docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer /...

34
docker service is the new docker run Getting Started with Docker Clustering Mike Goelzer / [email protected] / @mgoelzer Docker Inc.

Transcript of docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer /...

Page 1: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

docker service is the new docker runGetting Started with Docker Clustering

Mike Goelzer / [email protected] / @mgoelzerDocker Inc.

mailto:[email protected]
Page 2: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

docker service is the new docker run

docker run nginx

docker run -p 3375:2375 swarm ; docker run -H :3375 nginx

Swarm Mode in Docker Enginedocker swarm init ;docker service create nginx

2013-14

2014-15

2016

Page 3: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Features Walkthrough

Page 4: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Swarm Mode

$ docker swarm init

Page 5: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Swarm Mode

$ docker swarm init

$ docker swarm join <IP of manager>:2377

Engine

Page 6: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Engine

Engine

EngineEngine Engine

Swarm Mode

$ docker swarm init

$ docker swarm join <IP of manager>:2377

Page 7: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Engine

Engine

EngineEngine Engine

Services

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

mynet

Page 8: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Engine

Engine

EngineEngine Engine

Services

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

$ docker service create --name redis --network mynet redis:latest

mynet

Page 9: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Engine

Engine

EngineEngine Engine

Node Failure

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

$ docker service create --name redis --network mynet redis:latest

mynet

Page 10: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Engine

Engine

EngineEngine Engine

Node Failure

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

$ docker service create --name redis --network mynet redis:latest

mynet

Page 11: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Engine

Engine

EngineEngine

Desired State ≠ Actual State

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

$ docker service create --name redis --network mynet redis:latest

mynet

Page 12: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Engine

Engine

EngineEngine

Converge Back to Desired State

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

$ docker service create --name redis --network mynet redis:latest

mynet

Page 13: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Engine

Engine

EngineEngine

Scaling

$ docker service update --replicas 6 frontend

mynet

Page 14: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Engine

Engine

EngineEngine

Scaling

$ docker service update --replicas 10 frontend

mynet

Page 15: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Engine

Engine

EngineEngine

Global Services

$ docker service create --mode=global --name prometheus prom/prometheus

mynet

Page 16: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Engine

Engine

EngineEngine

Constraints

Engine

docker daemon --label com.example.storage="ssd"

docker daemon --label com.example.storage="ssd"

Page 17: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Engine

Engine

EngineEngine

Constraints

$ docker service create --replicas 3 --name frontend --network mynet -p 8080:80 --constraint engine.labels.com.example.storage==ssd frontend:latest

Engine

docker daemon --label com.example.storage="ssd"

docker daemon --label com.example.storage="ssd"

Page 18: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Engine

Engine

Engine

EngineEngine

Constraints

$ docker service create --replicas 3 --name frontend --network mynet -p 8080:80 --constraint engine.labels.com.example.storage==ssd frontend:latest

$ docker service update --replicas 10 frontend

Engine

docker daemon --label com.example.storage="ssd"

docker daemon --label com.example.storage="ssd"

Page 19: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

HEALTHCHECK --interval=5m --timeout=3s

--retries 3

CMD curl -f http://localhost/ || exit 1

Check web server every 5 minutes, require < 3 sec latency.>= 3 consecutive failures sets unhealthy state

Coming soon: health checks in official images

Container Health Check in Dockerfile

http://localhost/
Page 20: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Routing Mesh• Operator reserves a

swarm-wide ingress port (8080) for myapp

• Every node listens on 8080• Container-aware routing mesh

can transparently reroute traffic from Worker3 to a node that is running container

• Built in load balancing into the Engine

• DNS-based service discovery

:8080

User accesses myapp.com:8080

:8080 :8080

frontend frontend

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

frontend

Page 21: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Routing Mesh: Published Ports• Operator reserves a

swarm-wide ingress port (8080) for myapp

• Every node listens on 8080• Container-aware routing mesh

can transparently reroute traffic from third node to a node that is running container

