What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
-
Upload
docker-inc -
Category
Technology
-
view
7.428 -
download
0
Transcript of What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
Overview of new features• Orchestration• Swarm mode• Docker services• Secure by default• Networking
• Live Restore• Container Healthchecks• Plugin Improvements
Swarm Mode• Your Docker Engine is now cluster-aware• The best way to orchestrate Docker is Docker• Really easy to set up your cluster and manage deployments
Swarm mode
$ docker swarm init
$ docker swarm join <manager IP>:2377
Engine Engine
Engine
Engine
Engine
Services
$ docker service create \
--replicas 3 \
--name frontend \
--network mynet \
--publish 80:80/tcp \
frontend_image:latest
Engine Engine
Engine
Engine
Engine
mynet
Services
$ docker service create \
--name redis \
--network mynet \
redis:latest
Engine Engine
Engine
Engine
Engine
mynet
Node Failure
$ docker service create \
--name redis \
--network mynet \
redis:latest
Engine Engine
Engine
Engine
Engine
mynet
Desired State ≠ Actual State
Engine
Engine
Engine
Engine
mynet
$ docker service create \
--replicas 3 \
--name frontend \
--network mynet \
--publish 80:80/tcp \
frontend_image:latest
Converge back to Desired State
Engine
Engine
Engine
Engine
mynet
$ docker service create \
--replicas 3 \
--name frontend \
--network mynet \
--publish 80:80/tcp \
frontend_image:latest
Global Services
$ docker service create \
--mode=global \
--name=prometheus \
prom/prometheus
Engine Engine
Engine
Engine
Engine
Constraints
Engine Engine
Engine
Engine
Engine $ docker daemon --label
com.example.storage=“ssd”
$ docker daemon --label
com.example.storage=“ssd”
Constraints
$ docker service create \
--replicas 5 \
--name frontend \
--network mynet \
--publish 80:80/tcp \
--constraint engine.labels.com.example.storage==ssd
frontend_image:latest
Engine Engine
Engine
Engine
Engine
mynet
$ docker daemon --label
com.example.storage=“ssd”
$ docker daemon --label
com.example.storage=“ssd”
Constraints
Engine Engine
Engine
Engine
Engine
mynet
$ docker daemon --label
com.example.storage=“ssd”
$ docker daemon --label
com.example.storage=“ssd”
$ docker service scale frontend=10
Rolling Updates
$ docker service create \
--replicas 8 \
--name frontend \
--network mynet \
--publish 80:80/tcp \
frontend_image:v1.0
Engine Engine
Engine
Engine
Engine
mynet
Rolling Updates
$ docker service update \
--image frontend_image:v2.0 \
--update-delay 10s \
--update-parallelism 2 \
frontend
Engine Engine
Engine
Engine
Engine
mynet
Rolling Updates
$ docker service update \
--image frontend_image:v2.0 \
--update-delay 10s \
--update-parallelism 2 \
frontend
Engine Engine
Engine
Engine
Engine
mynet
Rolling Updates
$ docker service update \
--image frontend_image:v2.0 \
--update-delay 10s \
--update-parallelism 2 \
frontend
Engine Engine
Engine
Engine
Engine
mynet
Rolling Updates
$ docker service update \
--image frontend_image:v2.0 \
--update-delay 10s \
--update-parallelism 2 \
frontend
Engine Engine
Engine
Engine
Engine
mynet
Rolling Updates
$ docker service update \
--image frontend_image:v2.0 \
--update-delay 10s \
--update-parallelism 2 \
frontend
Engine Engine
Engine
Engine
Engine
mynet
Overview of new features• Orchestration• Swarm mode• Docker services• Secure by default• Networking
• Live Restore• Container Healthchecks• Plugin Improvements
Secure by Default with end to end Encryption• Cryptographic node
identity• Automatic encryption
and mutual auth (TLS)• Automatic certificate
rotation• External CA integration
Manager[TLS][CA]
Manager[TLS][CA]
Manager[TLS][CA]
Agent[TLS]
Agent[TLS]
Agent[TLS]
Overview of new features• Orchestration• Swarm mode• Docker services• Secure by default• Networking
• Live Restore• Container Healthchecks• Plugin Improvements
Routing Mesh• Operator reserves a
swarm-wide ingress port (8080) for myapp
• Every node listens on 8080
Manager
Agent 1 Agent 2 Agent 3
$ docker service create \
--replicas 3 \
--name frontend \
--network mynet \
--publish 8080:80/tcp \
frontend_image:latest
:8080 :8080 :8080
:8080
access
myapp.com:8080
Routing Mesh• Container-aware
routing mesh can transparently reroute traffic to a node that is running the container• Built-in (layer 4)
load balancing• DNS-based service
discovery
Manager
Agent 1 Agent 2 Agent 3
$ docker service create \
--replicas 3 \
--name frontend \
--network mynet \
--publish 8080:80/tcp \
frontend_image:latest
:8080 :8080 :8080
:8080
access
myapp.com:8080
Swarm Mode is Optional• Docker 1.12 is fully backwards compatible• You can continue to use your old deployments without Swarm Mode• Swarm Mode is now the easiest way to try orchestration with Docker
Overview of new features• Orchestration• Swarm mode• Docker services• Secure by default• Networking
• Live Restore• Container Healthchecks• Plugin Improvements
Live Restore
{
“live-restore”: true
}
• By default, terminating Docker daemon shuts down running containers• Starting with 1.12, it is possible to configure the daemon so that containers
remain running when daemon becomes unavailable• Useful for upgrades, planned outages, crashes• Either update the default configuration file
• Or pass a flag when starting the daemon
$ sudo dockerd --live-restore
Container Healthchecks in Dockerfile
• Checks every 5 minutes that web server can return index page within 3 seconds• Three consecutive failures puts container in an unhealthy state• Works with services in Swarm Mode
HEALTHCHECK --interval=5m --timeout=3s
--retries=3
CMD curl –f http://localhost/ || exit 1
New Plugin Subcommands (Experimental)
$ docker plugin install tiborvass/no-remove
$ docker plugin enable no-remove
$ docker plugin disable no-remove
Plugin Permissions Model
$ docker plugin install tiborvass/no-remove
Plugin “tiborvass/no-remove:latest” requested the following
privileges:
- Networking: host
- Mounting host path: /data
Do you grant the above permissions? [y/N]
Overview of new features
• Strongly consistent – holds desired state• Simple to operate• Fast (in-memory reads, domain specific indexing, …)• Secure