Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Docker, cornerstone of an hybrid cloud?

Download as PPTX, PDF
Adrien Blind
Adrien Blind

In this presentation, I propose to explore the orchestration & hybridation potential raised by Docker 1.12 Swarm Mode and the subsequent benefits. I'll first remind why docker fits well the microservices paradigms, and how does this architecture engender new challenges : service discovery, app-centric security, scalability & resilience, and of course, orchestration. I'll then discuss the opportunity to create your own docker CaaS platform hybridating simultaneously on various cloud vendors & traditional datacenters, better than just leveraging on vendors integrated offers. Finally, I'll discuss the rise of new technologies (Windows containers, ARM architectures) in the docker landscape, and the opportunity of integrating them in a global docker composite orchestration, enabling to depict globally complex apps.

Related slideshows

Docker 之道 Modernize Traditional Applications with 无为 Create New Cloud Native ...
Docker 之道 Modernize Traditional Applications with 无为 Create New Cloud Native ...Docker 之道 Modernize Traditional Applications with 无为 Create New Cloud Native ...
Docker 之道 Modernize Traditional Applications with 无为 Create New Cloud Native ...
 
NetDevOps Development Environments
NetDevOps Development EnvironmentsNetDevOps Development Environments
NetDevOps Development Environments
 
DockerCon EU 2017 Recap
DockerCon EU 2017 RecapDockerCon EU 2017 Recap
DockerCon EU 2017 Recap
 
