This is my third article about the Docker, before I have covered, Learn about the Docker and how it works and then covered the An Introduction to Kubernetes so if you don’t have idea about Docker and How Docker works see my previous articles. Here I am going to take What is New in Docker 1.12.
I will deliberately take the less time for the explanation, so you get to the point idea about the Docker Swarm in version 1.12.
What is Docker?
Docker is basically a very new technology. Docker is actually a company Docker Inc corporation based in the USA. Like VMware changed the company name from the product name, also Oracle changes the company name from the product name so that exactly Docker has done. Docker turned out to be a technology and later on people working for the specific organization have decided to change the company name and pivot it. So they changed from dotCloud to Docker.
Docker is mainly known because of containers. Actually, technology for the Docker is Linux containers which have been around eight years into the Linux core base. Docker is the company which came in 2013 which made containers very easy to use. Before that, only Google was working on the containers.
The container is a very lightweight mechanism to create the new process which is completely isolated from the environment. When you start the HTTPd process in your Linux, it got a view of entire
networking system, file system stack so it got a view of everything. But if you start Virtual Machine(VM), you give a separate desk, networking namespace, even you give a separate RAM but everything in that is a single process so whenever you start the Virtual Machine(VM)(for example, VMware, Virtualbox, KVM etc), it is going to be heavy weight.Containers are somewhat similar but they are extremely lightweight and you don’t need to spin new container with the kernel.
When containers come,there is no need of kernel.container always have the used space, not the kernel space. Docker is giving the tool only for the user space and communication with the kernel space will be taken care by the docker engine.
Docker provides an API to interact with the Linux kernel, so you can easily use the Linux kernel using Docker API. In Linux, Netfilter is in the kernel space and iptables in the user space. You can use the iptables command to modify the netfilters. If you directly trying to use netfilters, you might start stretching your hair. Iptables provides the friendly interface.
What is New in Docker 1.12?
Docker 1.12 is the latest version of docker came out. If you guys know about docker, you know that nowadays docker become a bigger ecosystem.It’s not just the docker engine that used to be, it has docker networking,docker swarm, a docker for windows, docker machine etc. I don’t have an idea about all the things, so Today I am covering new things of the docker 1.12 and that is Docker Swarm.
When the latest version of Docker 1.12 came out ,makes the entire world jaw dropping because it has the entire orchestration as built in feature.
What is Swarm mode in Docker 1.12?
Swarm is the built in feature in the Docker 1.12. You can follow the Docker Press Releases to know about the new version of Docker and it’s feature. A group of a system working together is known as Swarm.
Now built into docker engine itself.
Docker Swarm was released as a different product. Before it was not a part of docker engine, you have to set up it separately, Now they have added the Swarm functionality inbuilt and you don’t need to install anything extra.It’s just about firing the few commands here and there.
It helps deploy complex multi container apps on many machines
Docker swarm is an orchestrator, orchestrator makes sure that all the worker node is working properly and manager node system does all the orchestration.
Opt-in mode, not mandatory to run in swarm mode
It is not compulsory to use,you want to use it , you can use it. Otherwise, you want to use different orchestrator like kubernetes, open shift or mysource, you are free to use that.
Secure simplification of certificate generation and PKI implementation.
Docker claims that as secure by default and they have achieved security and made a few things simpler for developers and administrators.so All the communication between the nodes is secure. They have added CA authority. Certification generation will happen by itself. As developer, I say you don’t have to worry about the vulnerability.
What is Services in Docker?
After Swarm mode, something new in Docker 1.12 is the Services. Services are the unit files and distributed across different host. For exa, apache services. Services are the replicated, distributed, load balanced process on a swarm of docker engine.
There are two types of Services Docker provides:
- Replicated Services
Number of services on the set of available hosts.
One instance of same container on every host in swarm.
Services are again the part of Swarm mode. You can use the four-five instances of the same containers which are running on the different host that’s what services over here.
