Docker, cornerstone of an hybrid cloud?

71 %
29 %
Information about Docker, cornerstone of an hybrid cloud?

Published on November 19, 2016

Author: adrienblind


1. Adrien Blind DevOps Coach @adrienblind Docker, cornerstone of an hybrid cloud ?

2. Rise of the orchestration

3. @adrienblind Fine-grained, highly decoupled and atomic purpose centric services Designed for failure Multi-versioned Scalable Micro services Stateless Share-nothing Immutable Continuously delivered Distributed

4. @adrienblind Docker fits microservice paradigms ‘’A universal, self-sufficient and standard artifact embedding an app module, and its subsequent infrastructure configuration’’  Docker provides both the artifact and the ecosystem to handle it! Immutable Portable Lightweight Incremental Versionned/tagged Disposable

5. @adrienblind App From containers to apps An application is made of several components interacting each together

6. @adrienblind From Enterprise Services buses to full-mesh topologies ESB Service Service Service Service Service > ServiceService Service Service Service Service discovery challenge App App

7. @adrienblind Security paradigms shifts The necessary porosity of your IS requires to stick security closer to each application: sandbox your apps and expose protected interfaces! Network is part of application topology Security is an app topic, not just infra. concern Onboard security in feature teamSecDevOps

8. @adrienblind Vertical > horizontal  Apps designed for failure & scalability  Data to be externalized  Dumber infrastructure Resilience & scalability: apps problem now!  Structured: MongoDB, Hadoop, Cassandra, Elastic Search...  Binaries: object storage with Ceph, OpenStack Swift...  Helpful patterns: stateless, multi-versioning, loose coupling...  Infrastructure rationalization  Low-cost, poor-SLA commodity

9. @adrienblind Distributed application Compute (service/task) Storage (volume) Transport (network) Topology (compose, bundle, deploy, stack)  Docker shifted from container infra. to object-oriented app. topologies CaaS platform Clustering (swarm) Image mgmt (registry) Hosting (node) Provisioning (machine) ... relying on an CaaS platform  The rise of the orchestration

10. @adrienblind Docker 1.12 swarm mode  Directly over Internet ?  Swarm mode secures interactions between its nodes (TLS mutual auth, authz, & encryption)  Overlay network trafic may be encrypted across nodes too (use switch --opt encrypted to use IPSEC)  Built in the engine  Decentralized  More secured  More resilient

11. @adrienblind $ docker-machine create -d virtualbox m1 $ docker swarm init --advertise-addr [m1_ip] $ docker-machine create -d virtualbox m2 $ eval $(docker-machine env m2) $ docker swarm join --token [mytoken] [m1_ip]:2377 --advertise-addr [m2_ip] $ docker swarm join-token worker To add a worker to this swarm, run the following command: docker swarm join --token [TOKEN] [m1_ip]:2377 … (joined a third manager, plus a worker) $ docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 1o46ikaidagi91w940h81byd1 w1 Ready Active 3bboy53bjyeqd9ad0tsegju51 m2 Ready Active Reachable 48yqo4607pfzkpct4jz9t1t9y m3 Ready Active Reachable 6fyvwd6cc4nguth29ycexaxat * m1 Ready Active Leader Cluster setup example

12. @adrienblind Docker service Depicts the desired runtime behavior of a given image : networking, resiliency, quotas...  shift to state-machine paradigms $ docker service create --name front -–network app –-replicas 3 -p 80:80/tcp nginx:latest Attach the containers to a given network Define the desired amount of instances for this service (named « tasks ») Attach each instance to a transversal L4 loadbalancer instance, reachable on each node of the cluster

13. @adrienblind Example $ docker network create --driver overlay wordpressnet $ docker service create --name wordpressdb --env MYSQL_ROOT_PASSWORD=plop --env MYSQL_DATABASE=wordpress --network wordpressnet mysql:latest $ docker service create --name wordpressapp --env WORDPRESS_DB_HOST=wordpressdb --env WORDPRESS_DB_PASSWORD=plop --network wordpressnet --publish 80:80 --replicas 7 wordpress:latest $ docker service ls ID NAME REPLICAS IMAGE COMMAND 14utiklw5g6s wordpressdb 1/1 mysql:latest c9vnvebcylg5 wordpressapp 7/7 wordpress:latest $ docker service update --replicas 4 wordpressapp

