DockerCon SF 2015: Running Aground Debugging Docker in Production
Docker 1.12 (dockercon recap)
-
Upload
nguyen-anh-tu -
Category
Technology
-
view
257 -
download
0
Transcript of Docker 1.12 (dockercon recap)
What’vewegothere
• Docker1.12(currentlyrc4,plannedtobeGAinJuly)• SwarmMode
• SwarmKit• Networkingmodel• DistributedApplicationBundle• Securityoutofthebox• Container̀ healthcheck`inDockerfile• Pluginsubcommands
• DockerforMac(&Windows– butI’mnotusingWindowsanymore)• DockerforAWSandAzurebeta• Otherannouncements
Docker1.12
• DockerSwarmMode• CLI- newobjects
• Service• Node• Plugin• Stack• Deploy
• Installation:• Linux:curl-fsSL
https://experimental.docker.com/|sh
• Mac&Win:downloadpackages
SwarmMode
• Technologies• SwarmKit(orchestration)
• https://github.com/docker/swarmkit• Raftconsensusgroup(managerleaderelection)
• https://raft.github.io/raft.pdf• Gossipnetwork(worker-to-workerinternalcommunication)
• http://web.mit.edu/vdb/www/6.977/l-shah.pdf• LinuxIPVS(in-kernelLayer4multi-protocolloadbalancer)
• http://www.linuxvirtualserver.org/software/ipvs.html• Routingpackets insidethekernel->highperformancecontainer-awareloadbalancing
• gRPC (inter-nodecommunication)• http://www.grpc.io
• Protobufs (transmittingdata)• https://github.com/google/protobuf
SwarmMode
• Features• Resiliency
• Swarmmodewillcontinuouslycheckandreconciletheenvironmentwhenthingsgoawry
• Self-healing(containersarecrashed)• Self-Organizing(nodesarecrashed)
• RollingUpdate• --update-delay,--update-parallelism
• ReplicatedorGlobalServices• R:anynumberofcontainerswillbespreadacrosstheavailablehosts.• G:scheduleoneinstancethesamecontaineroneveryhostintheswarm.
• Constraints
SwarmModeinternal
• Manager• Orchestratethecluster• Performthehealth-check• ServiceAPIrequests• Scheduletaskstoworkerstoalwaysreachthedesiredstate.
• Workers• Executethetasks(containeractually,supposetosupportrktformat)
SwarmModeinternal
• Managersandworkersusetwodifferentcommunicationmodels.• Managers– RAFT
• Leaderfollowermodel.• Keeponeleaderallthetime.
• Workers- GOSSIPnetworkprotocol• Generatebroadcastmessageinaspecificoverlaynetworkoncenewcontainergetsgenerated.
• Internalcommunicationinsidespecificoverlaynetwork,notglobal.
Docker1.12Networkingmodel
• EverycontainerhasanIPaddressonthreeoverlaynetworks:• Ingress(onlywithpublishedcontainer)• docker_gwbridge• user-definedoverlay
Docker1.12Networkingmodel
• IngressNetworking• Usedtoexposeservicestobeavailableexternallytotheswarm.• SwarmmanagercanautomaticallyassignaPublishedPort oryoucanconfiguremanually.(range:30000– 32767)• Everynodeintheclusterlistensonthisportandroutestraffictotheservice’scontainers.• Onlyserviceshasaportpublished(-p)requiretheingressnetwork.Othersarenotattachedtotheingressnetwork.
Docker1.12Networkingmodel
• Docker_gwbridge• Isaddedonlyfornon-internalnetworks• Internalnetworkscanbecreatedwith--internalflag.• Thisnetworkallowsthecontainerstohaveexternalconnectivityoutsideoftheircluster.
• User-definedOverlaynetwork
• Others– defaultnetworks• https://docs.docker.com/v1.10/engine/userguide/networking/dockernetworks/
Docker1.12Networkingmodel
• RoutingMesh• LinuxIVPS• DNS-basedservicediscovery• Everynodelistenson80• Transparentlyreroutethetrafficbetweennodes.