Service Discovery under Docker 1.12

Presenter Name : Ajeet Singh Raina

Presented Date: Aug 31, 2016

Presented at: Docker Online Meetup

2

ABOUT ME

#Contribution:

- Frequent Blogger – http://www.collabnix.com

- @Docker Captain

- Article Writing @ OSFY India

- Dell Community ( Containerizing Dell Legacy Application)

#Inside Dell:

- Project Lead Engineer(Global Solution Engineering)

- Worked in VMware, CGI , Dell R&D

- Solaris Lead Engineer ( Wiki Moderator)

• (t) – ajeetsraina (f) - Docker Public Group Moderator

#Reviewed Publications:

- Puppet for Containerization

- PowerCLI Cookbook

#Technology : Open Source Linux, Docker, Hadoop, Puppet

3

Agenda

• What’s new in Docker 1.12 Swarm Mode? – A Quick Recap

• Evolution of Service Discovery

• Definition of Service – An Approach to Service Discovery

• How Service Discovery works?

• A Quick Demo of Service Discovery

• Key Takeaways

4

What’s new in Docker 1.12?

5

Evolution of Service Discovery

Docker 1.9

/etc/hosts and /etc/resolv.conf

~ for the cluster service.

Disadvantage:

- Corrupted /etc/hosts

- Lacking of Load-Balancing Feature

Complex way of Service Discovery

Docker 1.10/1.11

- Embedded DNS

--network-alias=ALIAS

--link=CONTAINER_NAME:ALIAS

--dns=[IP_ADDRESS...]

--dns-search=DOMAIN

- Service Discovery through External Discovery backend like Consul, zookeeper etc.

Docker 1.12

- No External Service Discovery

Backend Required

- Service Discovery plumbed directly into $docker service

- Service ~ A First Class Citizen

- Network is scope of discoverability.

- Service Discovery by Unqualified names.(Un-FQDN)

- Provided by Embedded DNS

- Highly Available

- Ability to discover both the services and tasks

-.

6

What is Service?

- A central structure and the primary root of user interaction with the Swarm System

- The definition of the tasks to execute on the worker nodes

- Tasks => workloads (container workloads as of now), Unikernel & VMs(in future)

Types

Global Services ( $docker service create –mode=global)

Replicated Services ( $docker service create –replicas 5)

Understanding Service Discovery

Cluster

node1

node3

node2

node4

node5

node6

node7

DB

DB

DBAPI

API

API

Web

Web

Web

API

Understanding Service DiscoveryA Typical Swarm Cluster

node1

node3

node2

node4

node5

node6

node7

DB

DB

DBAPI

API

API

Web

Web

Web

API

9

Service Discovery

helps services find and talk to each other

Serviceа Serviceb

address

10

Service Discovery

helps service find and talk to each other

Serviceа Serviceb

Serviceb

Serviceb

Serviceb

Serviceb

Serviceb

Serviceb

Scaling

Scaling

DNS Request generated by

container

11

How Embedded DNS resolve unqualified names?

$nslookup wordpressapp$ping wordpressapp

$dig wordpressdb

Socket is created inside the container namespace

Send to random UDP/TCP port

listening in Docker daemon

Loopback address is trapped

DNS Server identifies the request via sockets

DNS Server is aware of the context of the container running that particular

service

Looks at /etc/resolv.confinside the container

$cat /etc/resolv.confnameserver 127.0.0.11options ndots:0

Creating a new overlay network

12

Demonstrating Service Discovery under Swarm Mode

$docker network create \-d overlay collabnet \

--subnet 10.0.3.0 \--opt encrypted

Creating a service

DNSRR VIP

$docker service create \–endpoint-mode dnsrr \-–name wordpressapp \

--replicas 5 \--network collabnet

$docker service create \-–name wordpressapp \

--replicas 5 \--publish 80:80/tcp \--network collabnet

Virtual IP (VIP) Assignment to each

Service

$ docker service inspect \--format=='{{json

.Endpoint.VirtualIPs}}' \wordpressapp

{"NetworkID":"9eyjm4uv4ynmz0aubfqxise29","Addr":"10.0.0.4/24"}]

VIP maps to DNS alias

The VIP(a private non-routable IP which uses IPVS LB) maps to a DNS alias based upon the service name.

DNS shared via GOSSIP

Containers share DNS mappings for the service via GOSSIP

Service Discovery via service Name

Any container on the network can access the service via its service name

13

Demo

14

15

Network - the scope of Service Discoverability

Master-1 Node-1 Node-3Node-2

collabnet

wordpressdb.1

VIP(10.0.0.2)

wordpressapp.1

wordpressapp.5

wordpressapp.4

wordpressapp.2

wordpressapp.3

VIP(10.0.0.4)Wordpressapp

Wordpressdb

collabnet1

Wordpressdb1.1

Wordpressdb1 VIP(10.0.1.2)

Services

16

17

Key TakeawaysService Discovery:

• Service is now a first class citizen and plumbed directly into $docker service .

• Services can be published using two modes: VIP and DNSRR

• You can resolve a particular service by using its Unqualified names.

• You don't need to expose service-specific ports to make the service available to other services on the same overlay network.

• Virtual IP is not going to change even if you scale out the services or bring down the containers running that service.

• Trying to do: $ping VIP doesn’t work and is as designed. Technically, IPVS is a TCP/UDP load-balancer, while ping uses ICMP and hence IPVS is not going to load-balance the ping request.

• For VIP based services the reason ping works on the local node is because the VIP is added a 2nd IP address on the overlay network interface.

• When you use DNS-RR mode, services don't have a VIP allocated. Instead service names resolves to one of the backend container IPs randomly.

• Service Discovery is scoped within a network.