Docker, cornerstone of an hybrid cloud?
Download as PPTX, PDF5 likes1,387 views
The document discusses the role of Docker in hybrid cloud environments and the orchestration of microservices, emphasizing the importance of building failure-resistant and scalable applications. It highlights the features of Docker, including its use for service management, security considerations, and cloud hybridization strategies. Additionally, the document outlines steps for transitioning to Docker-based deployments and orchestration, ultimately advocating for the integration of various technologies within Docker ecosystems.
![@adrienblind
$ docker-machine create -d virtualbox m1
$ docker swarm init --advertise-addr [m1_ip]
$ docker-machine create -d virtualbox m2
$ eval $(docker-machine env m2)
$ docker swarm join --token [mytoken] [m1_ip]:2377
--advertise-addr [m2_ip]
$ docker swarm join-token worker
To add a worker to this swarm, run the following command:
docker swarm join
--token [TOKEN] [m1_ip]:2377
… (joined a third manager, plus a worker)
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
1o46ikaidagi91w940h81byd1 w1 Ready Active
3bboy53bjyeqd9ad0tsegju51 m2 Ready Active Reachable
48yqo4607pfzkpct4jz9t1t9y m3 Ready Active Reachable
6fyvwd6cc4nguth29ycexaxat * m1 Ready Active Leader
Cluster setup example](https://image.slidesharecdn.com/dockercloudhybridationv2-161119171336/85/Docker-cornerstone-of-an-hybrid-cloud-11-320.jpg)
![@adrienblind
You may create your own docker Swarm CaaS leveraging on several
providers
Your own traditional DC
Various Cloud vendors
You may even use docker tools to automate everything
docker-machine create --driver azure --azure-subscription-id [MY_ID]
Cloud provider hybridation](https://image.slidesharecdn.com/dockercloudhybridationv2-161119171336/85/Docker-cornerstone-of-an-hybrid-cloud-18-320.jpg)
Docker, cornerstone of an hybrid cloud?
- 1. Adrien Blind DevOps Coach @adrienblind Docker, cornerstone of an hybrid cloud ?
- 3. @adrienblind Fine-grained, highly decoupled and atomic purpose centric services Designed for failure Multi-versioned Scalable Micro services Stateless Share-nothing Immutable Continuously delivered Distributed
- 4. @adrienblind Docker fits microservice paradigms ‘’A universal, self-sufficient and standard artifact embedding an app module, and its subsequent infrastructure configuration’’ Docker provides both the artifact and the ecosystem to handle it! Immutable Portable Lightweight Incremental Versionned/tagged Disposable
- 5. @adrienblind App From containers to apps An application is made of several components interacting each together
- 6. @adrienblind From Enterprise Services buses to full-mesh topologies ESB Service Service Service Service Service > ServiceService Service Service Service Service discovery challenge App App
- 7. @adrienblind Security paradigms shifts The necessary porosity of your IS requires to stick security closer to each application: sandbox your apps and expose protected interfaces! Network is part of application topology Security is an app topic, not just infra. concern Onboard security in feature teamSecDevOps
- 8. @adrienblind Vertical > horizontal Apps designed for failure & scalability Data to be externalized Dumber infrastructure Resilience & scalability: apps problem now! Structured: MongoDB, Hadoop, Cassandra, Elastic Search... Binaries: object storage with Ceph, OpenStack Swift... Helpful patterns: stateless, multi-versioning, loose coupling... Infrastructure rationalization Low-cost, poor-SLA commodity
- 9. @adrienblind Distributed application Compute (service/task) Storage (volume) Transport (network) Topology (compose, bundle, deploy, stack) Docker shifted from container infra. to object-oriented app. topologies CaaS platform Clustering (swarm) Image mgmt (registry) Hosting (node) Provisioning (machine) ... relying on an CaaS platform The rise of the orchestration
- 10. @adrienblind Docker 1.12 swarm mode Directly over Internet ? Swarm mode secures interactions between its nodes (TLS mutual auth, authz, & encryption) Overlay network trafic may be encrypted across nodes too (use switch --opt encrypted to use IPSEC) Built in the engine Decentralized More secured More resilient
- 11. @adrienblind $ docker-machine create -d virtualbox m1 $ docker swarm init --advertise-addr [m1_ip] $ docker-machine create -d virtualbox m2 $ eval $(docker-machine env m2) $ docker swarm join --token [mytoken] [m1_ip]:2377 --advertise-addr [m2_ip] $ docker swarm join-token worker To add a worker to this swarm, run the following command: docker swarm join --token [TOKEN] [m1_ip]:2377 … (joined a third manager, plus a worker) $ docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 1o46ikaidagi91w940h81byd1 w1 Ready Active 3bboy53bjyeqd9ad0tsegju51 m2 Ready Active Reachable 48yqo4607pfzkpct4jz9t1t9y m3 Ready Active Reachable 6fyvwd6cc4nguth29ycexaxat * m1 Ready Active Leader Cluster setup example
- 12. @adrienblind Docker service Depicts the desired runtime behavior of a given image : networking, resiliency, quotas... shift to state-machine paradigms $ docker service create --name front -–network app –-replicas 3 -p 80:80/tcp nginx:latest Attach the containers to a given network Define the desired amount of instances for this service (named « tasks ») Attach each instance to a transversal L4 loadbalancer instance, reachable on each node of the cluster
