docker seattle meetup april 2015 - the docker orchestration ecosystem on azure
TRANSCRIPT
Patrick Chanezon, Docker Inc.@chanezon
The Docker Ecosystem
With slides from @jpetazzo @timpark @vieux @tnachen @volkerw IBM
on Microsoft Azure
Ride the Whale!
History of containerization
• 1960’s mainframe
• 1990’s hardware virtualization
• 1990’s OS virt precursors: BSD Jails, Solaris zones
• 2006 Cloud IaaS
• 2009 platform virtualization (PaaS)
• 2013 Docker
See @bcantrill’s deck http://www.slideshare.net/bcantrill/docker-and-the-future-of-containers-in-production
Isolation using Linux kernel features
namespaces
pid
mnt
net
uts
ipc
user
cgroups
memory
cpu
blkio
devices
docker-compose: running multiple containers Run your stack with one command: docker-compose up
Describe your stack with one file: docker-compose.yml
web:
build: .
command: python app.py
ports:
- "5000:5000"
volumes:
- .:/code
links:
- redis:redis
redis:
image: redis
Docker now
A platform to build, ship, and run any app, anywhere
docker engine
docker hub
docker-machine
docker-compose
docker-swarm
kitematic
Docker, the community
>700 contributors
~20 core maintainers
>40,000 Dockerized projects on GitHub
>60,000 repositories on Docker Hub
>25000 meetup members,>140 cities, >50 countries
>2,000,000 downloads of boot2docker
Docker Inc, the company
Headcount: ~130
Revenue: t-shirts and stickers featuring the cool blue whale
SAAS delivered through Docker Hub
Support & Training
soon: Docker Hub Enterprise, behind the firewall
Separation of concerns:Dave the Developer
Inside my container: my code
my libraries
my package manager
my app
my data
Separation of concerns:Oscar the Ops guy
Outside the container: logging
remote access
network configuration
monitoring
More Windows options
• Nano Server
• Hyper-V Containers
http://azure.microsoft.com/blog/2015/04/08/microsoft-unveils-new-container-technologies-for-the-next-generation-cloud
Azure Fabric: see you at BUILD!
http://azure.microsoft.com/blog/2015/04/20/announcing-azure-service-fabric-reducing-complexity-in-a-hyper-scale-world/
Azure x-plat CLI
azure vm docker create \
--subscription "252a4be8-863c-xxx-587d88952573" \
--ssh --ssh-cert ~/.ssh/azureCert.pem \
--no-ssh-password \
-l "East US" \
pat-docker-0421 \
"b39f27a8b8c64d52b05eac6a62ebad85__Ubuntu-14_04_2_LTS-amd64-
server-20150309-en-us-30GB" \
ubuntu
docker-machine
docker-machine create -d azure \
—azure-subscription-id="c4f51be3-784c-xxx-7c50ad9e1b7c" \
--azure-subscription-cert="/Users/pat/.ssh/docker-azure-
cert.pem" \
--azure-location="East US" \
--azure-size=Small \
--azure-username="pat" \
pat-docker-machine-n
Powerstrip
Prototyping Docker Plugins
https://clusterhq.com/blog/powerstrip-prototype-docker-extensions-today/
Swarm in a nutshell
• Docker REST API (>85%)
• Resource management (CPU, Mem, Networking)
• Advanced scheduling with constraints and affinities
• Multiple Discovery Backends (hub, etcd, consul, zookeeper)
• TLS: Encryption & Authentication
TimelineOct
Nov
Dec
Jan
Feb
Jun
Proof of Concept
DockerCon EU
Open Repository
First Release Candidate
Swarm Beta Release
Global Hack Day
Open Proposal
Setup using the hosted discovery service
• Create a cluster:
$ swarm create
• Add nodes to a cluster:
$ swarm join --add=<node_ip> token://<token>
• Start Swarm
$ swarm manage --addr=<swarm_ip> token://<token>
Or you can use your own etcd, zookeeper or consul
Contributions are welcome :
Resource Management
• Memory
$ docker run -m 1g …
• CPU
$ docker run -c 1 …
• Ports
$ docker run -p 80:80 …
• More to come, ex: network interfaces
Constraints
• Standard constraints induced from docker info
docker run -e “constraint:operatingsystem==*fedora*” …
docker run -e “constraint:storagedriver==*aufs*” …
• Custom constraints with host labels
docker -d --label “region==us-east”
docker run -e “constraint:region==us-east” …
• Pin a container to a specific host
docker run –e “constraint:node==ubuntu-2” …
Affinities
• Containers affinities
docker run --name web nginx
docker run -e “affinity:container==web” logger
• Containers Anti-affinities
docker run --name redis-master redis
docker run --name redis-slave -e “affinity:container!=redis*”
…
• Images affinities
docker run -e “affinity:image==redis” redis
New in 0.2.0: Soft Affinities/Constraints
• Containers affinities
docker run -e “affinity:container~!=—name web nginx
docker run -e “affinity:container==web” logger
• Containers Anti-affinities
docker run --name redis-master redis
docker run --name redis-slave -e “affinity:container!=redis*”
…
• Images affinities
docker run -e “affinity:image==redis” redis
Swarm Scheduler
2 steps:
• 1- Apply filters to exclude nodes
- ports
- labels
- health
• 2- Use a strategy to pick the best node
- random
- binpack
- spread
Contributions are welcome :
Swarm Beta: Integrations
• Fully integrated with Machine
• Partially integrated with Compose
• Mesos integration has started in collaboration with Mesosphere.
