This document summarizes a presentation on orchestrating containers using Docker Swarm and Kubernetes. It discusses why orchestration is important for microservices and cloud-native applications, and the key design principles for such applications. It then provides an overview of Docker Swarm and Kubernetes - the major orchestration platforms, comparing their architectures, features, advantages and disadvantages. It emphasizes that while the options differ, using an orchestrator is better than manually managing containers.
1. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Orchestrator
comparison
11th Docker Switzerland User Group Meetup
2. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
How important is orchestration and what is it for ?
- Might not need it for small apps
- No orchestration == manual orchestration
- Manually place containers, network, scale, check, update
- Microservices | Cloud Native Applications
3. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Design principles for Cloud Native Applications:
- Design for Performance: responsive; concurrency; efficiency
- Design for Automation: automate dev & ops tasks
- Design for Resiliency: fault-tolerant; self-healing
- Design for Elasticity: automatically scale
- Design for Delivery: short roundtrips; automated delivery
- Design for Diagnosability: cluster-wide logs, traces, metrics
4. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Welcome to the socks shop
5. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Microservice reference application
- Intended to help people get started with microservices
- Great for comparing frameworks etc
- Similar to "Pet Store"for Java
- ... or TodoMVC for JavaScript
Lots of implementations already
https://github.com/microservices-demo/microservices-demo/tree/master/dep
loy
8. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Comparing orchestrators
- All work and are improving rapidly
- Understand the differences
- Understand your requirements
- Please don't roll your own!
10. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Side note - The Borg/Omega paper
- Influential papers from Google
- Lessons learnt from 10 years with containers
- Google contributed cgroups to the Linux kernel, cgroups and linux
namespaces are the heart of containers
12. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Swarm mode
- New in Docker 1.12
- Docker Inc's official solution
- Part of core distribution
- Major improvement over old Swarm
13. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Core components
- Manager nodes
- coordinate via Raft
- no need for separate etcd/zookeeper
- Worker nodes
14. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Usability
- Docker native uses concepts from single-node Docker and extends them to
the Swarm.
- If you are up to date on Docker concepts, the learning curve is fairly
gradual.
- The setup for a swarm is trivial
15. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Easy to install
docker swarm init
Swarm initialized: current node (10vh26gyxppo6j2vyb8rcvjwj) is now a
manager.
To add a worker to this swarm, run the following command:
docker swarm join
--token
SWMTKN-1-5td5x39z8jw69aloe8aaqs26c9vf6nc7pzfepsq0xfmo9ldfk2-2747zp8w
0enbccrjmkt1o8du3
172.17.9.102:2377
To add a manager to this swarm, run 'docker swarm join-token
manager' and follow the instructions.
16. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Secure communication by default
- TLS set up using self-signed certs
- Certificates automatically rotated
17. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Feature Set
- Services
- Networks
- Constraints and labels
- Support of volume drivers
18. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Services
- Services
- Set of containers that are launched and a certain number of
containers are kept running at all times.
- There are two types of services, replicated or global.
- Replicated services maintain a specified number of containers
across the cluster
- Global services run one instance of a container on each of your
swarm nodes.
19. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Networks
- You can create named overlay networks
- Using the named overlay network you can create isolated, flat, encrypted
virtual networks across your set of nodes to launch your containers into.
20. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
- Control which node a container can be scheduled on
- E.g:
- Only nodes labeled "staging"
- Only nodes which have the image
- Only the node running a given container (affinity)
Constraints and Filters
21. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Other features
- Spread scheduling
- chooses "least loaded" node
- more options later
- Mesh Networking
22. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Application definition
- Apps are defined in DAB can be deployed on a Swarm cluster
- Possible to scale individual containers defined in the DAB file (manual)
Testing Swarm Mode with Sock Shop:
https://raw.githubusercontent.com/microservices-demo/microservices-demo/master/deploy/swarmk
it/start-swarmkit-services.sh
23. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Swarm mode advantages
- Easy to install
- Secure by default
- “Bundled with Docker”
24. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Swarm Mode disadvantages
- New
- Some Docker features unsupported (privileged,
- DAB still WIP
28. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Pods
- Groups of containers deployed and scheduled together
- Atomic unit
- Containers in a pod share IP address
- Single container pods are common
- Pods are ephemeral
29. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Labels
- K/V pairs attached to objects (primarily pods)
- e.g:"version: dev","tier: frontend"
- Label selectors then used to identify groups
- Used for load-balancing etc
30. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Services
- Stable endpoints addressed by name
- Forward traffic to pods
- Pods are selected by labels
- Round-robin load-balancing
- Separates endpoint from implementation
32. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Usability
- Setting up a production grade Kubernetes-cluster from scratch requires
setting up etcd, networking plugins, DNS servers and certificate authorities.
- Will change pretty soon. kubeadm already existing
- Beyond initial setup, Kubernetes still has a steep learning curve
33. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Snap to install
kubeadm init
<master/tokens> generated token: "f0c861.753c505740ecde4c"
<master/pki> created keys and certificates in "/etc/kubernetes/pki"
<util/kubeconfig> created "/etc/kubernetes/kubelet.conf"
<util/kubeconfig> created "/etc/kubernetes/admin.conf"
<master/apiclient> created API client configuration
<master/apiclient> created API client, waiting for the control plane to become ready
<master/apiclient> all control plane components are healthy after 61.346626 seconds
<master/apiclient> waiting for at least one node to register and become ready
<master/apiclient> first node is ready after 4.506807 seconds
<master/discovery> created essential addon: kube-discovery
<master/addons> created essential addon: kube-proxy
<master/addons> created essential addon: kube-dns
Kubernetes master initialised successfully!
You can connect any number of nodes by running:
kubeadm join --token <token> <master-ip>
34. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Application Definition
- A combination of Pods, Replication Controllers, Replica Sets, Services and
Deployments
- Each application tier is defined as a pod and can be scaled when managed
by a Deployment or ReplicationController/ReplicaSet. The scaling can be
manual or automated
- Auto-scaling using a simple number-of-pods target is defined declaratively
with the API exposed by ReplicationControllers or ReplicaSets
Testing kubernetes with Sock Shop:
https://github.com/microservices-demo/microservices-demo/blob/master/dep
loy/kubernetes/complete-demo.yaml
35. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Kubernetes Advantages
- Snap to install
- Currently limited to a single master installation
- Currently limited to a single etcd installation
- Advanced features baked-in
- Lot of momentum behind the community
36. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Kubernetes disadvantages
- Harder to get started
- Extra concepts
37. Docker Meetup | container-solutions.com | info@container-solutions.com | @michmueller_
Conclusion
- Different options with different strengths
- In some ways surprisingly similar (k8s deployment | Swarm service)
- Hard to predict a winner
- All are much better than rolling-your-own