SlideShare a Scribd company logo
Docker Training 02
liangbo@trystack.cn
Docker Introduction & WORKSHOP
COURSE INTRODUCTION
DAY 01
• Docker Introduction
• Installation of Docker
• Working with Containers
• Working with Images
• Building image with
Dockerfiles
• OpenStack Integration
• OpenStack Introduction
• Nova Driver (Docker as
Compute Service)
• Glance as Docker image
registry
DAY 02
• DockerCluster
• Kubernetes Introduction
• DockerNetworking
• DockerHub
• DockerCases
• DockerSource Code
• Development Platform
With Docker
• Hadoopon Docker
Docker Cluster
Docker Basic
Now that we have containers
• Isolation: Keep jobs from interfering with each other
• Scheduling: Where should my job be run?
• Lifecycle: Keep my job running
• Discovery: Where is my job now?
• Constituency: Who is part of my job?
• Scale-up: Making my jobs bigger or smaller
• Auth{n,z}: Who can do things to my job?
• Monitoring: What happening with my job?
• Health: How is my job feeling?
Proposed implementation strategy
Cluster
• Management Layer
• Zookeeper
• etcd
• Storage
• Btrfs
• Ceph
• ZFS
• Networking
• Open vSwitch
• Live Migration
Kubernetes
Manage a cluster of Linux containers as a single
system to accelerate Dev and simplify Ops
What is Kubernetes
Kubernetes is anopen source orchestration
system for Docker containers.It handles
scheduling onto nodes in a compute cluster
and actively manages workloadsto ensure
that their state matches the users declared
intentions. Using the concepts of "labels"
and "pods", it groups the containerswhich
make up an application into logical units for
easy managementand discovery.
Enter Kubernetes
• Container orchestrator
• Runs Docker containers
• Supports multiple cloud and bare-metal environments
• Inspired and informed by Google’sexperiences and internal systems
• Open Source, written in Go
• Manage applications, not machines.
Kubernetes Origins
• Runs hundreds of thousands of jobs
• For manythousands of different applications
(YouTube, SearchIndex, Maps, etc.)…
• Acrossa number of clusters (hundreds)
• Borg managesmany millions of physical
servers.
• In production since 2004
Kubernetes Design principles
• Declarative > imperative: State your desired results, let the system actuate
• Control loops: Observe, rectify, repeat
• Simple > Complex: Tryto do as little as possible.
• Modularity: Components, interfaces, & plugins.
• Network-centric: IP addresses are cheap
• No grouping: Label are the onlygroups.
• Bulk > hand-crafted: cattle vs pets
• Open > Closed: Open Source, Standards, REST, JSON, etc.
Concept
• Container: A sealed application package(Docker)
• Pod: A small group of tightly couple Containers
• Controller: A loop that drives currentstate towards desired state.
• Service: A set of running pods that work together.
• Labels: Identifying metadata attachedto other objects.
• Selector: A query against labels.
Pod
• Small group of containers& volumes Tightly
coupled
• same node
The atom of cluster scheduling &
• placement
Shared namespace
• share IP address & localhost Ephemeral
• can die and be replaced
Example: data puller & web server
Pod Networking
• Pod IPs are routable
• Docker default is private IP
• Pods canreach eachother without NAT
• even acrossnodes
• No brokering of port numbers
• This is a fundamental requirement
• several SDNsolutions
Pod Networking
• Arbitrary metadata
• Attached to any API object
• Generally represent identity
• Queryable by selectors
• think SQL ‘select ... where ...’
• The only grouping mechanism
• pods under a ReplicationController
• pods in a Service
• capabilities of a node (constraints)
• Example: “phase: canary”
Replication Controllers
f0180
node1
b3112
node2
c1209
node3
a65321
node4
Replication Controller
- Desired= 4
- Current = 4
Replication Controllers
f0180
node1
b3112
node2
c1209
node3
a65321
node4
Replication Controller
- Desired= 4
- Current = 4
Replication Controllers
f0180
node1
b3112
node2
a65321
node4
Replication Controller
- Desired= 4
- Current = 3
Replication Controllers
f0180
node1
b3112
node2
a65321
node4
Replication Controller
- Desired= 4
- Current = 4
c1209
Services
• A group of pods that act as one == Service
• group ==selector
• Defines access policy
• only“load balanced” for now
• Gets a stable virtual IP and port
• called the service portal
• also a DNS name
• VIP is captured by kube-proxy
• watches the service constituency
• updates when backendschange
• Hide complexity - ideal fornon-nativeapps
How to deploy
• Prerequisites
• The minion nodes have installeddocker 1.2+
• Allmachines can communicate with each other
• Dependences: etcd-2.0.0, flannel-0.4.0, k8s-0.15.0
• Allthe remote serverscan be ssh loggedin
Main Steps
• Make kubernetes, etcd and flanneld
• First clone the kubernetes github repo,
