Deep Dive into Docker Swarm Mode
-
Upload
ajeet-singh-raina -
Category
Engineering
-
view
3.223 -
download
4
Transcript of Deep Dive into Docker Swarm Mode
![Page 1: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/1.jpg)
Demystifying Docker Swarm Mode
Ajeet Singh Raina
Docker Captain – Docker, Inc.
![Page 2: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/2.jpg)
2
Who Am I?
• Sr. Systems Development Engineer at DellEMC
• 1st half of my career was in CGI & VMware
• 2nd half of my career has been in System Integration
• Testing/Project Lead for Dell EMC.
• Definitely more IT pro than developer
• @ajeetsraina (a frequent Twitterati)
http://www.collabnix.com
![Page 3: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/3.jpg)
Agenda
- Introduction to Docker Swarm
- Docker Swarm Mode Features
- Docker Stack Deployment
- What’s new in Docker 17.06 Swarm Mode - Hybrid Swarm Setup, Toplogy Scheduling
- Demo – Hybrid Swarm(Play with Docker)
![Page 4: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/4.jpg)
Introduction to Docker Swarm Mode
![Page 5: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/5.jpg)
5
A Little Background: What is Swarm?
Let’s start with Single Docker Host Application
A Docker Hosthttp://collabnix.com/getting-started-with-docker-swarm/
![Page 6: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/6.jpg)
6
A Little Background: What is Swarm?
You want to add more hosts..
![Page 7: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/7.jpg)
7
A Little Background: What is Swarm?
But Wait…
Service Discovery Scalability
High Availability
Failure ManagementScheduling
Rolling Updates
Container Security
![Page 8: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/8.jpg)
8
Docker Swarm Mode comes to rescue..
http://collabnix.com/new-docker-1-12-comes-with-built-in-distribution-orchestration-system/
![Page 9: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/9.jpg)
9
What is Swarm Mode?
• A swarm consists of one or more nodes: physical or virtual machines running Docker Engine.
• It was introduced first under Docker 1.12 release.
• It enables the ability to deploy containers across multiple Docker hosts, using overlay networks for service discovery with a built-in load balancer for scaling the services.
http://collabnix.com/docker-1-12-swarm-mode-under-the-hood/
![Page 10: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/10.jpg)
10
Swarm Mode Manager
TLS
Swarm Mode Worker
CertificateAuthority
Load Balancing
Service Discovery
Distributed store
Volumes
MacVLAN Support
Plugins
ContainerRuntime
Orchestration Components
Secrets Management
Scheduling/Placements
Topology Aware Scheduling
Service LogsHealth-Aware Orchestration
Networking
Service Rollbacks
High Availability Scheduling
Swarm Mode Features under Docker 17.06
![Page 11: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/11.jpg)
11
Swarm Mode Manager
TLS
Swarm Mode Worker
CertificateAuthority
Load Balancing
Service Discovery
Distributed store
Volumes
MacVLAN Support
Plugins
ContainerRuntime
Orchestration Components
Secrets Management
Scheduling/Placements
Topology Aware Scheduling
Service LogsHealth-Aware Orchestration
Networking
Service Rollbacks
High Availability Scheduling
Swarm Mode Features under Docker 17.06
![Page 12: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/12.jpg)
Building a Swarm Topology
![Page 13: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/13.jpg)
13
Building a Swarm Topology – Manual Way
@manager
$docker swarm init --advertise-addr <IP of manager node>:2377
or
$docker swarm init --listen-addr <IP of manager node>:2377
![Page 14: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/14.jpg)
14
Building a Swarm Topology – Manual Way
@manager
@node1
$docker swarm join –token-id <token> <manager node>:2377
$docker swarm join-token worker/manager
![Page 15: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/15.jpg)
15
Building a Swarm Topology – Manual Way
@manager
@node1
$docker swarm join –token-id <token> <manager node>:2377
$docker swarm join-token worker/manager
@node2
@node3
![Page 16: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/16.jpg)
Building Swarm Topology – Scripted Method(Docker Machine)
@manager
@node1,2
![Page 17: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/17.jpg)
Building a Swarm Topology – Cloud
Deployment manager
![Page 18: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/18.jpg)
18
Building Swarm Topology – Hybrid Cluster
@manager
@node1@node2
@node3
http://collabnix.com/building-hybrid-docker-swarm-mode-cluster-on-google-cloud-platform/
![Page 19: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/19.jpg)
Service Discovery
![Page 20: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/20.jpg)
20
Swarm is built on Services
Service Specs
- Image Name
- # of replicas..
- Network ..
Exposed ports..
- Environment
Variables
- Placements..
Service
Orchestrator
![Page 21: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/21.jpg)
2121
What is Service?
