nats meetup oct 2016 docker 112

Docker 1.12.3+ and Getting Started with Docker Clustering

Nirmal Mehta / @normalfaults Adapted from presentation by Mike Goelzer / mgoelzer@docker.com / @mikegoelzer

The evolution of Docker orchestration

docker run nginx

Swarm mode clustering + Docker Services in EngineON-TRACK

2013-14

2014-present

(Backed by docker/swarmkit)

Docker 1.12• Orchestration

• Swarm Mode• Docker Services• Security• Routing Mesh

• Docker for X• Mac/Windows• AWS• Azure

• Container Healthcheck• Docker Application Bundle

Swarm mode & Docker Services

Engine

Swarm Mode

$ docker swarm init

Engine

Swarm Mode

$ docker swarm init

$ docker swarm join <IP of manager>:2377

Engine

EngineEngine

Engine

EngineEngine Engine

Swarm Mode

$ docker swarm init

$ docker swarm join <IP of manager>:2377

EngineEngine

Engine

EngineEngine Engine

Services

$ docker service create --replicas 3 --name frontend --network mynet -p 8080:80 frontend:latest

EngineEngine

Engine

EngineEngine Engine

Services

$ docker service create --name redis --network mynet redis:latest

EngineEngine

Engine

EngineEngine Engine

Node Failure & Reconciliation

EngineEngine

Engine

EngineEngine Engine

Node Failure & Reconciliation

EngineEngine

Engine

EngineEngine

Desired State ≠ Actual State

EngineEngine

Engine

EngineEngine

Converge Back to Desired State

EngineEngine

Engine

EngineEngine

Scaling

$ docker service update --replicas 6 frontend

EngineEngine

Engine

EngineEngine

Scaling

$ docker service update --replicas 10 frontend

EngineEngine

Engine

EngineEngine

Global Services

$ docker service create --mode=global --name prometheus prom/prometheus

EngineEngine

Engine

EngineEngine

Constraints

Engine

docker daemon --label com.example.storage="ssd"

EngineEngine

Engine

EngineEngine

Constraints

$ docker service create --replicas 3 --name frontend --network mynet -p 8080:80 --constraint engine.labels.com.example.storage==ssd frontend:latest

Engine

EngineEngine

Engine

EngineEngine

Constraints

$ docker service create --replicas 3 --name frontend --network mynet -p 8080:80 --constraint engine.labels.com.example.storage==ssd frontend:latest$ docker service update --replicas 10 frontend

Engine

Routing Mesh

:8080 :8080 :8080

frontend frontend

frontend

External Load Balancer

User browses to http://myapp.com

Node 1 Node 2 Node 3 Node 4

Routing Mesh

User browses to http://myapp.com

:8080 :8080

frontend frontend

frontend

External Load Balancer

Node 1 Node 2 Node 3 Node 4

Secure by default• Out-of-the-box TLS

encryption and mutual auth

• Automatic cert rotation• External or self-signed

root CA• Cryptographic node

identity

CertificateAuthority

TLS TLSTLS

Scale: 2,000 Nodes and Counting● For now: community testing, crowd-sourced nodes, not funded by

Docker● Credit to: Chanwit Kaewkasi, Suranaree University of

Technology (SUT), Thailand● Results:

• 2,384 nodes• 96,287 containers• Manager CPU/memory 15%≲• Test stopped because 3rd-party monitoring failed

● https://github.com/swarm2k/swarm2k

@chanwit

Deep Dive: Swarm Topology

NodeNode

Topology

NodeNode

Topology: roles

NodeNode

Manager

Worker

NodeNode

Topology: roles

NodeNode

Manager

Worker

● Each Node has a role● Roles are dynamic● Programmable Topology

Flat Topology

Manager Manager Manager

Worker Worker Worker Worker Worker Worker

Topology: Scaling model

Topology: High Availability

Leader FollowerFollower

Loss of Leader

Leader FollowerFollower

Loss of Leader

Follower FollowerLeader

HEALTHCHECK --interval=5m --timeout=3s --retries 3 CMD curl -f http://localhost/ || exit 1

Check web server every 5 minutes, require < 3 sec latency.>= 3 consecutive failures sets unhealthy state

Coming soon: health checks in official images

Container Health Check in Dockerfile

Docker Stack and Distributed Application Bundle (experimental)docker.com/dab• Docker Stacks and Distributed Application Bundles are experimental

features introduced in Docker 1.12 and Docker Compose 1.8• A Dockerfile can be built into an image, and containers can be

created from that image. • Similarly, a docker-compose.yml can be built into a distributed

application bundle, and stacks can be created from that bundle. In that sense, the bundle is a multi-services distributable image format.

Example Bundle File Format.DBS file

Docker 1.13• Secrets Management• New “docker system” commands• Allows a new client to talk to an old engine• Improved new plugins system (Work from 1.12 experimental)

Thanks!Join Docker Raleigh Meetup GroupUpcoming events:• Docker Mentor Week Nov 14-20, 2016

• Handson online Labs and Mentoring• Place and Date TBD but join group to get update

• Docker Swarm 3k Event Tomorrow!• https://github.com/swarmzilla/swarm3k

https://blog.docker.com/2016/10/docker-global-mentor-week-2016/

You can find me at:Nirmal Mehta@normalfaults (Twitter, Github)

nats meetup oct 2016 docker 112

Technology

meetup docker paris

docker novosibirsk meetup #3 - docker in production

docker online meetup #30: docker trusted registry 1.4.1

docker meetup - paas interoperability

fury - docker meetup

[nyc meetup] docker at nuxeo

docker usage patterns - meetup docker paris - november, 10th...

performance monitoring for docker environments - docker...

federated graphite in docker - denver docker meetup

docker online meetup #22: docker networking

nyc docker meetup: contiv networking on docker

antonis kalipetis - @akalipetis docker athens...

docker meetup: docker networking 1.11 with madhu venugopal

docker 1.13 - docker meetup février 2017

docker tours meetup #1 - introduction à docker

docker performance - docker april meetup

docker tips and tricks at the docker beijing meetup

docker at sourcelair | paris kasidiaris | 1st docker crete...

docker meetup tokyo_public_r001

clusterizando docker - i meetup docker córdoba - quaip