• $ git clone https://github.com/GoogleCloudPlatform/kubernetes.gitthen
$ cd kubernetes/cluster/ubuntu.
• Then run$ ./build.sh, this will download all the needed binaries into ./binaries.
Configure Cluster
• export nodes="vcap@10.10.103.250 vcap@10.10.103.162 vcap@10.10.103.223"
• export roles=("ai" "i" "i")
• export NUM_MINIONS=${NUM_MINIONS:-3}
• export PORTAL_NET=11.1.1.0/24
• export FLANNEL_NET=172.16.0.0/16
• KUBERNETES_PROVIDER=ubuntu./kube-up.sh
Trouble shooting
• Generally, what this approach did is quite simple:
• Download and copy binaries and configurationfiles to proper dirctories on every node
• Configure etcd using IPs based on input from user
• Create and start flannel network
• So, if you see a problem, check etcd configurationfirst
Docker Networking
Key Takeaways
• Docker networking is in earlystage
• Application must choosewhat networking is right for their needs. It is possible to use
same principles as VMs
• Open vSwitch brings powerful networking capabilities
• User spacevs Kernel spacepacket processingis an importantdesign choice
High-level concepts
Namespace Containerized0networking0at0the0process0level0managed0at0/proc
Linux0Bridge L2/MAC0learning0switch0built0into0the0Kernel0to0use0for0forwarding
OpenvSwitch Advanced0bridge0that0is0programmable and0supports0 tunneling
NAT Network0address0translators are0intermediate0entities0that0
translate0IP0address0+0Ports0(Types:0SNAT,0DNAT)
iptables Policy0engine0in0kernel0that0is0used0for0managing0packet0
forwarding,0 firewall,0NAT0features
Unix domain0
sockets
File0descriptor0based0communication0that0is0restricted0to0a0single0
host.0Works0like0a0FIFO0pipe.
UserRspace vs0
KernelRspace
Application0domain0that0regulates0access0to0resources0and0
performance0possible.0
• Container0applications0run0in0userRspace
• Typically0network0forwarding0runs0in0kernel0space
Docker Networking Options
• Bridge – docker0
• Open vSwitch
• Port Mapping
• Unix sockets/ pipe
Many ways
Host
Container
C
Container D Container E Container FContainer A Container B
Direct
Host
network
Unix-domain
sockets and
other IPC
Docker0
Linux bridge
Docker proxy
(usingiptables)
Open vSwitch
Port
mapping
Option: Docker0 bridge
• Default network automaticallycreated when no
additional options“-net” or “-P” are specified
• Each container is addressed by a static IP
address assigned by Docker
• Similar to what we have as default with KVM or
VirtualBox
• Host can reach container with IP on the bridge
• But, outside traffic cannot reach the container
Nginx1
172.17.0.18
C1
172.17.0.19
C2
172.17.0.20
172.17.42.1
Docker0 bridge
eth0 eth0 eth0
veth002aa7a veth6df8377 veth7b0e4c6
eth0192.168.50.16
Docker0 bridge
CheckLinux bridge ports and NAT rules underthe hood
# iptables –L+–t+nat -n
...
Chain'POSTROUTING'(policy'ACCEPT)
target'''''prot opt'source'''''''''''''''destination
MASQUERADE''all''DD 172.17.0.0/16''''''''anywhere
# sudo brctl show
bridge'name'''''bridge'id'''''''''''STP'enabled'''''interfaces
docker0'''''''''8000.56847afe9799'''no''''''''''''''veth002aa7a
veth6df8377
veth7b0e4c6
# docker inspect+--format='{{.NetworkSettings}}'+nginx1+
(See'for'yourself)
Port mapping
• Provide access to the container from outside by
allocating a DNAT port in the range 49153-65535
• Still uses Linux bridge docker0, but
addsiptablesrules for the DNAT
• In our example,nginx2container is reachable by
accessing 192.168.50.16:49155
# docker+run+-P+-d+-i+--name=nginx2+-t+nginx
# iptables+–L+–t+nat+-n
...
Chain'DOCKER'(2'references)
target'prot'opt'source'''''destination
DNAT'''tcp''DD anywhere'''anywhere'''tcp'dpt:49155'to:172.17.0.19:80
DNAT'''tcp''DD anywhere'''anywhere'''tcp'dpt:49156'to:172.17.0.19:443
...
Host
nginx2 c1
172.17.42.1
Docker00bridge
eth0 eth0
veth79ed06d veth6df8377
eth0192.168.50.16
Port mapping
For0the0new0nginx20container,0we0show0network0
settings0below
# docker inspect+nginx2
"NetworkSettings":'{
"Bridge":'"docker0",
"Gateway":'"172.17.42.1",
"IPAddress":'"172.17.0.19",
"IPPrefixLen":'16,
"MacAddress":'"02:42:ac:11:00:0f",
"PortMapping":'null,
"Ports":'{
"443/tcp":'[
{
"HostIp":'"0.0.0.0",
"HostPort":'"49157"
}],
"80/tcp":'[
{
"HostIp":'"0.0.0.0",
"HostPort":'"49158"
}]
}}
Advanced:
• It is possible to restrict the port
mapping to listen on specific host IPaddress
and/or a specific host port number
• Use -p option as follows
#+docker run+
–p+host_IP:host_port:container_port
–d+–i –t+nginx
Host
Give fullaccess of thehost network tothecontainer using--
net=host option
# docker run--net=host
--name=c3 -i –d –tbase /bin/bash
Check network withincontainerusingifconfigcommand
throughexec
# docker exec c3 ifconfigeth0
eth0 Link encap:Ethernet
HWaddr 52:54:00:0d:3c:9f
inet addr:192.168.50.16
Bcast:192.168.50.255
Host can talk tocontainer usinglo (localhost)interface
Containerscan listen onprivileged ports(i.e., port numbers <
