using clocker with project calico - running production workloads in the cloud
TRANSCRIPT
Using Clocker with Project CalicoRunning Production Workloads in the Cloud
Andrew Kennedy, Software Circus, 11 September 2015
@grkvlt
Agenda
• Introduction• Application Management• Networking with Calico• Demonstration• Roadmap• Questions
Copyright 2015 by Cloudsoft Corporation Limited
Clocker Introduction
@grkvlt
Clocker Statistics
• Open Source• 1 Year Old• 725 Commits• 153 Pull Requests• 11 Contributors
• 2 External
• 15 KLOC• 26 Releases
http://www.redotheweb.com/CodeFlower/
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
• Application Management Platform• Deploy, Manage and Monitor Blueprints• Provisioning, Installation and Customization• Management
• AutoScaling, Resilience, Performance, Security
Apache Brooklyn
@grkvlt
Apache jclouds
• Java Cloud Library• API Agnostic
• SoftLayer, OpenStack, AWS EC2, GCE…
• Create Virtual Machines• Return SSH Endpoint
• Create Containers• Docker REST API
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Docker
• Containers• Isolation• Performance• Composable
• Huge Ecosystem• Compute Abstraction• Process Wrapper
@grkvlt
• Software-‐Defined Networking• Calico• Weave
• Storage and Volume Management• Flocker
• More Being Developed…• Native Plugins
Docker Extras
@grkvlt
What does it do?
1. Spins up and Manages Docker Clusters in the Clouds
2. Serves up Containers on Demand
3. Manages Composite Application Deployments
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
What does it provide?
• Infrastructure Management• Docker Hosts• Swarm Controller
• Multi Host and Multi Container Applications• Seamless Networking• Communication Between Services
• Orchestration and Clustering• Control of Containers• Container Management
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Clocker and Brooklyn Summary
• What is it?• Brooklyn Application• Brooklyn Location
• What does it provide?• First Class Docker Support in Brooklyn• Optimized Brooklyn Blueprints for Docker• Container Orchestration
Copyright 2015 by Cloudsoft Corporation Limited
Application Management
@grkvlt
Brooklyn Blueprints
• Describe Applications• OASIS CAMP Standard• TOSCA and Compose in Development
• List of Services• NoSQL Database Clusters• Web Servers and Load Balancers• Shell or Python Scripts
• Targeting Multiple Destinations• VM, Container, Bare Metal
• Sensors, Effectors and PoliciesCopyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Application Management
• Sensors• Data from Services
• Effectors• Brooklyn Policies
• Attached to Entities in Application
• Nothing Docker Specific
• Elastic Scaling and Cluster Resizing
• Service Resilience and Replacement
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Blueprint Example 1
Copyright 2015 by Cloudsoft Corporation Limited
id: redis-‐servicename: "Docker Hub Redis Service"origin: "https://registry.hub.docker.com/_/redis/"locations:-‐ my-‐docker-‐cloud
services:-‐ type: docker:redis:3
openPorts:-‐ 6379directPorts:-‐ 6379
@grkvlt
Blueprint Example 2
Copyright 2015 by Cloudsoft Corporation Limited
id: redis-‐clustername: "Redis Cluster"
locations:-‐ jclouds:aws-‐ec2:
region: eu-‐central-‐1
services:-‐ type: org.apache.brooklyn.entity.nosql.redis.RedisCluster
initialSize: 3
@grkvlt
Blueprint Example 3id: appserver-‐with-‐policyname: "Tomcat Scaling Webapp Server"location: jclouds:aws-‐ec2:eu-‐west-‐1services:-‐ type: org.apache.brooklyn.entity.webapp.ControlledDynamicWebAppCluster
initialSize: 3memberSpec:
$brooklyn:entitySpec:type: org.apache.brooklyn.entity.webapp.tomcat.Tomcat8Serverbrooklyn.config:
wars.root:https:// s3-‐eu-‐west-‐1.amazonaws.com/brooklyn-‐clocker/brooklyn-‐example-‐hello-‐world-‐sql-‐webapp-‐0.6.0.war
http.port: 8080+java.sysprops:
brooklyn.example.db.url: $brooklyn:formatString("jdbc:%s%s?user=%s\\&password=%s",component("db").attributeWhenReady("datastore.url"), "visitors", "brooklyn", "br00k11n")
