Deep Dive into Docker Swarm Mode

1. Demystifying Docker Swarm Mode Ajeet Singh Raina Docker Captain – Docker, Inc.

2. 2 Who Am I? • Sr. Systems Development Engineer at DellEMC • 1st half of my career was in CGI & VMware • 2nd half of my career has been in System Integration • Testing/Project Lead for Dell EMC. • Definitely more IT pro than developer • @ajeetsraina (a frequent Twitterati) http://www.collabnix.com

3. Agenda - Introduction to Docker Swarm - Docker Swarm Mode Features - Docker Stack Deployment - What’s new in Docker 17.06 Swarm Mode - Hybrid Swarm Setup, Toplogy Scheduling - Demo – Hybrid Swarm(Play with Docker)

4. Introduction to Docker Swarm Mode

5. 5 A Little Background: What is Swarm? Let’s start with Single Docker Host Application A Docker Host http://collabnix.com/getting-started-with-docker-swarm/

6. 6 A Little Background: What is Swarm? You want to add more hosts..

7. 7 A Little Background: What is Swarm? But Wait… Service Discovery Scalability High Availability Failure ManagementScheduling Rolling Updates Container Security

8. 8 Docker Swarm Mode comes to rescue.. http://collabnix.com/new-docker-1-12-comes-with-built-in-distribution-orchestration-system/

9. 9 What is Swarm Mode? • A swarm consists of one or more nodes: physical or virtual machines running Docker Engine. • It was introduced first under Docker 1.12 release. • It enables the ability to deploy containers across multiple Docker hosts, using overlay networks for service discovery with a built-in load balancer for scaling the services. http://collabnix.com/docker-1-12-swarm-mode-under-the-hood/

10. 10 Swarm Mode Manager TLS Swarm Mode Worker Certificate Authority Load Balancing Service Discovery Distributed store Volumes MacVLAN Support Plugins Container Runtime Orchestration Components Secrets Management Scheduling/ Placements Topology Aware Scheduling Service Logs Health-Aware Orchestration Networking Service Rollbacks High Availability Scheduling Swarm Mode Features under Docker 17.06

11. 11 Swarm Mode Manager TLS Swarm Mode Worker Certificate Authority Load Balancing Service Discovery Distributed store Volumes MacVLAN Support Plugins Container Runtime Orchestration Components Secrets Management Scheduling/ Placements Topology Aware Scheduling Service Logs Health-Aware Orchestration Networking Service Rollbacks High Availability Scheduling Swarm Mode Features under Docker 17.06

12. Building a Swarm Topology

13. 13 Building a Swarm Topology – Manual Way @manager $docker swarm init --advertise-addr <IP of manager node>:2377 or $docker swarm init --listen-addr <IP of manager node>:2377

14. 14 Building a Swarm Topology – Manual Way @manager @node1 $docker swarm join –token-id <token> <manager node>:2377 $docker swarm join-token worker/manager

15. 15 Building a Swarm Topology – Manual Way @manager @node1 $docker swarm join –token-id <token> <manager node>:2377 $docker swarm join-token worker/manager @node2 @node3

16. Building Swarm Topology – Scripted Method(Docker Machine) @manager @node1,2

17. Building a Swarm Topology – Cloud Deployment manager

18. 18 Building Swarm Topology – Hybrid Cluster @manager @node1 @node2 @node3 http://collabnix.com/building-hybrid-docker-swarm-mode-cluster-on-google-cloud-platform/

19. Service Discovery

20. 20 Swarm is built on Services Service Specs - Image Name - # of replicas.. - Network .. Exposed ports.. - Environment Variables - Placements.. Service Orchestrator

21. 2121 What is Service? • A definition of tasks to be executed on the worker nodes • Central structure of swarm system • An Evolution of `docker run` command • It manages replicated set of containers • A task carries a Docker container + commands to run inside the container.

