Introduction to Docker & CoreOS
Dennis Benkert@denderello
Simple service orchestration, built for developers.
Based in Cologne, Germany.Ten terrific folks, and hiring!
http://giantswarm.io/
What is Docker?
Docker
● Isolation of processes in linux containers● Lightweight and fast● Portable
Docker Technology
● Utilized LXC until version 0.9● Now uses libcontainer which e.g. supports
systemd-nspawn, libvirt-lxc, BSD-Jails, etc.● Copy-On-Write filesystem (e.g. AUFS or
BTRFS)● Written in Go
Copy-On-Write filesystem
Dockerfile
FROM ubuntu:14.04
RUN apt-get update && \
apt-get -y install redis-server
EXPOSE 6379
ENTRYPOINT ["/usr/bin/redis-server"]
$ docker build -t denderello/redis .
$ docker run -d --name redis -p 6379:6379 \
denderello/redis
$ nc localhost 6379
Running containers
What is CoreOS?
CoreOS enables warehouse-scale computing on top of a minimal, modern operating system.A new Linux Distribution to provide features needed to run modern infrastructure stacks.
Minimal Linux
Features
● Automatic Updates● Docker Containers● Cluster management● Service Discovery
Linux Basis
● Based on Gentoo● systemd● btrfs● Images for PXE,
OpenStack, AWS, GCE, Vagrant
“Immutable” System
● Read-only rootfs● Writeable overlay on /etc
No classic package manager
● ChromeOS inspired update engine● Atomic Updates● Rollbacks● Using Docker to distribute software
CoreOS own tools
● Etcd● Locksmith● Cloud-config● Flannel● Fleet
https://github.com/coreos
EtcdA highly-available key value store for shared configuration and service discovery.
Etcd
● Basis for> Configuration management> Service Discovery
● REST Interface● Raft consensus algorithm
http://raftconsensus.github.io/
Etcd Cluster
Discovery API
$> curl https://discovery.etcd.io/new
https://discovery.etcd.io/463c1435f9f63c952e0899b1f459c0fe
$> curl -s https://discovery.etcd.io/463c1435f9f63c952e0899b1f459c0fe | jq ".node.nodes[].value"
"http://172.31.19.1:7001"
"http://172.31.19.0:7001"
"http://172.31.18.255:7001"
LocksmithReboot manager for the CoreOS update engine.
Locksmith
● Reboot strategies for CoreOS updates● Uses etcd for distributed locks● Alpha, Beta, Stable channels
Cloud ConfigCustomize a CoreOS machine through user-data.
Cloud Config
● Initialization of your instances● Configure etcd, fleet, locksmith● YAML file● eg. EC2 user-data, Autoscaler launch-
config
Configure your cluster
#cloud-config
coreos:
update:
reboot-strategy: etcd-lock
Configure your cluster
#cloud-config
coreos:
update:
reboot-strategy: etcd-lock
etcd:
discovery: https://discovery.etcd.io/<token>
Configure your cluster
#cloud-config
coreos:
update:
reboot-strategy: etcd-lock
etcd:
discovery: https://discovery.etcd.io/<token>
users:
- name: denderello
ssh-authorized-keys: ...
FlannelOverlay networks backed by etcd.
Cloud overlay network
● One subnet per machine● Get rid of docker port mapping● Let containers talk to each other via IP
addresses
Backends
● Encapsulate packets in UDP● VXLAN implementation coming
FleetSystemd for the cluster
Fleet
● CLI and API to start your containers● Uses etcd and systemd
Fleet deployment
Fleet Scheduler
● Relatively simple> By meta data> Same machine/exclusion
● Resolve service dependencies!● More to come
> Resource management (CPU, memory etc.)
Unit file
[Unit]
Description=A Redis Server
[Service]
TimeoutStartSec=0
ExecStartPre=/usr/bin/docker pull denderello/redis
ExecStart=/usr/bin/docker run --rm -p 6379 --name %n denderello/redis
ExecStop=/usr/bin/docker stop %n
Manage a service
$> fleetctl start redis.service
$> fleetctl list-units
$> fleetctl status redis.service
$> fleetctl journal redis.service
$> fleetctl stop redis.service
$> fleetctl destroy redis.service
Service Discovery
Three-Tier Application
● Load Balancer● App● Database
Sidekick
Keep configuration out of your app
Ambassador
Reverse proxy for your serviceKeep service discovery out of your app
Using CoreOS
Thanks for listening!Reach out:Dennis Benkert@denderello@giantswarm