- 13. @adrienblind Example $ docker network create --driver overlay wordpressnet $ docker service create --name wordpressdb --env MYSQL_ROOT_PASSWORD=plop --env MYSQL_DATABASE=wordpress --network wordpressnet mysql:latest $ docker service create --name wordpressapp --env WORDPRESS_DB_HOST=wordpressdb --env WORDPRESS_DB_PASSWORD=plop --network wordpressnet --publish 80:80 --replicas 7 wordpress:latest $ docker service ls ID NAME REPLICAS IMAGE COMMAND 14utiklw5g6s wordpressdb 1/1 mysql:latest c9vnvebcylg5 wordpressapp 7/7 wordpress:latest $ docker service update --replicas 4 wordpressapp
- 14. @adrienblind Example LB LB LB LB Network Dynamic LB on each manager + workers hosting containers of the app All containers belonging to a same app are connected through an overlay network Overlay network
- 15. @adrienblind Docker stack docker-compose enabled to depicts and trigger a complete app topology from the client side docker stack enables to feed the server- side orchestrator with a complete app topology
- 16. Hybridate clouds
- 17. @adrienblind Almost all cloud vendors provide their own complete, ready-to-use docker CaaS stacks: Amazon ECS, Beanstalk Azure Container Service Google Container Engine Beyond traditionnal IaaS, the much integrated & valuable service you get, the more locked-in you are Balance your args (portability, cost, etc.) No universal answer… Cloud provider hybridation
- 18. @adrienblind You may create your own docker Swarm CaaS leveraging on several providers Your own traditional DC Various Cloud vendors You may even use docker tools to automate everything docker-machine create --driver azure --azure-subscription-id [MY_ID] Cloud provider hybridation
- 19. @adrienblind Not only interesting for portability & freedom Progressive cloud migration Elasticity / overflooding Multiply points of presence Keep docker native ergonomy easing adoption « cloud hoster trading? » ;) … Cloud provider hybridation
- 20. @adrienblind Scale the application through docker service replicas Scale the swarm cluster capacity leveraging on docker-machine Scale up, scale down AVOID CONFUSION
- 22. @adrienblind Windows containers are here! Two Windows Containers types: Windows Server Containers, that are similar than Linux containers in the concepts Hyper-V Containers, that runs inside a small virtual machine on Hyper-V https://blogs.msdn.microsoft.com/jcorioland/2016/10/13/getting-started-with-windows-containers
- 23. @adrienblind What Tiny servers based on ARM architecture Poor per-core perf but up to 54 cores per SoC + good I/Os Why / Pros Green IT: better perf/watt & density ratio Cost efficiency for massive threading usecases: bigdata/grids/horizontally scalable apps. Pitfalls / Cons Litteraly rebuild apps for ARM Only fits some usecases, not a silverbullet! ARM: end of the x86 hegemony ? ARM v8 architecture Up to 54 cores/SoC + 1TB RAM Cavium srv: 384 cores enclosed in 2U
- 24. @adrienblind Hybrid orchestration App 3 App 2 App 1 X64/WIN X64/LINUX ARM/LINUX Extend the picture ARM computing rises Windows containers arrives The app topology integrates various techs which must be orchestrated together
- 25. Example demo Initially co-built with Ludovic Piot (@lpiot) for a live demo given at Docker Meetup Paris
- 26. @adrienblind Cloud hybridation Raspberry (ARM) Win 2016 SWARM CLUSTER Load injector (Apache AB) IIS Website MySQL Backend Overlay network Linux X86_64 Linux X86_64 Linux X86_64 Linux X86_64 Linux X86_64 INTERNET REDIS Use constraints on services to enforce containers location
- 27. @adrienblind A real, hybrid docker cluster ARM/Linux x86_64/Linux x86_64/Win x86_64/Linux
- 29. @adrienblind Scale the app up & down
- 30. Conclusion
- 31. @adrienblind Orchestration is more than ever the key ; now handle multi-technologies dockerized apps You may wish to keep control while delegating commodities Docker swarm enables to create an abstraction layer to facilitate transition to the cloud or multi-cloud handling Conclusion
- 32. @adrienblind Step 1 Shift to docker packaging pardigmes Start deploying your apps through docker (trough CD pipelines for instance) Step 2 Shift to dynamic orchestration: swarm cluster handles container deployments over the cluster, ensures desired instances are up, etc. Step 3 Extend your local own cluster to third-part vendors Step 4 Shift to self-healing clusters (autoscaling nodes for instance) Plan your migration
Editor's Notes
- #24: http://armdevices.net/2015/10/16/cern-cms-tests-64bit-arm-servers-for-worldwide-grid-scientific-computing/ http://www.cavium.com/newsevents-GIGABYTE-announces-384-Core-2U-server-powered-by-Cavium-ThunderX-ARMv8-processors.html https://www.servethehome.com/exclusive-first-cavium-thunderx-dual-48-core-96-core-total-arm-benchmarks/ https://dzone.com/articles/big-data-processing-arm-0 https://www.servethehome.com/cavium-gigabyte-launching-384-core-armv8-2u-server-cluster/ http://blog.alexellis.io/getting-started-with-docker-on-raspberry-pi/ http://www.sparkonarm.com/