1024) of host
Give fullaccess to network of a containerXX to the new
containerYY using--net=container:XX option
# docker run--net=container:nginx1
--name=c4 -i –d –tbase /bin/bash
Check network withincontainerusingifconfigcommand
throughexec
# docker exec c4 ifconfigeth0
eth0 Link encap:Ethernet
HWaddr 02:42:ac:11:00:12
inet addr:172.17.0.18
Bcast:0.0.0.0
ContainerXX can talk to containerYY usinglo (localhost)
interface
Container
Option: Open vSwitch
• Similar to Linux bridge, but different technology
• Today, this is not the default with Docker
• Allowsprogramming with OVSDB and OpenFlow protocols
• Why? OpenvSwitch has many useful features!
• VxLAN,GRE, VLAN based encapsulation and L2 forwarding
• Encapsulation allowscontainers to pick any MAC/IP they want
• Also possible to do L3routing, ARP proxy etc, load-balancing
• Access control, traffic rate limiting and prioritization
• 10G/s or more packetprocessing throughput possible
• 1) kernel, or 2) userspace, with optionally DPDK acceleration
Open vSwitch
A softwarevirtual switch
• Overlay Network
• VxLan, GRE
• Openflow
Dockerfile
What is dockerfile
• A definition of image
• FROM – base imagefrom
• RUN – initializesomething
• CMD – run after container created
• EXPOSE – port
• MAINTAINER – notification email send to
• ADD– pass start.sh into container
• VOLUME – path mapping
• WORKDIR
#example'dockerfile D redis
FROM ubuntu
MAINTAINER ruifengyun "ruifengyun@qq.com"
ADD ./start.sh /root/start.sh
RUN aptDget update
RUN aptDget install Dy redisDserver
RUN aptDget install Dy opensshDserver
#CMD redisD
server /etc/redis/redis.conf && /usr/sbin/sshd
DD
CMD ["redisDserver","/etc/redis/redis.conf"]
EXPOSE 6379
EXPOSE 22
# docker build Dt'trystack/redis
Demo page1
FROM ubuntu:14.04
MAINTAINER yourname@youraddress.com
# Keep upstart from complaining
RUN dpkgDdivert DDlocal DDrename DDadd /sbin/initctl
RUN ln Dsf /bin/true /sbin/initctl
# Let the conatiner know that there is no tty
ENV DEBIAN_FRONTEND noninteractive
RUN aptDget update
RUN aptDget Dy upgrade
# Basic Requirements
RUN aptDget Dy install mysqlDserver mysqlDclient nginx php5Dfpm php5Dmysql phpDapc pwgen pythonD
setuptools curl git unzip
# Wordpress Requirements
RUN aptDget Dy install php5Dcurl php5Dgd php5Dintl phpDpear php5Dimagick php5Dimap php5Dmcrypt php5D
memcache php5Dming php5Dps php5Dpspell php5Drecode php5Dsqlite php5Dtidy php5Dxmlrpc php5Dxsl
# mysql config
RUN sed Di De"s/^bindDaddresss*=s*127.0.0.1/bindDaddress = 0.0.0.0/" /etc/mysql/my.cnf
Demo page2
# nginx config
RUN sed Di De"s/keepalive_timeouts*65/keepalive_timeout 2/" /etc/nginx/nginx.conf
RUN sed Di D
e"s/keepalive_timeout 2/keepalive_timeout 2;ntclient_max_body_size 100m/" /etc/nginx/nginx.conf
RUN echo "daemon off;" >> /etc/nginx/nginx.conf
# phpDfpm config
RUN sed Di De "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g" /etc/php5/fpm/php.ini
RUN sed Di De "s/upload_max_filesizes*=s*2M/upload_max_filesize = 100M/g" /etc/php5/fpm/php.ini
RUN sed Di De "s/post_max_sizes*=s*8M/post_max_size = 100M/g" /etc/php5/fpm/php.ini
RUN sed Di De "s/;daemonizes*=s*yes/daemonize = no/g" /etc/php5/fpm/phpDfpm.conf
RUN sed Di D
e "s/;catch_workers_outputs*=s*yes/catch_workers_output = yes/g" /etc/php5/fpm/pool.d/www.conf
RUN find /etc/php5/cli/conf.d/ Dname "*.ini" Dexec sed Di Dre 's/^(s*)#(.*)/1;2/g' {} ;
# nginx site conf
ADD ./nginxDsite.conf /etc/nginx/sitesDavailable/default
# Supervisor Config
RUN /usr/bin/easy_install supervisor
RUN /usr/bin/easy_install supervisorDstdout
ADD ./supervisord.conf /etc/supervisord.conf
Demo page3
# Install Wordpress
ADD http://wordpress.org/latest.tar.gz /usr/share/nginx/latest.tar.gz
RUN cd /usr/share/nginx/ && tar xvf latest.tar.gz && rm latest.tar.gz
RUN mv /usr/share/nginx/html/5* /usr/share/nginx/wordpress
RUN rm Drf /usr/share/nginx/www
RUN mv /usr/share/nginx/wordpress /usr/share/nginx/www
RUN chown DR wwwDdata:wwwDdata /usr/share/nginx/www
# Wordpress Initialization and Startup Script
ADD ./start.sh /start.sh
RUN chmod 755 /start.sh
# private expose
EXPOSE 3306
EXPOSE 80
CMD ["/bin/bash", "/start.sh"]
Docker Registry
Step 1 – Install Prerequisites
• Docker registry is a python application
• Need some python libs
$ sudo apt-get update
$ sudo apt-get -y install build-essential python-dev libevent-dev python-pip liblzma-dev
Step 2 – Install and Configure Docker Registry
sudo pip install docker-registry
gunicorn --access-logfile - --debug -k gevent -b 0.0.0.0:5000 -w 1 docker_registry.wsgi:application
cd /usr/local/lib/python2.7/dist-packages/docker_registry/lib/../../config/
sudo cp config_sample.yml config.yml
sudo mkdir /var/docker-registry
Questions?
Useful Links:
http://blog.sequenceiq.com/blog/2014/06/17/ambari-cluster-on-docker/
http://blog.sequenceiq.com/blog/2014/06/19/multinode-hadoop-cluster-on-docker/

