Docker Swarm IntroductionEvan Lin @Linker Networks

About Me

● Cloud Architect @ Linker Networks

● Top 10 Taiwan Golang open source contributor (github award)

● Developer, Curator, Blogger

Agenda

● Docker Swarm ● Docker SwarmKit● Introduction Docker Swarm Mode (Swarm

V2)● Docker Swarm Mode Features● Docker Swarm Mode Tutorial● Q&A

Original Docker

Management multiple docker between machines

Let’s use Docker Swarm (Tranditional)

Let’s use Docker Swarm (Tranditional) Architecture

Let’s use Docker Swarm (Tranditional) StepsSetup Docker Swarm

● Startup a K/V value server (Consul) keystore● Create a swarm manager● Connect swarm manager to the keystore● Create multiple swarm workers● Connect swarm worker to keystore● Swarm worker join to swarm manager

Load balancer ?● Create a load balancer ...

Step 1: Startup Keystore

● Create A docker-Machine○ docker-machine create -d virtualbox

--virtualbox-memory "2000" --engine-opt="label=com.function=consul" keystore

● Sync to keystore machine○ eval $(docker-machine env keystore)

● Run “consul” a K/V server container ○ docker run --restart=unless-stopped -d -p

8500:8500 -h consul progrium/consul -server -bootstrap

Step 2: Startup Swarm Manager

● Create docker-machine for swarm manager○ docker-machine create -d virtualbox

--virtualbox-memory "2000" --engine-opt="label=com.function=manager" --engine-opt="cluster-store=consul://$(docker-machine ip keystore):8500" --engine-opt="cluster-advertise=eth1:2376" manager

● Sync to swarm manager machine○ eval $(docker-machine env manager)

Step 2: Startup Swarm Manager

● Start docker swarm container

○ docker run --restart=unless-stopped -d -p 3376:2375 -v /var/lib/boot2docker:/certs:ro swarm manage --tlsverify --tlscacert=/certs/ca.pem --tlscert=/certs/server.pem --tlskey=/certs/server-key.pem consul://$(docker-machine ip keystore):8500

Step 3~6: Startup Swarm Manager

● Start docker swarm worker○ docker-machine create -d virtualbox --virtualbox-memory "2000"

--engine-opt="label=com.function=frontend01" --engine-opt="cluster-store=consul://$(docker-machine ip keystore):8500" --engine-opt="cluster-advertise=eth1:2376" frontend01

● Sync to fronted01○ eval $(docker-machine env frontend01)

● Join to Swarm Manager○ docker run -d swarm join --addr=$(docker-machine ip

frontend01):2376 consul://$(docker-machine ip keystore):8500

Step 7: Startup Load Balancer

● Start docker swarm worker○ docker-machine create -d virtualbox --virtualbox-memory "2000"

--engine-opt="label=com.function=interlock" loadbalancer

● Download “Interlock” and setup○ git clone https://github.com/ehazlett/interlock.git○ cd config○ Fill with `config.toml` ...

● Run Load Balancer “Interlock”○ docker run -P -d -ti -v nginx:/etc/conf -v

/var/lib/boot2docker:/var/lib/boot2docker:ro -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd)/config.toml:/etc/config.toml --name interlock ehazlett/interlock:1.0.1 -D run -c /etc/config.toml

I can do this “ALL DAY”

SwarmKit

Different with Docker Swarm● Where is “Consul” ?

○ The K/V DB already built-in in Swarm Kit

● More security communication.○ It default support TLS

● What is Raft Consensus ?○ For data consistentcy and election

node if master is down.

SwarmKitMaster

● Build SwarmKit binaries○ git clone

https://github.com/docker/swarmkit.git○ cd swarmkit○ make setup○ make all

● Run Swarm manager○ swarmd -d /tmp/node-1

--listen-control-api /tmp/manager1/swarm.sock --hostname node-1

SwarmKitMaster

● Sync swarm socket○ export

SWARM_SOCKET=/tmp/manager1/swarm.sock

● Check Swarm master ○ swarmctl cluster inspect default

SwarmKitAgent

● Run Swarm Agent (worker)○ swarmd -d /tmp/node-2 --hostname node-2

--join-addr 127.0.0.1:4242 --join-token SWMTKN-1-1wttj6u10f9fueptptma9ohf99zcxt0gia1wt3a5odphi6nt1f-c4y428p7wwr23efwo4xw6qiwz

○ swarmd -d /tmp/node-3 --hostname node-3 --join-addr 127.0.0.1:4242 --join-token SWMTKN-1-1wttj6u10f9fueptptma9ohf99zcxt0gia1wt3a5odphi6nt1f-c4y428p7wwr23efwo4xw6qiwz

● Check node status○ swarmctl node ls

Complete SwarmKit setup

SwarmKitCreate A Service

● Create a Swarm Kit service○ swarmctl service create --name redis

--image redis:3.0.5● Make sure service status

○ swarmctl node ls

SwarmKitCreate A Service

● Create a Swarm Kit service○ swarmctl service create --name redis

--image redis:3.0.5● Make sure service status

○ swarmctl service ls

● Check detail of service○ swarmctl service inspect redis

SwarmKitScale Your Service

● Scale Swarm Kit service○ swarmctl service update redis

--replicas 6● Make sure service status

○ swarmctl service ls

○ swarmctl service ls

SwarmKitScale Your Service

● Inspect service detail○ swarmctl service inspect redis

SwarmKitUpdate Service

● Update service directly○ swarmctl service update redis

--image redis:3.0.6

SwarmKitRolling Update

● Update two services every 10 seconds○ swarmctl service update redis

--image redis:3.0.7 --update-parallelism 2 --update-delay 10s

SwarmKitDrain Node

● Stop node 1○ swarmctl node drain node-1

● Docker Swarm Mode ( Swarm version 2)