Security in Docker
As a far security concern, I have said communication between two nodes is secure.Whenever you start Docker service in your system and run the init command, at that time Swarm started on the system and it will set up security stuff by default. That would be the first manager node created. The first time initializes the Docker Swarm mode, that system will be used as the manager node.
Here is the list of features Security have:
- Every node in the swarm mode comes with mutually authenticated TLS.
- Upon creation of first manager, a new CA and set of certificate is created.
- Thereafter, every node joining the swarm will automatically be issued a new certificate and role.
Distributed Application Bundle in Docker:
This is kind of complex experimental feature docker launched in the latest version. Dockerfile used to create the docker image and containers can be created from that image. Similarly, a docker-compose.yml can be built into a distributed application bundle, and stacks can be created from that bundle.
Using Distributed application bundle, you can specify the specific image to use and that is something Docker compose provides by default. Docker compose can have the version of the image and you can use that for entire compose.
Some important points of the Distributed Application Bundle
- Dockerfile can be built into a docker image.
- Similarly, a docker-compose.yml can be built into a distributed application bundle and stacks can be created from that bundle.
- What specific image version to run
- What network to create
- How containers in those services must be networked to run
- Experimental feature
Container Health Check:
This is something that I really found interesting, Docker 1.12 have the container health check indicator. Using docker file create an image, docker file has some instructions, so in latest version have the one more instruction which is called the Container health check.
New docker file instruction to check container health. Here is the command used for Container Health Check.
HEALTHCHECK -- interval=5m --timeout=3s CMD Curl -f http://localhost/ || exit 1
Above command check every 5min that a web server is able to serve the site’s main page within three seconds. This specific command do is, whenever you spin a new container out of the resulting image, is going to check every 5 minutes whether this particular command is giving proper output or not and the amount of time to wait is 3 seconds. If no response gets from this command, means the container is not working properly and new container spin up by itself.
Exit Status is the status of container
0 – Success – container is healthy and ready to use
1 – Unhealthy – not working properly
2 – reserved – do not use this exit code
One more command for health check container, you can pass the retries, which limit the tries to check the container using this command.This command retries three times to check the health of container.
HEALTHCHECK --interval=5s --timeout=3s --retries=3 CMD Curl -f http://localhost/ || exit 1
Labels: you can assign label to a node. we have already covered in the previous article so not going into the depth.
Constraints: Constraints are used to run a service on specific node using labels
Docker Swarm mode:
Now, Let’s understand the Docker swarm mode. Docker Swarm mode is now at an early stage and it is growing up.
What is Swarm mode?
Swarm mode is the built in feature in the latest version of Docker and you might know about Swarm kit that is the thing used as a toolkit for orchestrating distributed systems launched with docker. This is kind of new attempt to get everything done using Docker product itself so that how Swarm mode.
The funny thing is entire development is open and suddenly popped up one day. It was kind of company effort instead of community effort.
- A mode built into docker engine.
- Available with docker 1.12 or later
- Let’s you manage a cluster of docker engine: You have set up Docker engine in your five systems and you want to manage your all docker engines from one interface, in that case, you can use the Docker swarm.
- Cluster of docker engine is called a swarm
- Use the familiar docker CLI to create a swarm, deploy application services to a swarm and manages swarm behavior. You can use the same Docker CLI for the swarm mode.
- Swarm mode != Swarm Kit : Docker Swarm mode is not the Swarm Kit. Swarm kit is the different product by the Docker.
Here is the list of features the Docker Swarm mode have:
- Cluster management integrated with docker engine: Using the Same Docker CLI, you can do the cluster management because it is integrated into the Docker engine itself.
- Can deploy manager/worker node using docker engine: There are couple of nodes as manager/worker nodes.you can deploy your code using nodes easily.you can set 3-4 nodes as manager so if one goes down, can use the another one.
Declarative model to describe entire application stack: it has the declarative mode which describes the whole application.
- Scale up or down based on requirements: You can spin up more number of instances and handle the load balancing easily. Scaling up and down is the normal scenario and you can easily manage it using Docker Swarm mode.