brooklyn.policies:-‐ policyType: org.apache.brooklyn.policy.autoscaling.AutoScalerPolicy
brooklyn.config:metric: $brooklyn:sensor("org.apache.brooklyn.entity.webapp.DynamicWebAppCluster", "webapp.reqs.perSec.windowed.perNode")metricLowerBound: 10metricUpperBound: 100minPoolSize: 1maxPoolSize: 5
-‐ type: org.apache.brooklyn.entity.database.mysql.MySqlNodeid: dbname: DB HelloWorld Visitorsbrooklyn.config:
datastore.creation.script.url:https:// s3-‐eu-‐west-‐1.amazonaws.com/brooklyn-‐clocker/visitors-‐creation-‐script.sql
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Clocker Blueprints
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Docker Cloud
• Brooklyn Blueprint for Docker Cluster• Docker Engine on Cloud VM or Bare Metal
• Configuration for Host• TLS Certificates
• Setup Volumes
• Logging
• Install SDN Agents
• Manage Capacity or HeadroomCopyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Headroom
• Ensure resources available• Based on MaxContainers strategy limit
• Or Percentage Utilisation• Or CPU and RAM allocation
• Scale Docker Host Cluster Automatically • Add new Docker hosts• Remove empty Docker hosts
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Clocker 1.x Architecture
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Docker Cloud
1. On-demand
2. Multi-Tenant
3. Hardware Independent
4. Application LevelCopyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Clocker Features
• Docker Extensions to Brooklyn–Docker Image as First-Class Service Type–Placement Strategies for Containers–Create Docker Images and Networks
• Manages Docker Engine and Swarm–Deployment and Management– Installation and Configuration–Software-Defined Networking
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Container Management
• Sources• Docker Image Definition
• Docker Hub or Registry• Dockerfile• Brooklyn Entity Definition
• Create Image Automatically• Commit or Push for Reuse
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Clocker Orchestration
Copyright 2015 by Cloudsoft Corporation Limited
Docker Engine
Virtual Machine
Container
Clocker Network Segment
SDNProvider
CloudProvider
Brooklyn
Clocker Networking
@grkvlt
Software-Defined Networking
• Needed for Seamless Provisioning• Host to Host Communication
• Same LAN Segment• No Port Forwarding• Natural Application Configuration
• Initial Driver was EPMD Applications• Useful for any opinionated applications
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Networking Providers
• Implementation Agnostic• L2 overlay, L3 routing etc.• Similar to Hypervisor in Clouds
• Generic Interfaces• Host Component• Service Component (or Endpoint)
• Same idea as Docker Network Plugins
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Networking Capabilities
• Attach Containers to Networks• Create Networks as Required• Also Attach to VMs and Metal
• Provide Multiple Networks• Per-Application or Shared• Segmented Private Address Space
• Docker Port Forwarding for Ingress Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Network Provisioning
• Minimal (Zero!) Configuration• Use Sensible Defaults
• Allows SDN or Cloud Specific Configuration
• Allocate Address Space on Demand
• IP Pool Controlled by Clocker-‐ type: brooklyn.networking.VirtualNetworknetworkId: database-‐netcidr: 192.168.34.0/24gateway: 192.168.34.1dnsServers:-‐ $brooklyn:entity("bind-‐server").attributeWhenReady("host.address")addIptablesRules: true
-‐ type: brooklyn.networking.OpenStackVirtualNetworknetworkId: couchbase-‐net
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Clocker Networking
ContainerHost
SDN Bridge
Container
InternetSDN
Gateway
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Metaswitch Project Calico
• SDN for Bare Metal, VMs and Containers• Layer 3
• Uses OS IP routing and forwarding
