What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

39
What’s New in Docker 1.12 Docker Meetup August 3, 2016 Nishant Totla @nishanttotla [email protected]

Transcript of What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Page 1: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

What’s New in Docker 1.12

Docker MeetupAugust 3, 2016

Nishant Totla@[email protected]

Page 2: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Overview of new features• Orchestration• Swarm mode• Docker services• Secure by default• Networking

• Live Restore• Container Healthchecks• Plugin Improvements

Page 3: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Swarm Mode• Your Docker Engine is now cluster-aware• The best way to orchestrate Docker is Docker• Really easy to set up your cluster and manage deployments

Page 4: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Swarm Mode

$ docker swarm init

Engine

Page 5: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Swarm mode

$ docker swarm init

$ docker swarm join <manager IP>:2377

Engine Engine

Page 6: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Swarm mode

$ docker swarm init

$ docker swarm join <manager IP>:2377

Engine Engine

Engine

Engine

Engine

Page 7: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Services

$ docker service create \

--replicas 3 \

--name frontend \

--network mynet \

--publish 80:80/tcp \

frontend_image:latest

Engine Engine

Engine

Engine

Engine

mynet

Page 8: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Services

$ docker service create \

--name redis \

--network mynet \

redis:latest

Engine Engine

Engine

Engine

Engine

mynet

Page 9: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Node Failure

$ docker service create \

--name redis \

--network mynet \

redis:latest

Engine Engine

Engine

Engine

Engine

mynet

Page 10: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Desired State ≠ Actual State

Engine

Engine

Engine

Engine

mynet

$ docker service create \

--replicas 3 \

--name frontend \

--network mynet \

--publish 80:80/tcp \

frontend_image:latest

Page 11: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Converge back to Desired State

Engine

Engine

Engine

Engine

mynet

$ docker service create \

--replicas 3 \

--name frontend \

--network mynet \

--publish 80:80/tcp \

frontend_image:latest

Page 12: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Service Scaling

Engine

Engine

Engine

Enginemynet

$ docker service scale frontend=6

Page 13: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Global Services

$ docker service create \

--mode=global \

--name=prometheus \

prom/prometheus

Engine Engine

Engine

Engine

Engine

Page 14: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Constraints

Engine Engine

Engine

Engine

Engine $ docker daemon --label

com.example.storage=“ssd”

$ docker daemon --label

com.example.storage=“ssd”

Page 15: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Constraints

$ docker service create \

--replicas 5 \

--name frontend \

--network mynet \

--publish 80:80/tcp \

--constraint engine.labels.com.example.storage==ssd

frontend_image:latest

Engine Engine

Engine

Engine

Engine

mynet

$ docker daemon --label

com.example.storage=“ssd”

$ docker daemon --label

com.example.storage=“ssd”

Page 16: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Constraints

Engine Engine

Engine

Engine

Engine

mynet

$ docker daemon --label

com.example.storage=“ssd”

$ docker daemon --label

com.example.storage=“ssd”

$ docker service scale frontend=10

Page 17: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Rolling Updates

$ docker service create \

--replicas 8 \

--name frontend \

--network mynet \

--publish 80:80/tcp \

frontend_image:v1.0

Engine Engine

Engine

Engine

Engine

mynet

Page 18: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Rolling Updates

$ docker service update \

--image frontend_image:v2.0 \

--update-delay 10s \

--update-parallelism 2 \

frontend

Engine Engine

Engine

Engine

Engine

mynet

Page 19: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Rolling Updates

$ docker service update \

--image frontend_image:v2.0 \

--update-delay 10s \

--update-parallelism 2 \

frontend

Engine Engine

Engine

Engine

Engine

mynet

Page 20: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Rolling Updates

$ docker service update \

--image frontend_image:v2.0 \

--update-delay 10s \

--update-parallelism 2 \

frontend

Engine Engine

Engine

Engine

Engine

mynet

Page 21: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Rolling Updates

$ docker service update \

--image frontend_image:v2.0 \

--update-delay 10s \

--update-parallelism 2 \

frontend

Engine Engine

Engine

Engine

Engine

mynet

Page 22: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Rolling Updates

$ docker service update \

--image frontend_image:v2.0 \

--update-delay 10s \

--update-parallelism 2 \

frontend

Engine Engine

Engine

Engine

Engine

mynet

Page 23: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Overview of new features• Orchestration• Swarm mode• Docker services• Secure by default• Networking