22. 2222 How Service Discovery works in Swarm Mode? Create a new overlay network Create a service and attach to this new network The swarm assign a VIP(Virtual IP Server) and DNS entry to each service The VIP(a private non- routable IP which uses IPVS LB) maps to a DNS alias based upon the service name. Containers share DNS mappings for the service via GOSSIP Any container on the network can access the service via its service name https://collabnix.com/how-service-discovery-works-under-docker-1-12/

23. 2323 Building Our First Swarm Service @manager @node1 @node2 @node3 network= collabnet $docker network create -d overlay mynetwork

24. 2424 Swarm Cluster Setup Master-1 Node-1 Node-3Node-2 ingress docker_gwbridge user_defined Networks - It is an overlay network on all exposed ports exist. - Follows a node port model(each service has the same port on every node in the cluster). - Numbered from 30000 through 32000. - Used for Routing Mesh(Port 4789 for Ingress) - The default gateway network - The only network with connectivity to the outside world.(Port 7946 for network discovery

25. 25 Creating a new overlay network $ docker network create --driver overlay collabnet Master-1 ingress docker_gwbridge Node-1 Node-3Node-2 collabnet Networks

26. 26 Creating a service “wordpressdb” $ docker service create --replicas 1 --name wordpressdb - -network collabnet -- env MYSQL_ROOT_PASSWORD=collab123 --env MYSQL_DATABASE=wordpress --name wordpressdb mysql:latest Master-1 Node-1 Node-3Node-2 collabnet wordpress db.1 VIP(10.0.0.2)

27. 27 Creating a service “wordpressapp” $ docker service create --env WORDPRESS_DB_HOST=wordpressdb --env WORDPRESS_DB_PASSWD=collab123 --replicas 5 --network collabnet -- name wordpressapp --publish 80:80/tcp wordpress:latest Master-1 Node-1 Node-3Node-2 collabnet wordpress db.1 VIP(10.0.0.2) wordpress app.1 wordpress app.5 wordpress app.4 wordpress app.2 wordpress app.3 VIP(10.0.0.4)

28. 28 Inspecting the services $ docker service inspect --format=='{{json .Endpoint.VirtualIPs}}' wordpressapp [{"NetworkID":"c4caizphmdpuhm1gjdle8eaal","Addr":"10.255.0.7/16"}, {"NetworkID":"9eyjm4uv4ynmz0aubfqxise29","Addr":"10.0.0.4/24"}] $ docker service inspect --format=='{{json .Endpoint.VirtualIPs}}' wordpressdb [{"NetworkID":"9eyjm4uv4ynmz0aubfqxise29","Addr":"10.0.0.2/24"}]

29. 29 Verifying Service Discovery Master-1 Node-1 Node-3Node-2 collabnet wordpress db.1 VIP(10.0.0.2) wordpress app.1 wordpress app.5 wordpress app.4 wordpress app.2 wordpress app.3 VIP(10.0.0.4)Wordpressapp Wordpressdb Services $ping <service> returns <VIP> Verifying Service Discovery

30. Master-1 Node-1 Node-3Node-2 collabnet wordpress db.1 VIP(10.0.0.2) wordpress app.1 wordpress app.5 wordpress app.4 wordpress app.2 wordpress app.3 VIP(10.0.0.4)Wordpressapp Wordpressdb collabnet1 Wordpressdb 1.1 Wordpressdb1 VIP(10.0.1.2) Services Network – A Scope of Service Discoverability

31. Load Balancing

32. 32 Load-Balancing Distributes requests among the healthy nodes. Decentralized, Highly Available – LB instance plumbed into every container instance Internal Load Balancer – Provided by Embedded DNS Can be used to discover both service & tasks VIP based services uses IPVS(IP Virtual Server) – Layer-4 LB Kernel module ( ip_vs) for LB

33. External LB/ HA-Proxy/NginX Host-port:{10.128.0.4:80} Host-port:{10.128.0.3:80} Service1 sandbox IPVS Service1 sandbox IPVS 10.0.0.5 10.0.0.6 10.0.0.7 10.0.0.8 Ingress Network Host:10.128.0.4 Host:10.128.0.3 Public 1 Client access using :80 Plumb the request to sandbox running on 10.128.0.3 2 3 Packets enters the mangle table, Pre-routing firewall mark of 0x101 => 257 Inside the sandbox, the re- routing chain gets created under NAT table. Then ipvsadm uses 257 firewall mark to round robin across the multiple nodes 4 6 5 SRC NAT under NAT table ensure that packet has to be come back to Ingress network so as to return in the original format How does LB work?