More Related Content

What's hot

Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
Thomas Tong, FRM, PMP
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics
Ganesh Samarthyam
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9
Jérôme Petazzoni
 
Architecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based Deployments
Ben Hall
 
Introduction to Docker
Introduction  to DockerIntroduction  to Docker
Introduction to Docker
Jian Wu
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12X
Jérôme Petazzoni
 
Introduction To Docker
Introduction To DockerIntroduction To Docker
Introduction To Docker
Hamilton Turner
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
dotCloud
 
Basic docker for developer
Basic docker for developerBasic docker for developer
Basic docker for developer
Weerayut Hongsa
 
Docker - introduction
Docker - introductionDocker - introduction
Docker - introduction
Michał Kurzeja
 
Nebulaworks Docker Overview 09-22-2015
Nebulaworks Docker Overview 09-22-2015Nebulaworks Docker Overview 09-22-2015
Nebulaworks Docker Overview 09-22-2015
Chris Ciborowski
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
Jérôme Petazzoni
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
Hao Fan
 
Docker
DockerDocker
Intro Docker october 2013
Intro Docker october 2013Intro Docker october 2013
Intro Docker october 2013
dotCloud
 
Demystifying kubernetes
Demystifying kubernetesDemystifying kubernetes
Demystifying kubernetes
Works Applications
 
Docker worshop @Twitter - How to use your own private registry
Docker worshop @Twitter - How to use your own private registryDocker worshop @Twitter - How to use your own private registry
Docker worshop @Twitter - How to use your own private registry
dotCloud
 
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
dotCloud
 
Why Docker? Dayton PHP, April 2017
Why Docker? Dayton PHP, April 2017Why Docker? Dayton PHP, April 2017
Why Docker? Dayton PHP, April 2017
Chris Tankersley
 
Networking in Kubernetes
Networking in KubernetesNetworking in Kubernetes
Networking in Kubernetes
Minhan Xia
 

What's hot (20)

Learning Docker with Thomas
Learning Docker with ThomasLearning Docker with Thomas
Learning Docker with Thomas
 
Docker by Example - Basics
Docker by Example - Basics Docker by Example - Basics
Docker by Example - Basics
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9
 
Architecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based DeploymentsArchitecting .NET Applications for Docker and Container Based Deployments
Architecting .NET Applications for Docker and Container Based Deployments
 
Introduction to Docker
Introduction  to DockerIntroduction  to Docker
Introduction to Docker
 
Docker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12XDocker and Containers for Development and Deployment — SCALE12X
Docker and Containers for Development and Deployment — SCALE12X
 
Introduction To Docker
Introduction To DockerIntroduction To Docker
Introduction To Docker
 
Docker introduction
Docker introductionDocker introduction
Docker introduction
 
Basic docker for developer
Basic docker for developerBasic docker for developer
Basic docker for developer
 
Docker - introduction
Docker - introductionDocker - introduction
Docker - introduction
 
Nebulaworks Docker Overview 09-22-2015
Nebulaworks Docker Overview 09-22-2015Nebulaworks Docker Overview 09-22-2015
Nebulaworks Docker Overview 09-22-2015
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 
Docker
DockerDocker
Docker
 
Intro Docker october 2013
Intro Docker october 2013Intro Docker october 2013
Intro Docker october 2013
 
Demystifying kubernetes
Demystifying kubernetesDemystifying kubernetes
Demystifying kubernetes
 
Docker worshop @Twitter - How to use your own private registry
Docker worshop @Twitter - How to use your own private registryDocker worshop @Twitter - How to use your own private registry
Docker worshop @Twitter - How to use your own private registry
 
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
Deploying containers and managing them on multiple Docker hosts, Docker Meetu...
 
Why Docker? Dayton PHP, April 2017
Why Docker? Dayton PHP, April 2017Why Docker? Dayton PHP, April 2017
Why Docker? Dayton PHP, April 2017
 
Networking in Kubernetes
Networking in KubernetesNetworking in Kubernetes
Networking in Kubernetes
 

Similar to 99cloud Docker Training module 2

Kubernetes Networking 101 kubecon EU 2022
Kubernetes Networking 101 kubecon EU 2022Kubernetes Networking 101 kubecon EU 2022
Kubernetes Networking 101 kubecon EU 2022
ssuser1490e8
 
Docker, Atomic Host and Kubernetes.
Docker, Atomic Host and Kubernetes.Docker, Atomic Host and Kubernetes.
Docker, Atomic Host and Kubernetes.
Jooho Lee
 
DevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container EngineDevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container Engine
Kit Merker
 
Container Orchestration Integration: OpenStack Kuryr & Apache Mesos
Container Orchestration Integration: OpenStack Kuryr & Apache MesosContainer Orchestration Integration: OpenStack Kuryr & Apache Mesos
Container Orchestration Integration: OpenStack Kuryr & Apache Mesos
MidoNet
 
Container Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack KuryrContainer Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack Kuryr
Taku Fukushima
 
KuberNETes - meetup
KuberNETes - meetupKuberNETes - meetup
KuberNETes - meetup
Nathan Ness
 
Writing the Container Network Interface(CNI) plugin in golang
Writing the Container Network Interface(CNI) plugin in golangWriting the Container Network Interface(CNI) plugin in golang
Writing the Container Network Interface(CNI) plugin in golang
HungWei Chiu
 
Containers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to KubernetesContainers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to Kubernetes
Shreyas MM
 
Orchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failuresOrchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failures
Docker, Inc.
 
