docker 1.12 introduction (docker meetup cluj-napoca)

DOCKER 1.12INTRODUCTION

Alex Vranceanu

DOCKER 1.12 INTRODUCTION

WHAT’S NEW?

▸Docker Swarm Mode

▸Services

▸Distributed Application Bundles

▸Routing Mesh

▸Container Healthcheck

▸Plugins

▸Security out of the box

DOCKER 1.12 INTRODUCTION - SWARM MODE

SWARM MODE

$ docker swarm init

$ docker swarm join <IP-OF-MANAGER>:2377

M

W

M

W W W

DOCKER 1.12 INTRODUCTION - SERVICES

SERVICES

$ docker service create —name nginx —replicas 2 —network frontend nginx

$ docker network create —driver overlay —subnet 10.0.100.0/24 frontend

FRONTEND

M

W

M

W W W

NGINX NGINX

DOCKER 1.12 INTRODUCTION - SERVICES

NODE FAILURE

FRONTEND

M

W

M

W W

NGINX NGINX

W

NGINX

DOCKER 1.12 INTRODUCTION - SERVICES

SERVICE SCALING

FRONTEND

M

W

M

W W

NGINX NGINX

$ docker service scale nginx=4

NGINX

NGINX

DOCKER 1.12 INTRODUCTION - SERVICES

GLOBAL SERVICES

FRONTEND

M

W

M

W W

NGINX NGINX

$ docker service create —name agent —mode=global agent:latest

NGINX

NGINX

AG AG AG

AGAG

DOCKER 1.12 INTRODUCTION - SERVICES

SERVICE CONSTRAINTS

FRONTEND

M

W

M

W W

$ docker service create —name nginx —replicas 4 —network frontend —constraint com.example.storage=“ssd” nginx

docker daemon —label com.example.storage=“ssd”

NGINX NGINX

NGINX NGINX

DOCKER 1.12 INTRODUCTION - DAB

SERVICES

WEB-APP

WEB-APP.1

WEB-APP.2

WEB-APP.3

NGINX:LATEST CONTAINER

NGINX:LATEST CONTAINER

NGINX:LATEST CONTAINER

SERVICE TASKS CONTAINERS

DOCKER 1.12 INTRODUCTION - DAB

DISTRIBUTED APPLICATION BUNDLES

WEB-APP

WEB-APP.1

WEB-APP.2

WEB-APP.3

NGINX:LATEST

NGINX:LATEST

NGINX:LATEST

SERVICE TASKS CONTAINERS

STACK

WEB-APP

WEB-APP.1

WEB-APP.2

WEB-APP.3

NGINX:LATEST

NGINX:LATEST

NGINX:LATEST

SERVICE TASKS CONTAINERS

$ docker stack deploy <STACK>

DOCKER 1.12 INTRODUCTION - ROUTING MESH

ROUTING MESH

NGINX SERVICE

NGINX SERVICE

INGRESS NETWORK

IPVS 1.1.1.1

IPVS 1.1.1.1

NGINX-CONTAINER 1.1.1.3

NGINX-CONTAINER 1.1.1.4

NGINX-CONTAINER 1.1.1.5

NGINX-CONTAINER 1.1.1.6

172.

1.1.

1017

2.1.

2.10

port

808

0po

rt 8

080

EXTERNAL LOAD

BALANCER

DOCKER 1.12 INTRODUCTION - HEALTH CHECKS

CONTAINER HEALTH CHECK

$ HEALTHCHECK --interval=5m —timeout=3s --retries 3 CMD curl -f http://localhost/ || exit 1

▸ Checks every 5 minutes if the localhost web server returns the index page within 3 seconds

▸ Container is considered unhealthy after 3 consecutive failures

DOCKER 1.12 INTRODUCTION - PLUGINS

PLUGINS

$ docker plugin install tiborvass/no-remove

$ docker plugin enable no-remove

$ docker plugin disable no-remove

$ docker plugin install tiborvass/no-remove

Plugin “tiborvass/no-remove:latest”

requested the following privileges:

- Networking: host

- Mounting host path: /data

Do you grant the above permissions? [y / N]

DOCKER 1.12 INTRODUCTION - SECURITY

SECURITY

▸ End-to-end encryption between managers and workers

▸ There is no “insecure”

▸ Automatic Encryption and mutual authentication (TLS)

▸ Certificate Rotation

▸ External CA Integration

Q & A

alex.vranceanu@accesa.eu

DOCKER 1.12 INTRODUCTION