docker 1.12 introduction (docker meetup cluj-napoca)
TRANSCRIPT
DOCKER 1.12INTRODUCTION
Alex Vranceanu
DOCKER 1.12 INTRODUCTION
WHAT’S NEW?
▸Docker Swarm Mode
▸Services
▸Distributed Application Bundles
▸Routing Mesh
▸Container Healthcheck
▸Plugins
▸Security out of the box
DOCKER 1.12 INTRODUCTION - SWARM MODE
SWARM MODE
$ docker swarm init
$ docker swarm join <IP-OF-MANAGER>:2377
M
W
M
W W W
DOCKER 1.12 INTRODUCTION - SERVICES
SERVICES
$ docker service create —name nginx —replicas 2 —network frontend nginx
$ docker network create —driver overlay —subnet 10.0.100.0/24 frontend
FRONTEND
M
W
M
W W W
NGINX NGINX
DOCKER 1.12 INTRODUCTION - SERVICES
NODE FAILURE
FRONTEND
M
W
M
W W
NGINX NGINX
W
NGINX
DOCKER 1.12 INTRODUCTION - SERVICES
SERVICE SCALING
FRONTEND
M
W
M
W W
NGINX NGINX
$ docker service scale nginx=4
NGINX
NGINX
DOCKER 1.12 INTRODUCTION - SERVICES
GLOBAL SERVICES
FRONTEND
M
W
M
W W
NGINX NGINX
$ docker service create —name agent —mode=global agent:latest
NGINX
NGINX
AG AG AG
AGAG
DOCKER 1.12 INTRODUCTION - SERVICES
SERVICE CONSTRAINTS
FRONTEND
M
W
M
W W
$ docker service create —name nginx —replicas 4 —network frontend —constraint com.example.storage=“ssd” nginx
docker daemon —label com.example.storage=“ssd”
NGINX NGINX
NGINX NGINX
DOCKER 1.12 INTRODUCTION - DAB
SERVICES
WEB-APP
WEB-APP.1
WEB-APP.2
WEB-APP.3
NGINX:LATEST CONTAINER
NGINX:LATEST CONTAINER
NGINX:LATEST CONTAINER
SERVICE TASKS CONTAINERS
DOCKER 1.12 INTRODUCTION - DAB
DISTRIBUTED APPLICATION BUNDLES
WEB-APP
WEB-APP.1
WEB-APP.2
WEB-APP.3
NGINX:LATEST
NGINX:LATEST
NGINX:LATEST
SERVICE TASKS CONTAINERS
STACK
WEB-APP
WEB-APP.1
WEB-APP.2
WEB-APP.3
NGINX:LATEST
NGINX:LATEST
NGINX:LATEST
SERVICE TASKS CONTAINERS
$ docker stack deploy <STACK>
DOCKER 1.12 INTRODUCTION - ROUTING MESH
ROUTING MESH
NGINX SERVICE
NGINX SERVICE
INGRESS NETWORK
IPVS 1.1.1.1
IPVS 1.1.1.1
NGINX-CONTAINER 1.1.1.3
NGINX-CONTAINER 1.1.1.4
NGINX-CONTAINER 1.1.1.5
NGINX-CONTAINER 1.1.1.6
172.
1.1.
1017
2.1.
2.10
port
808
0po
rt 8
080
EXTERNAL LOAD
BALANCER
DOCKER 1.12 INTRODUCTION - HEALTH CHECKS
CONTAINER HEALTH CHECK
$ HEALTHCHECK --interval=5m —timeout=3s --retries 3 CMD curl -f http://localhost/ || exit 1
▸ Checks every 5 minutes if the localhost web server returns the index page within 3 seconds
▸ Container is considered unhealthy after 3 consecutive failures
DOCKER 1.12 INTRODUCTION - PLUGINS
PLUGINS
$ docker plugin install tiborvass/no-remove
$ docker plugin enable no-remove
$ docker plugin disable no-remove
$ docker plugin install tiborvass/no-remove
Plugin “tiborvass/no-remove:latest”
requested the following privileges:
- Networking: host
- Mounting host path: /data
Do you grant the above permissions? [y / N]
DOCKER 1.12 INTRODUCTION - SECURITY
SECURITY
▸ End-to-end encryption between managers and workers
▸ There is no “insecure”
▸ Automatic Encryption and mutual authentication (TLS)
▸ Certificate Rotation
▸ External CA Integration