SlideShare a Scribd company logo

What's New in Docker 1.12?

Ajeet Singh Raina
Ajeet Singh Raina

Docker Engine 1.12 can be rightly called ” A Next Generation Docker Clustering & Distributed System”. Though Docker Engine 1.12 Final Release is around corner but the recent RC3 brings lots of improvements and exciting features. One of the major highlight of this release is Docker Swarm Mode which provides powerful yet optional ability to create coordinated groups of decentralized Docker Engines. Swarm Mode combines your engine in swarms of any scale. It’s self-organizing and self-healing. It enables infrastructure-agnostic topology.The newer version democratizes orchestration with out-of-box capabilities for multi-container on multi-host app deployments.

1 of 32
Download to read offline
WHAT’S NEW IN DOCKER ENGINE 1.12? Presenter Name - Ajeet Singh Raina Presentation Date – July-9 2016 Presented at - Docker Meetup #21
ABOUT ME #Contribution: - Frequent Blogger – http://www.collabnix.com - Article Writing @ OSFY India - Dell Community ( Containerizing Dell Legacy Application) #Inside Dell: - Project Lead Engineer(Global Solution Engineering) - Worked in VMware, CGI , Dell R&D - Solaris Lead Engineer ( Wiki Moderator) • (t) - ajeetsraina • (f) - Docker Public Group Moderator #Reviewed Publications: • Puppet for Containerization • PowerCLI Cookbook #Technology : System Integration, Linux, Docker, Hadoop, Puppet in Dell HPC
• What’s New in Docker 1.12 Engine? (API objects) • Introducing SwarmKit Vs Swarm Mode (Overview) • Swarm Mode Deep-Dive(Orchestration, Self-healing, Self-Organizing, in-built failover) • Playing around Services (Desired State/Rolling Updates/Scaling) • Understanding Routing Mesh (Container Native Load-Balancing) • Demo AGENDA
WHAT’S NEW IN DOCKER ENGINE 1.12?
What's New in Docker 1.12?
MAJOR FEATURE ENABLEMENTS Features Engine 1.11(and prior) Engine 1.12 Multi-host Networking & KV Store External KV store No External KV Store required (Swarm Mode) MACVLAN Experimental Out-of Experimental Secure Control Plane Insecure (Plain-text) Secure Secure Data Plane VXLAN was not encrypted by default(can be secured by --opt- secure) Encrypted VXLAN traffic( makes use of swarm certificates and key exchange) Load Balancing Load Balancing was featured under 1.10, based on only DNS RR Virtual IP Load-Balancing & DNS RR both supported(LB using IPVS) Service Discovery Available under 1.10 but based on external service discovery backend Service discovery now integrated into Docker Engine, Virtual IP for VIP Load-Balancing support. Swarm Mode Not Available Newly Introduced ( Optional Feature) Routing Mess Not Available Newly Introduced
WHAT’S NEW IN SWARM? Swarm Reboot in Docker 1.12 New Swarm APIs – $docker swarm --help $docker node --help $docker service --help Easy Swarm Management $docker swarm init $docker swarm join master:port New Docker Plumbing for Swarm Mode ~ Swarmkit Docker Swarm embedded into Docker Engine Service ~ First class citizen ~ Replication, Load Balancing & updates of Images New Service CLIs – $docker service # --help [create, inspect, remove, update] $docker service tasks --help New Node CLIs – $docker service # --help [accept, promote, demote, inspect, update, tasks, ls and rm ] New Stack & Deploy CLIs – [ Experimental]
SWARMKIT – AN OVERVIEW An open source toolkit(plumbing) to build multinode systems Builds the cluster management and orchestration features embedded in the Docker Engine Employs the decentralized architecture rather than centralized(key-value store) Machines running SwarmKit can be grouped together in order to form a Swarm Once a machine joins, it becomes a Swarm Node.
SWARMKIT - FEATURES SwarmKit Desired State Reconciliation Replicated & Global Services Configuration Updates - Parallelism - Delay Restart Policies Scheduling Constraints Orchestration Resource Awareness Management Topology Node Security Mutual TLS Acceptance Policy Certification Rotation
