This document provides an overview and comparison of common container orchestration platforms including Docker Swarm, Mesosphere DC/OS, and Kubernetes. It begins with an introduction to using containers without an orchestrator and the challenges that presents at scale. Examples of Docker Swarm, DC/OS, and Kubernetes demonstrations are then shown. The document analyzes the features and suitability of each orchestrator for both production and development uses before concluding with additional resources.

1. © ZENIKA 2017 All rights reserved - Proprietary & confidential
Mesos vs Kubernetes vs Swarm : Fight!
© ZENIKA 2017 All rights reserved - Proprietary & confidential
Christophe Furmaniak / 2017-06-02

2. © ZENIKA 2017
/me
Christophe Furmaniak:
• Twitter : @cfurmaniak
• Github : looztra
• Docker hub store : looztra
• Full-blown consultant for Zenika
( b e n e v o l e n t d i s c l a i m e r : I s u c k a t s l i d e s , b e s i d e s b e i n g F r e n c h )

3. © ZENIKA 2017
WARMUP
• Who uses docker/containers on a daily basis?
• In production?
• Who has already "played" with an orchestrator?
• Who is running an orchestrator in Production?

4. © ZENIKA 2017
CONTAINERS WITHOUT AN ORCHESTRATOR
• Through command line
that's not for production of course (is it?)
• With custom (shell) script
one step towards your own orchestrator? (seriously?)
• With ansible [insert here another tool name providing a
nice syntax]
Immutable Infrastructure As Code?
H o w d o y o u s t a r t y o u r c o n t a i n e r s ?

5. © ZENIKA 2017
CONTAINERS WITHOUT AN ORCHESTRATOR
• Host port binding
• auto-mapping (-P)
• manual mapping ('port registry')
service discovery for the win!
• docker run -d -p 8000:80 ns/frontend
• docker run -d -p 8080:8080 ns/api-server
• docker run -d -p 6379:6379 ns/redis-master
• docker run -d -p 6380:6379 ns/redis-slave
H o w d o y o u m a k e y o u r c o n t a i n e r s c o m m u n i c a t e ?

6. © ZENIKA 2017
CONTAINERS WITHOUT AN ORCHESTRATOR
Schedule containers on your hosts? (pets?)
Deal with container/service/node failure?
Deal with scale up/down?
Deal with host maintenance?
How do you do when your app gets more complex?
Update your app's components? One by One... All at the
same time...
H o w d o y o u . . . ?

7. © ZENIKA 2017
NOT SUCH THING LIKE FREE LUNCH!
Yo u a n d y o u r f r i e n d l y o p s d u r i n g d e l i v e r i e s

8. © ZENIKA 2017
CONTAINER ORCHESTRATION
• Container scheduling/placement
• Failover (containers, nodes, management)
• Load Balancing
• Service Discovery
• Overlay Networks
• Storage (distributed, persistent)
• Secret Management
• (Auto) Scaling
• CLI and REST api
• Deployment Configuration as Code
• RBAC
B y d e s i g n !

9. © ZENIKA 2017
ORCHESTRATORS AND FRIENDS
• Kubernetes
• Docker Swarm
• Mesos + Marathon
• Rancher
• Nomad
• Titus (Mesos + Mantis [scheduling/job mgmt] + Titan)
• Deis (Kubernetes)
• Mantl (Mesos + Marathon and Kubernetes)
• Openshift V3 (Kubernetes)
• Kontena
• CloudFoundry
• ...
L o a d s o f o r c h e s t r a t o r s !

10. © ZENIKA 2017
HOW TO CHOOSE?
• match your ops and dev (and others) expectations
• support for modern software development strategies
• support for modern operationnal strategies
To o M a n y O r c h e s t r a t o r s E x c e p t i o n ?

