Embed Size (px)
Citation preview
IntroductiontoDockerPeng XiaoGitHub: xiaopeng163Network Consulting EngineerCisco Systems
Contents• The Metrix from Hell• What is Container/Docker?• Docker Basic Usage• Docker Networking Deep Dive• Docker Compose• Docker Swarm• Ecosystem and Standardization
Static website
Web frontend
User DB
Queue Analytics DB
Background workers
API endpoint
nginx 1.5 + modsecurity + openssl + bootstrap 2
postgresql + pgv8 + v8
hadoop + hive + thrift + OpenJDK
Ruby + Rails + sass + Unicorn
Redis + redis-sentinel
Python 3.0 + celery + pyredis + libcurl + ffmpeg + libopencv + nodejs + phantomjs
Python 2.7 + Flask + pyredis + celery + psycopg + postgresql-client
Development VM
QA server
Public Cloud
Disaster recovery
Contributor’s laptop
Production Servers
TheChallengeMultip
licity
ofS
tacks
Multip
licity
of
hardware
environm
ents
Production Cluster
Customer Data Center
Doservicesandappsinteract
appropriately?
CanImigrate
smoothlyandquickly?
TheMatrixFromHell
Static website
Web frontend
Background workers
User DB
Analytics DB
Queue
Development VM QA Server Single Prod
ServerOnsite Cluster Public Cloud Contributor’
s laptopCustomer
Servers
? ? ? ? ? ? ?
? ? ? ? ? ? ?
? ? ? ? ? ? ?
? ? ? ? ? ? ?
? ? ? ? ? ? ?
? ? ? ? ? ? ?
Static website Web frontend User DB Queue Analytics DB
Development VM
QA server Public Cloud Contributor’s laptop
DockerisashippingcontainersystemforcodeMultip
licityofStacks
Multip
licityof
hardware
environm
ents
Production Cluster
Customer Data Center
Doservicesandappsinteract
appropriately?
CanImigrate
smoothlyandquickly
…that can be manipulated using standard operations and run consistently on virtually any hardware platform
An engine that enables any payload to be encapsulated as a lightweight, portable, self-sufficient container…
Static website
Web frontend
Background workers
User DB
Analytics DB
Queue
Development VM QA Server Single Prod
ServerOnsite Cluster Public Cloud Contributor’
s laptopCustomer
Servers
DockereliminatesthematrixfromHell
WhyDevelopersCare
• Buildonce…(finally)runanywhere*• Aclean,safe,hygienicandportableruntimeenvironmentforyourapp.• Noworriesaboutmissingdependencies,packagesandotherpainpointsduringsubsequent
deployments.• Runeachappinitsownisolatedcontainer,soyoucanrunvariousversionsoflibrariesandother
dependenciesforeachappwithoutworrying• Automatetesting,integration,packaging…anythingyoucanscript• Reduce/eliminateconcernsaboutcompatibilityondifferentplatforms,eitheryourownoryour
customers.• Cheap,zero-penaltycontainerstodeployservices?AVMwithouttheoverheadofaVM?Instant
replayandresetofimagesnapshots?That’sthepowerofDocker
*Withthe0.7release,wesupportanyx86serverrunningamodernLinuxkernel(3.2+generally.2.6.32+forRHEL6.5+,Fedora,&related)
WhyDevops Cares?