Swarm mode is an optional feature. Swarm mode is enabled for the Engine by either initializing a swarm or joining an existing swarm. When you run Engine in swarm Mode, you orchestrate services . When you run Docker Engine outside the swarm mode, you basically execute container commands. Swarm Mode is NOT going to break the existing Swarm production environment. No external KV store needed Self Healing, Self-Organizing, No Single Point of Failure Swarm Mode
A BASIC SWARM ARCHITECTURE $ docker -H=tcp://192.168.33.10:2375 run -d -p 8500:8500 - h consul progrium/consul -server -bootstrap $ docker -H=tcp://192.168.33.11:2375 run -d -p 3375:2375 swarm manage consul://192.168.33.10:8500/ $docker -H=tcp://192.168.33.12:2375 run -d swarm join -- advertise=192.168.33.12:2375 consul://192.168.33.10:8500/ $ docker -H=tcp://192.168.33.13:2375 run -d swarm join --advertise=192.168.33.13:2375 consul://192.168.33.10:8500/
SWARM MODE – A GLIMPSE Swarm Manager Swarm Agent Swarm Agent c0-master c0-n1 c0-n2 TCP port 2377 for cluster management communications TCP and UDP port 7946 for communication in between nodes TCP and UDP port 4789 for overlay network traffic
@master1 SWARM MODE: INITIALIZING THE SWARM MODE $docker swarm init
@master1 SWARM MODE: ADDING THE FIRST WORKER NODE $docker swarm init @node1 $docker swarm join <IP address of Master>:2377
@master1 SWARM MODE: BUILDING THE CLUSTER $docker swarm init @node1 $docker swarm join <IP address of Master>:2377 @node2 @node3 @node4@node5 $docker swarm join <IP address of Master>:2377 $docker swarm join <IP address of Master>:2377 … …
SWARM MODE: UNDER THE HOOD Secure by default with End to End Encryption 1. $docker swarm init 2. A TLS root CA is created. 3. A keypair is issued for the first node, and signed by the root CA. 4. All the joining nodes also receive the root CA public key and certificate 5. The node keys and certificates are automatically renewed on regular intervals (by default, 90 days) 6. Tunable with docker swarm update). 7. External CA Integration Supported
@master1 SWARM MODE: ACCEPTANCE POLICY $docker swarm init $docker swarm update - - auto-accept none –secret <password> @node1 $docker swarm join <IP address of Master>:2377 @node2 @node3 @node4 @node5
@master1 SWARM MODE: ACCEPTANCE POLICY $docker swarm update - - auto-accept none –secret <password> $docker swarm accept <node5> @node1 $docker swarm join <IP address of Master>:2377 @node2 @node3 @node4 @node6 $docker swarm join <IP address of Master>:2377
@master1 SWARM MODE: ACCEPTANCE POLICY $docker swarm update - - auto-accept none –secret <password> $docker swarm accept <node5> @node1 $docker swarm join <IP address of Master>:2377 @node2 @node3 @node4 @node5 $docker swarm join <IP address of Master>:2377
SWARM MODE: CREATING THE FIRST SERVICE $docker network create –d overlay mynetwork $docker service create - -name mycloud - -replicas 4 - -network mynetwork - -publish 80:80/tcp dockercloud/hello-world
SWARM MODE: CREATING THE FIRST SERVICE mycloud mycloud.1 mycloud.4 mycloud.2 mycloud.3 mycloud:latest container mycloud:latest container mycloud:latest container mycloud:latest container Service Tasks Containers
What's New in Docker 1.12?
What's New in Docker 1.12?
@master1 SWARM MODE: SCALING @node1 @node2 @node3 @node4@node5 mynetwork $docker service scale mycloud=10
SWARM MODE– NODE FAILURE $docker service scale mycloud=20
SWARM MODE– DESIRED STATE ACTUAL STATE $docker service scale mycloud=20
SWARM MODE – CONVERGED BACK TO DESIRED STATE $docker service scale mycloud=20
SWARM MODE: GLOBAL SERVICES $docker service create –mode=global –name mycloud dockercloud/hello-world
SWARM MODE – CONSTRAINTS $docker service create - -name mycloud - -replicas 4 - -network mynetwork - -publish 80:80/tcp --constraint com.example.storage=“ssd” dockercloud/hello-world
SWARM MODE – ROUTING MESS
SWARM MODE – INGRESS NETWORKING
DEMO TIME

More Related Content

What's New in Docker 1.12?

