Beruflich Dokumente
Kultur Dokumente
Neil Cresswell
Founder, CloudInovasi
neil.cresswell@cloudinovasi.id
www.cloudinovasi.id
Wireless
SSID: MAJAPAHIT
Password: ballroom
Goal
You should leave today with the confidence to be able to deploy a
Docker environment, with clustered applications, data persistence, and
have a good understanding of the Docker technologies that make up a
container landscape.
ASK QUESTIONS, EXPERIMENT, THIS IS NOT A PRESENTATION ☺
Agenda
• Deploying (and updating) the Docker Engine for • Creating a Cluster using the Docker Swarm
Linux and access via Named Pipes and TCP Orchestrator
• Plus an example of Docker for Windows • Kubernetes Orchestrator Comparison
Server 2016+
• Managing Docker and Docker Swarm from a UI
• Managing Docker from CLI
• Docker Swarm Networking Options
• Deploying Stateless Containers from Docker Hub • Kubernetes Networking Comparison
Images
• Docker Stacks and Stack Files
• Using Docker Persistent Volumes and Deploying
• Docker Services
Stateful Containers
• Managing Docker Stacks/Services
• Creating your own Docker Images and using a
private Image Repo • Docker Configs and Secrets, and using them in
Services/Stacks
But first, a short overview
Containers vs VM’s
Assigned Hardware Assigned Hardware
Resources (static) per VM Resources (static) No static hardware
Inefficient and Expensive per Docker Host. assignment.
8x Greater efficiency Dramatic Cost
savings
Virtual Machines Docker Running inside VMs Docker running on Bare Metal
Look at this another way… with RAM
VM’s Containers
1GB
4GB Used Free 4GB Used
Total RAM assigned to VMs: 33GB If RAM is Rp.100,000 per GB Total RAM actually used: 13.5GB
per Month, you are wasting
Total RAM actually used in the VM: 13.5GB Rp.1,9jt/b – now imagine
RAM available for other containers: 19.5GB, or
RAM wasted, 19.5GB this at scale! can assign just 20GB RAM to the Docker Host
What can go into a container…
• Linux OS – Pretty much ANYTHING…. Only limitation are apps that
need to interact with physical hardware; but even then there are
ways
Command Function
docker info Show information on the docker engine
docker version Show the version of docker running
docker run Start / deploy new containers
docker ps (and ps –a) Show running (or stopped) containers
docker stats <containerid> Show performance info for a container
docker logs <containerid> Show logs for a container
docker rename (because we always forget to name our containers) Rename a deployed container
docker start, docker stop Stop and start an existing container
docker kill Hard stop (kill) a running container
docker rm (and rmi) Delete a container or image
docker network Work with docker networks
docker volume Work with docker volumes
docker exec / docker attach Interact with a running container
docker system prune Delete all “unused” containers/volumes/images
Common docker run options
Command Function
--name Give a friendly name to the container
Note double dashes
-d Run the container in the background (detached)
-i -t Start the container interactive, and with tty support
--restart= always/on-failure/unless-stopped/no Restart the container automatically when the condition is met (note this
is not a cluster restart policy, only on a single host)
Note double dashes
-v Map a volume to a container
-p ip:port:port / -P Publish ports externally (hostport:containerport)
• –P means publish all ports defined in the dockerfile.
• Using –p :80 means randomly assign a host port
• Using –p 192.168.1.20:80:80 means expose as port 80 on the hosts ip
address 192.168.1.20 (if the host had more than 1 IP)
-e Pass an environment variable into the container
Deploying and managing
stateless containers via CLI
Definition
• Create a container
• Manipulate its file
contents
• Stop it, start it.
• File contents remain
• Now, delete and
recreate the
container… file
contents gone.
Storage and Stateful containers
Container Persistent Data Storage
Note that whilst persistent volumes can be assigned to more than one container concurrently; you need to manage data change
collisions/conflicts as there is no locking mechanism in Docker
External Storage Drivers
• REX-Ray • Pure Storage
• AWS EBS. EFS, S3 • iSCSI
• Dell EMC ScaleIO, Isilon, ECS • Nimble Storage
• Azure Blob • iSCSI
• OpenStack Cinder
• Redhat Ceph • NetApp Storage
• VirtualBox • iSCSI, NFS
• VMware vSphere • HP Storage
• VMDK on VMFS or NFS • 3Par
• VSAN • S3FS
• S3 Storage
• Azure (built by Docker for MS)
• CloudStor for Azure Files
Persistence with a bind mount
• docker run –d –p 80:80 –p
443:443 –v
/html:/usr/share/nginx/html --
name mynginx nginx:latest
• Open a browser to the nginx
container, see no HTML content
• go into the /html directory on
your host
• create a simple index.html
• Go back to your browser and
refresh; see it now displays.
• Delete the container, and then
recreate it, note that the “this is a
test” page remains
Optional, go into /var/lib/docker/volumes/mycriticaldata on
your host and look around
SCRATCH SCRATCH
Single Instance Storage
• Reuses image components that
are in common, meaning only MYAPP1 MYAPP2 MYAPP3 MYDB1 MYDB2 MYDB3
• EXPOSE 22
• CMD ["/usr/sbin/sshd", "-D"]
• Go back to root directory, and run: docker build mysecondimage –t mysshcontainer
• Now run your image; docker run –d –P mysshcontainer
Local Repository
• Kubernetes
• Runs on top of Docker Engine
• Can either deploy “vanilla” Kubernetes, or bundled solutions such as OpenShift, Docker EE,
Rancher, IBM Cloud Private.
• Significantly higher level of complexity than swarm, designed for deploying thousands of
containers; ultimate control of every element in the environment
• Namespaces, Deployments, Service, Pods, auto-scaling, Configurations, Secrets, Reverse Proxy
Ingress (NGINX), Overlay Networking, Persistent Volumes/Claims, currently Linux only
(Windows due in v1.13)
Docker Swarm
Open Swarm required Ports with FirewallD
Before we can create a cluster, we must allow all the ports
needed via the firewall
• firewall-cmd --add-port=2377/tcp --permanent
SWARM Management Port
• You can run “docker node ls” to see a list of all nodes in the
cluster
New CLI commands available in swarm
Command Function
docker swarm Commands relate to swarm management (join, leave,
lock)
docker node Commands related to swarm node management
(demote, promote, delete, list, update)
docker service Deploy and manage Swarm Services (clustered
container deployments)
docker stack Deploy and manage Swarm Stacks
docker secret Centralised contained privileged information
management
docker config Centralised container configuration management
Deploy a container as a clustered service
• Scale to 4 replicas
• Docker service scale dockerdemo=4
Note that when scaling, swarm will distribute containers across all
nodes in the cluster and load balance across them
Ingress limitations
• Using Portainer..
• Click on Secrets, Click New Secret
• Give the secret a name, and then type the
secret details in the box (format depends
on what you are using it for, a secret is free
text)
• Ensure “encode secret” is enabled
• Click on Services, create a new service
using busybox as the image, enter ping
google.com as the command, click on
secrets, and select your secret, and either
leave the target location a default
(/run/secrets/$secret_name) or assign a
file path in the container, click on create.
• Open a console into your container, and cat
the /myverysecretcert file
TERIMA KASIH
Useful troubleshooting tool - ctop
1
2
http://www.testorg.com
1
2
3
4
5
6 8
6
7
8