34. 34 Accessing the network sandbox How to find the sandboxID? Where’s sandbox located? Network namespace managed by overlay network driver(creating a bridge, terminating VXLAN tunnel etc.

35. 35 Inspecting the sandbox

36. 36 Routing Mesh Routing Mesh is NOT Load-Balancer Routing Mesh makes use of LB aspects It provides global publish port for a given service Built-in routing mesh for edge routing Worker nodes themselves participate in ingress routing mesh Port management at global Swarm Cluster level.

37. 37

38. Desired State Reconciliation

39. 3939 Building Our First Swarm Service @manager @node1 @node2 @node3 mynetwork $docker network create -d overlay mynetwork $docker service create --name mycloud --replicas 3 --network mynetwork --publish 80:80/tcp dockercloud/hello-world

40. 4040 Swarm Services – [ Desired State Actual State] @manager @node1 @node2 @node3 mynetwork $docker service scale mycloud=8

41. 4141 @manager @node1 @node2 @node3 mynetwork $docker service scale mycloud=8 Swarm Services – [Desired State Actual State]

42. 4242 @manager @node1 @node2 @node3 mynetwork Swarm Mode – Global Services $docker service create –mode=global –name mycloud dockercloud/hello-world

43. 4343 @manager @node1 @node2 mynetwork Swarm Mode – High Availability Scheduling Prioritizing spreading out the containers instead of equalizing the number of containers per node Service1 Service2 Service2 Service1 Service2

44. 4444 @manager @node1 @node2 @node3 mynetwork Swarm Mode – High Availability Scheduling Adding a new Node - @node3 Service1 Service2 Service2 Service1 Service2

45. 4545 @manager @node1 @node2 @node3 mynetwork Swarm Mode – High Availability Scheduling Prioritizing spreading out the containers instead of equalizing the number of containers per node Service1 Service2 Service2 Service1 Service2 Service3 Service3 Service3

46. 4646 @manager @node1 @node2 @node3 mynetwork Swarm Mode – High Availability Scheduling Prioritizing spreading out the containers instead of equalizing the number of containers per node Service1 Service2 Service2 Service1 Service2 Service3 Service3 Service3

47. 47 Swarm Mode – Topology Aware Scheduling Availability Zone=east Availability Zone=west Node-1 Node-2 Node-3 Node-4 Node-1 Node-2 Node-3 Node-4 $docker node update --label-add datacenter=east node-1

48. 48 Topology Aware Scheduling – How to use it? Availability Zone=east Availability Zone=west Node-1 Node-2 Node-3 Node-4 Node-1 Node-2 Node-3 Node-4 $docker service create --replicas 2 --name wordpressdb1 --network collabnet --placement-pref “spread=node.labels.datacenter” --env MYSQL_ROOT_PASSWORD=collab123 --env MYSQL_DATABASE=wordpress mysql:latest

49. 4949 @manager @node1 @node2 @node3 mynetwork Swarm Mode – Placement Constraints $docker service create --network collabnet --endpoint-mode dnsrr --constraint ‘node.platform.os == windows’ --env ACCEPT_EULA=Y --env-file db-credentials.env --name db microsoft/mssql-server-windows

50. 50 It’s Demo Time

51. 51 Demo

52. 52 Thank You

Deep Dive into Docker Swarm Mode

You are reading a preview.

Check these out next

Deep Dive into Docker Swarm Mode

More Related Content

Slideshows for you (20)

Viewers also liked (20)

Similar to Deep Dive into Docker Swarm Mode (20)

More from Ajeet Singh Raina (20)

Recently uploaded (20)

Deep Dive into Docker Swarm Mode