Embed Size (px)
Citation preview
BRET FISHERDocker Captain, DevOps Dude, Author of Docker Mastery
Building Your Docker Tech Stack
bretfisher.com/docker
docker.com/captains
bretfisher.com/youtube
bretfisher.com/podcast
Talk about server/cluster implementation "good defaults"Show examples of cluster architectureDiscuss tool stacks and optionsOptions for solo to medium-sized DevOps/Ops teams (.5-5)ASK QUESTIONS THROUGHOUT
4 Goals for Today
The Duality of Container Infrastructure“It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity...”
Charles Dickens A Tale of Two Cities, 1859
Limit "going production Docker" project scope. Go Lean!Focus first on quality DockerfilesStay on your familiar host OS with 4.x KernelUse base images of familiar OS (keep same pkg mgr)Swarm CE can be 1 or more nodes, use it everywhereSwarm EE is your "easy button" for security and ops
Last Time On Bret's DockerCon Talk
Do either, or both. Lots of pros/cons to eitherStick with what you know at firstDo some basic performance testing. You will learn lots!2017 Docker Inc. and HPE whitepaper on MySQL benchmark(authored by yours truly, and others)bretfisher.com/docker
Containers-on-VM or Container-on-Bare-Metal
Docker is very kernel and storage driver dependentInnovations/fixes are still happening here"Minimum" version != "best" versionNo pre-existing opinion? Ubuntu 18.04 LTS
Popular, well-tested with Docker4.x Kernel and wide storage driver support
Later consider minimal distro or "container-based OS"Get correct Docker for your distro from hub.docker.com
OS Linux Distribution/Kernel Matters
Container Clusters are Complex
Start small and simple, grow them as you grow
Container Clusters are Complex
EE Platform Architecture
PhysicalVirtualizationPublic Cloud
Platform Security
Developer Services
Registry Services
Access Policies
App Lifecycle Management
Automation & Extensibility
Networking Orchestration Storage
Container Engine
ENTERPRISE EDITION PLATFORM
CE Platform Architecture
Public Cloud
Overlay Swarm
Container Engine
COMMUNITY EDITION PLATFORM
PhysicalVirtualization
Platform Security
dogvs.cat App Serviceswww.dogvs.cat vote.dogvs.cat blog.dogvs.catresult.dogvs.cat
(Stack Files)
Good Defaults: Swarm Architectures
● Simple sizing guidelines based off:
○ Docker internal testing
○ Docker reference architectures
○ Real world deployments
○ Swarm3k lessons learned
Baby Swarm: 1-Node
● "docker swarm init" done!
●Solo VM's do it, so can Swarm
●Gives you more features then docker run
HA Swarm: 3-Node
●Minimum for HA
●All managers + workers
●One node can fail
●Use when very small budget
●Pet projects or Test/CI
Biz Swarm: 5-Node
●Better high-availability
●All managers + workers
●Two nodes can fail
●My minimum for uptime that affects $$$
Flexy Swarm: 10+ Nodes
●5 dedicated managers
●Workers in DMZ
●Anything beyond 5 nodes, stick with 5 managers and rest workers
●Control container placement with labels + constraints
Docker Enterprise Min
●3 dedicated managers (UCP)
●3 dedicated registries (DTR)
●Rest are dedicated workers
●success.docker.com/architectures
●docs.docker.com/ee/docker-ee-architecture
Swole Swarm: 100+ Nodes
●5 dedicated managers
●Resize Managers as you grow
●Multiple Worker subnets on Private/DMZ
●Control container placement with labels + constraints
Multi-Architecture
●Cluster different CPU's/OS's
●Linux + Windows + Mainframe + ARM
●Workloads assigned to their arch+os
What About Windows Server?●Works great on Win 2019, less so in 2016
●Try to use Semi-Annual Channel 1903 (Kubernetes support)
●Hard to be "Windows Only Swarm"
○Much of container landscape tools are Linux only
●My recommendation:
○Managers on Linux
○Reserve Windows for Windows-exclusive workloads
Don't Turn Cattle into Pets
● Assume nodes will be replaced
● Assume containers will be recreated
● Do everything in containers (troubleshooting, admin, backups, security)
Swarm CE
App Serviceswww.dogvs.cat vote.dogvs.cat blog.dogvs.catresult.dogvs.cat
App Services + L7 Proxy
www.dogvs.cat vote.dogvs.cat blog.dogvs.catresult.dogvs.cat
App Services + L7 Proxy + Overlay
www.dogvs.cat vote.dogvs.cat blog.dogvs.catresult.dogvs.cat
App Services + L7 Proxy + Ops
www.dogvs.cat vote.dogvs.cat blog.dogvs.catresult.dogvs.cat
Cluster + External Load Balancer
www.dogvs.cat vote.dogvs.cat blog.dogvs.catresult.dogvs.cat
Open Source Swarm StackSwarm GUI PortainerCentral Monitoring Prometheus + GrafanaCentral Logging Elastic ELKLayer 7 Proxy Traefik + Let's EncryptStorage REX-Ray + cloud storageNetworking Docker Swarm OverlayOrchestration Docker SwarmRuntime Docker CEHW / OS Terraform + Cloud Instances
SummaryInfrastructure as code, make everything repeatableNo "special" nodes, use remote managementGrow as you go, assume you'll resizeLook for compose files of popular tools to make stacksDon't throw out the good in search of the perfect
Thanks! 🤗bretfisher.com/docker