• A definition of tasks to be executed on the worker nodes
• Central structure of swarm system
• An Evolution of `docker run` command
• It manages replicated set of containers
• A task carries a Docker container + commands to run inside the container.
![Page 22: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/22.jpg)
2222
How Service Discovery works in Swarm Mode?
Create a new overlay network
Create a service and attach to this new
network
The swarm assign a VIP(Virtual IP Server)
and DNS entry to each service
The VIP(a private non-routable IP which uses
IPVS LB) maps to a DNS alias based upon
the service name.
Containers share DNS mappings for the
service via GOSSIP
Any container on the network can access
the service via its service name
https://collabnix.com/how-service-discovery-works-under-docker-1-12/
![Page 23: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/23.jpg)
2323
Building Our First Swarm Service
@manager
@node1@node2
@node3
network= collabnet
$docker network create -d overlay mynetwork
![Page 24: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/24.jpg)
2424
Swarm Cluster Setup
Master-1 Node-1 Node-3Node-2
ingress
docker_gwbridge
user_defined
Networks
- It is an overlay network on all exposed ports
exist.
- Follows a node port model(each service has
the same port on every node in the cluster).
- Numbered from 30000 through 32000.
- Used for Routing Mesh(Port 4789 for Ingress)
- The default gateway network
- The only network with connectivity to
the outside world.(Port 7946 for
network discovery
![Page 25: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/25.jpg)
25
Creating a new overlay network
$ docker network create \
--driver overlay \
collabnet
Master-1
ingress
docker_gwbridge
Node-1 Node-3Node-2
collabnet
Networks
![Page 26: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/26.jpg)
26
Creating a service “wordpressdb”
$ docker service create \
--replicas 1 \
--name wordpressdb \
- -network collabnet \
-- env MYSQL_ROOT_PASSWORD=collab123 \
--env MYSQL_DATABASE=wordpress \
--name wordpressdb \
mysql:latest
Master-1 Node-1 Node-3Node-2
collabnet
wordpress
db.1
VIP(10.0.0.2)
![Page 27: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/27.jpg)
27
Creating a service “wordpressapp”
$ docker service create \
--env WORDPRESS_DB_HOST=wordpressdb \
--env WORDPRESS_DB_PASSWD=collab123 \
--replicas 5 --network collabnet -- name wordpressapp \
--publish 80:80/tcp \
wordpress:latest
Master-1 Node-1 Node-3Node-2
collabnet
wordpress
db.1VIP(10.0.0.2)
wordpress
app.1
wordpress
app.5
wordpress
app.4wordpress
app.2
wordpress
app.3VIP(10.0.0.4)
![Page 28: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/28.jpg)
28
Inspecting the services
$ docker service inspect \
--format=='{{json .Endpoint.VirtualIPs}}' \
wordpressapp
[{"NetworkID":"c4caizphmdpuhm1gjdle8eaal","Addr":"10.255.0.7/16"},
{"NetworkID":"9eyjm4uv4ynmz0aubfqxise29","Addr":"10.0.0.4/24"}]
$ docker service inspect \
--format=='{{json .Endpoint.VirtualIPs}}' \
wordpressdb
[{"NetworkID":"9eyjm4uv4ynmz0aubfqxise29","Addr":"10.0.0.2/24"}]
![Page 29: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/29.jpg)
29
Verifying Service Discovery
Master-1 Node-1 Node-3Node-2
collabnet
wordpress
db.1VIP(10.0.0.2)
wordpress
app.1
wordpress
app.5
wordpress
app.4wordpress
app.2
wordpress
app.3VIP(10.0.0.4)Wordpressapp
Wordpressdb
Services
$ping <service>
returns <VIP>
Verifying Service Discovery
![Page 30: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/30.jpg)
Master-1 Node-1 Node-3Node-2
collabnet
wordpress
db.1VIP(10.0.0.2)
wordpress
app.1
wordpress
app.5
wordpress
app.4wordpress
app.2
wordpress
app.3VIP(10.0.0.4)Wordpressapp
Wordpressdb
collabnet1
Wordpressdb
1.1Wordpressdb1 VIP(10.0.1.2)
Services
Network – A Scope of Service Discoverability
![Page 31: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/31.jpg)
Load Balancing
![Page 32: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/32.jpg)
32
Load-Balancing
Distributes requests among the healthy nodes.
Decentralized, Highly Available – LB instance plumbed into every container instance
Internal Load Balancer – Provided by Embedded DNS
Can be used to discover both service & tasks
VIP based services uses IPVS(IP Virtual Server) – Layer-4 LB
Kernel module ( ip_vs) for LB
![Page 33: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/33.jpg)
External LB/
HA-Proxy/NginX
Host-port:{10.128.0.4:80} Host-port:{10.128.0.3:80}
Service1
sandbox
IPVS
Service1
sandbox
IPVS
10.0.0.5 10.0.0.6 10.0.0.7 10.0.0.8
Ingress Network
Host:10.128.0.4 Host:10.128.0.3
Public
1 Client access using :80
Plumb the request to
sandbox running on
10.128.0.3
2
3 Packets enters the mangle
table, Pre-routing firewall
mark of 0x101 => 257
Inside the sandbox, the re-
routing chain gets created
under NAT table.
