1、Whats New in Whats New in DockerDockerJohn WillisJohn WillisDirector of Ecosystem DevelopmentDirector of Ecosystem DevelopmentAbout MeOne of the founding members of the“Devops”movement.Author of the“Devops Handbook”.Author of the“Introduction to Devops”on Linux Foundation edX.Podcaster at devopscafe
2、.orgDevops Enterprise Summit-CofounderFound of Socketplane(Acquired by Docker)Formally Director of Devops at Dell Formally Director at Chef 10 Startups over 25 years2Github:botchagalupe/my-presentationsTwitter:botchagalupeWechat:botchagalupeDevops Practices and PatternsContinuous DeliveryEverything
3、in version controlSmall batch principleTrunk based deploymentsManage flow(WIP)Automate everythingCultureEveryone is responsible Done means released Stop the line when it breaksRemove world needstools of mass innovationA programmable Internet would be the ultimate tool of mass innovationLets eliminat
4、e friction in the development cycleA commercial product,built ona development platform,built oninfrastructure,built onstandards.Docker is building a stack to program the Internet8Docker Project SponsorPrimary authors,contributor maintainer 6B+Downloads,3000+Contributors,500,000+Applications100s of e
5、cosystem partners Millions of developers use Docker.Millions of servers run DockerCommercial Docker SolutionsIntegrated solutions to build,ship,run Docker at scaleOrchestration,registry,security,workflow,control planeCaaS(containers as a service)Official providers of commercial technical support 10K
6、s cloud customers,300+F500 customersAbout Docker,Inc.Gerber,Anna.“The State of Containers and the Docker Ecosystem:2015”OReilly,September 2015Docker users already running in production60%China is part of Worldwide Docker CommunityMeetups in Beijing,Changsha,Chengdu,Chongqing,Dalian,Fuzhou,Guangzhou,
7、Hangzhou,Hong Kong,Nanjing,Qingdao,Shanghai,Shenzen,Suzhou,Tianjin,Wuhan,Xian,Xiamen,and Zhuhai Cloud and Docker Status Update in ChinaChina cloud relative to the West DBChinas cloud spending to reach 24.5%of the West by 2018 from 5.7%in 2015More than 80%respondents are already using or plan to use
8、containers,but only 10%used in production environment.Survey result from 350+feedbacks by Alibaba Cloud,June 2016 Docker Adoption in ChinaOtherGovernmentSample of Docker CustomersFinancial ServicesHealthcareConsumerEducationTechServices11Dockerizing applications 12Legacy App:One container per app.Mi
9、croservices:one service per container.App comprised of many containers linked togetherEnterprises Are Containerizing both Legacy and Microservices Applications1380%46%plan to build new microservices in 2016#4 container workload is traditional databases1 in 3 have already containerized legacy appsWil
10、l leverage Docker to enable hybrid cloud initiativesDocker platform standardizes environment AND enables workload portability3 Paths to Containers Adoption1Containerize MonolithsBuild-Test for CI;Migrate to the Cloud;Get Better CapEx/OpEx than VM23Containerize Monolith;Transform to MicroservicesLook
11、 for Shared Services to TransformEnable New Microservices and Apps Greenfield CaaSMigrate any workload anywhereInfrastructure agnostic platformStandardize:Docker abstracts away the infrastructure and virtualization away from the standardized app containersPortability:Containers move without friction
12、 from one environment to another no recoding neededLift and Shift:Containerize legacy and microservices to gain portability15Bins/LibsAppOSBins/LibsAppOSBins/LibsAppOSBefore:VM formats are proprietaryBins/LibsAppBins/LibsAppBins/LibsAppOSAfter:Docker abstracts above VMs for portabilityDocker EngineO
13、SDocker EngineInfrastructure optimization with DockerSwisscom20:1 VM consolidation ratioRunning the same 400 MongoDB instances in 400 containers in 20 VMsReduce CapEx and OpEx costsLeading Energy CompanyContainerize legacy apps for portabilityEntire cloud to datacenter site migration in 5 monthsDram
