what's new in docker 1.12?

32
WHATS NEW IN DOCKER ENGINE 1.12? Presenter Name - Ajeet Singh Raina Presentation Date July-9 2016 Presented at - Docker Meetup #21

Upload: ajeet-singh-raina

Post on 16-Apr-2017

5.115 views

Category:

Engineering


6 download

TRANSCRIPT

Page 1: What's New in Docker 1.12?

WHAT’S NEW IN DOCKER

ENGINE 1.12?

Presenter Name - Ajeet Singh Raina

Presentation Date – July-9 2016

Presented at - Docker Meetup #21

Page 2: What's New in Docker 1.12?

ABOUT ME

#Contribution:- Frequent Blogger – http://www.collabnix.com- Article Writing @ OSFY India- Dell Community ( Containerizing Dell Legacy Application)

#Inside Dell:- Project Lead Engineer(Global Solution Engineering)- Worked in VMware, CGI , Dell R&D- Solaris Lead Engineer ( Wiki Moderator)• (t) - ajeetsraina• (f) - Docker Public Group Moderator

#Reviewed Publications: • Puppet for Containerization• PowerCLI Cookbook

#Technology : System Integration, Linux, Docker, Hadoop, Puppet in Dell HPC

Page 3: What's New in Docker 1.12?

• What’s New in Docker 1.12 Engine? (API objects)

• Introducing SwarmKit Vs Swarm Mode (Overview)

• Swarm Mode Deep-Dive(Orchestration, Self-healing, Self-Organizing, in-built failover)

• Playing around Services (Desired State/Rolling Updates/Scaling)

• Understanding Routing Mesh (Container Native Load-Balancing)

• Demo

AGENDA

Page 4: What's New in Docker 1.12?

WHAT’S NEW IN DOCKER ENGINE 1.12?

Page 5: What's New in Docker 1.12?
Page 6: What's New in Docker 1.12?

MAJOR FEATURE ENABLEMENTS

Features Engine 1.11(and prior) Engine 1.12

Multi-host Networking & KV Store External KV store No External KV Store required (Swarm

Mode)

MACVLAN Experimental Out-of Experimental

Secure Control Plane Insecure (Plain-text) Secure

Secure Data Plane VXLAN was not encrypted by

default(can be secured by --opt-

secure)

Encrypted VXLAN traffic( makes use

of swarm certificates and key

exchange)

Load Balancing Load Balancing was featured under

1.10, based on only DNS RR

Virtual IP Load-Balancing & DNS RR

both supported(LB using IPVS)

Service Discovery Available under 1.10 but based on

external service discovery backend

Service discovery now integrated into

Docker Engine, Virtual IP for VIP

Load-Balancing support.

Swarm Mode Not Available Newly Introduced ( Optional Feature)

Routing Mess Not Available Newly Introduced

Page 7: What's New in Docker 1.12?

WHAT’S NEW IN SWARM?

Swarm

Reboot in

Docker

1.12

New Swarm APIs –$docker swarm --help

$docker node --help

$docker service --help

Easy Swarm Management$docker swarm init

$docker swarm join master:port

New Docker Plumbing for

Swarm Mode~ Swarmkit

Docker Swarm embedded into

Docker Engine

Service ~ First class citizen ~ Replication, Load Balancing & updates of Images

New Service CLIs –$docker service # --help

[create, inspect, remove, update]

$docker service tasks --help

New Node CLIs –$docker service # --help

[accept, promote, demote, inspect,

update, tasks, ls and rm ]

New Stack & Deploy CLIs –

[ Experimental]

Page 8: What's New in Docker 1.12?

SWARMKIT – AN OVERVIEW

An open source toolkit(plumbing) to build multinode systems

Builds the cluster management and orchestration features embedded in the Docker Engine

Employs the decentralized architecture rather than centralized(key-value store)

Machines running SwarmKit can be grouped together in order to form a Swarm

Once a machine joins, it becomes a Swarm Node.

Page 9: What's New in Docker 1.12?

SWARMKIT - FEATURES

SwarmKit

Desired State

Reconciliation

Replicated &

Global

Services

Configuration

Updates

- Parallelism

- Delay

Restart

Policies

Scheduling

Constraints

Orchestration

Resource

Awareness

Management

Topology

Node

Security

Mutual TLS

Acceptance

Policy

Certification

Rotation

Page 10: What's New in Docker 1.12?

Swarm mode is an optional feature.

Swarm mode is enabled for the Engine by either initializing

a swarm or joining an existing swarm.

When you run Engine in swarm Mode, you orchestrate services .

When you run Docker Engine outside the swarm mode, you basically execute container commands.

Swarm Mode is NOT going to break the existing Swarm production environment.

No external KV store needed

Self Healing, Self-Organizing, No Single Point of Failure

Swarm

Mode

Page 11: What's New in Docker 1.12?