1 of 33
Adrien Blind DevOps Coach @adrienblind Docker, cornerstone of an hybrid cloud ?
Rise of the orchestration
@adrienblind Fine-grained, highly decoupled and atomic purpose centric services Designed for failure Multi-versioned Scalable Micro services Stateless Share-nothing Immutable Continuously delivered Distributed
@adrienblind Docker fits microservice paradigms ‘’A universal, self-sufficient and standard artifact embedding an app module, and its subsequent infrastructure configuration’’  Docker provides both the artifact and the ecosystem to handle it! Immutable Portable Lightweight Incremental Versionned/tagged Disposable
@adrienblind App From containers to apps An application is made of several components interacting each together
@adrienblind From Enterprise Services buses to full-mesh topologies ESB Service Service Service Service Service > ServiceService Service Service Service Service discovery challenge App App
@adrienblind Security paradigms shifts The necessary porosity of your IS requires to stick security closer to each application: sandbox your apps and expose protected interfaces! Network is part of application topology Security is an app topic, not just infra. concern Onboard security in feature teamSecDevOps
@adrienblind Vertical > horizontal  Apps designed for failure & scalability  Data to be externalized  Dumber infrastructure Resilience & scalability: apps problem now!  Structured: MongoDB, Hadoop, Cassandra, Elastic Search...  Binaries: object storage with Ceph, OpenStack Swift...  Helpful patterns: stateless, multi-versioning, loose coupling...  Infrastructure rationalization  Low-cost, poor-SLA commodity
@adrienblind Distributed application Compute (service/task) Storage (volume) Transport (network) Topology (compose, bundle, deploy, stack)  Docker shifted from container infra. to object-oriented app. topologies CaaS platform Clustering (swarm) Image mgmt (registry) Hosting (node) Provisioning (machine) ... relying on an CaaS platform  The rise of the orchestration
@adrienblind Docker 1.12 swarm mode  Directly over Internet ?  Swarm mode secures interactions between its nodes (TLS mutual auth, authz, & encryption)  Overlay network trafic may be encrypted across nodes too (use switch --opt encrypted to use IPSEC)  Built in the engine  Decentralized  More secured  More resilient
@adrienblind $ docker-machine create -d virtualbox m1 $ docker swarm init --advertise-addr [m1_ip] $ docker-machine create -d virtualbox m2 $ eval $(docker-machine env m2) $ docker swarm join --token [mytoken] [m1_ip]:2377 --advertise-addr [m2_ip] $ docker swarm join-token worker To add a worker to this swarm, run the following command: docker swarm join --token [TOKEN] [m1_ip]:2377 … (joined a third manager, plus a worker) $ docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 1o46ikaidagi91w940h81byd1 w1 Ready Active 3bboy53bjyeqd9ad0tsegju51 m2 Ready Active Reachable 48yqo4607pfzkpct4jz9t1t9y m3 Ready Active Reachable 6fyvwd6cc4nguth29ycexaxat * m1 Ready Active Leader Cluster setup example
@adrienblind Docker service Depicts the desired runtime behavior of a given image : networking, resiliency, quotas...  shift to state-machine paradigms $ docker service create --name front -–network app –-replicas 3 -p 80:80/tcp nginx:latest Attach the containers to a given network Define the desired amount of instances for this service (named « tasks ») Attach each instance to a transversal L4 loadbalancer instance, reachable on each node of the cluster
@adrienblind Example $ docker network create --driver overlay wordpressnet $ docker service create --name wordpressdb --env MYSQL_ROOT_PASSWORD=plop --env MYSQL_DATABASE=wordpress --network wordpressnet mysql:latest $ docker service create --name wordpressapp --env WORDPRESS_DB_HOST=wordpressdb --env WORDPRESS_DB_PASSWORD=plop --network wordpressnet --publish 80:80 --replicas 7 wordpress:latest $ docker service ls ID NAME REPLICAS IMAGE COMMAND 14utiklw5g6s wordpressdb 1/1 mysql:latest c9vnvebcylg5 wordpressapp 7/7 wordpress:latest $ docker service update --replicas 4 wordpressapp
@adrienblind Example LB LB LB LB Network Dynamic LB on each manager + workers hosting containers of the app All containers belonging to a same app are connected through an overlay network Overlay network
@adrienblind Docker stack docker-compose enabled to depicts and trigger a complete app topology from the client side docker stack enables to feed the server- side orchestrator with a complete app topology
Hybridate clouds
@adrienblind  Almost all cloud vendors provide their own complete, ready-to-use docker CaaS stacks:  Amazon ECS, Beanstalk  Azure Container Service  Google Container Engine  Beyond traditionnal IaaS, the much integrated & valuable service you get, the more locked-in you are  Balance your args (portability, cost, etc.)  No universal answer… Cloud provider hybridation
@adrienblind  You may create your own docker Swarm CaaS leveraging on several providers  Your own traditional DC  Various Cloud vendors  You may even use docker tools to automate everything docker-machine create --driver azure --azure-subscription-id [MY_ID] Cloud provider hybridation
@adrienblind  Not only interesting for portability & freedom  Progressive cloud migration  Elasticity / overflooding  Multiply points of presence  Keep docker native ergonomy easing adoption  « cloud hoster trading? » ;)  … Cloud provider hybridation
@adrienblind  Scale the application through docker service replicas  Scale the swarm cluster capacity leveraging on docker-machine Scale up, scale down AVOID CONFUSION
Hybridate technos
@adrienblind Windows containers are here! Two Windows Containers types:  Windows Server Containers, that are similar than Linux containers in the concepts  Hyper-V Containers, that runs inside a small virtual machine on Hyper-V https://blogs.msdn.microsoft.com/jcorioland/2016/10/13/getting-started-with-windows-containers
@adrienblind  What  Tiny servers based on ARM architecture  Poor per-core perf but up to 54 cores per SoC + good I/Os  Why / Pros  Green IT: better perf/watt & density ratio  Cost efficiency for massive threading usecases: bigdata/grids/horizontally scalable apps.  Pitfalls / Cons  Litteraly rebuild apps for ARM  Only fits some usecases, not a silverbullet! ARM: end of the x86 hegemony ? ARM v8 architecture Up to 54 cores/SoC + 1TB RAM Cavium srv: 384 cores enclosed in 2U
@adrienblind Hybrid orchestration App 3 App 2 App 1 X64/WIN X64/LINUX ARM/LINUX  Extend the picture  ARM computing rises  Windows containers arrives  The app topology integrates various techs which must be orchestrated together
Example demo Initially co-built with Ludovic Piot (@lpiot) for a live demo given at Docker Meetup Paris
@adrienblind Cloud hybridation Raspberry (ARM) Win 2016 SWARM CLUSTER Load injector (Apache AB) IIS Website MySQL Backend Overlay network Linux X86_64 Linux X86_64 Linux X86_64 Linux X86_64 Linux X86_64 INTERNET REDIS  Use constraints on services to enforce containers location
@adrienblind A real, hybrid docker cluster ARM/Linux x86_64/Linux x86_64/Win x86_64/Linux
@adrienblind Spawning docker services
@adrienblind Scale the app up & down
Conclusion
@adrienblind  Orchestration is more than ever the key ; now handle multi-technologies dockerized apps  You may wish to keep control while delegating commodities  Docker swarm enables to create an abstraction layer to facilitate transition to the cloud or multi-cloud handling Conclusion
@adrienblind  Step 1  Shift to docker packaging pardigmes  Start deploying your apps through docker (trough CD pipelines for instance)  Step 2  Shift to dynamic orchestration: swarm cluster handles container deployments over the cluster, ensures desired instances are up, etc.  Step 3  Extend your local own cluster to third-part vendors  Step 4  Shift to self-healing clusters (autoscaling nodes for instance) Plan your migration
Adrien Blind DevOps Coach @adrienblind Thank you!