11. © ZENIKA 2017
WHO SHOULD/WILL CHOOSE?
• Container related strategies are usefull for both Dev and
Ops!
• There will be impacts on both Dev and Ops folks!
F o r g e t a b o u t s i l o s , f o c u s o n D e v O p s C a l m S

12. © ZENIKA 2017
IMPACTS ON OPS FOLKS?
• New (exciting) way to work!
• Less pet nodes
• More cattle => Infrastructure As Code (mandatory?)
• New procedures and tools :
• Network and Storage management
• Metrics and Log management
• Monitoring
c a t / r o o t / e x c i t i n g . m d

13. © ZENIKA 2017
IMPACTS ON DEV FOLKS
• New (exciting) way to work!
• New notions like Service Discovery
• More concerned:
• Metrics
• Healtchecks
• Logs
• Can I use it on my devbox?
@ E x c i t i n g S t u ff

14. © ZENIKA 2017
DOCKER SWARM
• Native orchestration shipped with Docker (since 1.12)
• Replacement of 'stand alone Swarm' (swarm v1)
• All-in, no external dependencies
• Trivial setup
• Secure by default (automatic TLS keying and signing)
M o d e , S wa r m M o d e

15. © ZENIKA 2017
DOCKER SWARM DISTRIBUTIONS
• Manual official setup
• Azure Container Services (Engine Option)
• Rancher (Orchestration Engine Option)
• Ansible roles
• Terraform recipes
I n s t a l l i n g D o c k e r S wa r m

16. © ZENIKA 2017
DOCKER SWARM FEATURES
• Declarative service model
• Desired state reconciliation
• Placement with labels and constraints
• Overlay networks provide isolation
• Service Discovery through DNS
• Load Balancing
• Rolling Upgrades
• Persistent storage
• Secrets
O r c h e s t r a t i o n

17. © ZENIKA 2017
DOCKERCOINS!
• It is a DockerCoin miner!
• How DockerCoins works
• DockerCoins application courtesy
of Jérôme Petazzoni
(https://github.com/jpetazzo)
M i n e m i n e m i n e

18. © ZENIKA 2017
DOCKER SWARM
DEMO
(running on Azure Container Services thx to ACS Engine)
D e m o

19. © ZENIKA 2017
MESOSPHERE DC/OS
• DC/OS : Data Center Operating System
• Mesosphere: the company that built DC/OS
• Relies on Mesos, the underlying task scheduler
• Frameworks:
• Marathon for apps
• Metronome for jobs
• and others...
D C / O S , M e s o s a n d F r i e n d s

20. © ZENIKA 2017
DC/OS AND MESOS DISTRIBUTIONS
• Manual setup (dcos cli)
• Rancher (Mesos and Marathon as orchestration engine)
• Azure Container Service (engine option)
• Ansible and Terraform recipes
I n s t a l l i n g D C / O S a n d M e s o s

21. © ZENIKA 2017
DC/OS FEATURES
• Failure resiliency (provided by Frameworks)
• Service Discovery :
• VIPs (MinuteMan)
• Mesos DNS (A/IP [fixed port] or SRV)
• LoadBalancing : MarathonLB
• Rolling Upgrades and BlueGreen Deployments
• Persistent storage (limited to single instance of app):
• local persistent volume on single node
• external volumes
• 'Pods' since Mesos 1.1.0/marathon 1.4.04 / DCOS 1.9
o r c h e s t r a t i o n

22. © ZENIKA 2017
DC/OS
DEMO
(running on Azure Container Services)
D e m o

23. © ZENIKA 2017
KUBERNETES
• Groups containers that make up an application into
logical units for easy management and discovery
• Built upon 15 years of running production workloads at
Google
• Google and Redhat as contributors
I n t r o d u c t i o n

24. © ZENIKA 2017
KUBERNETES DISTRIBUTIONS
• kubeadm
• Apprenda Kismatic
• CoreOS Tectonic
• Azure Container Service (engine option)
• Rancher (engine option)
• RedHat Openshift v3
• Ansible and Terraform recipes
I n s t a l l K 8 S

25. © ZENIKA 2017
KUBERNETES FEATURES
• Pods
• Service Discovery
• Load Balancing
• Rolling Updates and BlueGreen deployments
• Storage orchestration
• Daemon Sets and Stateful/Pet Sets
• Configuration Objects
• Secrets
O r c h e s t r a t i o n

26. © ZENIKA 2017
KUBERNETES
DEMO
(running on Azure Container Services)
D e m o

27. © ZENIKA 2017
SWARM WRAP UP
• quickest ramp-up, no vendor lock-in (except Docker :D)
• good choice for simple web/stateless applications
• not for complicated large scale app
• no POD support
• no RBAC
• no UI (available in commercial Docker DataCenter)
• no specific multi-datacenter support
S h o u l d y o u s t a y o r s h o u l d y o u g o ?