• Configureonce…runanything• Maketheentirelifecyclemoreefficient,consistent,andrepeatable• Increasethequalityofcodeproducedbydevelopers.• Eliminateinconsistenciesbetweendevelopment,test,production,andcustomerenvironments• Supportsegregationofduties• Significantlyimprovesthespeedandreliabilityofcontinuousdeploymentandcontinuousintegrationsystems
• Becausethecontainersaresolightweight,addresssignificantperformance,costs,deployment,andportabilityissuesnormallyassociatedwithVMs
Contents• The Metrix from Hell
•What is Container/Docker?• Docker Basic Usage• Docker Networking Deep Dive• Docker Compose• Docker Swarm• Ecosystem and Standardization
Container History
http://kiwenlau.blogspot.com/2015/01/linux-container-technology-overview.html
Docker is nothing new, it just show in the right time
AppA
Containersvs.VMs
Hypervisor(Type2)
HostOS
Server
GuestOS
Bins/Libs
AppA’
GuestOS
Bins/Libs
AppB
GuestOS
Bins/Libs
AppA’
Docker
HostOS
Server
Bins/Libs
AppABins/Libs
AppB
AppB’
AppB’
AppB’VM
Container
Containersareisolated,butshareOSand,whereappropriate,bins/libraries
GuestOS
GuestOS
…resultissignificantlyfasterdeployment,muchlessoverhead,easiermigration,fasterrestart
WhyareContainerslightweight?
Bins/Libs
AppA
OriginalApp(NoOStotakeupspace,resources,orrequirerestart)
AppΔ
Bins/
AppA
Bins/Libs
AppA’
GuestOS
Bins/Libs
ModifiedApp
CopyonwritecapabilitiesallowustoonlysavethediffsBetweencontainerAandcontainerA’
VMsEveryapp,everycopyofanapp,andeveryslightmodificationoftheapprequiresanewvirtualserver
AppA
GuestOS
Bins/Libs
CopyofApp
NoOS.CanSharebins/libs
AppA
GuestOS
GuestOS
VMs Containers
Docker Inside
Docker Inside (Deep Dive)• ADeepDiveIntoLinuxContainersForEngineersInterestedInTheGrittyDetails. http://docker-saigon.github.io/post/Docker-Internals/• Cgroups,namespaces,andbeyond:whatarecontainersmadefrom?(DockerCon Europe2015) https://goo.gl/25KtpZ
Contents• The Metrix from Hell• What is Container/Docker?
•Docker Basic Usage• Docker Networking Deep Dive• Docker Compose• Docker Swarm• Ecosystem and Standardization
DockerEngine• DockerDaemon+REST(ish)API• DockerClient(CLI)talkstotheAPI• DaemonmanagestheDockercontainers• Startitwith:docker –d• docker versiontotestifdocker issetupcorrectly• DockerEngine(Linux,Mac,Windows)• https://docs.docker.com/engine/installation/
DockerToolbox• DockerToolboxisaninstallerforquicksetupandlaunchofaDockerenvironmentonolderMacandWindowssystemsthatdonotmeettherequirementsofthenewDockerforMacandDockerforWindowsapps.
DockerMachine• MachinemakesitreallyeasytocreateDockerhostsonyourcomputer,oncloudprovidersandinsideyourowndatacenter.Itcreatesservers,installsDockeronthem,thenconfigurestheDockerclienttotalktothem.• Driversexistfor:
• AWS• DigitalOcean• Azure• GoogleComputeEngine• Rackspace• OpenStack• Virtualbox• VMWareFusion• VMWarevSphere• Hyperv
Docker ImagesvsContainers• Images:Aboutstoringormovingyourapp• Containers:Aboutrunningyourapp
https://docs.docker.com/engine/userguide/storagedriver/imagesandcontainers/
Docker Workflow——Build/Pull/Push
SourceCode
Repository
DockerfileForA
DockerEngine
DockerContainerImageRegistry
Build
Docker
Host2OS(Linux)
ContainerA
ContainerB
ContainerC
ContainerA
Push
Search Pull
Run
Host1OS(Linux)
DockerImage• Download,list,removeimages
https://hub.docker.com/
DockerfileCreate a Dockerfile
Build a image
https://docs.docker.com/engine/reference/builder/
DockerContainer• Create and start a container
• Inside of the container
DockerContainer• Stop and remove a container
http://docker-k8s-lab.readthedocs.io/en/latest/docker/docker-cli.html