A BASIC SWARM ARCHITECTURE

$ docker -H=tcp://192.168.33.10:2375 run -d -p 8500:8500 -

h consul progrium/consul -server -bootstrap$ docker -H=tcp://192.168.33.11:2375 run -d -p 3375:2375

swarm manage consul://192.168.33.10:8500/

$docker -H=tcp://192.168.33.12:2375 run -d swarm join --

advertise=192.168.33.12:2375 consul://192.168.33.10:8500/

$ docker -H=tcp://192.168.33.13:2375 run -d

swarm join --advertise=192.168.33.13:2375

consul://192.168.33.10:8500/

Page 12: What's New in Docker 1.12?

SWARM MODE – A GLIMPSE

Swarm

Manager

Swarm

Agent

Swarm

Agent

c0-masterc0-n1

c0-n2

TCP port 2377 for cluster management communications

TCP and UDP port 7946 for communication in between nodes

TCP and UDP port 4789 for overlay network traffic

Page 13: What's New in Docker 1.12?

@master1

SWARM MODE: INITIALIZING THE SWARM MODE

$docker swarm init

Page 14: What's New in Docker 1.12?

@master1

SWARM MODE: ADDING THE FIRST WORKER NODE

$docker swarm init

@node1

$docker swarm join <IP address of

Master>:2377

Page 15: What's New in Docker 1.12?

@master1

SWARM MODE: BUILDING THE CLUSTER

$docker swarm init

@node1

$docker swarm join <IP address of

Master>:2377

@node2

@node3

@node4@node5

$docker swarm join <IP address of

Master>:2377

$docker swarm join <IP address of

Master>:2377

Page 16: What's New in Docker 1.12?

SWARM MODE: UNDER THE HOOD

Secure by default with End to End Encryption

1. $docker swarm init

2. A TLS root CA is created.

3. A keypair is issued for the first

node, and signed by the root CA.

4. All the joining nodes also receive

the root CA public key and

certificate

5. The node keys and certificates

are automatically renewed on

regular intervals (by default, 90

days)

6. Tunable with docker swarm

update).

7. External CA Integration

Supported

Page 17: What's New in Docker 1.12?

@master1

SWARM MODE: ACCEPTANCE POLICY

$docker swarm init

$docker swarm update - - auto-accept none –secret

<password>

@node1

$docker swarm join <IP address of

Master>:2377

@node2

@node3

@node4

@node5

Page 18: What's New in Docker 1.12?

@master1

SWARM MODE: ACCEPTANCE POLICY

$docker swarm update - - auto-accept none –secret

<password>

$docker swarm accept <node5>

@node1

$docker swarm join <IP address of

Master>:2377

@node2

@node3

@node4

@node6

$docker swarm join <IP address of Master>:2377

Page 19: What's New in Docker 1.12?

@master1

SWARM MODE: ACCEPTANCE POLICY

$docker swarm update - - auto-accept none –secret

<password>

$docker swarm accept <node5>

@node1

$docker swarm join <IP address of

Master>:2377

@node2

@node3

@node4

@node5

$docker swarm join <IP address of Master>:2377

Page 20: What's New in Docker 1.12?

SWARM MODE: CREATING THE FIRST SERVICE

$docker network create –d overlay mynetwork

$docker service create - -name mycloud - -replicas 4 - -network mynetwork - -publish 80:80/tcp

dockercloud/hello-world

Page 21: What's New in Docker 1.12?

SWARM MODE: CREATING THE FIRST SERVICE

mycloud

mycloud.1

mycloud.4

mycloud.2

mycloud.3

mycloud:latest container

mycloud:latest container

mycloud:latest container

mycloud:latest container

Service Tasks Containers

Page 22: What's New in Docker 1.12?
Page 23: What's New in Docker 1.12?
Page 24: What's New in Docker 1.12?

@master1

SWARM MODE: SCALING

@node1 @node2

@node3 @node4@node5

mynetwork

$docker service scale mycloud=10

Page 25: What's New in Docker 1.12?

SWARM MODE– NODE FAILURE

$docker service scale mycloud=20

Page 26: What's New in Docker 1.12?

SWARM MODE– DESIRED STATE ACTUAL STATE

$docker service scale mycloud=20

Page 27: What's New in Docker 1.12?

SWARM MODE – CONVERGED BACK TO DESIRED STATE

$docker service scale mycloud=20

Page 28: What's New in Docker 1.12?

SWARM MODE: GLOBAL SERVICES

$docker service create –mode=global –name mycloud dockercloud/hello-world

Page 29: What's New in Docker 1.12?

SWARM MODE – CONSTRAINTS

$docker service create - -name mycloud - -replicas 4 - -network mynetwork - -publish

80:80/tcp --constraint com.example.storage=“ssd” dockercloud/hello-world

Page 30: What's New in Docker 1.12?

SWARM MODE – ROUTING MESS

Page 31: What's New in Docker 1.12?

SWARM MODE – INGRESS NETWORKING

Page 32: What's New in Docker 1.12?

DEMO TIME