Upload
debra-robertson
View
146
Download
1
Embed Size (px)
Citation preview
Docker Networking in Swarm, Mesos, KubernetesApril 2016
Fawad Khaliq - @fawadkhaliq
Copyright © PLUMgrid, Inc. 2011-2016
IntroductionSpeaker
2
Sr. Software Engineer at PLUMgridKhaliqFawad
Twitter: @fawadkhaliq IRC: fawadkhaliq
Copyright © PLUMgrid, Inc. 2011-2016
• Introduction • Docker Orchestration Tools
• Docker Swarm • Mesos • Kubernetes
• Docker Networking • Early (host, bridge, container modes) • Modern (libnetwork)
• PLUMgrid’s involvement in the Docker ecosystem • Demo
Agenda
3
Orchestration Tools
4
Copyright © PLUMgrid, Inc. 2011-2016
• Scheduling • Scaling • Management • Upgrades • Availability • Service Discovery • Networking
Docker Orchestration Tools
5
Copyright © PLUMgrid, Inc. 2011-2016
Docker Swarm
6
Copyright © PLUMgrid, Inc. 2011-2016
Mesos
7
Copyright © PLUMgrid, Inc. 2011-2016
Kubernetes
8
Networking
9
Copyright © PLUMgrid, Inc. 2011-2016
• Early • Bridge mode • Host mode • Container mode
• Evolution • Container Network Model (CNM)
Docker Networking Strategies
10
Copyright © PLUMgrid, Inc. 2011-2016
Docker’s interface between the docker daemon and the network
Container Network Model (CNM)• Docker specific (Docker Swarm) • Network = Subnet • ‘Metadata’ to select group policies at the
network level • Options: arbitrary key/value data
libnetwork
11
Copyright © PLUMgrid, Inc. 2011-2016
docker network
create Create a network connect Connect container to a network disconnect Disconnect container from a network inspect Display network information ls List all networks rm Remove a network
Docker Network CLI
12
Copyright © PLUMgrid, Inc. 2011-2016
Container Network Interface Treats container / group (pod) of containers synonymous to Linux network namespaces Networks described on JSON based format for network and IPAM config in /etc/cni/net.d
{ "name": “test-net", "type": ”bridge”,#type of network plugin:bridge,macvlan,ipvlan,commercial "bridge": "cni0", "isGateway": true, "ipMasq": true, "ipam": { "type": “host-local", # can be pluggable IPAM "subnet": "10.22.0.0/16", "routes": [{ "dst": "0.0.0.0/0" }] }}
Capable to providing networking for Docker containers as well
Other networking options
13
Copyright © PLUMgrid, Inc. 2011-2016
Networking and Orchestration Tools Together
14
* In discussion phase ** In design/implementation phase
PLUMgrid’s Involvement in the Docker Ecosystem
15
Copyright © PLUMgrid, Inc. 2011-2016
• PLUMgrid and Docker Swarm • PLUMgrid libnetwork plugin • Available at https://github.com/plumgrid/libnetwork-plugin • Uses PLUMgrid Open Networking Suite
• PLUMgrid and Mesos • Mesos Networking under Docker containerizer • Mesos Networking Isolators
PLUMgrid in Docker Ecosystem
16
Copyright © PLUMgrid, Inc. 2011-2016
Docker Swarm and PLUMgrid
Libnetwork (CNM)
PLUMgrid Plugin
Slave Node
Con
tain
er
Con
tain
er
Con
tain
er
Con
tain
er
Doc
ker
Dae
mon
Master Node
Swarm Manager
Consul / etcd / …
Docker Daemon (in each slave)
Daemon
IOVisor
PLUMgrid Director Cluster
17
Copyright © PLUMgrid, Inc. 2011-2016
Docker Swarm and PLUMgrid
VD: t1
18
DEMO
19
Copyright © PLUMgrid, Inc. 2011-2016
Demo: Docker Swarm
20
OverviewNetwork Creation w/ Docker Swarm (libnetwork) Containers on-boarded on PLUMgrid VDs Security Policies
Use CaseMicro-segmentation & Networking for Containers and microservices
What to expectChanging Policies alters the traffic flow between containers
Environment
(408) 800-7586 www.plumgrid.com
5155 Old Ironsides Dr. Suite 200 Santa Clara, CA 95054
THANK YOU!Keep in Touch and Contact Us