• Configuration in an etcd Cluster• Version 0.4.9 in Clocker
• 0.6.0 with libnetwork when Docker stable
• Spans VMs and Containers• OpenStack Neutron network driver
Copyright 2015 by Cloudsoft Corporation Limited
@grkvltCopyright 2015 by Cloudsoft Corporation Limited
Cross-Target Deployment
@grkvlt
Networking Capabilities
• Wide Area and Multi Region SDN• VPN or IPIP and NAT configuration
• Cross Platform SDN• Both VMs and Containers on one VLAN
• Name Resolution and Service Discovery• Contributing to Weave DNS for orchestration
• Use traditional external BIND service entity
• Brooklyn can inject correct endpoint address
Copyright 2015 by Cloudsoft Corporation Limited
Demonstration
@grkvlt
Application Blueprint 1
Copyright 2015 by Cloudsoft Corporation Limited
id: my-‐applicationlocation: my-‐docker-‐cloudservices:-‐ type: docker:redis:3
id: redis-‐serviceopenPorts: 6379
-‐ type: docker:dnmonster:latestid: dnmonster-‐serviceopenPorts: 8080
-‐ type: docker:grkvlt/myapp:latestid: app-‐servicemappedPorts:80: 8080
links:redis: $brooklyn:component("redis-‐service")dnmonster: $brooklyn:component("dnmonster-‐service")
@grkvlt
Application Blueprint 2
Copyright 2015 by Cloudsoft Corporation Limited
id: my-‐applicationlocation: my-‐docker-‐cloudservices:-‐ type: org.apache.brooklyn.entity.nosql.RedisStore
id: redis-‐serviceinstall.version: 3.0.0
-‐ type: docker:dnmonster:latestid: dnmonster-‐serviceopenPorts: 8080
-‐ type: docker:grkvlt/myapp:latestid: app-‐servicemappedPorts:80: 8080
links:redis: $brooklyn:component("redis-‐service")dnmonster: $brooklyn:component("dnmonster-‐service")
@grkvlt
Application Blueprint 3
Copyright 2015 by Cloudsoft Corporation Limited
id: my-‐applicationlocation: my-‐docker-‐cloudservices:-‐ type: org.apache.brooklyn.entity.nosql.RedisStore
location: jclouds:aws-‐ec2:eu-‐west-‐1id: redis-‐serviceinstall.version: 3.0.0
-‐ type: docker:dnmonster:latestid: dnmonster-‐serviceopenPorts: 8080
-‐ type: docker:grkvlt/myapp:latestid: app-‐servicemappedPorts:80: 8080
links:redis: $brooklyn:component("redis-‐service")dnmonster: $brooklyn:component("dnmonster-‐service")
@grkvlt
Application Blueprint 4
Copyright 2015 by Cloudsoft Corporation Limited
id: my-‐applicationlocation: jclouds:aws-‐ec2:eu-‐west-‐1services:-‐ type: org.apache.brooklyn.entity.nosql.RedisStore
id: redis-‐serviceinstall.version: 3.0.0
-‐ type: docker:dnmonster:latestid: dnmonster-‐serviceopenPorts: 8080
-‐ type: docker:grkvlt/myapp:latestid: app-‐servicemappedPorts:80: 8080
links:redis: $brooklyn:component("redis-‐service")dnmonster: $brooklyn:component("dnmonster-‐service")
@grkvlt
• Orchestrated Docker deployment and configuration, with Project Calico SDN
• Brooklyn application blueprints deployed with network topology linked to OpenStack using Project Calico
• Automated attachment of containers to multiple dynamic networks
• Zero Config Multi-Target Deployment
Copyright 2015 by Cloudsoft Corporation Limited
Features
Clocker 1.x
Apache Mesos ...
• Distributed Systems Kernel• Cluster Management• Resource Sharing and Placement• Calico SDN Support
• Frameworks• Aurora and Marathon• Riak, Spark, Hadoop, Storm et al
• Brooklyn Scheduler
@grkvlt
Roadmap
• Mesos Integration• Deploy the Mesos infrastructure• Brooklyn as a Mesos framework• Provide Mesos as another Brooklyn endpoint
• Container Mobility• Stateless Services
• Brooklyn Core Integration
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Roadmap
Copyright 2015 by Cloudsoft Corporation Limited
Clocker Solves:–Docker Cloud Networking–Container Placement and Provisioning–Composite Application Management
Summary
Questions?
@grkvlt
Resources
http://clocker.io/
http://brooklyn.io/
https://github.com/brooklyncentral/clocker/
https://github.com/apache/incubator-‐brooklyn/
https://github.com/weaveworks/weave/
https://github.com/Metaswitch/calico-‐docker/
http://blog.abstractvisitorpattern.co.uk/