Swarm load balancing: interlock
https://github.com/ehazlett/interlock/tree/master/plugins/haproxy
Deis (http://deis.io)
• Open source PaaS platform that builds on CoreOS.• Replicates the popular Heroku devops workflow.
• Primary mechanism for pushing applications is through git.• Developer experience is not unlike Azure Websites…• …but is built on Linux so full support for open source stacks.
• Enables us to win migrations from Salesforce to Azure.• Hackfest in November to enable Deis for Tagboard.
• Enables us to win startups that expect this workflow.
tpark:www$ git push deis master
• Git pushes master to deis git remote on endpoint• Deis senses static web application• Selects Heroku Buildpack• Uses buildpack to build application Docker container.• Pushes this container to a private Docker registry.• Orchestrates the creation or update of this container
on the cluster.• Updates routing mesh to route to these containers.
tpark:www$ deis scale www=3
• Deis pushes the container to two more cluster nodes.• Updates routing mesh to pass traffic to these nodes.
tpark:api$ git push deis master
• Git pushes master to deis git remote on endpoint• Deis senses node.js application• Selects Heroku node.js Buildpack• Uses buildpack to build application Docker container.• Pushes this container to a private Docker registry.• Orchestrates the creation or update of this container
on the cluster.• Updates routing mesh to route to these containers.
tpark:api$ deis config:set DATABASE_URL=postgres://user:[email protected]:5432/db
• Applications in Deis are configured through environmental variables.
• MUST READ: http://12factor.net/• Key point: Code is separated from config. • Enables generic containers that are configured at runtime.• Every app container spun up by Deis will have a copy of these
config environmental variables.
KubernetesMaster / Scheduler
host-1 host-2 host-3 host-n
…..Container Agent Container Agent Container Agent Container Agent
Linux Linux Linux Linux
KubernetesScheduler
host-1 host-2 host-3 host-n
…..Container Agent Container Agent Container Agent Container Agent
Linux Linux Linux Linux
Container
Container
Kubernetes
host-1
Container
host-2 host-3 host-4 host-n
…
Container
Container
Container
Container
ContainerContainer
ContainerContainer
Kubernetes
host-1 host-2 host-3 host-4 host-n
…
Frontend
Worker
my_app pod
MyAppMyApp MyApp
Replication Controller
3
Kubernetes
host-1 host-2 host-3 host-4 host-n
…
Frontend
Worker
my_app pod
MyAppMyApp MyApp
Replication Controller
3
Kubernetes
host-1 host-2 host-3 host-4 host-n
…MyAppMyApp MyApp
Replication Controller
Pod Pod
Pod
Pod
PodPod
PodPod
Replication Controller
Kubernetes
host-1 host-2 host-3 host-4 host-n
…MyAppstaging
MyAppstaging
MyAppstaging
MyAppprod
MyAppprod
MyAppprod
MyAppprod
MyAppprod
MyApp Production Service{ environment: prod }
MyApp Staging Service{ environment: staging }
Labels and Services
99
Customer Managed
Service Provider Managed
IBM SoftLayer
Bluemix started as a public PaaSBluemix started with a major focus on developer productivity in the public cloud.
