Post on 04-Aug-2015
transcript
Bringing Docker to the Cloud
Andrew Kennedy, 30 June 2015
@grkvlt
Agenda
• Clocker Introduction• What is Clocker?• Application Management• Container Management• Clocker Networking• Demonstration• Clocker 1.0.0• SummaryCopyright 2015 by Cloudsoft Corporation Limited
Clocker IntroductionClocker Introduction
@grkvlt
Clocker Statistics• 1 Year Old• 636 Commits• 131 Pull Requests• 10 Contributors
• 2 External
• 14 KLOC• 20 Releases• 17 Conferences
http://www.redotheweb.com/CodeFlower/http://www.redotheweb.com/CodeFlower/
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
What does it do?
1. Spins up and Manages Docker Clouds
2. Serves up Containers on Demand
3. Manages Composite Application Deployments on Docker
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
What does it provide?• Infrastructure Management• Docker Hosts• Swarm Controller
• Multi Host and Multi Container Applications• Seamless Networking• Communication Between Services
• Orchestration and Clustering• Control of Containers• Container Management
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Who is using it?
• Proof of Concept Stage• Financial Services• Insurance
• Production• Multi-tenant Application Trial• Container per service
• Testing• Clocker
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Where can I find it?
• Open Source• Apache 2.0 Licensed• http://clocker.io/
• Status• Working towards 1.0.0• 1.0.0-PRE.20150630• 1.1.0-SNAPSHOT
• Testers welcome!
Copyright 2015 by Cloudsoft Corporation Limited
What is Clocker?What is Clocker?
@grkvlt
Clocker and Brooklyn
• What is it?• Brooklyn Application• Brooklyn Location
• What does it provide?• First Class Docker Support in Brooklyn• Optimized Brooklyn Blueprints for Docker• Container Orchestration
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Apache Brooklyn
• Apache Brooklyn• Open Source• Java• Donated to the Apache Software Foundation• ASF Incubator Status
• 0.7.0-incubating
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Apache Brooklyn
• Application Management Platform• Deploy, Manage and Monitor Blueprints• Provisioning, Installation and Customization• Management
• AutoScaling• Resilience• Security
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Apache jclouds
• Java Cloud Library• API Agnostic
• CloudStack, OpenStack, AWS EC2, GCE…• Create Virtual Machines
• Return SSH Endpoint• Manage Properties
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Apache jclouds
• Drivers for REST APIs• Docker Driver• Written by @turlinux
• Virtual Container• Using SSH Daemon or native Docker• Same ComputeNode abstraction as VM• Can use any Image or Dockerfile
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Docker
• Popular• Large Ecosystem• Growing• Complex
• Containers• Isolation• Performance• Composable• Ubiquitous
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Docker
Copyright 2015 by Cloudsoft Corporation Limited
Application ManagementApplication Management
@grkvlt
Brooklyn Blueprints
• Describe Applications• OASIS CAMP Standard• List of Services• NoSQL Database Clusters• Web Servers and Load Balancers• Shell or Python Scripts
• Tree Structure• Sensors, Effectors and Policies
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Blueprint Examplename: appserver-‐w-‐policyservices:-‐ type: brooklyn.entity.webapp.ControlledDynamicWebAppCluster
initialSize: 1memberSpec:
$brooklyn:entitySpec:type: brooklyn.entity.webapp.jboss.JBoss7Serverbrooklyn.config:
wars.root:http://search.maven.org/remotecontent?filepath=io/brooklyn/example/brooklyn-‐example-‐hello-‐world-‐sql-‐webapp/0.6.0/brooklyn-‐example-‐hello-‐
world-‐sql-‐webapp-‐0.6.0.warhttp.port: 8080+java.sysprops:
brooklyn.example.db.url: $brooklyn:formatString("jdbc:%s%s?user=%s\\&password=%s",component("db").attributeWhenReady("datastore.url"), "visitors", "brooklyn", "br00k11n")
brooklyn.policies:-‐ policyType: brooklyn.policy.autoscaling.AutoScalerPolicy