Kubernetes networks
Kubernetes networksKubernetes networks
Kubernetes networks
Che-Chia Chang
 
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
Guillaume Morini
 
Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Open stackaustinmeetupsept21
Open stackaustinmeetupsept21
Brent Doncaster
 
Adf with docker
Adf with dockerAdf with docker
Adf with docker
Eugene Fedorenko
 
Dockercon 2015 Recap
Dockercon 2015 RecapDockercon 2015 Recap
Dockercon 2015 Recap
ehazlett
 
Magnum Networking Update
Magnum Networking UpdateMagnum Networking Update
Magnum Networking Update
Daneyon Hansen
 
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCSOracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Frank Munz
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
PLUMgrid
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetes
inwin stack
 
Containers 101
Containers 101Containers 101
Containers 101
Black Duck by Synopsys
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
w_akram
 

Similar to 99cloud Docker Training module 2 (20)

Kubernetes Networking 101 kubecon EU 2022
Kubernetes Networking 101 kubecon EU 2022Kubernetes Networking 101 kubecon EU 2022
Kubernetes Networking 101 kubecon EU 2022
 
Docker, Atomic Host and Kubernetes.
Docker, Atomic Host and Kubernetes.Docker, Atomic Host and Kubernetes.
Docker, Atomic Host and Kubernetes.
 
DevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container EngineDevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container Engine
 
Container Orchestration Integration: OpenStack Kuryr & Apache Mesos
Container Orchestration Integration: OpenStack Kuryr & Apache MesosContainer Orchestration Integration: OpenStack Kuryr & Apache Mesos
Container Orchestration Integration: OpenStack Kuryr & Apache Mesos
 
Container Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack KuryrContainer Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack Kuryr
 
KuberNETes - meetup
KuberNETes - meetupKuberNETes - meetup
KuberNETes - meetup
 
Writing the Container Network Interface(CNI) plugin in golang
Writing the Container Network Interface(CNI) plugin in golangWriting the Container Network Interface(CNI) plugin in golang
Writing the Container Network Interface(CNI) plugin in golang
 
Containers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to KubernetesContainers and Cloud: From LXC to Docker to Kubernetes
Containers and Cloud: From LXC to Docker to Kubernetes
 
Orchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failuresOrchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failures
 
Kubernetes networks
Kubernetes networksKubernetes networks
Kubernetes networks
 
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
 
Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Open stackaustinmeetupsept21
Open stackaustinmeetupsept21
 
Adf with docker
Adf with dockerAdf with docker
Adf with docker
 
Dockercon 2015 Recap
Dockercon 2015 RecapDockercon 2015 Recap
Dockercon 2015 Recap
 
Magnum Networking Update
Magnum Networking UpdateMagnum Networking Update
Magnum Networking Update
 
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCSOracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
Oracle CODE 2017 San Francisco: Docker on Raspi Swarm to OCCS
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 
Network plugins for kubernetes
Network plugins for kubernetesNetwork plugins for kubernetes
Network plugins for kubernetes
 
Containers 101
Containers 101Containers 101
Containers 101
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 

More from Liang Bo

99cloud training material
99cloud training material99cloud training material
99cloud training material
Liang Bo
 
Your first c# app on OpenStack
Your first c# app on OpenStackYour first c# app on OpenStack
Your first c# app on OpenStack
Liang Bo
 
99cloud openstack ci
99cloud openstack ci99cloud openstack ci
99cloud openstack ci
Liang Bo
 
OpenStack Neutron Introduction
OpenStack Neutron IntroductionOpenStack Neutron Introduction
OpenStack Neutron Introduction
Liang Bo
 
how to use openstack api
how to use openstack apihow to use openstack api
how to use openstack api
Liang Bo
 
Docker with openstack
Docker with openstackDocker with openstack
Docker with openstack
Liang Bo
 

More from Liang Bo (6)

99cloud training material
99cloud training material99cloud training material
99cloud training material
 
Your first c# app on OpenStack
Your first c# app on OpenStackYour first c# app on OpenStack
Your first c# app on OpenStack
 
99cloud openstack ci
99cloud openstack ci99cloud openstack ci
99cloud openstack ci
 
OpenStack Neutron Introduction
OpenStack Neutron IntroductionOpenStack Neutron Introduction
OpenStack Neutron Introduction
 
how to use openstack api
how to use openstack apihow to use openstack api
how to use openstack api
 
Docker with openstack
Docker with openstackDocker with openstack
Docker with openstack
 

Recently uploaded

8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
kalichargn70th171
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
Rakesh Kumar R
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
UI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design SystemUI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design System
Peter Muessig
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
Green Software Development
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
Top 9 Trends in Cybersecurity for 2024.pptx
Top 9 Trends in Cybersecurity for 2024.pptxTop 9 Trends in Cybersecurity for 2024.pptx
Top 9 Trends in Cybersecurity for 2024.pptx
devvsandy
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
mz5nrf0n
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
Ayan Halder
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
VALiNTRY360
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User ValidationCode KataHand Rolled Applicative User ValidationCode Kata
Hand Rolled Applicative User Validation Code Kata
Philip Schwarz
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
dakas1
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Envertis Software Solutions
 
SQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure MalaysiaSQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure Malaysia
GohKiangHock
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
YousufSait3
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
Rakesh Kumar R
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
Marcin Chrost
 

Recently uploaded (20)

8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf8 Best Automated Android App Testing Tool and Framework in 2024.pdf
8 Best Automated Android App Testing Tool and Framework in 2024.pdf
 
