docker service and Docker Orchestration

docker service and Docker Orchestration Getting Started with Docker Clustering
Mike Goelzer / [email protected] / @mikegoelzer Docker Inc.

The evolution of Docker orchestration docker run nginx Swarm mode
clustering + Docker Services in Engine ON-TRACK 2013-14 2014-present 2016 (Backed by docker/swarmkit)

Swarm mode & Docker Services

Engine Swarm Mode $ docker swarm init

Engine Swarm Mode $ docker swarm init $ docker swarm
join <IP of manager>:2377 Engine

Engine Engine Engine Engine Engine Engine Swarm Mode $ docker
swarm init $ docker swarm join <IP of manager>:2377

Engine Engine Engine Engine Engine Engine Services $ docker service
create --replicas 3 --name frontend --network mynet -p 8080:80 frontend:latest mynet

Engine Engine Engine Engine Engine Engine Services $ docker service
create --replicas 3 --name frontend --network mynet -p 8080:80 frontend:latest $ docker service create --name redis --network mynet redis:latest mynet

Engine Engine Engine Engine Engine Engine Node Failure & Reconciliation
$ docker service create --replicas 3 --name frontend --network mynet -p 8080:80 frontend:latest $ docker service create --name redis --network mynet redis:latest mynet

Engine Engine Engine Engine Engine Desired State ≠ Actual State

Engine Engine Engine Engine Engine Converge Back to Desired State

Engine Engine Engine Engine Engine Scaling $ docker service update
--replicas 6 frontend mynet

Engine Engine Engine Engine Engine Scaling $ docker service update
--replicas 10 frontend mynet

Engine Engine Engine Engine Engine Global Services $ docker service
create --mode=global --name prometheus prom/prometheus mynet

Engine Engine Engine Engine Engine Constraints Engine docker daemon --label
com.example.storage="ssd" docker daemon --label com.example.storage="ssd"

Engine Engine Engine Engine Engine Constraints $ docker service create
--replicas 3 --name frontend --network mynet -p 8080:80 --constraint engine.labels.com.example.storage==ssd frontend:latest Engine docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"

Engine Engine Engine Engine Engine Constraints $ docker service create
--replicas 3 --name frontend --network mynet -p 8080:80 --constraint engine.labels.com.example.storage==ssd frontend:latest $ docker service update --replicas 10 frontend Engine docker daemon --label com.example.storage="ssd" docker daemon --label com.example.storage="ssd"

Routing Mesh :8080 :8080 :8080 frontend frontend $ docker service
create --replicas 3 --name frontend --network mynet -p 8080:80 frontend:latest frontend External Load Balancer :8080 User browses to http://myapp.com Node 1 Node 2 Node 3 Node 4

Routing Mesh :8080 User browses to http://myapp.com :8080 :8080 frontend
frontend $ docker service create --replicas 3 --name frontend --network mynet -p 8080:80 frontend:latest frontend External Load Balancer :8080 Node 1 Node 2 Node 3 Node 4

Secure by default • Out-of-the-box TLS encryption and mutual auth
• Automatic cert rotation • External or self-signed root CA • Cryptographic node identity Certificate Authority TLS Certificate Authority TLS Certificate Authority TLS TLS TLS TLS

Scale: 2,000 Nodes and Counting • For now: community testing,
crowd-sourced nodes, not funded by Docker • Credit to: Chanwit Kaewkasi, Suranaree University of Technology (SUT), Thailand • Results: ◦ 2,384 nodes ◦ 96,287 containers ◦ Manager CPU/memory ≲15% ◦ Test stopped because 3rd-party monitoring failed • https://github.com/swarm2k/swarm2k @chanwit

Deep Dive: Swarm Topology

Node Node Node Node Node Node Topology Node Node Node
Node Node Node

Node Node Node Node Node Node Topology: roles Node Node
Node Node Node Node Manager Worker

Node Node Node Node Node Node Topology: roles Node Node
Node Node Node Node Manager Worker • Each Node has a role • Roles are dynamic • Programmable Topology

Flatten

Flat Topology Manager Manager Manager Worker Worker Worker Worker Worker
Worker

Topology: Scaling model Manager Manager Manager Worker Worker Worker Worker
Worker Worker

Topology: High Availability Manager Manager Manager Worker Worker Worker Worker
Worker Worker Leader Follower Follower Loss of Leader

Topology: High Availability Manager Manager Manager Worker Worker Worker Worker
Worker Worker Follower Follower Leader

Booth D38 @ LinuxCon + ContainerCon Tues Oct 4th •
Build Distributed Systems without Docker, using Docker Plumbing Projects - Patrick Chanezon, David Chung and Captain Phil Estes • Getting Started with Docker Services - Mike Goelzer • Swarmkit: Docker’s Simplified Model for Complex Orchestration - Stephen Day • User Namespace and Seccomp Support in Docker Engine - Paul Novarese • Build Efficient Parallel Testing Systems with Docker - Docker Captain Laura Frank Wed Oct 5th • How Secure is your Container? A Docker Engine Security Update - Phil Estes • Docker Orchestration: Beyond the Basics - Aaron Lehmann • When the Going gets Tough, get TUF Going - Riyaz Faizullabhoy and Lily Guo Thurs Oct 6th • Orchestrating Linux Containers while Tolerating Failures - Drew Erny • Unikernels: When you Should and When you Shouldn’t - Amir Chaudhry • Berlin Docker Meetup Friday Oct 7th • Tutorial: Comparing Container Orchestration Tools - Neependra Khare • Tutorial: Orchestrate Containers in Production at Scale with Docker Swarm - Jerome Petazzoni

Mike Goelzer [email protected] / @mikegoelzer

HEALTHCHECK --interval=5m --timeout=3s --retries 3 CMD curl -f http://localhost/ ||
exit 1 Check web server every 5 minutes, require < 3 sec latency. >= 3 consecutive failures sets unhealthy state Coming soon: health checks in official images Container Health Check in Dockerfile

docker service and Docker Orchestration

docker service and Docker Orchestration

Featured

Transcript