Introduction to Docker & CoreOS

Dennis Benkert@denderello

Simple service orchestration, built for developers.

Based in Cologne, Germany.Ten terrific folks, and hiring!

http://giantswarm.io/

What is Docker?

Docker

● Isolation of processes in linux containers● Lightweight and fast● Portable

Docker Technology

● Utilized LXC until version 0.9● Now uses libcontainer which e.g. supports

systemd-nspawn, libvirt-lxc, BSD-Jails, etc.● Copy-On-Write filesystem (e.g. AUFS or

BTRFS)● Written in Go

Copy-On-Write filesystem

Dockerfile

FROM ubuntu:14.04

RUN apt-get update && \

apt-get -y install redis-server

EXPOSE 6379

ENTRYPOINT ["/usr/bin/redis-server"]

$ docker build -t denderello/redis .

$ docker run -d --name redis -p 6379:6379 \

denderello/redis

$ nc localhost 6379

Running containers

What is CoreOS?

CoreOS enables warehouse-scale computing on top of a minimal, modern operating system.A new Linux Distribution to provide features needed to run modern infrastructure stacks.

Minimal Linux

Features

● Automatic Updates● Docker Containers● Cluster management● Service Discovery

Linux Basis

● Based on Gentoo● systemd● btrfs● Images for PXE,

OpenStack, AWS, GCE, Vagrant

“Immutable” System

● Read-only rootfs● Writeable overlay on /etc

No classic package manager

● ChromeOS inspired update engine● Atomic Updates● Rollbacks● Using Docker to distribute software

CoreOS own tools

● Etcd● Locksmith● Cloud-config● Flannel● Fleet

https://github.com/coreos

EtcdA highly-available key value store for shared configuration and service discovery.

Etcd

● Basis for> Configuration management> Service Discovery

● REST Interface● Raft consensus algorithm

http://raftconsensus.github.io/

Etcd Cluster

Discovery API

$> curl https://discovery.etcd.io/new

https://discovery.etcd.io/463c1435f9f63c952e0899b1f459c0fe

$> curl -s https://discovery.etcd.io/463c1435f9f63c952e0899b1f459c0fe | jq ".node.nodes[].value"

"http://172.31.19.1:7001"

"http://172.31.19.0:7001"

"http://172.31.18.255:7001"

LocksmithReboot manager for the CoreOS update engine.

Locksmith

● Reboot strategies for CoreOS updates● Uses etcd for distributed locks● Alpha, Beta, Stable channels

Cloud ConfigCustomize a CoreOS machine through user-data.

Cloud Config

● Initialization of your instances● Configure etcd, fleet, locksmith● YAML file● eg. EC2 user-data, Autoscaler launch-

config

Configure your cluster

#cloud-config

coreos:

update:

reboot-strategy: etcd-lock

Configure your cluster

#cloud-config

coreos:

update:

reboot-strategy: etcd-lock

etcd:

discovery: https://discovery.etcd.io/<token>

Configure your cluster

#cloud-config

coreos:

update:

reboot-strategy: etcd-lock

etcd:

discovery: https://discovery.etcd.io/<token>

users:

- name: denderello

ssh-authorized-keys: ...

FlannelOverlay networks backed by etcd.

Cloud overlay network

● One subnet per machine● Get rid of docker port mapping● Let containers talk to each other via IP

addresses

Backends

● Encapsulate packets in UDP● VXLAN implementation coming

FleetSystemd for the cluster

Fleet

● CLI and API to start your containers● Uses etcd and systemd

Fleet deployment

Fleet Scheduler

● Relatively simple> By meta data> Same machine/exclusion

● Resolve service dependencies!● More to come

> Resource management (CPU, memory etc.)

Unit file

[Unit]

Description=A Redis Server

[Service]

TimeoutStartSec=0

ExecStartPre=/usr/bin/docker pull denderello/redis

ExecStart=/usr/bin/docker run --rm -p 6379 --name %n denderello/redis

ExecStop=/usr/bin/docker stop %n

Manage a service

$> fleetctl start redis.service

$> fleetctl list-units

$> fleetctl status redis.service

$> fleetctl journal redis.service

$> fleetctl stop redis.service

$> fleetctl destroy redis.service

Service Discovery

Three-Tier Application

● Load Balancer● App● Database

Sidekick

Keep configuration out of your app

Ambassador

Reverse proxy for your serviceKeep service discovery out of your app

Using CoreOS

Thanks for listening!Reach out:Dennis Benkert@denderello@giantswarm