  • 1. WHAT’S NEW IN DOCKER ENGINE 1.12? Presenter Name - Ajeet Singh Raina Presentation Date – July-9 2016 Presented at - Docker Meetup #21
  • 2. ABOUT ME #Contribution: - Frequent Blogger – http://www.collabnix.com - Article Writing @ OSFY India - Dell Community ( Containerizing Dell Legacy Application) #Inside Dell: - Project Lead Engineer(Global Solution Engineering) - Worked in VMware, CGI , Dell R&D - Solaris Lead Engineer ( Wiki Moderator) • (t) - ajeetsraina • (f) - Docker Public Group Moderator #Reviewed Publications: • Puppet for Containerization • PowerCLI Cookbook #Technology : System Integration, Linux, Docker, Hadoop, Puppet in Dell HPC
  • 3. • What’s New in Docker 1.12 Engine? (API objects) • Introducing SwarmKit Vs Swarm Mode (Overview) • Swarm Mode Deep-Dive(Orchestration, Self-healing, Self-Organizing, in-built failover) • Playing around Services (Desired State/Rolling Updates/Scaling) • Understanding Routing Mesh (Container Native Load-Balancing) • Demo AGENDA
  • 4. WHAT’S NEW IN DOCKER ENGINE 1.12?
  • 6. MAJOR FEATURE ENABLEMENTS Features Engine 1.11(and prior) Engine 1.12 Multi-host Networking & KV Store External KV store No External KV Store required (Swarm Mode) MACVLAN Experimental Out-of Experimental Secure Control Plane Insecure (Plain-text) Secure Secure Data Plane VXLAN was not encrypted by default(can be secured by --opt- secure) Encrypted VXLAN traffic( makes use of swarm certificates and key exchange) Load Balancing Load Balancing was featured under 1.10, based on only DNS RR Virtual IP Load-Balancing & DNS RR both supported(LB using IPVS) Service Discovery Available under 1.10 but based on external service discovery backend Service discovery now integrated into Docker Engine, Virtual IP for VIP Load-Balancing support. Swarm Mode Not Available Newly Introduced ( Optional Feature) Routing Mess Not Available Newly Introduced
  • 7. WHAT’S NEW IN SWARM? Swarm Reboot in Docker 1.12 New Swarm APIs – $docker swarm --help $docker node --help $docker service --help Easy Swarm Management $docker swarm init $docker swarm join master:port New Docker Plumbing for Swarm Mode ~ Swarmkit Docker Swarm embedded into Docker Engine Service ~ First class citizen ~ Replication, Load Balancing & updates of Images New Service CLIs – $docker service # --help [create, inspect, remove, update] $docker service tasks --help New Node CLIs – $docker service # --help [accept, promote, demote, inspect, update, tasks, ls and rm ] New Stack & Deploy CLIs – [ Experimental]
  • 8. SWARMKIT – AN OVERVIEW An open source toolkit(plumbing) to build multinode systems Builds the cluster management and orchestration features embedded in the Docker Engine Employs the decentralized architecture rather than centralized(key-value store) Machines running SwarmKit can be grouped together in order to form a Swarm Once a machine joins, it becomes a Swarm Node.
  • 9. SWARMKIT - FEATURES SwarmKit Desired State Reconciliation Replicated & Global Services Configuration Updates - Parallelism - Delay Restart Policies Scheduling Constraints Orchestration Resource Awareness Management Topology Node Security Mutual TLS Acceptance Policy Certification Rotation
  • 10. Swarm mode is an optional feature. Swarm mode is enabled for the Engine by either initializing a swarm or joining an existing swarm. When you run Engine in swarm Mode, you orchestrate services . When you run Docker Engine outside the swarm mode, you basically execute container commands. Swarm Mode is NOT going to break the existing Swarm production environment. No external KV store needed Self Healing, Self-Organizing, No Single Point of Failure Swarm Mode
