docker on docker
TRANSCRIPT
Docker on Docker
Add picture here
Brett InmanInfrastructure Engineer
Marcus MartinsSenior Manager - Orchestration
Docker Inc Docker Inc
Docker on Docker● Where we were
● How we moved to Docker EE
● What we learned
● How we’re making Docker EE better
SaaS at Docker● Docker Hub● Docker Store● Docker Cloud
> 1B pulls a month
> 500K builds a month
> 5000 requests / sec
Philosophy● High Availability
● Self-healing
● Self-service
● Build it - own it
Where we were
Previous InfrastructureInfra provides:
● Group of Docker Hosts per team● Docker TLS Certs● Centralized logging● Centralized metrics● Service discovery / routing
How dev used the old setup
Dogfooding Docker since 2013
How dev used the old setupThe good parts:
● Fully containerized● Docker as the only interface● No SSH access
How dev used the old setupThe bad parts:
● Multiple deployments tools● Imperative deployments
How dev used the old setupThe bad parts:
● Hosts as pets● Manual resource management
What was missing
Docker EEAdd picture here
● Docker Swarm● User
Management● Resource
Access Control
How we did it
Didn’t Change Anything*
FocusChanged:
● Orchestration
Did not change:
● Code● Containers● Logs● Metrics● Service Discovery● Routing
Enabling the transition
Self-service transition● Goal: give service teams control● Use both deployments at will● Swarmkit mesh networking - magic, but:
○ Hard cutover transition for us○ Can’t pull metrics from individual containers
Our Routing● Registrator● Consul● Consul-template● Haproxy
Host Port Publishing
--publish mode=host
Enables classic engine behavior of exposing container port on host for Swarm services
Automation
● Bootstrap lock
● Discovery - Load balancer or tags
Quorum failure without intervention
Resources Constraints
Human is no longer the scheduler
Reservation=
Limit
docker service create
--reserve-memory 640m --limit-memory 640m
SystemReservation
docker service create \--name system-reservation \ --reserve-memory 1G \ --limit-memory 1G \--mode global \--init \ubuntu sleep infinity
Cloud Permissions● IAM is at host level - not container● Each team gets an autoscaling group● Leverage UCP Collections
New deployment model
Declarative version: '3.3'services: api: image: example/api:2.1.2 ports: - mode: host protocol: tcp target: 80 environment: DEBUG: False ENVIRONMENT: product ...
● Compose file● Deploy with `docker
stack deploy`● All stacks defined in
source control
Updates version: '3.2'services: api: image: example/api:2.1.2 deploy: replicas: 20 … update_config: delay: 10s parallelism: 2 order: stop-first max_failure_ratio: 0 failure_action: rollback
…
● Rolling updates
● Automated rollback
Access Control version: '3.2'services: api: image: example/api:2.1.2 deploy: replicas: 2 … labels: com.docker.ucp.access.label:/Api …
● Using Docker EE
Collections
What’s better?Decouple host from application
● Host replacement● Host failures● Build it own it - developers don’t own hosts
Host Replacement
Three touches:
● Ops● Dev● Ops
Host Replacement
One touch:
● Ops
What else?● Easy to scale application
● Standardization
● Docker-native
Where we are now
Now● All of Docker SaaS is running on
Docker EE● 80 worker nodes● 60 swarm services● 1000 tasks● Multiple deployments a day
Improving Docker EE
Best PracticesTopics including:
● Managing Resources● Provisioning and Automation● Logging and Monitoring
Coming soon to success.docker.com
Product guidance● In-house customer at scale in production● Architecture● 35+ feature requests ● Host port publishing● More soon!
Canary● Running every Docker EE Release Candidate
● 50+ bugs filed
● Customer Zero
Docker EE
with Kubernetes
in production
Thank you
● Questions?
Docker EE Hosted Demo
Add picture here
docker.com/trial
● Free 4 Hour Demo● No Servers Required● Full Docker EE
Cluster Access