14、atically accelerated release process1617Enable Modern App Initiatives with CaaSCloud MigrationHybrid CloudMulti CloudModernizing AppsDevOpsCI/CDDevOpsCloudDevOpsApps18Enterprises Can Decide How To AdoptEnable CI and DevOpsBetter Resource UsageEnable Cloud InitiativesTransform iterativelyShip faster,
15、with better reliabilityEnable developers to self serviceEnable business transformationsContainerizeBuild New AppsContainerize&TransformThe Docker ecosystem Dev ToolsOfficial RepositoriesOperating SystemsBig DataService DiscoveryBuild/Continuous IntegrationConfiguration ManagementConsulting&TrainingM
16、anagementStorageClustering&SchedulingNetworkingInfrastructure&Service ProvidersStorageSecurityMonitoring&Logging19Docker and Alibaba Announce Commercial Agreement Localized Docker image store and distribution for Docker Hub on Alibaba Cloud Alibaba will resell Commercially Supported(CS)Docker Engine
17、 and Docker Datacenter,enabling enterprises to manage their production workloads across the entire application lifecycle.Alibaba will provide enterprise support options for CS Docker Engine and Docker Datacenter,backed by Docker,Inc.20Docker PlatformCOMPARING CONTAINERS AND VIRTUAL MACHINESIsolation
18、 using Linux kernel featuresnamespacespidmntnetutsipcusercgroupsmemorycpublkiodevicesImage layersDocker Engine extensibility and plugins Built in orchestration expands the opportunity for the plugin to manage swarm wide vs a single Engine Updated architecture standardizes plugin process for ecosyste
19、m partners Benefits users and vendors Standardized process of granting plugin permissions Containerized plugins on roadmapDocker EngineNetworkingSwarm ModeVolumesPluginsDeveloper experience1.Get out of the wayThe best tools2.Adapt to you3.Make thepowerful simpleDocker for MacDocker for WindowsOrches
20、trationIntroducing the best way to orchestrate DockerDocker 1.12:now with orchestration built-in.Swarm modeService APINode identityBuilt-in routing meshDocker 1.12:now with orchestration built-in.Combine your engines in swarms of any scaleSelf-organizing,self-healingNo external data store requiredNo
21、 single points of failureInfrastructure-agnostic topologySwarm modeDesired state reconciliationScalingRolling updatesAdvanced schedulingApplication-specified health checksRescheduling on node failureDocker Service APIHow service deployment worksDeclareScheduleReconcile$docker service create declares
22、 the service name,network,port,image:tag and scaleManagers break down service into tasks,schedules them and workers execute tasksEngines check to see what is running and compared to what was declared to“true up”the environmentAPIAllocatorOrchestratorSchedulerDispatcherRAFTManager NodeWorkerExecutorW
23、orker NodeAccepts command from client and creates service objectReconciliation loop for service objects and creates tasksAllocates IP addresses to tasksAssigns tasks to nodes Checks in on workers docker service create Connects to dispatcher to check on assigned tasksHow service deployment worksExecu
24、tes the tasks assigned to worker nodeManagerManagerManagerWorkerWorkerWorkerWorkerWorkerExample service on a swarmThe declarative command describes a new service:Named FrontendMade of 5 containers based on the latest my_frontend_imageConnected on an overlay network called“my overlay”Assigned to port
25、 80$docker service create-replicas 5-name frontend-network myoverlay-publish 80/tcp mikegoelzer/my_frontend_image:latestManagerManagerManagerWorkerWorkerWorkerWorkerWorkerExample service on a swarmThis state is what swarm mode and the service deployment API will maintain.Check to ensure 5 containers
