Container Operations

Transcript

1. © 2016 Mesosphere, Inc. All Rights Reserved. CONTAINER OPERATIONS
 FROM

   PETS TO CATTLE
 WITH DC/OS ON AZURE 1 Michael Hausenblas | 2016-05-18 | Docker Belgium & AZUG Belgium

2. © 2016 Mesosphere, Inc. All Rights Reserved. sys admin devops

   developer architect QA/Tester data scientist/engineer

3. © 2016 Mesosphere, Inc. All Rights Reserved. CONTAINERS 3

4. © 2016 Mesosphere, Inc. All Rights Reserved. CONTAINER ARTIFACTS LAYER

   DIAGRAM 4

5. © 2016 Mesosphere, Inc. All Rights Reserved. LINUX
 CONTAINERS 5

   • Containers are not VMs • app-level dependency management • lightweight (startup time, footprint, average runtime) • isolation & security (kinda, getting better)

6. © 2016 Mesosphere, Inc. All Rights Reserved. LINUX
 CONTAINERS 6

   • namespaces • Isolate PIDs between processes • Isolate process to network resources • Isolate the hostname to fake it out (UTS) • Isolate the filesystem mount points (chroot) • Isolate inter process communication (IPC) • Isolate specific users to specific processes • cgroups
 https://sysadmincasts.com/episodes/14-introduction-to-linux-control-groups-cgroups

7. © 2016 Mesosphere, Inc. All Rights Reserved. TIME FOR A

   NEW KIND OF OPERATING SYSTEM 7

8. © 2016 Mesosphere, Inc. All Rights Reserved. SINGLE MACHINE APPLICATION

   8 hardware OS app

9. © 2016 Mesosphere, Inc. All Rights Reserved. DISTRIBUTED APPLICATION 9

   hardware OS app hardware OS hardware OS hardware OS hardware OS hardware OS hardware OS

10. © 2016 Mesosphere, Inc. All Rights Reserved. DISTRIBUTED OS +

    DISTRIBUTED APP 10 hardware OS app hardware OS hardware OS hardware OS hardware OS hardware OS hardware OS distributed OS

11. © 2016 Mesosphere, Inc. All Rights Reserved. LOCAL OS
 VS.


    DISTRIBUTED OS 11

12. © 2016 Mesosphere, Inc. All Rights Reserved. MEET THE DATACENTER

    OPERATING SYSTEM 12

13. © 2016 Mesosphere, Inc. All Rights Reserved. DC/OS ARCHITECTURE 13

14. © 2016 Mesosphere, Inc. 14 https://dcos.io

15. © 2016 Mesosphere, Inc. 15 https://dcos.io

16. © 2016 Mesosphere, Inc. All Rights Reserved. DC/OS BENEFITS 16

    • One cluster for • stateless services such as Web servers & app servers (via Marathon) • stateful services like PostgreSQL, MemSQL, Kafka, Cassandra, etc. • elastic data processing via Spark, Akka, etc. • CI/CD, for example Jenkins+Marathon • Dynamic partitioning of your cluster, depending on your needs • Increased utilization (10% → 80%+)

17. © 2016 Mesosphere, Inc. All Rights Reserved. 17

18. © 2016 Mesosphere, Inc. All Rights Reserved. 18

19. © 2016 Mesosphere, Inc. All Rights Reserved. QUICK INTERLUDE: APACHE

    MESOS & MARATHON 19

20. © 2016 Mesosphere, Inc. All Rights Reserved. APACHE MESOS 20

    • A top-level ASF project • A cluster resource negotiator • Scalable to 10,000s of nodes but also useful for a handful of nodes • Fault-tolerant, battle-tested • An SDK for distributed apps • Native Docker support mesos.apache.org

21. © 2016 Mesosphere, Inc. All Rights Reserved. MESOS
 ARCHITECTURE 21

    http://mesos.berkeley.edu/mesos_tech_report.pdf Marathon
 scheduler Spark
 scheduler Spark
 executor Marathon
 executor Spark
 executor Marathon
 executor Mesos Agent Mesos Agent Mesos Agent Mesos
 Master Standby
 Master Standby
 Master Framework

22. © 2016 Mesosphere, Inc. All Rights Reserved. RESOURCES 22 •

    resource: anything a task consumes to do its work • standard resources: cpu
 mem
 disk
 ports • Dominant Resource Fairness (DRF) algorithm guarantees fair allocation across resource types