● New feature from Docker Engine 1.12

● Powerful and more security

Docker Swarm Mode

Different between Docker Swarm, SwarmKit and Swarm V2

Docker Swarm SwarmKit Swarm Mode (v2)

Docker Version All All >= 1.12

K/V DB Need extra one Built-In Built-In

Extra Binaries No Yes (Use Go 1.6) No

Security None Built-In Built-In

Extra Service None None Routing MeshLoad Balance

Support Docker Compose,

Docker-MachineYes Yes No

(for now)

Docker Swarm Mode Tutorial - Vote App

Docker Swarm Mode:● Create three docker machine

○ docker-machine create --driver virtualbox v1

○ docker-machine create --driver virtualbox v2

○ docker-machine create --driver virtualbox v3

V1192.168.99.100

V2192.168.99.101

V3192.168.99.102

Docker Swarm Mode:● Connect to V1 node

○ docker-machine ssh v1○ ifconfig

● Init docker swarm manager○ docker swarm init --listen-addr

192.168.99.100:2377 --advertise-addr 192.168.99.100

V1192.168.99.100

V2192.168.99.101

V3192.168.99.102

Docker Swarm Mode:● Connect to V2, V3 node

○ docker-machine ssh v2○ docker-machine ssh v3

● Init docker swarm worker○ docker swarm join --token

SWMTKN-1-62q9gzw8uc43fbv7n79h7lsnmc6j2tqpzb4qy2osurxufxz87u-97v5wplu0dvit5ssveo5da2h6 192.168.99.100:2377

V1(Manager)192.168.99.100

V2(Worker)

192.168.99.101

V3(Worker)

192.168.99.102

Docker Swarm Mode:● Check current node status

○ docker-machine ssh v1○ docker node ls

V1(Manager)192.168.99.100

V2(Worker)

192.168.99.101

V3(Worker)

192.168.99.102

Docker Swarm Mode: All setup is done

Docker Swarm Mode:● Connect to Swarm Manager create

service “vote”○ docker-machine ssh v1○ docker service create --name vote -p

8080:80 instavote/vote● Check detail of this service

○ docker service ls

● Check which node run this service○ docker service ps vote

V1(Manager)192.168.99.100

V2(Worker)

192.168.99.101

V3(Worker)

192.168.99.102

instavote/vote

Docker Swarm Mode:● Scale “vote” service to 3

○ docker service scale vote=2● Check detail of this service

○ docker service ls

● Check which node run this service○ docker service ps vote

V1(Manager)192.168.99.100

V2(Worker)

192.168.99.101

V3(Worker)

192.168.99.102

instavote/vote

instavote/vote

Random

Load BalacncerV1

(Manager)192.168.99.100

V2(Worker)

192.168.99.101

V3(Worker)

192.168.99.102

instavote/vote

instavote/vote

ClientLB

Docker Swarm Mode:● Scale “vote” service from 2 to 3

○ docker service scale vote=3● Check detail of this service

○ docker service ls

● Check which node run this service○ docker service ps vote

V1(Manager)192.168.99.100

V2(Worker)

192.168.99.101

V3(Worker)

192.168.99.102

instavote/vote

instavote/vote

instavote/vote

Docker Swarm Mode:● Service update (Immediately)

○ docker service update --image instavote/vote:movies vote

● Check detail of this service○ docker service ls

● Check which node run this service○ docker service ps vote

V1(Manager)192.168.99.100

V2(Worker)

192.168.99.101

V3(Worker)

192.168.99.102

instavote/vote:

movies

instavote/vote:

movies

instavote/vote:

movies

Docker Swarm Mode:● Service update (Rolling Update)

○ docker service update vote --image instavote/vote:indent --update-parallelism 1 --update-delay 10s

● Check detail of this service○ docker service ls

● Check which node run this service○ docker service ps vote

V1(Manager)192.168.99.100

V2(Worker)

192.168.99.101

V3(Worker)

192.168.99.102

instavote/vote:

indent

instavote/vote:

indent

instavote/vote:

indent

Docker Swarm Mode:● Global Services

○ docker service create --mode=global --name prometheus prom/prometheus

● Check detail of this service○ docker service ls

● Check which node run this service○ docker service ps prometheus

V1(Manager)192.168.99.100

V2(Worker)

192.168.99.101

V3(Worker)

192.168.99.102

instavote/vote:

indentinstavote/

vote:indent

instavote/vote:

indent

prometheus

prometheus

prometheus

Different between Docker Swarm, SwarmKit and Swarm V2

Docker Swarm SwarmKit Swarm Mode (v2)

Docker Version All All >= 1.12

K/V DB Need extra one Built-In Built-In

Extra Binaries No Yes (Use Go 1.6) No

Security None Built-In Built-In

Extra Service None None Routing MeshLoad Balance

Support Docker Compose,

Docker-MachineYes Yes No

(for now)

Q&A