Jonathan Lalou's Blog

Posts Tagged ‘DevoxxFR2014’

sudo update-initramfs -u -k 6.5.0

### 1.4 Kernel Initialization

dmesg | less

**Purpose**:
- Load storage drivers (LVM, RAID, encrypted disks)
- Assemble root device
- Pivot to real root

e # edit
… linux … ro single
F10 # boot

> **Use Case**: Recover root password or repair filesystem.

### 1.3 Initramfs: The Temporary Root

A compressed cpio archive loaded into RAM:

lsinitramfs /boot/initramfs-6.5.0.img | head

menuentry ‘Ubuntu’ –class ubuntu {
set root=’hd0,gpt2′
linux /vmlinuz-6.5.0 root=UUID=abc123 ro quiet splash
initrd /initramfs-6.5.0.img
}

### *Key Kernel Parameters
| Parameter | Purpose |
|--------|--------|
| `ro` | Mount root read-only initially |
| `quiet` | Suppress boot messages |
| `splash` | Show graphical boot |
 [Truncated due to length] | `systemd.unit=rescue.target` | Boot into single-user mode |
| `init=/bin/bash` | Bypass init (emergency shell) |

ls /sys/firmware/efi # exists → UEFI

> **Security Note**: UEFI Secure Boot prevents unsigned kernels from loading—a critical defense in enterprise environments.

### 1.2 Bootloader: GRUB2

dmesg | grep -i “EFI v”

FROM nginx:alpine
COPY –from=builder /app/dist /usr/share/nginx/html
EXPOSE 80

This pattern reduces final image size from hundreds of megabytes to tens of megabytes. **Layer caching** optimization requires careful instruction ordering:

COPY package.json package-lock.json ./
RUN npm ci
COPY . .

Copying dependency manifests first maximizes cache reuse during development.

## Networking Models and Service Discovery
Docker’s default bridge network isolates containers on a single host. Production environments demand multi-host communication. **Overlay networks** create virtual networks across swarm nodes:

docker network create –driver overlay –attachable prod-net
docker service create –network prod-net –name api myapp:latest

Docker’s built-in DNS enables service discovery by name. For external traffic, **ingress routing meshes** like Traefik or NGINX provide load balancing, TLS termination, and canary deployments.

## Persistent Storage for Stateful Applications
Stateless microservices dominate container use cases, but databases and queues require durable storage. **Docker volumes** offer the most flexible solution:

docker volume create postgres-data
docker run -d \
–name postgres \
-v postgres-data:/var/lib/postgresql/data \
-e POSTGRES_PASSWORD=secret \
postgres:13

For distributed environments, **CSI (Container Storage Interface)** plugins integrate with Ceph, GlusterFS, or cloud-native storage like AWS EBS.

## Orchestration and Automated Operations
Docker Swarm provides native clustering with zero external dependencies:

docker swarm init
docker stack deploy -c docker-compose.yml myapp
“`

For advanced workloads, Kubernetes offers:
– Deployments for rolling updates and self-healing.
– Horizontal Pod Autoscaling based on CPU/memory or custom metrics.
– ConfigMaps and Secrets for configuration management.

Migration paths typically begin with stateless services in Swarm, then progress to Kubernetes for stateful and machine-learning workloads.

Security Hardening and Compliance

Production containers must follow security best practices:
– Run as non-root users: USER appuser in Dockerfile.
– Scan images with Trivy or Clair in CI/CD pipelines.
– Apply seccomp and AppArmor profiles to restrict system calls.
– Use RBAC and Network Policies in Kubernetes to enforce least privilege.

Production Case Studies and Operational Wisdom

Spotify manages thousands of microservices using Helm charts and custom operators. Airbnb leverages Kubernetes for dynamic scaling during peak booking periods. The New York Times uses Docker for CI/CD acceleration, reducing deployment time from hours to minutes.

Common lessons include:
– Monitor with Prometheus and Grafana.
– Centralize logs with ELK or Loki.
– Implement distributed tracing with Jaeger or Zipkin.
– Use chaos engineering to validate resilience.

Strategic Impact on DevOps Culture

Docker fundamentally accelerates the CI/CD pipeline and enables immutable infrastructure. Success requires cultural alignment: developers embrace infrastructure-as-code, operations teams adopt GitOps workflows, and security integrates into every stage. Orchestration platforms bridge the gap between development velocity and operational stability.

Links:

• Jérôme Petazzoni on LinkedIn
• Docker Documentation

FROM node:16 AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build