• Built in load balancing into the Engine

• DNS-based service discovery

:8080

User accesses myapp.com:8080

:8080 :8080

frontend frontend

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend_image:latest

frontend

Page 22: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Secure by default with end-to-end encryption• Out-of-the-box TLS

encryption and mutual auth

• Automatic cert rotation• External or self-signed

root CA• Cryptographic node

identity

CertificateAuthority

TLS

CertificateAuthority

TLS

CertificateAuthority

TLS

TLS TLSTLS

Page 23: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Scale: 2,000 Nodes and Counting● For now: community testing, crowd-sourced nodes, not funded by

Docker● Credit to: Chanwit Kaewkasi, Suranaree University of

Technology (SUT), Thailand● Results:

○ 2,384 nodes○ 96,287 containers○ Manager CPU/memory ≲15%○ Test stopped because 3rd-party monitoring failed

● https://github.com/swarm2k/swarm2k

@chanwit

https://github.com/swarm2k/swarm2k
https://github.com/swarm2k/swarm2k
Page 24: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Deep Dive: Topology

Page 25: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Node

Node

Node

NodeNode

Node

Topology

Node

Node

Node

Node

Node

Node

Page 26: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Node

Node

Node

NodeNode

Node

Topology: roles

Node

Node

Node

Node

Node

Node

Manager

Worker

Page 27: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Node

Node

Node

NodeNode

Node

Topology: roles

Node

Node

Node

Node

Node

Node

Manager

Worker

● Each Node has a role● Roles are dynamic● Programmable Topology

Page 28: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Topology: scaling model

Manager Manager Manager

Worker Worker Worker Worker Worker Worker

Page 29: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Topology: High Availability

Manager Manager Manager

Worker Worker Worker Worker Worker Worker

Leader FollowerFollower

Page 30: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Topology: High Availability

Manager Manager Manager

Worker Worker Worker Worker Worker Worker

Leader FollowerFollower

Page 31: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Topology: High Availability

Manager Manager Manager

Worker Worker Worker Worker Worker Worker

Follower FollowerLeader

Page 32: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Topology: High Availability

Manager Manager Manager

Worker Worker Worker Worker Worker Worker

Follower FollowerLeader

Page 33: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

DEMO

Page 34: docker run docker service is the new · Getting Started with Docker Clustering Mike Goelzer / mgoelzer@docker.com / @mgoelzer Docker Inc. docker service is the new docker run docker

Victor [email protected] / @vieux

Mike [email protected] / @mgoelzer

mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]

Host Health Monitoring with Docker Run

Host Health Monitoring with Docker Run

RancherOS - The perfect place to run Docker

RancherOS - The perfect place to run Docker

HPC meets Docker - Using Docker Containers to run HPC worloads

HPC meets Docker - Using Docker Containers to run HPC worloads

CloudStack Collab Conference 2015 Run CloudStack in Docker

CloudStack Collab Conference 2015 Run CloudStack in Docker

Dyalog's [Public] Docker Containers · 2020. 11. 11. · #dyalog20 Dyalog'sDocker Containers docker run ... map TCP ports docker run -it –p 8080:8080 dyalog/jarvis Maps port 8080

Dyalog's [Public] Docker Containers · 2020. 11. 11. · #dyalog20 Dyalog'sDocker Containers docker run ... map TCP ports docker run -it –p 8080:8080 dyalog/jarvis Maps port 8080

Con$nuous’Deployment’ with’Docker’files.meetup.com/5297812/AWS-Docker-CI.pdfdocker tag imagename registryname/ imagename Docker’Image’ Docker’ Container’ docker run

Con$nuous’Deployment’ with’Docker’files.meetup.com/5297812/AWS-Docker-CI.pdfdocker tag imagename registryname/ imagename Docker’Image’ Docker’ Container’ docker run

Easier Development and Deployment @bhosmer - @ron williams fo… · Easier Development and Deployment! ... $ docker build! $ docker run! $ docker start! $ docker stop! $ docker logs!

Easier Development and Deployment @bhosmer - @ron williams fo… · Easier Development and Deployment! ... $ docker build! $ docker run! $ docker start! $ docker stop! $ docker logs!