• Live Restore• Container Healthchecks• Plugin Improvements

Page 24: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Secure by Default with end to end Encryption• Cryptographic node

identity• Automatic encryption

and mutual auth (TLS)• Automatic certificate

rotation• External CA integration

Manager[TLS][CA]

Manager[TLS][CA]

Manager[TLS][CA]

Agent[TLS]

Agent[TLS]

Agent[TLS]

Page 25: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Overview of new features• Orchestration• Swarm mode• Docker services• Secure by default• Networking

• Live Restore• Container Healthchecks• Plugin Improvements

Page 26: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Routing Mesh• Operator reserves a

swarm-wide ingress port (8080) for myapp

• Every node listens on 8080

Manager

Agent 1 Agent 2 Agent 3

$ docker service create \

--replicas 3 \

--name frontend \

--network mynet \

--publish 8080:80/tcp \

frontend_image:latest

:8080 :8080 :8080

:8080

access

myapp.com:8080

Page 27: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Routing Mesh• Container-aware

routing mesh can transparently reroute traffic to a node that is running the container• Built-in (layer 4)

load balancing• DNS-based service

discovery

Manager

Agent 1 Agent 2 Agent 3

$ docker service create \

--replicas 3 \

--name frontend \

--network mynet \

--publish 8080:80/tcp \

frontend_image:latest

:8080 :8080 :8080

:8080

access

myapp.com:8080

Page 28: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Swarm Mode is Optional• Docker 1.12 is fully backwards compatible• You can continue to use your old deployments without Swarm Mode• Swarm Mode is now the easiest way to try orchestration with Docker

Page 29: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Overview of new features• Orchestration• Swarm mode• Docker services• Secure by default• Networking

• Live Restore• Container Healthchecks• Plugin Improvements

Page 30: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Live Restore

{

“live-restore”: true

}

• By default, terminating Docker daemon shuts down running containers• Starting with 1.12, it is possible to configure the daemon so that containers

remain running when daemon becomes unavailable• Useful for upgrades, planned outages, crashes• Either update the default configuration file

• Or pass a flag when starting the daemon

$ sudo dockerd --live-restore

Page 31: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Container Healthchecks in Dockerfile

• Checks every 5 minutes that web server can return index page within 3 seconds• Three consecutive failures puts container in an unhealthy state• Works with services in Swarm Mode

HEALTHCHECK --interval=5m --timeout=3s

--retries=3

CMD curl –f http://localhost/ || exit 1

Page 32: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

New Plugin Subcommands (Experimental)

$ docker plugin install tiborvass/no-remove

$ docker plugin enable no-remove

$ docker plugin disable no-remove

Page 33: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Plugin Permissions Model

$ docker plugin install tiborvass/no-remove

Plugin “tiborvass/no-remove:latest” requested the following

privileges:

- Networking: host

- Mounting host path: /data

Do you grant the above permissions? [y/N]

Page 34: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Demo!

Page 35: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Thank You! Questions?

Nishant Totla@[email protected]

Page 36: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Docker for AWS/Azure

Sign up for the beta at beta.docker.com

Page 37: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Swarm Topology

Page 38: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Overview of new features

• Strongly consistent – holds desired state• Simple to operate• Fast (in-memory reads, domain specific indexing, …)• Secure

Page 39: What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16

Overview of new features

• Eventually consistent – routing mesh, load balancing rules, …• High volume, p2p network between workers• Secure: symmetric encryption with key rotation in Raft


events.static.linuxfound.org · 2017-12-14 · OpenStack Cartridge Instance n create/destroy instances Cartridge Instance 2 os hardware Pocker Docker Docker Docker Docker Docker Docker

events.static.linuxfound.org · 2017-12-14 · OpenStack Cartridge Instance n create/destroy instances Cartridge Instance 2 os hardware Pocker Docker Docker Docker Docker Docker Docker

