14
DockerCon 2016 -- recap Tuna http://www.meetup.com/docker-hanoi/

Docker 1.12 (dockercon recap)

Embed Size (px)

Citation preview

DockerCon 2016--recap

Tuna

http://www.meetup.com/docker-hanoi/

What’vewegothere

• Docker1.12(currentlyrc4,plannedtobeGAinJuly)• SwarmMode

• SwarmKit• Networkingmodel• DistributedApplicationBundle• Securityoutofthebox• Container̀ healthcheck`inDockerfile• Pluginsubcommands

• DockerforMac(&Windows– butI’mnotusingWindowsanymore)• DockerforAWSandAzurebeta• Otherannouncements

Docker1.12

• DockerSwarmMode• CLI- newobjects

• Service• Node• Plugin• Stack• Deploy

• Installation:• Linux:curl-fsSL

https://experimental.docker.com/|sh

• Mac&Win:downloadpackages

SwarmMode

• Technologies• SwarmKit(orchestration)

• https://github.com/docker/swarmkit• Raftconsensusgroup(managerleaderelection)

• https://raft.github.io/raft.pdf• Gossipnetwork(worker-to-workerinternalcommunication)

• http://web.mit.edu/vdb/www/6.977/l-shah.pdf• LinuxIPVS(in-kernelLayer4multi-protocolloadbalancer)

• http://www.linuxvirtualserver.org/software/ipvs.html• Routingpackets insidethekernel->highperformancecontainer-awareloadbalancing

• gRPC (inter-nodecommunication)• http://www.grpc.io

• Protobufs (transmittingdata)• https://github.com/google/protobuf

SwarmMode

• Features• Resiliency

• Swarmmodewillcontinuouslycheckandreconciletheenvironmentwhenthingsgoawry

• Self-healing(containersarecrashed)• Self-Organizing(nodesarecrashed)

• RollingUpdate• --update-delay,--update-parallelism

• ReplicatedorGlobalServices• R:anynumberofcontainerswillbespreadacrosstheavailablehosts.• G:scheduleoneinstancethesamecontaineroneveryhostintheswarm.

• Constraints

SwarmModeinternal

• Manager• Orchestratethecluster• Performthehealth-check• ServiceAPIrequests• Scheduletaskstoworkerstoalwaysreachthedesiredstate.

• Workers• Executethetasks(containeractually,supposetosupportrktformat)

SwarmModeinternal

• Managersandworkersusetwodifferentcommunicationmodels.• Managers– RAFT

• Leaderfollowermodel.• Keeponeleaderallthetime.

• Workers- GOSSIPnetworkprotocol• Generatebroadcastmessageinaspecificoverlaynetworkoncenewcontainergetsgenerated.

• Internalcommunicationinsidespecificoverlaynetwork,notglobal.

SwarmKit – takeaquicklookinsidethecodewhathappenswheneveranewserviceiscreated.

RAFT

• http://thesecretlivesofdata.com/raft/• Leaderelection• Logreplication

Docker1.12Networkingmodel

• EverycontainerhasanIPaddressonthreeoverlaynetworks:• Ingress(onlywithpublishedcontainer)• docker_gwbridge• user-definedoverlay

Docker1.12Networkingmodel

• IngressNetworking• Usedtoexposeservicestobeavailableexternallytotheswarm.• SwarmmanagercanautomaticallyassignaPublishedPort oryoucanconfiguremanually.(range:30000– 32767)• Everynodeintheclusterlistensonthisportandroutestraffictotheservice’scontainers.• Onlyserviceshasaportpublished(-p)requiretheingressnetwork.Othersarenotattachedtotheingressnetwork.

Docker1.12Networkingmodel

• Docker_gwbridge• Isaddedonlyfornon-internalnetworks• Internalnetworkscanbecreatedwith--internalflag.• Thisnetworkallowsthecontainerstohaveexternalconnectivityoutsideoftheircluster.

• User-definedOverlaynetwork

• Others– defaultnetworks• https://docs.docker.com/v1.10/engine/userguide/networking/dockernetworks/

Docker1.12Networkingmodel

• RoutingMesh• LinuxIVPS• DNS-basedservicediscovery• Everynodelistenson80• Transparentlyreroutethetrafficbetweennodes.

DistributedApplicationBundle(DAB)

• Asinglefiledeclaresastackofservices.• Service• Versioning

• Stillexperimental,lotsofunsupportedkeys.