advertisement

Chris Swan's QCon presentation "Using Docker in Cloud Networks"

56 %
44 %
advertisement
Information about Chris Swan's QCon presentation "Using Docker in Cloud Networks"
Technology

Published on March 3, 2014

Author: CohesiveFT

Source: slideshare.net

Description

CTO Chris Swan's QCon presentation: Using Docker in Cloud Networks
Track: Next Gen Cloud
Originally presented on Friday, 7 March 14:30 - 15:20 in the Mountbatten Room

About the presentation
Docker.io provides an elegant means of packaging and deploying application stacks. CohesiveFT have incorporated Docker into their VNS3 cloud overlay networking as a substrate for layer 4-7 network application services - things like proxy, reverse proxy, SSL termination, content caching and network intrusion detection. This presentation will look at what Docker does, and why it was chosen. It will also look at what's been involved in building Docker into an established platform, and what it takes to package applications and application infrastructure for use with Docker. This will include a look at Dockerfile, and the potential it has for tightening DevOps loops. Finally a look at some Docker trip hazards, and how to avoid them, and a Docker wish list - for how it could be even better.
advertisement

Using Docker in Cloud Networks Chris Swan, CTO @cpswan the original cloud networking company copyright 2014 Friday, 28 February 14 1

Agenda Docker Overview Dockerfile and DevOps Docker in Cloud Networks Some Trip Hazards My Docker Wish List copyright 2014 Friday, 28 February 14 2

Docker overview copyright 2014 Friday, 28 February 14 3

background Open source project released in March 2013 Docker is a Container System for Code Image Credit: Docker..io copyright 2014 Friday, 28 February 14 4

A different granularity of virtualisation Image Credit: Docker..io copyright 2014 Friday, 28 February 14 5

Continuing the container analogy Image Credit: Docker..io copyright 2014 Friday, 28 February 14 6

What’s outside the box? Linux containers (LXC) Similar to Solaris zones, FreeBSD jails, IBM LPAR etc. > chroot < any hardware (VT) protected hypervisor A union file system (e.g. AUFS) Containers are made up out of layers May also use ZFS or BTRFS Docker command line tool to manage lifecycle of containers run, start, stop, ps, import, export etc. copyright 2014 Friday, 28 February 14 7

Going inside the box - Hello World copyright 2014 Friday, 28 February 14 8

Stacking containers Image Credit: Docker..io copyright 2014 Friday, 28 February 14 9

Containers and Images Image Credit: Docker..io copyright 2014 Friday, 28 February 14 10

Hello World from Dockerfile copyright 2014 Friday, 28 February 14 11

A real example of Dockerfile copyright 2014 Friday, 28 February 14 12

Dockerfile and DevOps copyright 2014 Friday, 28 February 14 13

John Boyd’s OODA loop copyright 2014 Friday, 28 February 14 14

Dockerfile makes mistakes very cheap copyright 2014 Friday, 28 February 14 15

Docker and networking copyright 2014 Friday, 28 February 14 16

When the Docker daemon starts Creates a docker0 bridge if not present Other bridges can be manually configured Searches for an IP address range which doesn’t overlap with an existing route Default is 172.17.0.0/16 Picks an IP in the selected range and assigns it to the docker0 bridge Default is 172.17.42.1 Containers get a virtual interface that’s bonded to the docker0 bridge Starting with 172.17.0.2 copyright 2014 Friday, 28 February 14 17

Port mapping Map a random host port to a container port sudo docker run -d -p 1234 cpswan/demoapp Map a specific host port to a container port sudo docker run -d -p 1234:1234 cpswan/demoapp copyright 2014 Friday, 28 February 14 18

Container linking Docker takes named links to other containers to populate env variables: # start the database sudo docker run -d -p 3306:3306 -name todomvc_db -v /data/mysql:/var/lib/mysql cpswan/todomvc.mysql # start the app server sudo docker run -d -p 4567:4567 -name todomvc_app -link todomvc_db:db cpswan/todomvc.sinatra # start the web server sudo docker run -d -p 443:443 -name todomvc_ssl -link todomvc_app:app cpswan/todomvc.ssl Use the env variable in the app server: dburl = 'mysql://root:pa55Word@' + ENV['DB_PORT_3306_TCP_ADDR'] + '/todomvc' DataMapper.setup(:default, dburl) copyright 2014 Friday, 28 February 14 19

Docker in cloud networks copyright 2014 Friday, 28 February 14 20

Before Docker VNS3 is a virtual appliance Swiss Army Knife for networking VNS3 Router Switch Firewall IPsec/SSL VPN concentrator Protocol Redistributor Dynamic & Scriptable SDN copyright 2014 Friday, 28 February 14 Tool for building secure networks in virtual infrastructures, private & public cloud 21