26、 are always running for the frontend service$docker service create-replicas 5-name frontend-network myoverlay-publish 80/tcp mikegoelzer/my_frontend_image:latestManagerManagerManagerWorkerWorkerWorkerWorkerWorkerExample service on a swarmThis command creates a new service to join an existing overlay
27、 network to communicate with frontend$docker service create-name redis-network myoverlay redis:latestBuilt-in Routing MeshSwarm-wide overlay networkingContainer-native load-balancingDNS-based service discoveryNo separate cluster to setupWorks with your existing load-balancersRock-solid kernel-only d
28、ata path with IPVSRouting mesh for application services Container-aware dynamic load balancingAssign ports to service that do not changeBuilt in load balancing into the EngineAutomatic service discoveryWorkerLoad BalancingWorkerLoad BalancingWorkerLoad BalancingPort 1000Port 1000Port 1000ManagerMana
29、gerManagerDocker user assigns a global port for a serviceEnd user accessing Docker 1.12 is Simple docker swarm init docker service createHow to get Docker 1.12Mac OS XDeveloper WorkstationsCloud ProvidersWindows PCAWSAzureCommercially SupportedDocker DatacenterCS Docker EngineDocker CloudOpen Source
30、 Docker Engine installers for the following Linux distrosOptimized for and integrated directly into the underlying platform with custom plugins and driversOps experienceDeep integration with native load-balancers,templates,SSH keys,ACLs,scaling groups,firewall Distributed Application B portable form
31、at for multi-container applications5Goldilocks and the 3 XaaSJust rightToo highToo lowIaaSPaaSCaaS5Goldilocks and the 3 XaaSPlatform As A ServiceInfrastructure As A ServiceSoftwareAs A ServiceToo highToo lowJust rightContainer As A ServiceDocker Datacenter core values49Management at scaleIntegrated
32、Content TrustSecure Access(RBAC)Integrates with existing systems Full support of Docker APISeamless dev to prod workflowInfrastructure,network and storage portabilityEasy to setup and useNative Docker solutionExtend existing Docker developer experience+AgilityPortabilityControlAgility,portability an
33、d control for developers and IT DevelopersIT OperationsFreedom to create and deploy apps fastDefine and package application needs Quickly and flexibly respond to changing needsStandardize,secure,and manageFrictionless portability across teams,environments,infrastructure50Docker Datacenter platformMa
34、nagementUniversal Control PlaneSecurityContent Trust,RBAC,LDAP/ADOrchestrationSwarmContainer RuntimeEngineRegistry ServiceTrusted RegistryBUILDDevelopment Environments SHIPRegistry:Secure Content&CollaborationRUNControl Plane:Deploy,Orchestrate,Manage,ScaleNetworkingVolumesMonitoringLoggingConfig Mg
35、tCI/CDIT OperationsDevelopersIT OperationsDocker CaaS WorkflowDocker Containers as a Service platform53BUILDDeveloper WorkflowsSHIPRegistry ServicesRUNManagementDocker for Mac and WindowsDocker Trusted Registry Docker Universal Control PlaneDocker CloudDocker Container EngineEcosystem Plugins and In
36、tegrations UCP Permission ModelDocker UCP 1.1-DTR 2.0HAUnified AuthCompose deploymentUI to add nodesSecurity scanning in Docker CloudAdoption----122014-011,000,00------0120
37、15------122016 -011,000,000,00010,000,0009,000,0008,000,0007,000,0006,000,0005,000,0004,000,0003,000,0002,000,0006,000,000,0005,750,000,0005,500,000,0005,250,000,0005,000,000,0004,750,000,0004.500,000,0004,250,000,0004,000,000,0003,750
38、,000,0003,500,000,0003,250,000,0003,000,000,0002,750,000,0002,500,000,0002,250,000,0002,000,000,0001,750,000,0001,500,000,0001,250,000,0----122014-011,000,00------012015-
39、-----122016 -01 2016-091,000,000,00010,000,0009,000,0008,000,0007,000,0006,000,0005,000,0004,000,0003,000,0002,000,0006,000,000,0005,750,000,0005,500,000,0005,250,000,0005,000,000,0004,750,000,0004.500,000,0004,250,000,0004,000,000,000