28. © ZENIKA 2017
SWARM WRAP UP (FOCUS ON DEV)
• docker-compose out of the box
• local setup with docker swarm init
S h o u l d y o u s t a y o r s h o u l d y o u g o ?

29. © ZENIKA 2017
DCOS WRAP UP
• Also works for non-containerized apps
• Packages available for well -know apps (DCOS Universe)
• Nice for mixed apps
• Tested with tens of thousands nodes
• UIs and CLI
• Support for multi-datacenters
• Support for Authentication
S h o u l d y o u s t a y o r s h o u l d y o u g o ?

30. © ZENIKA 2017
DCOS WRAP UP (continued)
• More stacks to assemble/debug
(DCOS/Mesos/Marathon/Mesos DNS/MarathonLB/...)
• Load balancing between services can be more
complicated
• Overlay Network still a little bit tricky
• Limited support for persistent volumes
• Support for Authorization in the commercial DC/OS
S h o u l d y o u s t a y o r s h o u l d y o u g o ?

31. © ZENIKA 2017
DCOS WRAP UP (FOCUS ON DEV)
• native application deployment descriptor
• docker-compose with the Docker Compose Executor
• MiniMesos project (but limited support for frameworks)
• you have to specify limits (memory, cpu) every time
S h o u l d y o u s t a y o r s h o u l d y o u g o ?

32. © ZENIKA 2017
KUBERNETES WRAP UP
• More feature rich and mature
• Nice POD workload definition
• Stateful/Pet sets to support stateful apps
• Strong support from Google and RedHat
• Strong community
• Tested with thousands nodes
• UI and CLI (kubectl)
• RBAC support through Namespaces
• Support for multi datacenters through Federation
S h o u l d y o u s t a y o r s h o u l d y o u g o ?

33. © ZENIKA 2017
KUBERNETES WRAP UP (CONTINUED)
• More complex (etcd, API server, scheduler, kubelet,
kubeproxy, ...)
• No network overlay by default (but easily installable
throught pod networks)
• No direct interaction with the docker daemon
• Opinionated piece of software
S h o u l d y o u s t a y o r s h o u l d y o u g o ?

34. © ZENIKA 2017
KUBERNETES WRAP UP (FOCUS ON DEV)
• native application deployment descriptor
• docker-compose support with project Kompose
• packaging with Helm (by DEIS Microsoft)
• ... and workflow with Draft (by Microsoft)
• ksonnet to simply configuration
• istio to connect, manage and secure microservices
• local testing with MiniKube
• ... or MiniShift (for the openshift version)
S h o u l d y o u s t a y o r s h o u l d y o u g o ?

35. © ZENIKA 2017
META-ORCHESTRATION
• Kubernetes in Mesos (link)
• Swarm in Mesos (link)
• Mesos, Kubernetes and Swarm in Rancher
O r c h e s t r a t o r i n c e p t i o n

36. © ZENIKA 2017
POINTERS
• Application Delivery with Mesosphere DC/OS
• Mesos: a state of the art container orchestrator
• Comparing Rancher orchestration engine option
• Orchestration Kit / Devoxx France
• Containerus Bellum by Octo (French)
• Container Pods with Docker Compose in Mesos
• Mesos Docker Compose Executor
• Project Kompose
• Helm Packager
• Project Draft
• Compose Version 3
N i c e t o s h a r e

37. © ZENIKA 2017
POINTERS (CONTINUED)
• DockerCoins project source code
• Docker Swarm Visualizer
• MiniMesos
• MiniKube
• MiniShift
• Ksonnet intro
• Ksonnet
• Istio
M o r e n i c e t o s h a r e

38. © ZENIKA 2017
This is the end
Thank You!

39. © ZENIKA 2017
or not...
Questions?