what's new in docker 1.12?
TRANSCRIPT
WHAT’S NEW IN DOCKER
ENGINE 1.12?
Presenter Name - Ajeet Singh Raina
Presentation Date – July-9 2016
Presented at - Docker Meetup #21
ABOUT ME
#Contribution:- Frequent Blogger – http://www.collabnix.com- Article Writing @ OSFY India- Dell Community ( Containerizing Dell Legacy Application)
#Inside Dell:- Project Lead Engineer(Global Solution Engineering)- Worked in VMware, CGI , Dell R&D- Solaris Lead Engineer ( Wiki Moderator)• (t) - ajeetsraina• (f) - Docker Public Group Moderator
#Reviewed Publications: • Puppet for Containerization• PowerCLI Cookbook
#Technology : System Integration, Linux, Docker, Hadoop, Puppet in Dell HPC
• What’s New in Docker 1.12 Engine? (API objects)
• Introducing SwarmKit Vs Swarm Mode (Overview)
• Swarm Mode Deep-Dive(Orchestration, Self-healing, Self-Organizing, in-built failover)
• Playing around Services (Desired State/Rolling Updates/Scaling)
• Understanding Routing Mesh (Container Native Load-Balancing)
• Demo
AGENDA
WHAT’S NEW IN DOCKER ENGINE 1.12?
MAJOR FEATURE ENABLEMENTS
Features Engine 1.11(and prior) Engine 1.12
Multi-host Networking & KV Store External KV store No External KV Store required (Swarm
Mode)
MACVLAN Experimental Out-of Experimental
Secure Control Plane Insecure (Plain-text) Secure
Secure Data Plane VXLAN was not encrypted by
default(can be secured by --opt-
secure)
Encrypted VXLAN traffic( makes use
of swarm certificates and key
exchange)
Load Balancing Load Balancing was featured under
1.10, based on only DNS RR
Virtual IP Load-Balancing & DNS RR
both supported(LB using IPVS)
Service Discovery Available under 1.10 but based on
external service discovery backend
Service discovery now integrated into
Docker Engine, Virtual IP for VIP
Load-Balancing support.
Swarm Mode Not Available Newly Introduced ( Optional Feature)
Routing Mess Not Available Newly Introduced
WHAT’S NEW IN SWARM?
Swarm
Reboot in
Docker
1.12
New Swarm APIs –$docker swarm --help
$docker node --help
$docker service --help
Easy Swarm Management$docker swarm init
$docker swarm join master:port
New Docker Plumbing for
Swarm Mode~ Swarmkit
Docker Swarm embedded into
Docker Engine
Service ~ First class citizen ~ Replication, Load Balancing & updates of Images
New Service CLIs –$docker service # --help
[create, inspect, remove, update]
$docker service tasks --help
New Node CLIs –$docker service # --help
[accept, promote, demote, inspect,
update, tasks, ls and rm ]
New Stack & Deploy CLIs –
[ Experimental]
SWARMKIT – AN OVERVIEW
An open source toolkit(plumbing) to build multinode systems
Builds the cluster management and orchestration features embedded in the Docker Engine
Employs the decentralized architecture rather than centralized(key-value store)
Machines running SwarmKit can be grouped together in order to form a Swarm
Once a machine joins, it becomes a Swarm Node.
SWARMKIT - FEATURES
SwarmKit
Desired State
Reconciliation
Replicated &
Global
Services
Configuration
Updates
- Parallelism
- Delay
Restart
Policies
Scheduling
Constraints
Orchestration
Resource
Awareness
Management
Topology
Node
Security
Mutual TLS
Acceptance
Policy
Certification
Rotation
Swarm mode is an optional feature.
Swarm mode is enabled for the Engine by either initializing
a swarm or joining an existing swarm.
When you run Engine in swarm Mode, you orchestrate services .
When you run Docker Engine outside the swarm mode, you basically execute container commands.
Swarm Mode is NOT going to break the existing Swarm production environment.