40、3,750,000,0003,500,000,0003,250,000,0003,000,000,0002,750,000,0002,500,000,0002,250,000,0002,000,000,0001,750,000,0001,500,000,0001,250,000,000NotaryrunC containerd HyperKit,VPNKit,DataKit SwarmKit libcontainer libnetwork Docker 1.8:Docker Content Trust Docker for MacDocker for Windows Docker 1.12 w
41、ith built-inorchestration Docker 0.9:Pluggable execution Docker 1.7:Multi-Host Networking Docker 1.11:OCI supportDocker on WindowsExtraInfraKitA toolkit for building declarative,self-healing infrastructure.DeclarativeJSON configuration for desired infrastructure state:Specification of instances vm i
42、mage,instance type,etc.Group properties size,logical identifiers,etc.Design patterns encourage encapsulationcompositionConfig is input to all operations system figures out what to do67Self-healing Composed of a set of active components/processes that monitor infrastructure state detect state diverge
43、nce take actions Continuous monitoring and reconciliation always on No downtime rolling update68Toolkit Primitives for managing collections of resources create,scale,destroy rolling update Abstractions&Developer SPI Group-manages collection of resources Instance-describes the physical resource Flavo
44、r-extra semantics for handling instances A collection of executable,active components plugins Initially,Go daemons in the toolkit Soon,easy management via Docker Plugins(runc)ArchitectureInstance Plugin Spec:specification/model of an instance(e.g.vagrant,EC2):Logical ID,Init,Tags,and attachmentPlatf
45、orm-specific properties Methods:/Instance.Validate/Instance.Provision/Instance.Destroy/Instance.DescribeInstances Examples:instance plugins for EC2,Azure VM,Vagrant,71Flavor PluginGives more context about the group members:Size,or list of Logical IDs(e.g.IP addresses for pets)Application-specific no
46、tions of health Is the node not only present but also joined a swarm?Methods:/Flavor.Validate/Flavor.Prepare/Flavor.HealthyExamples:flavor for Zookeeper members,Docker swarm nodes72Group Plugin Main entry point for user interaction:Create,describe update,update,destroy Config JSON is always the inpu
47、t Composed of Instance and Flavor mix and match to manage cattle(fungible)or pets(special)Methods:/Group.Watch/Group.Unwatch/Group.Inspect73/Group.DescribeUpdate/Group.Update/Group.StopUpdate/Group.DestroyConfigurationExample config file(zk.conf):Group configuration=Instance+FlavorProperties:/*raw c
48、onfiguration*/groups:my_zookeeper_nodes:Properties:Instance:Plugin:instance-vagrant,Properties:Box:bento/ubuntu-16.04,Flavor:Plugin:flavor-zookeeper,Properties:type:member,IPs:192.168.1.200,192.168.1.201,192.168.1.202Operations Make sure the plugins are running:infrakit/group&;infrakit/zookeeper&;in
49、frakit/vagrant&;“Watch”the group starts management:infrakit/cli group watch zk.conf Update the config,e.g.change size or add IP addressDescribe changes before committing infrakit/cli group describe zk.confBegin update infrakit/cli group update zk.conf75Today76InfraKit is just getting started only pr
50、imitives for working with groups like clusters of hostsBut we have big plansImprove group management strategiesMore resource types networking,load balancers,storageA cohesive framework for active management of infrastructure physical,virtual,or containersGet Involved Help define and implement new an
51、d interesting plugins Instance plugins for different infrastructure providers Flavor plugins for systems like etcd or mysql clusters Group controller plugins metrics-driven auto scaling and more Help define interfaces and implement new infrastructure resource types load balancers,networks and storage volume provisioners77More Info Github:https:/ A quick tutorial:https:/