brooklyn.config:metric: $brooklyn:sensor("brooklyn.entity.webapp.DynamicWebAppCluster", "webapp.reqs.perSec.windowed.perNode")metricLowerBound: 10metricUpperBound: 100minPoolSize: 1maxPoolSize: 5
-‐ type: brooklyn.entity.database.mysql.MySqlNodeid: dbname: DB HelloWorld Visitorsbrooklyn.config:
datastore.creation.script.url:https://github.com/apache/incubator-‐brooklyn/raw/master/usage/launcher/src/test/resources/visitors-‐creation-‐script.sql
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Application Management
• Policies• Sensor Data Driven
• Auto Scaling• Cluster Management
• Resilience and Failover• Follow the Sun
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Docker Cloud
• Brooklyn Blueprint for Docker Cluster• Docker Engine on Cloud VM or Bare Metal
• Configuration for Host• TLS Certificates
• Setup Volumes• Logging• Install SDN Agents
• Manage Capacity or HeadroomCopyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Clocker Blueprints
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Docker Cloud
1. On-demand2. Multi-Tenant3. Hardware Independent
4. Application LevelCopyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Simple Architecture
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Clocker 1.x Architecture
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Clocker Features
• Docker Extensions to Brooklyn–Docker Image as First-Class Service Type–Placement Strategies for Containers–Create Docker Images and Networks
• Manages Docker Engine and Swarm–Deployment and Management– Installation and Configuration–Software-Defined Networking
Copyright 2015 by Cloudsoft Corporation Limited
Container ManagementContainer Management
@grkvlt
Clocker Features
• Application Deployment–Oasis CAMP YAML Blueprint–TOSCA and Compose in Development–Same as Core Brooklyn
• Mixed Destinations–Some Virtual Machines–Some Bare Metal–Some Containers
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Clocker Orchestration
Copyright 2015 by Cloudsoft Corporation Limited
Docker Engine
Virtual Machine
Container
Clocker Network Segment
SDNProvider
CloudProviderBrooklyn
@grkvlt
Docker Cloud Internals
• Container Management• Placement and Provisioning
• Constraints and Labels• Autonomics
• Policies and Scaling• Headroom
• Networks
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Container Management
• Sources• Docker Image Definition• Docker Hub• Dockerfile• Brooklyn Entity Definition
• Create Image Automatically• Commit or Push for Reuse
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Container Management
• Installation of Service• Defined by Brooklyn or Dockerfile• Common to all Entity Instances
• Commit Image• Available for next Entity
• Push Image• Available for all Hosts
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Application Blueprints
Copyright 2015 by Cloudsoft Corporation Limited
id: docker-‐mysqlname: "Docker Hub MySQL Server"origin: "https://registry.hub.docker.com/_/mysql/"locations:-‐ my-‐docker-‐cloud
services:-‐ type: docker:mysql:5.7
openPorts:-‐ 3306directPorts:-‐ 3306env:MYSQL_ROOT_PASSWORD: "s3kr3t"
id: docker-‐mysqlname: "Docker Hub MySQL Server"origin: "https://registry.hub.docker.com/_/mysql/"locations:-‐ my-‐docker-‐cloud
services:-‐ type: docker:mysql:5.7
openPorts:-‐ 3306directPorts:-‐ 3306env:MYSQL_ROOT_PASSWORD: "s3kr3t"
id: docker-‐jbossname: "Docker Hub JBoss Server"origin: "https://registry.hub.docker.com/_/jboss/"locations:-‐ my-‐docker-‐cloud
services:-‐ type: docker:jboss/wildfly:8.2.0.Final
openPorts:-‐ 8080-‐ 9990directPorts:-‐ 8080
id: docker-‐jbossname: "Docker Hub JBoss Server"origin: "https://registry.hub.docker.com/_/jboss/"locations:-‐ my-‐docker-‐cloud
services:-‐ type: docker:jboss/wildfly:8.2.0.Final
openPorts:-‐ 8080-‐ 9990directPorts:-‐ 8080
id: docker-‐redisname: "Docker Hub Redis Service"origin: "https://registry.hub.docker.com/_/redis/"locations:-‐ my-‐docker-‐cloud
services:-‐ type: docker:redis
openPorts:-‐ 6379directPorts:-‐ 6379
id: docker-‐redisname: "Docker Hub Redis Service"origin: "https://registry.hub.docker.com/_/redis/"locations:-‐ my-‐docker-‐cloud
