Kubernetes is also called the "distributed Linux of the cloud" – which implies that it provides fundamental infrastructure, which can solve a lot of challenges. Let’s see how PHP applications fit into this picture. In this presentation, we are going to explore when Kubernetes is a good fit for operating your PHP application and how it can be done in practice. We’ll look at the whole lifecycle: how to build your application, create or choose the right Docker images, deploy and scale, and how to deal with performance and monitoring. At the end you will have a good understanding about all the different stages and building blocks for running a PHP application with Kubernetes in production.
24. Base Image
- standards and tooling for other images
- common tools for application usage
👉 create your own base image
👉 reduce to a minimum, but not less
25. Which OS?
Alpine Linux
- smaller
fi
lesystem footprint
- more secure?
- only relevant in container context
- uses musl instead of glibc 🐛
26. Which OS?
Debian
- larger
fi
lesystem footprint
- well-established security team
- wide-spread, therefore more
fi
rst-hand
experience
- high compatibility due to glibc
27. Which OS?
👉 You need to feel comfortable working
with the OS and it must support all the
software you want to install
36. More image security
- don't run as root (use SecurityContext)
- disable privilege escalation
- automatically scan images
- redeploy automatically, frequently
- only include minimal amount of
software – do you really need a shell?