Docker 1.12, SwarmKit andorchestration

I’m Gianluca

Software Engineer

Docker Captain

Open Source Developer

DevOps Evangelist

@gianarb

/begin{adv}

Drive your boat like a Captain

Docker in Productionhttp://scaledocker.com

/end{adv}

The evolution of Docker orchestration

docker run nginx

Swarm mode clustering + Docker Services in EngineON-TRACK

2013-14

2014-present

2016

(Backed by docker/swarmkit)

Engine

Swarm Mode

$ docker swarm init

Engine

Swarm Mode

$ docker swarm init

$ docker swarm join <IP of manager>:2377

Engine

Engine

Engine

Engine

Engine

Engine Engine

Swarm Mode

$ docker swarm init

$ docker swarm join <IP of manager>:2377

Engine

Engine

Engine

Engine

Engine Engine

Services

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

mynet

Engine

Engine

Engine

Engine

Engine Engine

Services

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

$ docker service create --name redis --network mynet redis:latest

mynet

Engine

Engine

Engine

Engine

Engine Engine

Node Failure & Reconciliation

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

$ docker service create --name redis --network mynet redis:latest

mynet

Engine

Engine

Engine

Engine

Engine Engine

Node Failure & Reconciliation

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

$ docker service create --name redis --network mynet redis:latest

mynet

Engine

Engine

Engine

Engine

Engine

Desired State ≠ Actual State

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

$ docker service create --name redis --network mynet redis:latest

mynet

Engine

Engine

Engine

Engine

Engine

Converge Back to Desired State

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

$ docker service create --name redis --network mynet redis:latest

mynet

Engine

Engine

Engine

Engine

Engine

Scaling

$ docker service update --replicas 6 frontend

mynet

Engine

Engine

Engine

Engine

Engine

Scaling

$ docker service update --replicas 10 frontend

mynet

Engine

Engine

Engine

Engine

Engine

Global Services

$ docker service create --mode=global --name prometheus prom/prometheus

mynet

Engine

Engine

Engine

Engine

Engine

Constraints

Engine

docker daemon --label com.example.storage="ssd"

docker daemon --label com.example.storage="ssd"

Engine

Engine

Engine

Engine

Engine

Constraints

$ docker service create --replicas 3 --name frontend --network mynet -p 8080:80 --constraint engine.labels.com.example.storage==ssd frontend:latest

Engine

docker daemon --label com.example.storage="ssd"

docker daemon --label com.example.storage="ssd"

Engine

Engine

Engine

Engine

Engine

Constraints

$ docker service create --replicas 3 --name frontend --network mynet -p 8080:80 --constraint engine.labels.com.example.storage==ssd frontend:latest

$ docker service update --replicas 10 frontend

Engine

docker daemon --label com.example.storage="ssd"

docker daemon --label com.example.storage="ssd"

Routing Mesh

:8080 :8080 :8080

frontend frontend

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

frontend

Load Balancer

:8080

User browses to http://myapp.com

Node 1 Node 2 Node 3 Node 4

Routing Mesh

:8080

User browses to http://myapp.com

:8080 :8080

frontend frontend

$ docker service create --replicas 3 --name frontend --network mynet

-p 8080:80 frontend:latest

frontend

External Load Balancer

:8080

Node 1 Node 2 Node 3 Node 4

Secure by default• Out-of-the-box TLS

encryption and mutual auth

• Automatic cert rotation• External or self-signed

root CA• Cryptographic node

identity

CertificateAuthority

TLS

CertificateAuthority

TLS

CertificateAuthority

TLS

TLS TLSTLS

Topology: High Availability

Manager Manager Manager

Worker Worker Worker Worker Worker Worker

Leader FollowerFollower

Loss of Leader

Topology: High Availability

Manager Manager Manager

Worker Worker Worker Worker Worker Worker

Leader FollowerFollower

Loss of Leader

Topology: High Availability

Manager Manager Manager

Worker Worker Worker Worker Worker Worker

Follower FollowerLeader

Topology: High Availability

Manager Manager Manager

Worker Worker Worker Worker Worker Worker

Follower FollowerLeader

Demo

It’s time to think about Docker 1.13

• Secret Manager built-in (#27794)• Docker system command (#26108)• Allows a new client to talk to an old

engine• Improved new plugins system• Docker Stats and Promethus (#25820)

Credits

• Thanks Docker Inc. part of the slides are provided directly by them.• http://gianarb.it/planet/docker.html• https://scaledocker.com• https://github.com/docker/swarmkit• https://www.youtube.com/watch?v=h7a7vhzjElo• http://argh.gianarb.it/

Thanks!