What's new in Docker - Introduction to InfraKit

1. Patrick Chanezon, @chanezon, Docker Inc.
What’s new in Docker
InfraKit
David Chung, @dchungsf, Docker Inc.
Bill Farner, @wfarner, Docker Inc.

2. French
Polyglot
Platforms
Software Plumber
San Francisco
Developer Relations
@chanezon

3. The world needs
tools of mass innovation

4. A programmable Internet would be the ultimate
tool of mass innovation

5. A commercial product,
built on
a development platform,
built on
infrastructure,
built on
standards.
Docker is building a stack to program the Internet

6. Docker Platform

7. Isolation using Linux kernel features
namespaces
 pid
 mnt
 net
 uts
 ipc
 user
cgroups
 memory
 cpu
 blkio
 devices

8. Image layers

9. 1.
Developer experience

10. 1. Get out of the way
The best tools…
2. Adapt to you
3. Make the
powerful simple

11. Docker for Mac Docker for Windows

12. 2.
Orchestration

13. ng the best way to orchestrate Docke
Docker 1.12: now with orchestration built-in.

14. Swarm mode
Service API
Cryptographic node identity
Built-in routing mesh
Docker 1.12: now with orchestration built-in.

15. Using the beta? You already have 1.12 installed.
> docker swarm init
> docker service create

16. 3.
Ops experience

17. Deep integration with native load-balancers, templates,
SSH keys, ACLs, scaling groups, firewall rules…
beta.docker.com

18. Distributed Application Bundle
www.docker.com/dab
A portable format for multi-container applications

19. Docker CaaS

20. Goals
+ +
Agility Portability Control

21. Cloud Zone 1
Cloud Zone 2 Data Center
Development
Center
Headquarters
Containerization: standard containers
on a standardized container engine
Orchestration: build and deploy
complex systems easily
Enterprise: Enable delivery and time
to value across a large, complex,
rapidly evolving enterprise
The Global Enterprise Supply Chain

22. BUILD
Development Environments
SHIP
Registry: Secure Content &
Collaboration
RUN
Control Plane: Deploy,
Orchestrate, Manage, Scale
Networking Volumes MonitoringLoggingConfig MgtCI/CD
IT Operations
Developers IT Operations
Docker CaaS Workflow

23. Docker Containers as a Service platform
24
BUILD
Developer Workflows
SHIP
Registry Services
RUN
Management
Docker for Mac and Windows Docker Trusted Registry Docker Universal Control Plane
Docker Cloud
Docker Container Engine
Ecosystem Plugins and Integrations

24. UCP Permission Model

25. Docker UCP 1.1 - DTR 2.0
• HA
• Unified Auth
• Compose deployment
• UI to add nodes

26. Security scanning in Docker Cloud

27. Plumbing

28. 2013-05
2013-06
2013-07
2013-08
2013-09
2013-10
2013-11
2013-12
2014-01
1,000,000
0
2014-02
2014-03
2014-04
2014-05
2014-06
2014-07
2014-08
2014-09
2014-10
2014-11
2014-12
2015-01
2015-02
2015-03
2015-04
2015-05
2015-06
2015-07
2015-08
2015-09
2015-10
2015-11
2015-12
2016-01
1,000,000,000
~
10,000,000
9,000,000
8,000,000
7,000,000
6,000,000
5,000,000
4,000,000
3,000,000
2,000,000
6,000,000,000
5,750,000,000
5,500,000,000
5,250,000,000
5,000,000,000
4,750,000,000
4.500,000,000
4,250,000,000
4,000,000,000
3,750,000,000
3,500,000,000
3,250,000,000
3,000,000,000
2,750,000,000
2,500,000,000
2,250,000,000
2,000,000,000
1,750,000,000
1,500,000,000
1,250,000,000

29. 2013-05
2013-06
2013-07
2013-08
2013-09
2013-10
2013-11
2013-12
2014-01
1,000,000
0
2014-02
2014-03
2014-04
2014-05
2014-06
2014-07
2014-08
2014-09
2014-10
2014-11
2014-12
2015-01
2015-02
2015-03
2015-04
2015-05
2015-06
2015-07
2015-08
2015-09
2015-10
2015-11
2015-12
2016-01
~
2016-09
1,000,000,000
~
10,000,000
9,000,000
8,000,000
7,000,000
6,000,000
5,000,000
4,000,000
3,000,000
2,000,000
6,000,000,000
5,750,000,000
5,500,000,000
5,250,000,000
5,000,000,000
4,750,000,000
4.500,000,000
4,250,000,000
4,000,000,000
3,750,000,000
3,500,000,000
3,250,000,000
3,000,000,000
2,750,000,000
2,500,000,000
2,250,000,000
2,000,000,000
1,750,000,000
1,500,000,000
1,250,000,000
Notary
runC •
containerd •
HyperKit , VPNKit, DataKit •
SwarmKit •
libcontainer •
libnetwork • • Docker 1.8 : Docker Content Trust
• Docker for Mac
Docker for Windows
• Docker 1.12
with built-in
orchestration
• Docker 0.9 : Pluggable execution
• Docker 1.7 : Multi-Host Networking
• Docker 1.11:
OCI support

30. Notary
“Let’s stop using curl|sh”
Trusted collections for any content
Transport-agnostic
Reliable updates, proof of origin, resistant to untrusted
transport, survivable key compromise
Build on industry-leading standards and research