Fundamentals of Programming and Language Processors
Fundamentals of Programming and Language ProcessorsFundamentals of Programming and Language Processors
Fundamentals of Programming and Language Processors
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
UI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design SystemUI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design System
 
Energy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina JonuziEnergy consumption of Database Management - Florina Jonuzi
Energy consumption of Database Management - Florina Jonuzi
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
Top 9 Trends in Cybersecurity for 2024.pptx
Top 9 Trends in Cybersecurity for 2024.pptxTop 9 Trends in Cybersecurity for 2024.pptx
Top 9 Trends in Cybersecurity for 2024.pptx
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
原版定制美国纽约州立大学奥尔巴尼分校毕业证学位证书原版一模一样
 
Using Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional SafetyUsing Xen Hypervisor for Functional Safety
Using Xen Hypervisor for Functional Safety
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
 
Hand Rolled Applicative User Validation Code Kata
Hand Rolled Applicative User ValidationCode KataHand Rolled Applicative User ValidationCode Kata
Hand Rolled Applicative User Validation Code Kata
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
 
SQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure MalaysiaSQL Accounting Software Brochure Malaysia
SQL Accounting Software Brochure Malaysia
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
zOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL DifferenceszOS Mainframe JES2-JES3 JCL-JECL Differences
zOS Mainframe JES2-JES3 JCL-JECL Differences
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
 