Docker Escape Technology-Eng - CanSecWest · How Docker works Client-Server : Build, Ship, Run MAIL Docker Container WEB Docker Container DB… Docker Container Docker LINUX OS INFRASTRUCTURE

Docker Escape Technology-Eng - CanSecWest · How Docker works Client-Server : Build, Ship, Run MAIL Docker Container WEB Docker Container DB… Docker Container Docker LINUX OS INFRASTRUCTURE

Elmada Clothing Portfolio 08.03.16

Elmada Clothing Portfolio 08.03.16

openQA - SUSE€¦ · Jenkins Gerrit Travis Selenium Docker Docker Docker Docker Docker Docker Docker Docker ... openQA runs tests on each Maintenance Update before being released

openQA - SUSE€¦ · Jenkins Gerrit Travis Selenium Docker Docker Docker Docker Docker Docker Docker Docker ... openQA runs tests on each Maintenance Update before being released

JAX-RS 3.0 The Next Generation - Java Forum Stuttgart · JAX-RS Container Java Runtime Docker Container Docker Container Docker Container Docker Container Docker Container Docker

JAX-RS 3.0 The Next Generation - Java Forum Stuttgart · JAX-RS Container Java Runtime Docker Container Docker Container Docker Container Docker Container Docker Container Docker

docker-machine, docker-compose, docker-swarm 覚書

docker-machine, docker-compose, docker-swarm 覚書

Docker 101: Introduction to Docker

Docker 101: Introduction to Docker

Docker - courses.moowan.me · § Docker สามารถย3ายและติดตั้งไปยังที่อื่นได3. 7 การติดตั้งDocker

Docker - courses.moowan.me · § Docker สามารถย3ายและติดตั้งไปยังที่อื่นได3. 7 การติดตั้งDocker

Bipin Relaince Project Totla Comp Hrd Bound

Bipin Relaince Project Totla Comp Hrd Bound

Installation, container management, Docker - iol.unibo.it · • Docker containers are built from Docker images. By default, Docker pulls these images from Docker Hub, a Docker registry

Installation, container management, Docker - iol.unibo.it · • Docker containers are built from Docker images. By default, Docker pulls these images from Docker Hub, a Docker registry

RESPUESTA FÍSICA TOTLA

RESPUESTA FÍSICA TOTLA

Docker Docker Docker - tuebix.github.io · § Docker-machine: Verwaltung der virtuellen Maschine § docker-machine ls § docker-machine ssh § /User gemountet § VirtualBox § Boot2docker:

Docker Docker Docker - tuebix.github.io · § Docker-machine: Verwaltung der virtuellen Maschine § docker-machine ls § docker-machine ssh § /User gemountet § VirtualBox § Boot2docker:

Docker presentation | Paris Docker Meetup

Docker presentation | Paris Docker Meetup

Docker on Docker

Docker on Docker

Chladničky a mrazničky Gastronomie a hotelnictví 2016 2017 · X_GHG_N_LE_XX_01_1603_05.indd 02 08.03.16 18:3808.03.16 18:17 X_GHG_N_LE_XX_01_1603_05.indd 03 08.03.16 18:38 Chladničky

Chladničky a mrazničky Gastronomie a hotelnictví 2016 2017 · X_GHG_N_LE_XX_01_1603_05.indd 02 08.03.16 18:3808.03.16 18:17 X_GHG_N_LE_XX_01_1603_05.indd 03 08.03.16 18:38 Chladničky

Docker Meetup Bangalore - Docker + Openstack

Docker Meetup Bangalore - Docker + Openstack

Docker en Production (Docker Paris)

Docker en Production (Docker Paris)

Docker Workshop - Orchestrating Docker Containers

Docker Workshop - Orchestrating Docker Containers

Docker Docker Docker Chef

Docker Docker Docker Chef

Xen Containers: Better way to run Docker Containers5 Docker Containers Running • docker run/create/stop Building • docker build Packaging • docker push/pull/commit Docker –a

Xen Containers: Better way to run Docker Containers5 Docker Containers Running • docker run/create/stop Building • docker build Packaging • docker push/pull/commit Docker –a