31. RunC
The universal container runtime
https://runc.io

32. containerd
A daemon to control runC
built for performance and density
http://containerd.tools/

33. containerd

34. Docker 1.11

35. Docker for Mac architecture
(simplified)

36. Hypervisor
Framework
vmnet Framework
Docker Container Engine
Hypervisor
Linux
VPN
Data
Service
Interface
Client Libraries
Admin GUI
CLI
Security Sandbox
Docker for Mac internals

37. Unikernels
http://unikernel.org/

38. Hypervisor
Framework
vmnet Framework
Docker Container Engine
Hyperkit
Linux
VPNKit
DataKit
Client Libraries
Admin GUI
CLI
Security Sandbox
Improving Docker with unikernel tech

39. InfraKit

40. Problem:
Managing Docker on different infrastructure is
difficult and not portable.

41. Consistent User Experience
43
How do we handle updates to a cluster??

42. Docker for AWS
EBS ELB
Container Engine
Storage plugin
Infrastructure Management
Network plugin Orchestration
IAM
CloudFormation
EC2VPC
Admin interface
Linux
User Applications / Services

43. Docker for AWS
EBS ELB
Container Engine
Storage plugin
InfraKit
Network plugin Orchestration
IAM
CloudFormation
EC2VPC
Admin interface
Linux
User Applications / Services

44. InfraKit
A toolkit for building declarative, self-healing
infrastructure.

45. Declarative
• JSON configuration for desired infrastructure state:
• Specification of instances — vm image, instance type, etc.
• Group properties — size, logical identifiers, etc.
• Design patterns encourage
• encapsulation
• composition
• Config is input to all operations — system figures out what to do
47

46. Self-healing
• Composed of a set of active components / processes that
• monitor infrastructure state
• detect state divergence
• take actions
• Continuous monitoring and reconciliation — always on
• No downtime — rolling update
48

47. Toolkit
• Primitives for managing collections of resources
• create, scale, destroy
• rolling update
• Abstractions & Developer SPI
• Group - manages collection of resources
• Instance - describes the physical resource
• Flavor - extra semantics for handling instances
• A collection of executable, active components — plugins
• Initially, Go daemons in the toolkit
• Soon, easy management via Docker Plugins (runc)

48. Architecture

49. Instance Plugin
• Spec: specification / model of an instance (e.g. vagrant, EC2):
• Logical ID, Init, Tags, and attachment
• Platform-specific properties
• Methods:
• /Instance.Validate
• /Instance.Provision
• /Instance.Destroy
• /Instance.DescribeInstances
• Examples: instance plugins for EC2, Azure VM, Vagrant, …51

50. Flavor Plugin
• Gives more context about the group members:
• Size, or list of Logical ID’s (e.g. IP addresses for ‘pets’)
• Application-specific notions of ‘health’
Is the node not only present but also joined a swarm?
• Methods:
• /Flavor.Validate
• /Flavor.Prepare
• /Flavor.Healthy
• Examples: flavor for Zookeeper members, Docker swarm
nodes52

51. Group Plugin
• Main entry point for user interaction:
• Create, describe update, update, destroy
• Config JSON is always the input
• Composed of Instance and Flavor — mix and match to
manage cattle (fungible) or pets (special)
• Methods:
• /Group.Watch
• /Group.Unwatch
• /Group.Inspect
53
• /Group.DescribeUpdate
• /Group.Update
• /Group.StopUpdate
• /Group.Destroy

52. Configuration
Example config file (zk.conf): Group configuration = Instance + Flavor
{
"Properties": {
/* raw configuration */
}
}
{
"groups" : {
"my_zookeeper_nodes" : {
"Properties" : {
"Instance" : {
"Plugin": "instance-vagrant",
"Properties": {
"Box": "bento/ubuntu-16.04"
}
},
"Flavor" : {
"Plugin": "flavor-zookeeper",
"Properties": {
"type": "member",
"IPs": ["192.168.1.200", "192.168.1.201", "192.168.1.202"]
}
}
}
}
}
}

53. Operations
• Make sure the plugins are running:
• infrakit/group &; infrakit/zookeeper &; infrakit/vagrant &;
• “Watch” the group starts management:
• infrakit/cli group watch zk.conf
• Update the config, e.g. change size or add IP address
• Describe changes before committing —
infrakit/cli group describe zk.conf
• Begin update —
infrakit/cli group update zk.conf
55

54. InfraKit Demo

63. Today
65
• InfraKit is just getting started… only
primitives for working with groups like
clusters of hosts
• But we have big plans
• Improve group management strategies
• More resource types — networking, load
balancers, storage…
• A cohesive framework for active
management of infrastructure — physical,
virtual, or containers

64. Get Involved
• Help define and implement new and interesting plugins
• Instance plugins for different infrastructure providers
• Flavor plugins for systems like etcd or mysql clusters
• Group controller plugins — metrics-driven auto scaling
and more
• Help define interfaces and implement new infrastructure
resource types — load balancers, networks and storage
volume provisioners
66

65. More Info
• Github:
https://github.com/docker/infrakit
• A quick tutorial:
https://github.com/docker/infrakit/blob/master/docs/tutorial.m
d
67

66. THANK YOU