Then ipvsadm uses 257
firewall mark to round robin
across the multiple nodes
4
6
5
SRC NAT under NAT table
ensure that packet has to
be come back to Ingress
network so as to return in
the original format
How does LB work?
![Page 34: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/34.jpg)
34
Accessing the network sandboxHow to find the sandboxID?
Where’s sandbox located?
Network namespace managed by overlay network
driver(creating a bridge, terminating VXLAN tunnel etc.
![Page 35: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/35.jpg)
35
Inspecting the sandbox
![Page 36: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/36.jpg)
36
Routing Mesh
Routing Mesh is NOT Load-Balancer
Routing Mesh makes use of LB aspects
It provides global publish port for a given service
Built-in routing mesh for edge routing
Worker nodes themselves participate in ingress routing mesh
Port management at global Swarm Cluster level.
![Page 37: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/37.jpg)
37
![Page 38: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/38.jpg)
Desired State Reconciliation
![Page 39: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/39.jpg)
3939
Building Our First Swarm Service
@manager
@node1@node2
@node3
mynetwork
$docker network create -d overlay mynetwork
$docker service create --name mycloud --replicas 3 --network mynetwork --publish 80:80/tcp
dockercloud/hello-world
![Page 40: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/40.jpg)
4040
Swarm Services – [ Desired State Actual State]
@manager
@node1@node2
@node3
mynetwork
$docker service scale mycloud=8
![Page 41: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/41.jpg)
4141
@manager
@node1@node2
@node3
mynetwork
$docker service scale mycloud=8
Swarm Services – [Desired State Actual State]
![Page 42: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/42.jpg)
4242
@manager
@node1@node2
@node3
mynetwork
Swarm Mode – Global Services
$docker service create –mode=global –name mycloud dockercloud/hello-world
![Page 43: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/43.jpg)
4343
@manager
@node1@node2
mynetwork
Swarm Mode – High Availability Scheduling
Prioritizing spreading out the containers instead of equalizing the number of containers per node
Service1
Service2
Service2
Service1Service2
![Page 44: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/44.jpg)
4444
@manager
@node1@node2
@node3
mynetwork
Swarm Mode – High Availability Scheduling
Adding a new Node - @node3
Service1
Service2
Service2
Service1Service2
![Page 45: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/45.jpg)
4545
@manager
@node1@node2
@node3
mynetwork
Swarm Mode – High Availability Scheduling
Prioritizing spreading out the containers instead of equalizing the number of containers per node
Service1
Service2
Service2
Service1Service2
Service3Service3Service3
![Page 46: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/46.jpg)
4646
@manager
@node1@node2
@node3
mynetwork
Swarm Mode – High Availability Scheduling
Prioritizing spreading out the containers instead of equalizing the number of containers per node
Service1
Service2
Service2
Service1Service2
Service3 Service3Service3
![Page 47: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/47.jpg)
47
Swarm Mode – Topology Aware Scheduling
Availability Zone=east Availability Zone=west
Node-1 Node-2 Node-3 Node-4 Node-1 Node-2 Node-3 Node-4
$docker node update --label-add datacenter=east node-1
![Page 48: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/48.jpg)
48
Topology Aware Scheduling – How to use it?
Availability Zone=east Availability Zone=west
Node-1 Node-2 Node-3 Node-4 Node-1 Node-2 Node-3 Node-4
$docker service create --replicas 2 --name wordpressdb1 \
--network collabnet --placement-pref “spread=node.labels.datacenter” \
--env MYSQL_ROOT_PASSWORD=collab123 \
--env MYSQL_DATABASE=wordpress mysql:latest
![Page 49: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/49.jpg)
4949
@manager
@node1@node2
@node3
mynetwork
Swarm Mode – Placement Constraints
$docker service create --network collabnet \
--endpoint-mode dnsrr \
--constraint ‘node.platform.os == windows’ \
--env ACCEPT_EULA=Y --env-file db-credentials.env \
--name db microsoft/mssql-server-windows
![Page 50: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/50.jpg)
50
It’s Demo Time
![Page 51: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/51.jpg)
51
Demo
![Page 52: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/52.jpg)
52
Thank You
![Page 53: Deep Dive into Docker Swarm Mode](https://reader034.fdocuments.us/reader034/viewer/2022050613/5a6479387f8b9a63568b45df/html5/thumbnails/53.jpg)