A typical customer use case Public Cloud Web App IPsec Tunnel VNS3 Firewall / VPN Data Center Servers On-Site Hardware copyright 2014 Friday, 28 February 14 22

That annoying extra VM Public Cloud Web App IPsec Tunnel VNS3 Internet traffic Firewall / VPN Data Center Servers On-Site Hardware copyright 2014 Friday, 28 February 14 23

With Docker VNS3 3.5 allows customers to embed features and functions provided by other vendors - or developed in house, safely and securely into their Cloud Network. VNS3 (Reverse) Proxy Router SSL Termination Switch Content Caching Load Balancing Intrusion Detection More.... Firewall IPsec/SSL VPN Concentrator Protocol Redistributor Dynamic & Scriptable SDN copyright 2014 Friday, 28 February 14 Customer controlled, & co-created, for best hybrid cloud experience 24

Getting rid of that annoying extra VM Public Cloud Web App IPsec Tunnel VNS3 Internet traffic Firewall / VPN Data Center Servers On-Site Hardware copyright 2014 Friday, 28 February 14 25

Seeding the ecosystem copyright 2014 Friday, 28 February 14 26

and on github copyright 2014 Friday, 28 February 14 27

as Dockerfile doesn’t stand alone copyright 2014 Friday, 28 February 14 28

Some trip hazards copyright 2014 Friday, 28 February 14 29

Inconsistent package repos copyright 2014 Friday, 28 February 14 30

Beware apt-get upgrade Not a problem in the official Docker.io images But... if you’re using images from somewhere else then it’s not good when they try to build an initramfs copyright 2014 Friday, 28 February 14 31

Non deterministic actions apt-get install whatever -y You want this to be cached in the short term You might not want it to be cached long term (I’m not going to wade into the security tar pit right now) copyright 2014 Friday, 28 February 14 32

Local vs Global image namespace sudo docker build -t cpswan/haproxy . sudo docker run -d cpswan/haproxy != sudo docker run -d cpswan/haproxy Nothing there to make you pull before you push Global namespace is managed, local namespace isn’t Intermediate/private repositories for extra fun :-0 copyright 2014 Friday, 28 February 14 33

This can happen ‘docker ps’: copyright 2014 Friday, 28 February 14 34

and also this ‘docker ps --all’: copyright 2014 Friday, 28 February 14 35

My Docker wish list copyright 2014 Friday, 28 February 14 36

If only it would... Docker CLI Disk quotas Route propagation copyright 2014 Friday, 28 February 14 37

At least one of those wishes might be granted... copyright 2014 Friday, 28 February 14 38

Summary copyright 2014 Friday, 28 February 14 39

Summary Docker provides a ‘shipping container’ for apps Dockerfile tightens the DevOps OODA loop Docker has given us a way to move from closed platform to open platform (and be part of an ecosystem) It’s not perfect yet, but it’s not finished yet (and software rarely is anyway) copyright 2014 Friday, 28 February 14 40

Questions? Paddington, London, UK ContactMe@cohesiveft.com   +44 20 8144 0156 @CohesiveFT copyright 2014 Friday, 28 February 14 41

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Presentations -> Using Docker in Cloud Networks

Biography: Chris Swan. Chris Swan is CTO at CohesiveFT, a cloud networking company founded in 2006 that he joined in early 2013. He was previously at UBS ...
Read more

Using Docker in Cloud Networks - InfoQ

Chris Swan takes a look at Docker: ... InfoQ Homepage Presentations Using Docker in Cloud Networks. ... Using Docker in Cloud Networks.
Read more

CohesiveFT Elastic Server Blog: Docker memory profiling - 推酷

Chris Swan's QCon presentation "Using Docker in Cloud Networks" Notes: [1] What’s now VMware’s vCloud Automation Center (vCAC), and was for a while ...
Read more

Speakers -> Chris Swan - qconlondon.com

Chris Swan is CTO at CohesiveFT, ... QCon is a practitioner-driven conference designed for technical team leads, ... Presentation: Tweet Introduction ...
Read more

QCon Presentation ‘Consumerisation - Chris Swan's Weblog

QCon Presentation ‘Consumerisation – what does it mean to ... Like this: Like Loading... Related. Filed under: presentation ... Follow “Chris Swan's ...
Read more

Docker memory profiling - Cohesive Networks

Docker memory profiling. March 18th, 2014 from Chris Swan, CTO: ... Action shot from presenting at QCon London:
Read more

Cloud Networks | LinkedIn

View 436 Cloud Networks posts, presentations, experts, and more. Get the professional knowledge you need on LinkedIn. LinkedIn Home What is LinkedIn?
Read more

technology | Chris Swan's Weblog | Page 4

Chris Swan's Weblog. About; Commenting; Speaking; Archive for the ‘technology’ Category ... QCon Presentation ‘Consumerisation ...
Read more