services:-‐ type: docker:redis
openPorts:-‐ 6379directPorts:-‐ 6379
@grkvlt
Application Blueprints
Copyright 2015 by Cloudsoft Corporation Limited
id: dockerfile-‐mysqlname: "Docker Hub LAMP Stack"locations:-‐my-‐docker-‐cloud
services:-‐ type: docker:mysql:5.7.5
id: mysqlenv:MYSQL_ROOT_PASSWORD: "s3cr3t"
-‐ type: docker:grkvlt/myapp:latestid: applicationenv:MYSQL_HOST:
component(”mysql").attributeWhenReady("host.hostname")
id: dockerfile-‐mysqlname: "Docker Hub LAMP Stack"locations:-‐my-‐docker-‐cloud
services:-‐ type: docker:mysql:5.7.5
id: mysqlenv:MYSQL_ROOT_PASSWORD: "s3cr3t"
-‐ type: docker:grkvlt/myapp:latestid: applicationenv:MYSQL_HOST:
component(”mysql").attributeWhenReady("host.hostname")
@grkvlt
Container Placement
• Demand• Adding an Application• Scaling existing Application
• Requirements• Host Location• Service Resources• CPU, Memory, Network• Labels
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Container Placement
• Supply• Choose a Host from available• Create new Host
• Start Container• Set CPU and Memory• Attach to Network
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Container Placement
• Placement Strategies• Filter Hosts• Sort Hosts
• Information from• Docker• Underlying Machine• Cloud Environment• Entity or Service
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Container Placement
• Placement Strategies• Random, Depth or Breadth First• CPU or Memory Usage• Memory, CPU or Container Limits• Geographic Constraints
• User Defined• Java Predicate
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Autonomics
• Brooklyn Policies• Attached to Entities in Application
• Nothing Docker Specific• Elastic Scaling
• Cluster Resizing• Sensor Driven
• Service Resilience and Replacement
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Headroom
• Ensure resources available• Based on MaxContainers strategy limit
• Or Percentage Utilisation• Or CPU and RAM allocation
• Scale Docker Host Cluster Automatically • Add new Docker hosts• Remove empty Docker hosts
Copyright 2015 by Cloudsoft Corporation Limited
Clocker NetworkingClocker Networking
@grkvlt
Software-Defined Networking
• Needed for Seamless Provisioning• Host to Host Communication
• Same LAN Segment• No Port Forwarding• Natural Application Configuration
• Initial Driver was EPMD Applications
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Networking Providers
• Standardized Interfaces• Pluggable Providers
• Weave• Metaswitch Calico• IBM OpenDOVE
• Same Basic Features • Extensions provided by configuration
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Networking Providers
• Implementation Agnostic• L2 over L3 etc.• Similar to Hypervisor in Clouds
• Generic Interfaces• Host Component• Service Component (or Endpoint)
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Networking Capabilities
• Provide Multiple Networks• Single Application or Shared• Private Addresses• Segmented by CIDR
• Docker Port Forwarding Access• Debug Mechanism
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Metaswitch Project Calico
• SDN for Bare Metal, VMs and Containers• Layer 3 (with adorable kittens)• Uses OS IP routing and forwarding
• Configuration in an etcd Cluster• Version 0.4 now available
• Uses profiles for container ACLs
• Spans VMs and Containers• OpenStack Neutron network driver
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Clocker Networking
ContainerHost
SDN Bridge
Container
InternetSDN
Gateway
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Networking Capabilities
• IP Pool Controlled by Clocker• Clocker Controls Subnet Allocation
• Applications Segmented by CIDR• Delegate to SDN or Cloud
• Bring your own IP• Both Weave and Calico offer this now
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Networking Capabilities
• Wide Area and Multi Region SDN• Cross Platform SDN
• Both VMs and Containers on one VLAN• Name Resolution
• Contributing to Weave DNS for orchestration• Use traditional external BIND service entity
Copyright 2015 by Cloudsoft Corporation Limited