Docker Escape Technology-Eng - CanSecWest · How Docker works Client-Server : Build, Ship, Run MAIL Docker Container WEB Docker Container DB… Docker Container Docker LINUX OS INFRASTRUCTURE

Docker Escape Technology-Eng - CanSecWest · How Docker works Client-Server : Build, Ship, Run MAIL Docker Container WEB Docker Container DB… Docker Container Docker LINUX OS INFRASTRUCTURE

Docker Security 201 - Global AppSec · 2018-07-28 · – docker run -e SECRET=myprrecious image – docker run –env-file ./secretsfile.txt image Kubernetes + YAML secrets: be careful

Docker Security 201 - Global AppSec · 2018-07-28 · – docker run -e SECRET=myprrecious image – docker run –env-file ./secretsfile.txt image Kubernetes + YAML secrets: be careful

CCCEU15 run cloudstack in docker

CCCEU15 run cloudstack in docker

Docker - Nico Maas"Hallo Docker Meetup 2016!" ausführen II. Demo Docker Grundlagen 14.10.2016 • docker run -d nmaas87/docker-openwrt ping 127.0.0.1 -c 50 • ping Befehl im deattached

Docker - Nico Maas"Hallo Docker Meetup 2016!" ausführen II. Demo Docker Grundlagen 14.10.2016 • docker run -d nmaas87/docker-openwrt ping 127.0.0.1 -c 50 • ping Befehl im deattached

Microsoft and Docker - files.meetup.com and Docker.pdf · docker.com Docker - Build, Ship, and Run.. New: Docker Orchestration Tools Assemble multi-container apps, run on any infrastructure.

Microsoft and Docker - files.meetup.com and Docker.pdf · docker.com Docker - Build, Ship, and Run.. New: Docker Orchestration Tools Assemble multi-container apps, run on any infrastructure.

Container as a Service on GPU Cloud: Our Decision among ... · Wrap docker run and docker create commands e.g. $ nvidia-docker run --rm nvidia/cuda nvidia-smi Add docker cli options

Container as a Service on GPU Cloud: Our Decision among ... · Wrap docker run and docker create commands e.g. $ nvidia-docker run --rm nvidia/cuda nvidia-smi Add docker cli options

OFBiz Development with Docker - events.static.linuxfound.org€¦ · OFBiz Development with Docker. 20150415 OFBIZ.APACHE.ORG PRELIMINARY 16 docker Dockerfile A simple way to run

OFBiz Development with Docker - events.static.linuxfound.org€¦ · OFBiz Development with Docker. 20150415 OFBIZ.APACHE.ORG PRELIMINARY 16 docker Dockerfile A simple way to run

Docker - Package and Run Applications with Linux Containers

Docker - Package and Run Applications with Linux Containers

Docker: Docker Tutorial for Beginners Build Ship and Run€¦ · Working with Docker Toolbox Let’s now look αt how Docker Toolbox cαn be used to work with Docker contαiners on

Docker: Docker Tutorial for Beginners Build Ship and Run€¦ · Working with Docker Toolbox Let’s now look αt how Docker Toolbox cαn be used to work with Docker contαiners on

Xen Containers: Better way to run Docker Containers5 Docker Containers Running • docker run/create/stop Building • docker build Packaging • docker push/pull/commit Docker –a

Xen Containers: Better way to run Docker Containers5 Docker Containers Running • docker run/create/stop Building • docker build Packaging • docker push/pull/commit Docker –a

Docker Containers - InterSystems · 2018. 6. 26. · (docker build –docker run) Imágenes Docker Múltiples capas de solo-lectura Construidas manualmente o vía Dockerfile Construye

Docker Containers - InterSystems · 2018. 6. 26. · (docker build –docker run) Imágenes Docker Múltiples capas de solo-lectura Construidas manualmente o vía Dockerfile Construye

Docker Threat Modeling and Top 10 - OWASP · – docker run -e SECRET=myprrecious image – docker run –env-file ./secretsfile.txt image Kubernetes + YAML secrets: be careful Mounts

Docker Threat Modeling and Top 10 - OWASP · – docker run -e SECRET=myprrecious image – docker run –env-file ./secretsfile.txt image Kubernetes + YAML secrets: be careful Mounts

Introduction to Docker container syntax and environment · Intro to docker commands Getting help: docker --help: listsallDocker commands docker run --help: lists all options for the

Introduction to Docker container syntax and environment · Intro to docker commands Getting help: docker --help: listsallDocker commands docker run --help: lists all options for the