  • 11. A BASIC SWARM ARCHITECTURE $ docker -H=tcp://192.168.33.10:2375 run -d -p 8500:8500 - h consul progrium/consul -server -bootstrap $ docker -H=tcp://192.168.33.11:2375 run -d -p 3375:2375 swarm manage consul://192.168.33.10:8500/ $docker -H=tcp://192.168.33.12:2375 run -d swarm join -- advertise=192.168.33.12:2375 consul://192.168.33.10:8500/ $ docker -H=tcp://192.168.33.13:2375 run -d swarm join --advertise=192.168.33.13:2375 consul://192.168.33.10:8500/
  • 12. SWARM MODE – A GLIMPSE Swarm Manager Swarm Agent Swarm Agent c0-master c0-n1 c0-n2 TCP port 2377 for cluster management communications TCP and UDP port 7946 for communication in between nodes TCP and UDP port 4789 for overlay network traffic
  • 13. @master1 SWARM MODE: INITIALIZING THE SWARM MODE $docker swarm init
  • 14. @master1 SWARM MODE: ADDING THE FIRST WORKER NODE $docker swarm init @node1 $docker swarm join <IP address of Master>:2377
  • 15. @master1 SWARM MODE: BUILDING THE CLUSTER $docker swarm init @node1 $docker swarm join <IP address of Master>:2377 @node2 @node3 @node4@node5 $docker swarm join <IP address of Master>:2377 $docker swarm join <IP address of Master>:2377 … …
  • 16. SWARM MODE: UNDER THE HOOD Secure by default with End to End Encryption 1. $docker swarm init 2. A TLS root CA is created. 3. A keypair is issued for the first node, and signed by the root CA. 4. All the joining nodes also receive the root CA public key and certificate 5. The node keys and certificates are automatically renewed on regular intervals (by default, 90 days) 6. Tunable with docker swarm update). 7. External CA Integration Supported
  • 17. @master1 SWARM MODE: ACCEPTANCE POLICY $docker swarm init $docker swarm update - - auto-accept none –secret <password> @node1 $docker swarm join <IP address of Master>:2377 @node2 @node3 @node4 @node5
  • 18. @master1 SWARM MODE: ACCEPTANCE POLICY $docker swarm update - - auto-accept none –secret <password> $docker swarm accept <node5> @node1 $docker swarm join <IP address of Master>:2377 @node2 @node3 @node4 @node6 $docker swarm join <IP address of Master>:2377
  • 19. @master1 SWARM MODE: ACCEPTANCE POLICY $docker swarm update - - auto-accept none –secret <password> $docker swarm accept <node5> @node1 $docker swarm join <IP address of Master>:2377 @node2 @node3 @node4 @node5 $docker swarm join <IP address of Master>:2377
  • 20. SWARM MODE: CREATING THE FIRST SERVICE $docker network create –d overlay mynetwork $docker service create - -name mycloud - -replicas 4 - -network mynetwork - -publish 80:80/tcp dockercloud/hello-world
  • 21. SWARM MODE: CREATING THE FIRST SERVICE mycloud mycloud.1 mycloud.4 mycloud.2 mycloud.3 mycloud:latest container mycloud:latest container mycloud:latest container mycloud:latest container Service Tasks Containers
  • 24. @master1 SWARM MODE: SCALING @node1 @node2 @node3 @node4@node5 mynetwork $docker service scale mycloud=10
  • 25. SWARM MODE– NODE FAILURE $docker service scale mycloud=20
  • 26. SWARM MODE– DESIRED STATE ACTUAL STATE $docker service scale mycloud=20
  • 27. SWARM MODE – CONVERGED BACK TO DESIRED STATE $docker service scale mycloud=20
  • 28. SWARM MODE: GLOBAL SERVICES $docker service create –mode=global –name mycloud dockercloud/hello-world
  • 29. SWARM MODE – CONSTRAINTS $docker service create - -name mycloud - -replicas 4 - -network mynetwork - -publish 80:80/tcp --constraint com.example.storage=“ssd” dockercloud/hello-world
  • 30. SWARM MODE – ROUTING MESS
  • 31. SWARM MODE – INGRESS NETWORKING