• Save
Chris Swan's QCon presentation "Using Docker in Cloud Networks"
 

Like this? Share it with your network

Share

Chris Swan's QCon presentation "Using Docker in Cloud Networks"

on

  • 2,357 views

CTO Chris Swan's QCon presentation: Using Docker in Cloud Networks ...

CTO Chris Swan's QCon presentation: Using Docker in Cloud Networks
Track: Next Gen Cloud
Originally presented on Friday, 7 March 14:30 - 15:20 in the Mountbatten Room

About the presentation
Docker.io provides an elegant means of packaging and deploying application stacks. CohesiveFT have incorporated Docker into their VNS3 cloud overlay networking as a substrate for layer 4-7 network application services - things like proxy, reverse proxy, SSL termination, content caching and network intrusion detection. This presentation will look at what Docker does, and why it was chosen. It will also look at what's been involved in building Docker into an established platform, and what it takes to package applications and application infrastructure for use with Docker. This will include a look at Dockerfile, and the potential it has for tightening DevOps loops. Finally a look at some Docker trip hazards, and how to avoid them, and a Docker wish list - for how it could be even better.

Statistics

Views

Total Views
2,357
Views on SlideShare
1,790
Embed Views
567

Actions

Likes
3
Downloads
0
Comments
0

14 Embeds 567

http://www.scoop.it 346
http://blog.cohesiveft.com 163
https://twitter.com 23
http://feeds.feedburner.com 14
http://feedly.com 7
http://posts.docker.com 3
http://www.pearltrees.com 3
http://digg.com 2
http://www.slideee.com 1
http://translate.googleusercontent.com 1
http://www.tuicool.com 1
http://webcache.googleusercontent.com 1
http://beta.inoreader.com 1
http://www.pinterest.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs LicenseCC Attribution-NonCommercial-NoDerivs License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Chris Swan's QCon presentation "Using Docker in Cloud Networks" Presentation Transcript