More Related Content

Docker, cornerstone of an hybrid cloud?

  • 1. Adrien Blind DevOps Coach @adrienblind Docker, cornerstone of an hybrid cloud ?
  • 3. @adrienblind Fine-grained, highly decoupled and atomic purpose centric services Designed for failure Multi-versioned Scalable Micro services Stateless Share-nothing Immutable Continuously delivered Distributed
  • 4. @adrienblind Docker fits microservice paradigms ‘’A universal, self-sufficient and standard artifact embedding an app module, and its subsequent infrastructure configuration’’  Docker provides both the artifact and the ecosystem to handle it! Immutable Portable Lightweight Incremental Versionned/tagged Disposable
  • 5. @adrienblind App From containers to apps An application is made of several components interacting each together
  • 6. @adrienblind From Enterprise Services buses to full-mesh topologies ESB Service Service Service Service Service > ServiceService Service Service Service Service discovery challenge App App
  • 7. @adrienblind Security paradigms shifts The necessary porosity of your IS requires to stick security closer to each application: sandbox your apps and expose protected interfaces! Network is part of application topology Security is an app topic, not just infra. concern Onboard security in feature teamSecDevOps
  • 8. @adrienblind Vertical > horizontal  Apps designed for failure & scalability  Data to be externalized  Dumber infrastructure Resilience & scalability: apps problem now!  Structured: MongoDB, Hadoop, Cassandra, Elastic Search...  Binaries: object storage with Ceph, OpenStack Swift...  Helpful patterns: stateless, multi-versioning, loose coupling...  Infrastructure rationalization  Low-cost, poor-SLA commodity
  • 9. @adrienblind Distributed application Compute (service/task) Storage (volume) Transport (network) Topology (compose, bundle, deploy, stack)  Docker shifted from container infra. to object-oriented app. topologies CaaS platform Clustering (swarm) Image mgmt (registry) Hosting (node) Provisioning (machine) ... relying on an CaaS platform  The rise of the orchestration
  • 10. @adrienblind Docker 1.12 swarm mode  Directly over Internet ?  Swarm mode secures interactions between its nodes (TLS mutual auth, authz, & encryption)  Overlay network trafic may be encrypted across nodes too (use switch --opt encrypted to use IPSEC)  Built in the engine  Decentralized  More secured  More resilient
  • 11. @adrienblind $ docker-machine create -d virtualbox m1 $ docker swarm init --advertise-addr [m1_ip] $ docker-machine create -d virtualbox m2 $ eval $(docker-machine env m2) $ docker swarm join --token [mytoken] [m1_ip]:2377 --advertise-addr [m2_ip] $ docker swarm join-token worker To add a worker to this swarm, run the following command: docker swarm join --token [TOKEN] [m1_ip]:2377 … (joined a third manager, plus a worker) $ docker node ls ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS 1o46ikaidagi91w940h81byd1 w1 Ready Active 3bboy53bjyeqd9ad0tsegju51 m2 Ready Active Reachable 48yqo4607pfzkpct4jz9t1t9y m3 Ready Active Reachable 6fyvwd6cc4nguth29ycexaxat * m1 Ready Active Leader Cluster setup example
  • 12. @adrienblind Docker service Depicts the desired runtime behavior of a given image : networking, resiliency, quotas...  shift to state-machine paradigms $ docker service create --name front -–network app –-replicas 3 -p 80:80/tcp nginx:latest Attach the containers to a given network Define the desired amount of instances for this service (named « tasks ») Attach each instance to a transversal L4 loadbalancer instance, reachable on each node of the cluster
  • 13. @adrienblind Example $ docker network create --driver overlay wordpressnet $ docker service create --name wordpressdb --env MYSQL_ROOT_PASSWORD=plop --env MYSQL_DATABASE=wordpress --network wordpressnet mysql:latest $ docker service create --name wordpressapp --env WORDPRESS_DB_HOST=wordpressdb --env WORDPRESS_DB_PASSWORD=plop --network wordpressnet --publish 80:80 --replicas 7 wordpress:latest $ docker service ls ID NAME REPLICAS IMAGE COMMAND 14utiklw5g6s wordpressdb 1/1 mysql:latest c9vnvebcylg5 wordpressapp 7/7 wordpress:latest $ docker service update --replicas 4 wordpressapp
