6. DOCKER 1.12 INTRODUCTION - SERVICES
SERVICE SCALING
FRONTEND
M
W
M
W W
NGINX NGINX
$ docker service scale nginx=4
NGINX
NGINX
7. DOCKER 1.12 INTRODUCTION - SERVICES
GLOBAL SERVICES
FRONTEND
M
W
M
W W
NGINX NGINX
$ docker service create —name agent —mode=global agent:latest
NGINX
NGINX
AG AG AG
AGAG
8. DOCKER 1.12 INTRODUCTION - SERVICES
SERVICE CONSTRAINTS
FRONTEND
M
W
M
W W
$ docker service create —name nginx —replicas 4 —network frontend —constraint
com.example.storage=“ssd” nginx
docker daemon —label
com.example.storage=“ssd”
NGINX NGINX
NGINX NGINX
9. DOCKER 1.12 INTRODUCTION - DAB
SERVICES
WEB-APP
WEB-APP.1
WEB-APP.2
WEB-APP.3
NGINX:LATEST
CONTAINER
NGINX:LATEST
CONTAINER
NGINX:LATEST
CONTAINER
SERVICE TASKS CONTAINERS
12. DOCKER 1.12 INTRODUCTION - HEALTH CHECKS
CONTAINER HEALTH CHECK
$ HEALTHCHECK --interval=5m —timeout=3s --retries 3 CMD curl
-f http://localhost/ || exit 1
▸ Checks every 5 minutes if the localhost web server returns the index page
within 3 seconds
▸ Container is considered unhealthy after 3 consecutive failures
13. DOCKER 1.12 INTRODUCTION - PLUGINS
PLUGINS
$ docker plugin install tiborvass/no-remove
$ docker plugin enable no-remove
$ docker plugin disable no-remove
$ docker plugin install tiborvass/no-remove
Plugin “tiborvass/no-remove:latest”
requested the following privileges:
- Networking: host
- Mounting host path: /data
Do you grant the above permissions? [y / N]
14. DOCKER 1.12 INTRODUCTION - SECURITY
SECURITY
▸ End-to-end encryption between managers and workers
▸ There is no “insecure”
▸ Automatic Encryption and mutual authentication (TLS)
▸ Certificate Rotation
▸ External CA Integration