  • 1. Using Docker in Cloud Networks Chris Swan, CTO @cpswan the original cloud networking company copyright 2014 Friday, 28 February 14 1
  • 2. Agenda Docker Overview Dockerfile and DevOps Docker in Cloud Networks Some Trip Hazards My Docker Wish List copyright 2014 Friday, 28 February 14 2
  • 3. Docker overview copyright 2014 Friday, 28 February 14 3
  • 4. background Open source project released in March 2013 Docker is a Container System for Code Image Credit: Docker..io copyright 2014 Friday, 28 February 14 4
  • 5. A different granularity of virtualisation Image Credit: Docker..io copyright 2014 Friday, 28 February 14 5
  • 6. Continuing the container analogy Image Credit: Docker..io copyright 2014 Friday, 28 February 14 6
  • 7. What’s outside the box? Linux containers (LXC) Similar to Solaris zones, FreeBSD jails, IBM LPAR etc. > chroot < any hardware (VT) protected hypervisor A union file system (e.g. AUFS) Containers are made up out of layers May also use ZFS or BTRFS Docker command line tool to manage lifecycle of containers run, start, stop, ps, import, export etc. copyright 2014 Friday, 28 February 14 7
  • 8. Going inside the box - Hello World copyright 2014 Friday, 28 February 14 8
  • 9. Stacking containers Image Credit: Docker..io copyright 2014 Friday, 28 February 14 9
  • 10. Containers and Images Image Credit: Docker..io copyright 2014 Friday, 28 February 14 10
  • 11. Hello World from Dockerfile copyright 2014 Friday, 28 February 14 11
  • 12. A real example of Dockerfile copyright 2014 Friday, 28 February 14 12
  • 13. Dockerfile and DevOps copyright 2014 Friday, 28 February 14 13
  • 14. John Boyd’s OODA loop copyright 2014 Friday, 28 February 14 14
  • 15. Dockerfile makes mistakes very cheap copyright 2014 Friday, 28 February 14 15
  • 16. Docker and networking copyright 2014 Friday, 28 February 14 16
  • 17. When the Docker daemon starts Creates a docker0 bridge if not present Other bridges can be manually configured Searches for an IP address range which doesn’t overlap with an existing route Default is 172.17.0.0/16 Picks an IP in the selected range and assigns it to the docker0 bridge Default is 172.17.42.1 Containers get a virtual interface that’s bonded to the docker0 bridge Starting with 172.17.0.2 copyright 2014 Friday, 28 February 14 17
  • 18. Port mapping Map a random host port to a container port sudo docker run -d -p 1234 cpswan/demoapp Map a specific host port to a container port sudo docker run -d -p 1234:1234 cpswan/demoapp copyright 2014 Friday, 28 February 14 18
  • 19. Container linking Docker takes named links to other containers to populate env variables: # start the database sudo docker run -d -p 3306:3306 -name todomvc_db -v /data/mysql:/var/lib/mysql cpswan/todomvc.mysql # start the app server sudo docker run -d -p 4567:4567 -name todomvc_app -link todomvc_db:db cpswan/todomvc.sinatra # start the web server sudo docker run -d -p 443:443 -name todomvc_ssl -link todomvc_app:app cpswan/todomvc.ssl Use the env variable in the app server: dburl = 'mysql://root:pa55Word@' + ENV['DB_PORT_3306_TCP_ADDR'] + '/todomvc' DataMapper.setup(:default, dburl) copyright 2014 Friday, 28 February 14 19
  • 20. Docker in cloud networks copyright 2014 Friday, 28 February 14 20
  • 21. Before Docker VNS3 is a virtual appliance Swiss Army Knife for networking VNS3 Router Switch Firewall IPsec/SSL VPN concentrator Protocol Redistributor Dynamic & Scriptable SDN copyright 2014 Friday, 28 February 14 Tool for building secure networks in virtual infrastructures, private & public cloud 21
  • 22. A typical customer use case Public Cloud Web App IPsec Tunnel VNS3 Firewall / VPN Data Center Servers On-Site Hardware copyright 2014 Friday, 28 February 14 22
  • 23. That annoying extra VM Public Cloud Web App IPsec Tunnel VNS3 Internet traffic Firewall / VPN Data Center Servers On-Site Hardware copyright 2014 Friday, 28 February 14 23
  • 24. With Docker VNS3 3.5 allows customers to embed features and functions provided by other vendors - or developed in house, safely and securely into their Cloud Network. VNS3 (Reverse) Proxy Router SSL Termination Switch Content Caching Load Balancing Intrusion Detection More.... Firewall IPsec/SSL VPN Concentrator Protocol Redistributor Dynamic & Scriptable SDN copyright 2014 Friday, 28 February 14 Customer controlled, & co-created, for best hybrid cloud experience 24
  • 25. Getting rid of that annoying extra VM Public Cloud Web App IPsec Tunnel VNS3 Internet traffic Firewall / VPN Data Center Servers On-Site Hardware copyright 2014 Friday, 28 February 14 25
  • 26. Seeding the ecosystem copyright 2014 Friday, 28 February 14 26
  • 27. and on github copyright 2014 Friday, 28 February 14 27
  • 28. as Dockerfile doesn’t stand alone copyright 2014 Friday, 28 February 14 28
  • 29. Some trip hazards copyright 2014 Friday, 28 February 14 29
  • 30. Inconsistent package repos copyright 2014 Friday, 28 February 14 30
  • 31. Beware apt-get upgrade Not a problem in the official Docker.io images But... if you’re using images from somewhere else then it’s not good when they try to build an initramfs copyright 2014 Friday, 28 February 14 31
  • 32. Non deterministic actions apt-get install whatever -y You want this to be cached in the short term You might not want it to be cached long term (I’m not going to wade into the security tar pit right now) copyright 2014 Friday, 28 February 14 32
  • 33. Local vs Global image namespace sudo docker build -t cpswan/haproxy . sudo docker run -d cpswan/haproxy != sudo docker run -d cpswan/haproxy Nothing there to make you pull before you push Global namespace is managed, local namespace isn’t Intermediate/private repositories for extra fun :-0 copyright 2014 Friday, 28 February 14 33
  • 34. This can happen ‘docker ps’: copyright 2014 Friday, 28 February 14 34
  • 35. and also this ‘docker ps --all’: copyright 2014 Friday, 28 February 14 35
  • 36. My Docker wish list copyright 2014 Friday, 28 February 14 36
  • 37. If only it would... Docker CLI Disk quotas Route propagation copyright 2014 Friday, 28 February 14 37
  • 38. At least one of those wishes might be granted... copyright 2014 Friday, 28 February 14 38
  • 39. Summary copyright 2014 Friday, 28 February 14 39
  • 40. Summary Docker provides a ‘shipping container’ for apps Dockerfile tightens the DevOps OODA loop Docker has given us a way to move from closed platform to open platform (and be part of an ecosystem) It’s not perfect yet, but it’s not finished yet (and software rarely is anyway) copyright 2014 Friday, 28 February 14 40
  • 41. Questions? Paddington, London, UK ContactMe@cohesiveft.com   +44 20 8144 0156 @CohesiveFT copyright 2014 Friday, 28 February 14 41