14. @adrienblind Example LB LB LB LB Network Dynamic LB on each manager + workers hosting containers of the app All containers belonging to a same app are connected through an overlay network Overlay network

15. @adrienblind Docker stack docker-compose enabled to depicts and trigger a complete app topology from the client side docker stack enables to feed the server- side orchestrator with a complete app topology

16. Hybridate clouds

17. @adrienblind  Almost all cloud vendors provide their own complete, ready-to-use docker CaaS stacks:  Amazon ECS, Beanstalk  Azure Container Service  Google Container Engine  Beyond traditionnal IaaS, the much integrated & valuable service you get, the more locked-in you are  Balance your args (portability, cost, etc.)  No universal answer… Cloud provider hybridation

18. @adrienblind  You may create your own docker Swarm CaaS leveraging on several providers  Your own traditional DC  Various Cloud vendors  You may even use docker tools to automate everything docker-machine create --driver azure --azure-subscription-id [MY_ID] Cloud provider hybridation

19. @adrienblind  Not only interesting for portability & freedom  Progressive cloud migration  Elasticity / overflooding  Multiply points of presence  Keep docker native ergonomy easing adoption  « cloud hoster trading? » ;)  … Cloud provider hybridation

20. @adrienblind  Scale the application through docker service replicas  Scale the swarm cluster capacity leveraging on docker-machine Scale up, scale down AVOID CONFUSION

21. Hybridate technos

22. @adrienblind Windows containers are here! Two Windows Containers types:  Windows Server Containers, that are similar than Linux containers in the concepts  Hyper-V Containers, that runs inside a small virtual machine on Hyper-V

23. @adrienblind  What  Tiny servers based on ARM architecture  Poor per-core perf but up to 54 cores per SoC + good I/Os  Why / Pros  Green IT: better perf/watt & density ratio  Cost efficiency for massive threading usecases: bigdata/grids/horizontally scalable apps.  Pitfalls / Cons  Litteraly rebuild apps for ARM  Only fits some usecases, not a silverbullet! ARM: end of the x86 hegemony ? ARM v8 architecture Up to 54 cores/SoC + 1TB RAM Cavium srv: 384 cores enclosed in 2U

24. @adrienblind Hybrid orchestration App 3 App 2 App 1 X64/WIN X64/LINUX ARM/LINUX  Extend the picture  ARM computing rises  Windows containers arrives  The app topology integrates various techs which must be orchestrated together

25. Example demo Initially co-built with Ludovic Piot (@lpiot) for a live demo given at Docker Meetup Paris

26. @adrienblind Cloud hybridation Raspberry (ARM) Win 2016 SWARM CLUSTER Load injector (Apache AB) IIS Website MySQL Backend Overlay network Linux X86_64 Linux X86_64 Linux X86_64 Linux X86_64 Linux X86_64 INTERNET REDIS  Use constraints on services to enforce containers location

27. @adrienblind A real, hybrid docker cluster ARM/Linux x86_64/Linux x86_64/Win x86_64/Linux

28. @adrienblind Spawning docker services

29. @adrienblind Scale the app up & down

30. Conclusion

31. @adrienblind  Orchestration is more than ever the key ; now handle multi-technologies dockerized apps  You may wish to keep control while delegating commodities  Docker swarm enables to create an abstraction layer to facilitate transition to the cloud or multi-cloud handling Conclusion

32. @adrienblind  Step 1  Shift to docker packaging pardigmes  Start deploying your apps through docker (trough CD pipelines for instance)  Step 2  Shift to dynamic orchestration: swarm cluster handles container deployments over the cluster, ensures desired instances are up, etc.  Step 3  Extend your local own cluster to third-part vendors  Step 4  Shift to self-healing clusters (autoscaling nodes for instance) Plan your migration

33. Adrien Blind DevOps Coach @adrienblind Thank you!

Add a comment