23. © 2016 Mesosphere, Inc. All Rights Reserved. MARATHON 23 The

    DC/OS 'init system' • starts instances of a long-running services • restarts the instances if they crash • provides composition primitives • supports health checks • supports rolling upgrades

24. © 2016 Mesosphere, Inc. All Rights Reserved. MARATHON
 GROUPS 24

    • Groups can contain one or more apps/groups • Dependency management • Scaling https://mesosphere.com/blog/2015/06/21/web-application-analytics-using-docker-and-marathon/

25. © 2016 Mesosphere, Inc. All Rights Reserved. MARATHON
 APP SPEC

    25 { "id": "/webserver", "instances": 5, "cpus": 0.1, "mem": 128, "container": { "type": "DOCKER", "docker": { "image": "nginx:1.9.14", "network": "BRIDGE", "portMappings": [ { "containerPort": 80, "hostPort": 0 } ] } }, "upgradeStrategy": { "minimumHealthCapacity": 0.9 }, "acceptedResourceRoles": [ "slave_public" ] }

26. © 2016 Mesosphere, Inc. All Rights Reserved. MARATHON UI/UX 26

27. © 2015 Mesosphere, Inc. All Rights Reserved. CONTAINER OPERATIONS CI/CD

    PIPELINES, LOAD BALANCING & DEPLOYMENT STRATEGIES 27

28. © 2016 Mesosphere, Inc. All Rights Reserved. APPOPS
 LIFE CYCLE

    28

29. © 2016 Mesosphere, Inc. All Rights Reserved. CI/CD PIPELINES 29

30. © 2016 Mesosphere, Inc. All Rights Reserved. CI/CD PIPELINES 30

    https://github.com/mesosphere/training/tree/master/dcos-bootcamp-04-2016/ci-cd

31. © 2016 Mesosphere, Inc. All Rights Reserved. DC/OS SERVICE DISCOVERY

    31 DNS-based easy to integrate SRV records no health checks TTL Proxy-based no port conflicts fast failover no UDP management of VIPs (Minuteman) or service ports (Marathon-lb) Application-aware developer fully in control and full-feature implementation effort requires distributed state management (ZK, etcd or Consul) examples:
 Mesos-DNS,Consul examples:
 Minuteman, Marathon-lb examples:
 Roll-your-own, Finagle

32. © 2016 Mesosphere, Inc. All Rights Reserved. LOAD BALANCING TERMINOLOGY

    32 rolling deployment bring up N instances of new app & terminate N instances of old app until all old instances are gone goal: minimize capacity requirements blue-green deployment launch a new stack and switch traffic from old to new when the new instances are healthy goal: minimize impact of regressions, friction, delays, and allow easy rollbacks canary deployment bring up a new stack, start by routing a small portion of traffic to the new app, and slowly increase goal: test production traffic slowly & safely

33. © 2016 Mesosphere, Inc. All Rights Reserved. DC/OS LOAD BALANCING

    33 • Cluster-internal: Minuteman, a L4 distributed LB, usage via VIP in Marathon • Internal or edge: Marathon-lb, dynamically updates HAProxy, usage via package+service ports in Marathon • External, for example Azure's offerings

34. © 2016 Mesosphere, Inc. All Rights Reserved. DEPLOYMENT STRATEGIES 34

    • Based on health checks • Policy via • minimumHealthCapacity float value between 0—1, specifies % of app instances to maintain healthy while performing deployment • maximumOverCapacity float value between 0 — 1, specifies the maximum % of instances that can be over capacity during deployment

35. © 2015 Mesosphere, Inc. All Rights Reserved. HOW ABOUT SOME

    LOAD TESTING? 35

36. © 2015 Mesosphere, Inc. Hands-on … 36

37. © 2015 Mesosphere, Inc. All Rights Reserved. LEARNING RESOURCES 37

38. © 2016 Mesosphere, Inc. All Rights Reserved. 38 WHERE CAN


    I LEARN MORE? http://shop.oreilly.com/product/9781939902184.do 38 http://shop.oreilly.com/product/0636920035671.do

39. © 2016 Mesosphere, Inc. All Rights Reserved. 39 WHERE CAN


    I LEARN MORE? 39 https://www.nginx.com/resources/library/docker-networking/

40. © 2016 Mesosphere, Inc. All Rights Reserved. 40 WHERE CAN


    I LEARN MORE? http://shop.oreilly.com/product/0636920039952.do https://manning.com/books/mesos-in-action 40

41. © 2016 Mesosphere, Inc. All Rights Reserved. Q & A

    41 • @mhausenblas • mhausenblas.info • [email protected] https://dcos.io