your your CI for example and you could have an image but

00:35:06.490 what if you don't want to you know to think about all this right that's like

00:35:11.589 when you're developer you don't want to think about containers cgroups namespaces then you could actually use a

00:35:20.230 platform right there are a lot of open source projects for this days open ship

00:35:25.510 where you just you don't need an image you just push right you run a command

00:35:30.550 like get push or the Cloud Foundry CF

00:35:37.150 push and your app will be sent to the platform and it would run containers for

00:35:43.300 you but in that case the the containers are just implementation details right like

00:35:49.480 you don't care that they're running containers it I just care that it works and I just care that if I push my app I

00:35:55.870 would you know see it in your version and scale automatically and yeah that is

00:36:01.150 to go so you now know about namespaces and C groups but you don't even have to

00:36:07.350 to use them and in fact of engine yard 30 silk plug anjaneri has a platform

00:36:16.930 that the first batch or will have a platform to this set and there would be a an announcement though we have a

00:36:23.650 keynote on Thursday that where you will hear more about it so we work on that

00:36:30.880 level actually we had a workshop at kubernetes so we could actually also work as a orchestration level but you

00:36:38.110 know most people would just like to push their app and be done with it so yeah in closing and deploy your rails

00:36:48.190 app in a container looking to the technologies it's I mean it's mature

00:36:55.060 enough a lot of people are using containers it's it also has a long way

00:37:01.840 to go like databases I think you should not run your your databases yet in

00:37:09.220 containers it is possible but it's still you know early and that's it