99cloud Docker Training module 2

  • 2. COURSE INTRODUCTION DAY 01 • Docker Introduction • Installation of Docker • Working with Containers • Working with Images • Building image with Dockerfiles • OpenStack Integration • OpenStack Introduction • Nova Driver (Docker as Compute Service) • Glance as Docker image registry DAY 02 • DockerCluster • Kubernetes Introduction • DockerNetworking • DockerHub • DockerCases • DockerSource Code • Development Platform With Docker • Hadoopon Docker
  • 5. Now that we have containers • Isolation: Keep jobs from interfering with each other • Scheduling: Where should my job be run? • Lifecycle: Keep my job running • Discovery: Where is my job now? • Constituency: Who is part of my job? • Scale-up: Making my jobs bigger or smaller • Auth{n,z}: Who can do things to my job? • Monitoring: What happening with my job? • Health: How is my job feeling?
  • 7. Cluster • Management Layer • Zookeeper • etcd • Storage • Btrfs • Ceph • ZFS • Networking • Open vSwitch • Live Migration
  • 9. Manage a cluster of Linux containers as a single system to accelerate Dev and simplify Ops
  • 10. What is Kubernetes Kubernetes is anopen source orchestration system for Docker containers.It handles scheduling onto nodes in a compute cluster and actively manages workloadsto ensure that their state matches the users declared intentions. Using the concepts of "labels" and "pods", it groups the containerswhich make up an application into logical units for easy managementand discovery.
  • 11. Enter Kubernetes • Container orchestrator • Runs Docker containers • Supports multiple cloud and bare-metal environments • Inspired and informed by Google’sexperiences and internal systems • Open Source, written in Go • Manage applications, not machines.
  • 12. Kubernetes Origins • Runs hundreds of thousands of jobs • For manythousands of different applications (YouTube, SearchIndex, Maps, etc.)… • Acrossa number of clusters (hundreds) • Borg managesmany millions of physical servers. • In production since 2004
  • 13. Kubernetes Design principles • Declarative > imperative: State your desired results, let the system actuate • Control loops: Observe, rectify, repeat • Simple > Complex: Tryto do as little as possible. • Modularity: Components, interfaces, & plugins. • Network-centric: IP addresses are cheap • No grouping: Label are the onlygroups. • Bulk > hand-crafted: cattle vs pets • Open > Closed: Open Source, Standards, REST, JSON, etc.
  • 14. Concept • Container: A sealed application package(Docker) • Pod: A small group of tightly couple Containers • Controller: A loop that drives currentstate towards desired state. • Service: A set of running pods that work together. • Labels: Identifying metadata attachedto other objects. • Selector: A query against labels.
  • 15.
  • 16. Pod • Small group of containers& volumes Tightly coupled • same node The atom of cluster scheduling & • placement Shared namespace • share IP address & localhost Ephemeral • can die and be replaced Example: data puller & web server
  • 17. Pod Networking • Pod IPs are routable • Docker default is private IP • Pods canreach eachother without NAT • even acrossnodes • No brokering of port numbers • This is a fundamental requirement • several SDNsolutions
  • 18. Pod Networking • Arbitrary metadata • Attached to any API object • Generally represent identity • Queryable by selectors • think SQL ‘select ... where ...’ • The only grouping mechanism • pods under a ReplicationController • pods in a Service • capabilities of a node (constraints) • Example: “phase: canary”
  • 23. Services • A group of pods that act as one == Service • group ==selector • Defines access policy • only“load balanced” for now • Gets a stable virtual IP and port • called the service portal • also a DNS name • VIP is captured by kube-proxy • watches the service constituency • updates when backendschange • Hide complexity - ideal fornon-nativeapps
  • 24.
  • 25. How to deploy • Prerequisites • The minion nodes have installeddocker 1.2+ • Allmachines can communicate with each other • Dependences: etcd-2.0.0, flannel-0.4.0, k8s-0.15.0 • Allthe remote serverscan be ssh loggedin
  • 26. Main Steps • Make kubernetes, etcd and flanneld • First clone the kubernetes github repo, • $ git clone https://github.com/GoogleCloudPlatform/kubernetes.gitthen $ cd kubernetes/cluster/ubuntu. • Then run$ ./build.sh, this will download all the needed binaries into ./binaries.
  • 27. Configure Cluster • export nodes="vcap@10.10.103.250 vcap@10.10.103.162 vcap@10.10.103.223" • export roles=("ai" "i" "i") • export NUM_MINIONS=${NUM_MINIONS:-3} • export PORTAL_NET=11.1.1.0/24 • export FLANNEL_NET=172.16.0.0/16 • KUBERNETES_PROVIDER=ubuntu./kube-up.sh
  • 28. Trouble shooting • Generally, what this approach did is quite simple: • Download and copy binaries and configurationfiles to proper dirctories on every node • Configure etcd using IPs based on input from user • Create and start flannel network • So, if you see a problem, check etcd configurationfirst
  • 30. Key Takeaways • Docker networking is in earlystage • Application must choosewhat networking is right for their needs. It is possible to use same principles as VMs • Open vSwitch brings powerful networking capabilities • User spacevs Kernel spacepacket processingis an importantdesign choice
  • 31. High-level concepts Namespace Containerized0networking0at0the0process0level0managed0at0/proc Linux0Bridge L2/MAC0learning0switch0built0into0the0Kernel0to0use0for0forwarding OpenvSwitch Advanced0bridge0that0is0programmable and0supports0 tunneling NAT Network0address0translators are0intermediate0entities0that0 translate0IP0address0+0Ports0(Types:0SNAT,0DNAT) iptables Policy0engine0in0kernel0that0is0used0for0managing0packet0 forwarding,0 firewall,0NAT0features Unix domain0 sockets File0descriptor0based0communication0that0is0restricted0to0a0single0 host.0Works0like0a0FIFO0pipe. UserRspace vs0 KernelRspace Application0domain0that0regulates0access0to0resources0and0 performance0possible.0 • Container0applications0run0in0userRspace • Typically0network0forwarding0runs0in0kernel0space
  • 32. Docker Networking Options • Bridge – docker0 • Open vSwitch • Port Mapping • Unix sockets/ pipe
  • 33. Many ways Host Container C Container D Container E Container FContainer A Container B Direct Host network Unix-domain sockets and other IPC Docker0 Linux bridge Docker proxy (usingiptables) Open vSwitch Port mapping
  • 34. Option: Docker0 bridge • Default network automaticallycreated when no additional options“-net” or “-P” are specified • Each container is addressed by a static IP address assigned by Docker • Similar to what we have as default with KVM or VirtualBox • Host can reach container with IP on the bridge • But, outside traffic cannot reach the container Nginx1 172.17.0.18 C1 172.17.0.19 C2 172.17.0.20 172.17.42.1 Docker0 bridge eth0 eth0 eth0 veth002aa7a veth6df8377 veth7b0e4c6 eth0192.168.50.16