@grkvltCopyright 2015 by Cloudsoft Corporation Limited
Cross-Target Deployment
@grkvlt
Virtual Network Entity
• Clocker Specific Entity• Provisions a Virtual Network or Subnet• Looks for NetworkProvisioningExtension
• Registered in DockerLocation by SDN Provider• Also defined with JcloudsLocation for OpenStack
• Part of Application Blueprint
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Network Provisioning
• Create Named Virtual Networks• Uses Available Provider
• Currently Weave, Calico and OpenStack Neutron Supported
-‐ type: brooklyn.networking.VirtualNetworknetworkId: my-‐applicationcidr: 192.168.12.0/24gateway: 192.168.12.1dnsServers:-‐ 8.8.8.8brooklyn.config:
sdn.example.securityGroup: "my-‐security-‐group"
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Network Provisioning
• Allow Minimal (Zero!) Configuration• Use Sensible Defaults
• Also SDN or Cloud Specific Configuration, e.g. Calico or OpenStack
• Allocate Address Space on Demand-‐ type: brooklyn.networking.OpenStackVirtualNetworknetworkId: database-‐netcidr: 192.168.34.0/24
-‐ type: brooklyn.networking.VirtualNetworknetworkId: couchbase-‐net
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Network Provisioning
• Attach Containers to Networksbrooklyn.config:
network.list:-‐ couchbase-‐net-‐ management-‐net
• Create Networks as Required• Also Attach to VMs and Metal
• Only supported with Calico at present
Copyright 2015 by Cloudsoft Corporation Limited
DemonstrationDemonstration
@grkvltCopyright 2015 by Cloudsoft Corporation Limited
Clocker Console 1
@grkvltCopyright 2015 by Cloudsoft Corporation Limited
Clocker Console 2
@grkvlt
• Orchestrated Docker 1.7.0 deployment with Calico SDN integration
• Automated attachment of containers to multiple dynamic networks
• Brooklyn application blueprints with network topology
Copyright 2015 by Cloudsoft Corporation Limited
Features
Clocker 1.0.0Clocker 1.0.0
@grkvlt
• Latest Docker 1.7.x Feature Support• Stats command• Read-only containers• Named Dockerfiles
• Swarm• Native API for access to managed Docker Cloud• Clocker as an extension to Swarm using Powerstrip
• Docker Registry
Copyright 2015 by Cloudsoft Corporation Limited
New Features
@grkvlt
• Lightweight Images• No SSH server• Minimal Alpine base distribution
• Getting Started• Dockerfile and images on Docker Hub• Vagrantfile for local or remote VMs
Copyright 2015 by Cloudsoft Corporation Limited
New Features
@grkvlt
New Features
• Multi Region• Use Swarm and labels to decide where to run• More than one Cloud provider (modulo SDN)
• Better Native Docker Support• No more SSH per container• Minimize images with Alpine
• Cross-target Applications• Virtual Machine and Container services
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Roadmap
• Mesos Integration• Deploy the Mesos Infrastructure• Provide Mesos as another Brooklyn endpoint
• Container Mobility• Stateless Services• Defined in Blueprint
• Brooklyn Core Integration
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Roadmap
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Roadmap
• Docker Experimental Features• Separate release for now• Not yet stable• More networking providers• Integrated Flocker plugin
• Clocker Experimental Release• Coming soon...
Copyright 2015 by Cloudsoft Corporation Limited
@grkvlt
Roadmap
• Docker Enterprise Hub• Logging with ELK• Application Definition
• Docker Compose via Application Definition WG• Networking
• Weave DNS Integration• Kubernetes SupportCopyright 2015 by Cloudsoft Corporation Limited
Solves:–Composite Application Management–Docker Cloud Networking–Container Placement and
Provisioning
Solves:–Composite Application Management–Docker Cloud Networking–Container Placement and
Provisioning
SummarySummary
Questions?Questions?
@grkvlt
Resources
http://clocker.io/
http://brooklyn.io/
https://github.com/brooklyncentral/clocker/
https://github.com/apache/incubator-‐brooklyn/
https://github.com/weaveworks/weave/
https://github.com/Metaswitch/calico-‐docker/
http://blog.abstractvisitorpattern.co.uk/