  • 14. @adrienblind Example LB LB LB LB Network Dynamic LB on each manager + workers hosting containers of the app All containers belonging to a same app are connected through an overlay network Overlay network
  • 15. @adrienblind Docker stack docker-compose enabled to depicts and trigger a complete app topology from the client side docker stack enables to feed the server- side orchestrator with a complete app topology
  • 17. @adrienblind  Almost all cloud vendors provide their own complete, ready-to-use docker CaaS stacks:  Amazon ECS, Beanstalk  Azure Container Service  Google Container Engine  Beyond traditionnal IaaS, the much integrated & valuable service you get, the more locked-in you are  Balance your args (portability, cost, etc.)  No universal answer… Cloud provider hybridation
  • 18. @adrienblind  You may create your own docker Swarm CaaS leveraging on several providers  Your own traditional DC  Various Cloud vendors  You may even use docker tools to automate everything docker-machine create --driver azure --azure-subscription-id [MY_ID] Cloud provider hybridation
  • 19. @adrienblind  Not only interesting for portability & freedom  Progressive cloud migration  Elasticity / overflooding  Multiply points of presence  Keep docker native ergonomy easing adoption  « cloud hoster trading? » ;)  … Cloud provider hybridation
  • 20. @adrienblind  Scale the application through docker service replicas  Scale the swarm cluster capacity leveraging on docker-machine Scale up, scale down AVOID CONFUSION
  • 22. @adrienblind Windows containers are here! Two Windows Containers types:  Windows Server Containers, that are similar than Linux containers in the concepts  Hyper-V Containers, that runs inside a small virtual machine on Hyper-V https://blogs.msdn.microsoft.com/jcorioland/2016/10/13/getting-started-with-windows-containers
  • 23. @adrienblind  What  Tiny servers based on ARM architecture  Poor per-core perf but up to 54 cores per SoC + good I/Os  Why / Pros  Green IT: better perf/watt & density ratio  Cost efficiency for massive threading usecases: bigdata/grids/horizontally scalable apps.  Pitfalls / Cons  Litteraly rebuild apps for ARM  Only fits some usecases, not a silverbullet! ARM: end of the x86 hegemony ? ARM v8 architecture Up to 54 cores/SoC + 1TB RAM Cavium srv: 384 cores enclosed in 2U
  • 24. @adrienblind Hybrid orchestration App 3 App 2 App 1 X64/WIN X64/LINUX ARM/LINUX  Extend the picture  ARM computing rises  Windows containers arrives  The app topology integrates various techs which must be orchestrated together
  • 25. Example demo Initially co-built with Ludovic Piot (@lpiot) for a live demo given at Docker Meetup Paris
  • 26. @adrienblind Cloud hybridation Raspberry (ARM) Win 2016 SWARM CLUSTER Load injector (Apache AB) IIS Website MySQL Backend Overlay network Linux X86_64 Linux X86_64 Linux X86_64 Linux X86_64 Linux X86_64 INTERNET REDIS  Use constraints on services to enforce containers location
  • 27. @adrienblind A real, hybrid docker cluster ARM/Linux x86_64/Linux x86_64/Win x86_64/Linux
  • 31. @adrienblind  Orchestration is more than ever the key ; now handle multi-technologies dockerized apps  You may wish to keep control while delegating commodities  Docker swarm enables to create an abstraction layer to facilitate transition to the cloud or multi-cloud handling Conclusion
  • 32. @adrienblind  Step 1  Shift to docker packaging pardigmes  Start deploying your apps through docker (trough CD pipelines for instance)  Step 2  Shift to dynamic orchestration: swarm cluster handles container deployments over the cluster, ensures desired instances are up, etc.  Step 3  Extend your local own cluster to third-part vendors  Step 4  Shift to self-healing clusters (autoscaling nodes for instance) Plan your migration

Editor's Notes

  1. http://armdevices.net/2015/10/16/cern-cms-tests-64bit-arm-servers-for-worldwide-grid-scientific-computing/ http://www.cavium.com/newsevents-GIGABYTE-announces-384-Core-2U-server-powered-by-Cavium-ThunderX-ARMv8-processors.html https://www.servethehome.com/exclusive-first-cavium-thunderx-dual-48-core-96-core-total-arm-benchmarks/ https://dzone.com/articles/big-data-processing-arm-0 https://www.servethehome.com/cavium-gigabyte-launching-384-core-armv8-2u-server-cluster/ http://blog.alexellis.io/getting-started-with-docker-on-raspberry-pi/ http://www.sparkonarm.com/