Constantly monitors and reconciles the cluster mode: All the services started using the Docker Swarm mode will keep the track of all those services and containers. If one of those going down, it going to bring the copy of that once again.
- Built in service discovery: You can add all the nodes same network and you get the very much easy way of doing service discovery.
- TLS auth and encryption for secure communication: It performs the TLS auth and encryption for secure communication between all the nodes.
Here going to take a look at the setup on the system:
- 2 Virtual machine running on digitalocean
- 1 will run as manager
- 1 will run as worker
- Add 1 Virtual machine to work as manager
Initialize a Swarm
Once you initialize the Swarm mode very first time, that system will become the manage node by default.
Here is the command you can use to initialize the Swarm
$ docker swarm init
This command will initialize a swarm
Docker engine targeted by this command becomes a manager in the newly created single node swarm because Docker has HTTP API as well so you can do something like your Docker engine installed on the different system and you Docker client is on the different system.
IT generates two random tokens
Use proper token to join manager and worker.
If you get the error using above command because of running two IP address in the same system and one is for private networking interface and another for public interface. You can use the following command which has to pass the IP address.
$ docker swarm init --advertise-addr
Add a node to Swarm
This command is used to add a node to the Docker Swarm:
$ docker swarm join \ --token
This node joined a swarm as the worker.After that to add the manager to the Swarm, You have to use the following command:
$ docker swarm join-token manager
When you execute this command, it will give one command to add the manager.
Now we are going to create the services. Service is the another new concept discussed above.As far as services are the concern, it is just going to use for the specific container.It will start the container using the entry point and command.It’s just going to be run.
To create a service named redis, you can use the follow command:
$ docker service create --name redis:3.0.6
Once you execute the above service command, it will provide you the id of the service.
Replicated mode and Global mode
The following command will be used for the replicated mode. The difference between above and following command is replicas.
$ docker service create --name redis --replicas=5 redis:3.0.6
This command will be used to create a service named redis with five replicas across the swarm. It is going to spin five containers randomly to any node. The replica is for load balancing and failover.
Global mode is started one container for that service on every node available in that cluster.If you have three available nodes in your cluster, Docker swarm is going to start three containers. One container on each node.
The following command will be used for the global mode:
$ docker service create --name redisglobal --mode global redis:3.0.6
This command will create a global service with one container.
Now, I am going to show you the example of Docker Network:
Attach service to network
You can create a network and add your existing service to that particular network and benefit of doing that is service discovery.
The following command is used to attach a service to the network. The name of the network is my-network. This will spin the Nginx container. Docker service will create the three replicas and name it as my_name and image name used here is the Nginx.
$ docker network create --driver overlay my-network $ docker service create \ --replicas 3 --network my-network --name my_name Nginx
Publish service ports
The more interesting part is publish service ports. This is the very interesting feature that has not seen earlier.
Let’s have three nodes running in your cluster and you are not spin up the service in global or replicated more. You have container running on one system out of three systems. This is the publish port and I am using 8080 which will map with the Nginx 80 port. –publish is used here for publishing service port.
$ docker service create --name my_web --replicas 3 --publish 8080:80 Nginx
Makes service accessible on port 8080 of every node regardless if there is a container running for that service on the node.
Docker service inspect is same as the docker inspect and provides JSON output.It should be run on the manager node,it will not work on worker node.
Here is the command used for the Swarm Inspect:
$ docker service inspect myweb $ docker service inspect nginx
Swarm update an existing service. I had service running already on port 6379 in my container and 6379 on the host. After that you want to update the Swarm in Docker, you update it using the service update command:
$ docker service update --publish-add 6379:6379 redis $ docker service update --image redis:latest redis
This will publish the redis service to port 6379.
Some of the basic command,useful to use Docker:
Ps, ls, rm
ps: list the tasks of services
Ls: list the services in the swarm
rm: removes the service from the swarm