No external KV store needed
Self Healing, Self-Organizing, No Single Point of Failure
Swarm
Mode
A BASIC SWARM ARCHITECTURE
$ docker -H=tcp://192.168.33.10:2375 run -d -p 8500:8500 -
h consul progrium/consul -server -bootstrap$ docker -H=tcp://192.168.33.11:2375 run -d -p 3375:2375
swarm manage consul://192.168.33.10:8500/
$docker -H=tcp://192.168.33.12:2375 run -d swarm join --
advertise=192.168.33.12:2375 consul://192.168.33.10:8500/
$ docker -H=tcp://192.168.33.13:2375 run -d
swarm join --advertise=192.168.33.13:2375
consul://192.168.33.10:8500/
SWARM MODE – A GLIMPSE
Swarm
Manager
Swarm
Agent
Swarm
Agent
c0-masterc0-n1
c0-n2
TCP port 2377 for cluster management communications
TCP and UDP port 7946 for communication in between nodes
TCP and UDP port 4789 for overlay network traffic
@master1
SWARM MODE: INITIALIZING THE SWARM MODE
$docker swarm init
@master1
SWARM MODE: ADDING THE FIRST WORKER NODE
$docker swarm init
@node1
$docker swarm join <IP address of
Master>:2377
@master1
SWARM MODE: BUILDING THE CLUSTER
$docker swarm init
@node1
$docker swarm join <IP address of
Master>:2377
@node2
@node3
@node4@node5
$docker swarm join <IP address of
Master>:2377
$docker swarm join <IP address of
Master>:2377
…
…
SWARM MODE: UNDER THE HOOD
Secure by default with End to End Encryption
1. $docker swarm init
2. A TLS root CA is created.
3. A keypair is issued for the first
node, and signed by the root CA.
4. All the joining nodes also receive
the root CA public key and
certificate
5. The node keys and certificates
are automatically renewed on
regular intervals (by default, 90
days)
6. Tunable with docker swarm
update).
7. External CA Integration
Supported
@master1
SWARM MODE: ACCEPTANCE POLICY
$docker swarm init
$docker swarm update - - auto-accept none –secret
<password>
@node1
$docker swarm join <IP address of
Master>:2377
@node2
@node3
@node4
@node5
@master1
SWARM MODE: ACCEPTANCE POLICY
$docker swarm update - - auto-accept none –secret
<password>
$docker swarm accept <node5>
@node1
$docker swarm join <IP address of
Master>:2377
@node2
@node3
@node4
@node6
$docker swarm join <IP address of Master>:2377
@master1
SWARM MODE: ACCEPTANCE POLICY
$docker swarm update - - auto-accept none –secret
<password>
$docker swarm accept <node5>
@node1
$docker swarm join <IP address of
Master>:2377
@node2
@node3
@node4
@node5
$docker swarm join <IP address of Master>:2377
SWARM MODE: CREATING THE FIRST SERVICE
$docker network create –d overlay mynetwork
$docker service create - -name mycloud - -replicas 4 - -network mynetwork - -publish 80:80/tcp
dockercloud/hello-world
SWARM MODE: CREATING THE FIRST SERVICE
mycloud
mycloud.1
mycloud.4
mycloud.2
mycloud.3
mycloud:latest container
mycloud:latest container
mycloud:latest container
mycloud:latest container
Service Tasks Containers
@master1
SWARM MODE: SCALING
@node1 @node2
@node3 @node4@node5
mynetwork
$docker service scale mycloud=10
SWARM MODE– NODE FAILURE
$docker service scale mycloud=20
SWARM MODE– DESIRED STATE ACTUAL STATE
$docker service scale mycloud=20
SWARM MODE – CONVERGED BACK TO DESIRED STATE
$docker service scale mycloud=20
SWARM MODE: GLOBAL SERVICES
$docker service create –mode=global –name mycloud dockercloud/hello-world
SWARM MODE – CONSTRAINTS
$docker service create - -name mycloud - -replicas 4 - -network mynetwork - -publish
80:80/tcp --constraint com.example.storage=“ssd” dockercloud/hello-world
SWARM MODE – ROUTING MESS
SWARM MODE – INGRESS NETWORKING
DEMO TIME