What’s New in Docker 1.12 Docker Meetup August 3, 2016 Nishant Totla @nishanttotla [email protected]
What's New in Docker 1.12 by Nishant Totla for Docker SF Meetup 08.03.16
Jan 15, 2017
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Overview of new features• Orchestration• Swarm mode• Docker services• Secure by default• Networking
• Live Restore• Container Healthchecks• Plugin Improvements
Swarm Mode• Your Docker Engine is now cluster-aware• The best way to orchestrate Docker is Docker• Really easy to set up your cluster and manage deployments
Swarm Mode
$ docker swarm init
Engine
Swarm mode
$ docker swarm init
$ docker swarm join <manager IP>:2377
Engine Engine
Swarm mode
$ docker swarm init
$ docker swarm join <manager IP>:2377
Engine Engine
Engine
Engine
Engine
Services
$ docker service create \
--replicas 3 \
--name frontend \
--network mynet \
--publish 80:80/tcp \
frontend_image:latest
Engine Engine
Engine
Engine
Engine
mynet
Services
$ docker service create \
--name redis \
--network mynet \
redis:latest
Engine Engine
Engine
Engine
Engine
mynet
Node Failure
$ docker service create \
--name redis \
--network mynet \
redis:latest
Engine Engine
Engine
Engine
Engine
mynet
Desired State ≠ Actual State
Engine
Engine
Engine
Engine
mynet
$ docker service create \
--replicas 3 \
--name frontend \
--network mynet \
--publish 80:80/tcp \
frontend_image:latest
Converge back to Desired State
Engine
Engine
Engine
Engine
mynet
$ docker service create \
--replicas 3 \
--name frontend \
--network mynet \
--publish 80:80/tcp \
frontend_image:latest
Service Scaling
Engine
Engine
Engine
Enginemynet
$ docker service scale frontend=6
Global Services
$ docker service create \
--mode=global \
--name=prometheus \
prom/prometheus
Engine Engine
Engine
Engine
Engine
Constraints
Engine Engine
Engine
Engine
Engine $ docker daemon --label
com.example.storage=“ssd”
$ docker daemon --label
com.example.storage=“ssd”
Constraints
$ docker service create \
--replicas 5 \
--name frontend \
--network mynet \
--publish 80:80/tcp \
--constraint engine.labels.com.example.storage==ssd
frontend_image:latest
Engine Engine
Engine
Engine
Engine
mynet
$ docker daemon --label
com.example.storage=“ssd”
$ docker daemon --label
com.example.storage=“ssd”
Constraints
Engine Engine
Engine
Engine
Engine
mynet
$ docker daemon --label
com.example.storage=“ssd”
$ docker daemon --label
com.example.storage=“ssd”
$ docker service scale frontend=10
Rolling Updates
$ docker service create \
--replicas 8 \
--name frontend \
--network mynet \
--publish 80:80/tcp \
frontend_image:v1.0
Engine Engine
Engine
Engine
Engine
mynet
Rolling Updates
$ docker service update \
--image frontend_image:v2.0 \
--update-delay 10s \
--update-parallelism 2 \
frontend
Engine Engine
Engine
Engine
Engine
mynet
Rolling Updates
$ docker service update \
--image frontend_image:v2.0 \
--update-delay 10s \
--update-parallelism 2 \
frontend
Engine Engine
Engine
Engine
Engine
mynet
Rolling Updates
$ docker service update \
--image frontend_image:v2.0 \
--update-delay 10s \
--update-parallelism 2 \
frontend
Engine Engine
Engine
Engine
Engine
mynet
Rolling Updates
$ docker service update \
--image frontend_image:v2.0 \
--update-delay 10s \
--update-parallelism 2 \
frontend
Engine Engine
Engine
Engine
Engine
mynet
Rolling Updates
$ docker service update \
--image frontend_image:v2.0 \
--update-delay 10s \
--update-parallelism 2 \
frontend
Engine Engine
Engine
Engine
Engine
mynet
Overview of new features• Orchestration• Swarm mode• Docker services• Secure by default• Networking
• Live Restore• Container Healthchecks• Plugin Improvements
Secure by Default with end to end Encryption• Cryptographic node
identity• Automatic encryption
and mutual auth (TLS)• Automatic certificate
rotation• External CA integration
Manager[TLS][CA]
Manager[TLS][CA]
Manager[TLS][CA]
Agent[TLS]
Agent[TLS]
Agent[TLS]
Overview of new features• Orchestration• Swarm mode• Docker services• Secure by default• Networking
• Live Restore• Container Healthchecks• Plugin Improvements
Routing Mesh• Operator reserves a
swarm-wide ingress port (8080) for myapp
• Every node listens on 8080
Manager
Agent 1 Agent 2 Agent 3
$ docker service create \
--replicas 3 \
--name frontend \
--network mynet \
--publish 8080:80/tcp \
frontend_image:latest
:8080 :8080 :8080
:8080
access
myapp.com:8080
Routing Mesh• Container-aware
routing mesh can transparently reroute traffic to a node that is running the container• Built-in (layer 4)
load balancing• DNS-based service
discovery
Manager
Agent 1 Agent 2 Agent 3
$ docker service create \
--replicas 3 \
--name frontend \
--network mynet \
--publish 8080:80/tcp \
frontend_image:latest
:8080 :8080 :8080
:8080
access
myapp.com:8080
Swarm Mode is Optional• Docker 1.12 is fully backwards compatible• You can continue to use your old deployments without Swarm Mode• Swarm Mode is now the easiest way to try orchestration with Docker
Overview of new features• Orchestration• Swarm mode• Docker services• Secure by default• Networking
• Live Restore• Container Healthchecks• Plugin Improvements
Live Restore
{
“live-restore”: true
}
• By default, terminating Docker daemon shuts down running containers• Starting with 1.12, it is possible to configure the daemon so that containers
remain running when daemon becomes unavailable• Useful for upgrades, planned outages, crashes• Either update the default configuration file
• Or pass a flag when starting the daemon
$ sudo dockerd --live-restore
Container Healthchecks in Dockerfile
• Checks every 5 minutes that web server can return index page within 3 seconds• Three consecutive failures puts container in an unhealthy state• Works with services in Swarm Mode
HEALTHCHECK --interval=5m --timeout=3s
--retries=3
CMD curl –f http://localhost/ || exit 1
New Plugin Subcommands (Experimental)
$ docker plugin install tiborvass/no-remove
$ docker plugin enable no-remove
$ docker plugin disable no-remove
Plugin Permissions Model
$ docker plugin install tiborvass/no-remove
Plugin “tiborvass/no-remove:latest” requested the following
privileges:
- Networking: host
- Mounting host path: /data
Do you grant the above permissions? [y/N]
Demo!
Docker for AWS/Azure
Sign up for the beta at beta.docker.com
Swarm Topology
Overview of new features
• Strongly consistent – holds desired state• Simple to operate• Fast (in-memory reads, domain specific indexing, …)• Secure
Overview of new features
• Eventually consistent – routing mesh, load balancing rules, …• High volume, p2p network between workers• Secure: symmetric encryption with key rotation in Raft
Related Documents
![Docker 101 - techccu.csie.iotechccu.csie.io/2015/slides/frank.pdf · Docker Basics - CLI Docker client docker version docker info docker search [keyword] docker push/pull/commit docker](https://static.cupdf.com/doc/110x72/5f05ce717e708231d414cd40/docker-101-docker-basics-cli-docker-client-docker-version-docker-info-docker.jpg)