Contents• The Metrix from Hell• What is Container/Docker?• Docker Basic Usage
•Docker Networking Deep Dive• Docker Compose• Docker Swarm• Ecosystem and Standardization
Docker Networking
ContainerNetworkModel
https://github.com/docker/libnetwork/blob/master/docs/design.md
CNM Drivers
Demo: Docker Bridge Network• http://docker-k8s-lab.readthedocs.io/en/latest/docker/bridged-network.html
Docker Multi-Host Networking• Tunnel• Docker build-in overlay network: VXLAN• OVS: VXLAN or GRE• Flannel: VXLAN or UDP• Weave: VXLAN or UDP
• Routing• Calico: Layer 3 routing based on BGP• Contiv: Layer 3 routing based on BGP
http://blog.dataman-inc.com/shurenyun-docker-133/
Lab A: Overlay Multi-Host Networking with OVS• http://docker-k8s-lab.readthedocs.io/en/latest/docker/docker-ovs.html
Linux bridgedocker0
br-int gre0
eth0
eth0 eth0
Host 1Docker
Container 2Container 1
Open vSwitch
Linux bridgedocker0
br-intgre0
eth0
eth0 eth0
Host 2Docker
Container 2Container 1
Open vSwitchGRE tunnel
Lab B:Multi-Host OverlayNetworkingwithEtcd• http://docker-k8s-lab.readthedocs.io/en/latest/docker/docker-etcd.html
Docker1.12NetworkingModelOverview
Contents• The Metrix from Hell• What is Container/Docker?• Docker Basic Usage• Docker Networking Deep Dive
•Docker Compose• Docker Swarm• Ecosystem and Standardization
DockerComposeOverview• Composeisatoolfordefiningandrunningmulti-containerDockerapplications.WithCompose,youuseaComposefiletoconfigureyourapplication’sservices.Then,usingasinglecommand,youcreateandstartalltheservicesfromyourconfiguration.• Definedinyaml
Demo: Docker Compose• ExampleVotingApp• https://github.com/DaoCloud/example-voting-app
• Guide:• http://docker-k8s-lab.readthedocs.io/en/latest/docker/docker-compose.html
Contents• The Metrix from Hell• What is Container/Docker?• Docker Basic Usage• Docker Networking Deep Dive• Docker Compose
•Docker Swarm• Ecosystem and Standardization
Before Docker Swarm
With Docker Swarm
grpc
raftconsensusgroup
gossipnetwork
http://www.grpc.io/http://thesecretlivesofdata.com/raft/https://en.wikipedia.org/wiki/Gossip_protocol
Docker Orchestration Components
http://www.slideshare.net/ajeetraina/service-discovery-loadbalancing-under-docker-1120-docker-meetup-22
Create Docker Service
https://www.youtube.com/watch?v=_F6PSP-qhdAhttp://collabnix.com/archives/1445
Demo: Docker Swarm• Docker Swarm with Load Balancing and Scaling• http://docker-k8s-lab.readthedocs.io/en/latest/docker/docker-swarm-lb-scale.html
• Multi-Services issue• https://github.com/docker/compose/issues/3656
Contents• The Metrix from Hell• What is Container/Docker?• Docker Basic Usage• Docker Networking Deep Dive• Docker Compose• Docker Swarm
•Ecosystem and Standardization
Container Ecosystem
OpenContainerInitiative (OCI)• A Linux Foundation Collaborative Project• Free from control by any particular vendor’s specfic cloud stack orecosystem• Includes:• Container runtime specification -> runc• Image format specification
http://www.slideshare.net/PhilEstes/runc-the-little-engine-that-could-run-docker-containershttps://www.opencontainers.org/https://github.com/opencontainers
Container Networking• Container Network Model (CNM) by Docker• Adopted by Docker libnetwork, Cisco Contiv, Kuryr, OVN, Project Calico,Vmware, Vwave
• Container Network Interface(CNI) by CoreOS• Adopted by kuberntes, Kurma, rkt, Apache Mesos, Clould Foundry, CiscoContiv, Project Calico and Weave.
http://thenewstack.io/container-networking-landscape-cni-coreos-cnm-docker/https://github.com/containernetworking
?