Infrastructure as
a Service
Code
Data
Runtime
Middleware
OS
Virtualization
Servers
Storage
Networking
Code
Data
Runtime
Middleware
OS
Virtualization
Servers
Storage
Networking
Platform as
a Service
10
0
Customer Managed
Service Provider Managed
IBM SoftLayer
We listened. Now we’re evolving to become even more flexible.
Capabilities in Bluemix now span PaaS and IaaS and can be delivered as a public,
dedicated, or on-premises* implementation.
Infrastructure as
a Service
Code
Data
Runtime
Middleware
OS
Virtualization
Servers
Storage
Networking
Code
Data
Runtime
Middleware
OS
Virtualization
Servers
Storage
Networking
Platform as
a Service
*Bluemix Local coming Summer 2015
Built on open
technologies:
How does Bluemix work?Bluemix is underlined by three key open compute technologies: Cloud Foundry, Docker, and
OpenStack. It extends each of these with a growing number of services, robust DevOps tooling,
integration capabilities, and a seamless developer experience.
101
Flexible Compute Options to Run Apps / Services
Instant Runtimes Containers Virtual Machines
Platform Deployment Options that Meet Your Workload Requirements
Bluemix
Public
Bluemix
Dedicated
Bluemix
Local*
DevOps
Tooling Your Own Hosted Apps / Services
Integration and
API Mgmt
Powered by IBM SoftLayer In Your Data Center
+ + +
+ +
+ Always focused on what’s next
Catalog of Services that Extend Apps’ Functionality
Web Data Mobile AnalyticsCognitive IoT Security Yours
+
*Bluemix Local coming Summer 2015
Containers in BluemixBluemix now comes with a fully integrated, high performance Docker experience, meaning monitoring,
logging, elasticity, enterprise images, and VM abstraction are all standard.
102
Docker Value IBM Value-add Customer Value
Docker Hub Registry holds a
repository of 75000+ Docker
images
• IBM hosted public registry containing IBM images - linked to
Docker Hub
• Client unique registry available on and off premises
• Enterprise-ready images
Access to the images you require to deploy
containers that meet your business needs and
strategy
Open-source, standardized,
lightweight, self sufficient LXC
container technology
• Enhanced performance with bare metal deployment
• Run images to local datacenter or cloud
• Deployment choice with pSeries & zSeries
Flexibility to choose the right hybrid cloud mix for your business
Build, ship, and run standardized
containers
• Integrated monitoring & logging
• Elasticity to grow storage & container needs
• Life-cycle management of containers and data volumes
• No VMs to manage
Docker ease of use combined with enterprise-
level integrity and confidence
Container connections using
links and service discovery
• Private network communication
• External IP address
• Subnet Range
Extends and connects Docker containers to
production-ready enterprise environments
Orchestration summary• Docker Swarm: Docker-style, provision with docker-machine
• Mesos: Twitter-style, aligned with Swarm
• Fleet: CoreOS-style, simple
• Kubernetes: Google-style, heavy-duty, many concepts
• Deis: Heroku-style workflow
• Cloud Foundry Diego, IBM BlueMix: PaaS -> orchestration
• Also: Joyent, Tutum, Flynn
Learning• http://docs.docker.com/
• https://github.com/chanezon/azure-linux
• Docker container to get started
docker run –ti chanezon/linux
• Docker-machine
• Docker-swarm
• CoreOS cluster, fleet
• Deis
• Weave, Kubernetes
• Deploy Java app
10
3
References• talk about cloud platforms: Managing complexity in giant systems http://www.slideshare.net/chanezon/tackling-
complexity-in-giant-systems-approaches-from-several-cloud-providers
• talk about Devops, the Microsoft Wayhttp://www.slideshare.net/chanezon/devops-the-microsoft-way
• MS Open Tech https://msopentech.com/ Blog, VM Depot
• P@ Linux on Azure pages https://github.com/chanezon/azure-linux/
• Tim’s CoreOS tutorial https://github.com/timfpark/coreos-azure
• Tim’s Deis documentation
• @jpetazzo’s presentations http://www.slideshare.net/jpetazzo/
• @bcantrill’s deck http://www.slideshare.net/bcantrill/docker-and-the-future-of-containers-in-production
• @vieux deck on Swarm
• @htchen deck on Mesos + Swarm https://speakerdeck.com/tnachen/docker-swarm-plus-mesos