  • 35. Docker0 bridge CheckLinux bridge ports and NAT rules underthe hood # iptables –L+–t+nat -n ... Chain'POSTROUTING'(policy'ACCEPT) target'''''prot opt'source'''''''''''''''destination MASQUERADE''all''DD 172.17.0.0/16''''''''anywhere # sudo brctl show bridge'name'''''bridge'id'''''''''''STP'enabled'''''interfaces docker0'''''''''8000.56847afe9799'''no''''''''''''''veth002aa7a veth6df8377 veth7b0e4c6 # docker inspect+--format='{{.NetworkSettings}}'+nginx1+ (See'for'yourself)
  • 36. Port mapping • Provide access to the container from outside by allocating a DNAT port in the range 49153-65535 • Still uses Linux bridge docker0, but addsiptablesrules for the DNAT • In our example,nginx2container is reachable by accessing 192.168.50.16:49155 # docker+run+-P+-d+-i+--name=nginx2+-t+nginx # iptables+–L+–t+nat+-n ... Chain'DOCKER'(2'references) target'prot'opt'source'''''destination DNAT'''tcp''DD anywhere'''anywhere'''tcp'dpt:49155'to:172.17.0.19:80 DNAT'''tcp''DD anywhere'''anywhere'''tcp'dpt:49156'to:172.17.0.19:443 ... Host nginx2 c1 172.17.42.1 Docker00bridge eth0 eth0 veth79ed06d veth6df8377 eth0192.168.50.16
  • 37. Port mapping For0the0new0nginx20container,0we0show0network0 settings0below # docker inspect+nginx2 "NetworkSettings":'{ "Bridge":'"docker0", "Gateway":'"172.17.42.1", "IPAddress":'"172.17.0.19", "IPPrefixLen":'16, "MacAddress":'"02:42:ac:11:00:0f", "PortMapping":'null, "Ports":'{ "443/tcp":'[ { "HostIp":'"0.0.0.0", "HostPort":'"49157" }], "80/tcp":'[ { "HostIp":'"0.0.0.0", "HostPort":'"49158" }] }} Advanced: • It is possible to restrict the port mapping to listen on specific host IPaddress and/or a specific host port number • Use -p option as follows #+docker run+ –p+host_IP:host_port:container_port –d+–i –t+nginx
  • 38. Host Give fullaccess of thehost network tothecontainer using-- net=host option # docker run--net=host --name=c3 -i –d –tbase /bin/bash Check network withincontainerusingifconfigcommand throughexec # docker exec c3 ifconfigeth0 eth0 Link encap:Ethernet HWaddr 52:54:00:0d:3c:9f inet addr:192.168.50.16 Bcast:192.168.50.255 Host can talk tocontainer usinglo (localhost)interface Containerscan listen onprivileged ports(i.e., port numbers < 1024) of host Give fullaccess to network of a containerXX to the new containerYY using--net=container:XX option # docker run--net=container:nginx1 --name=c4 -i –d –tbase /bin/bash Check network withincontainerusingifconfigcommand throughexec # docker exec c4 ifconfigeth0 eth0 Link encap:Ethernet HWaddr 02:42:ac:11:00:12 inet addr:172.17.0.18 Bcast:0.0.0.0 ContainerXX can talk to containerYY usinglo (localhost) interface Container
  • 39. Option: Open vSwitch • Similar to Linux bridge, but different technology • Today, this is not the default with Docker • Allowsprogramming with OVSDB and OpenFlow protocols • Why? OpenvSwitch has many useful features! • VxLAN,GRE, VLAN based encapsulation and L2 forwarding • Encapsulation allowscontainers to pick any MAC/IP they want • Also possible to do L3routing, ARP proxy etc, load-balancing • Access control, traffic rate limiting and prioritization • 10G/s or more packetprocessing throughput possible • 1) kernel, or 2) userspace, with optionally DPDK acceleration
  • 40. Open vSwitch A softwarevirtual switch • Overlay Network • VxLan, GRE • Openflow
  • 42. What is dockerfile • A definition of image • FROM – base imagefrom • RUN – initializesomething • CMD – run after container created • EXPOSE – port • MAINTAINER – notification email send to • ADD– pass start.sh into container • VOLUME – path mapping • WORKDIR #example'dockerfile D redis FROM ubuntu MAINTAINER ruifengyun "ruifengyun@qq.com" ADD ./start.sh /root/start.sh RUN aptDget update RUN aptDget install Dy redisDserver RUN aptDget install Dy opensshDserver #CMD redisD server /etc/redis/redis.conf && /usr/sbin/sshd DD CMD ["redisDserver","/etc/redis/redis.conf"] EXPOSE 6379 EXPOSE 22 # docker build Dt'trystack/redis
  • 43. Demo page1 FROM ubuntu:14.04 MAINTAINER yourname@youraddress.com # Keep upstart from complaining RUN dpkgDdivert DDlocal DDrename DDadd /sbin/initctl RUN ln Dsf /bin/true /sbin/initctl # Let the conatiner know that there is no tty ENV DEBIAN_FRONTEND noninteractive RUN aptDget update RUN aptDget Dy upgrade # Basic Requirements RUN aptDget Dy install mysqlDserver mysqlDclient nginx php5Dfpm php5Dmysql phpDapc pwgen pythonD setuptools curl git unzip # Wordpress Requirements RUN aptDget Dy install php5Dcurl php5Dgd php5Dintl phpDpear php5Dimagick php5Dimap php5Dmcrypt php5D memcache php5Dming php5Dps php5Dpspell php5Drecode php5Dsqlite php5Dtidy php5Dxmlrpc php5Dxsl # mysql config RUN sed Di De"s/^bindDaddresss*=s*127.0.0.1/bindDaddress = 0.0.0.0/" /etc/mysql/my.cnf
  • 44. Demo page2 # nginx config RUN sed Di De"s/keepalive_timeouts*65/keepalive_timeout 2/" /etc/nginx/nginx.conf RUN sed Di D e"s/keepalive_timeout 2/keepalive_timeout 2;ntclient_max_body_size 100m/" /etc/nginx/nginx.conf RUN echo "daemon off;" >> /etc/nginx/nginx.conf # phpDfpm config RUN sed Di De "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g" /etc/php5/fpm/php.ini RUN sed Di De "s/upload_max_filesizes*=s*2M/upload_max_filesize = 100M/g" /etc/php5/fpm/php.ini RUN sed Di De "s/post_max_sizes*=s*8M/post_max_size = 100M/g" /etc/php5/fpm/php.ini RUN sed Di De "s/;daemonizes*=s*yes/daemonize = no/g" /etc/php5/fpm/phpDfpm.conf RUN sed Di D e "s/;catch_workers_outputs*=s*yes/catch_workers_output = yes/g" /etc/php5/fpm/pool.d/www.conf RUN find /etc/php5/cli/conf.d/ Dname "*.ini" Dexec sed Di Dre 's/^(s*)#(.*)/1;2/g' {} ; # nginx site conf ADD ./nginxDsite.conf /etc/nginx/sitesDavailable/default # Supervisor Config RUN /usr/bin/easy_install supervisor RUN /usr/bin/easy_install supervisorDstdout ADD ./supervisord.conf /etc/supervisord.conf
  • 45. Demo page3 # Install Wordpress ADD http://wordpress.org/latest.tar.gz /usr/share/nginx/latest.tar.gz RUN cd /usr/share/nginx/ && tar xvf latest.tar.gz && rm latest.tar.gz RUN mv /usr/share/nginx/html/5* /usr/share/nginx/wordpress RUN rm Drf /usr/share/nginx/www RUN mv /usr/share/nginx/wordpress /usr/share/nginx/www RUN chown DR wwwDdata:wwwDdata /usr/share/nginx/www # Wordpress Initialization and Startup Script ADD ./start.sh /start.sh RUN chmod 755 /start.sh # private expose EXPOSE 3306 EXPOSE 80 CMD ["/bin/bash", "/start.sh"]
  • 47. Step 1 – Install Prerequisites • Docker registry is a python application • Need some python libs $ sudo apt-get update $ sudo apt-get -y install build-essential python-dev libevent-dev python-pip liblzma-dev
  • 48. Step 2 – Install and Configure Docker Registry sudo pip install docker-registry gunicorn --access-logfile - --debug -k gevent -b 0.0.0.0:5000 -w 1 docker_registry.wsgi:application cd /usr/local/lib/python2.7/dist-packages/docker_registry/lib/../../config/ sudo cp config_sample.yml config.yml sudo mkdir /var/docker-registry