SlideShare une entreprise Scribd logo

DockerCon - The missing piece : when Docker networking unleashes software archtecture 2.0

Télécharger en tant que PPTX, PDF
Laurent Grangeau
Laurent Grangeau

The missing piece : when Docker networking unleashes software archtecture 2.0

Internet
1  sur  46
The missing piece: when Docker networking unleashes software architecture 2.0 A. Blind DevOps coach Societe Generale @adrienblind L. Grangeau Solutions architect Finaxys @laurentgrangeau
Agenda 2 - Starters Docker networking & volume features discovered 4 - Dessert Taste-an-app 1 - Apetizer Back on current Docker paradigms 3 - Main course Application architecture shifts
Back on current docker paradigms
Back on Docker paradigms ‘’A universal, self-sufficient and standard artifact embedding an app module, and its subsequent infrastructure configuration’’ Immutable Versionned Light Portable Disposable Programatic Social Incremental  It’s mainly focused on enclosing computing capabilities: what about storage ? Network ?
Networking & volume features discovered
Docker networking
Docker networking
Docker networking The Container Network Model (CNM) A docker container Endpoint A docker container Endpoint A docker container EndpointEndpoint Network sandbox Network sandbox Network sandbox Front network Back network
Docker networking $ docker network create mynetwork 5000dec7c180a63d87031de7e6bfcf2b25cf1e5daef6338f16fbd4 451210a938 $ docker network create –d overlay multihostnetwork e6537b859359843bc02392245ab226070f79dbf87be2d492969c84 3f89fb6de6
Docker networking $ docker network inspect mynetwork [ { "Name": "mynetwork", "Id": "5000dec7c180a63d87031de7e6bfcf2b25cf1e5daef6338f16fbd4451 210a938", "Scope": "local", "Driver": "bridge", "IPAM": { "Driver": "default", "Config": [ {} ] }, "Containers": {}, "Options": {} } ]
Docker networking Host Host Host Host SDNs SDN 1 SDN 2 SDN 3
Docker networking
Docker networking Docker Compose evolved to embrace new networking features $ docker-compose --x-networking --x-network-driver=overlay up $ docker-compose up
Docker volumes
Docker volumes Host file system Host file system ‘’Former data management locked in a host’’
Docker volumes Host file system Container Volume ‘’Containers mount a volume which may be backed externaly’’
Docker volumes $ docker volume create –d volplugin --name pool/name Cf872ca21d27843f6b6319ac1a34390dd38d94ed4649cd985456d5 23fb05d4cc $ docker run –d –p 8080:8080 –v pool/name:/var/jenkins_home jenkins 96aec6f4e45e050dfb4f75a1009e7f105bced5b406752e62d47061 5d07348b07
Docker volumes $ docker volume ls DRIVER VOLUME NAME local cf872ca21d27843f6b6319ac1a34390… local f19f50251f48c64a6b33a5c637c2330… $ docker volume inspect cf872ca21d27843f6b6319ac1a34390dd38d94… [ { "Name": "cf872ca21d27843f6b6319ac1a34390dd38d94…", "Driver": "local", "Mountpoint": "/mnt/sda1/var/lib/docker/volumes/[…]/_data" } ]
Take-away
Application Compute (Run containers) Docker building blocks
Application Compute (Run containers) Storage (Volumes) ‘’Immutability of containers, resiliency & scalability led to data externalization in separate objects’’
‘’Fine-granularity of containers led to closely interconnect them’’ Application Compute (Run containers) Storage (Volumes) Transport (Network)
‘’The whole topology can now be described’’ Application Compute (Run containers) Storage (Volumes) Transport (Network) Topology (Compose)
‘’Docker finally shifted to object-oriented infra. architecture’’ Application Compute (Run containers) Storage (Volumes) Transport (Network) Topology (Compose) CaaS platform (Swarm, Machine...)
Application architecture shifts
Security paradigms shifts
Security paradigms shifts Your IT opens up • Externalization (housing, hosting) • Cloud (IaaS/PaaS/SaaS) Open up your IS • B2B, services exposition • Multi tenancy More & more breaches appears in your Great Wall of China!
Security paradigms shifts The necessary porosity of your IS requires to stick security closer to each application: sandbox your apps and expose protected interfaces! Network is part of application topology Security is an app topic, not just infra. concern Onboard security in feature teamSecDevOps
Network paradigms shifts VM VM VM VM VM VM VM VM VM Internet Internet DMZ Physical overview Logical overview Tenant #1 Tenant #2 LAN LAN DMZ1 DMZ2 Traditional networks relies a lot on low layers (L2, etc.) Application topologies are quite different from physical ones
Network paradigms shifts SDNs propose network solutions embracing cloud paradigms Massively multi-tenant Thousands tenants, massively scalable Easy & fast (de)provisioning Infra as code, API centric Infrastructure agnostic L3, does not stick with lower levels (physical designs, vlans & co) Decouple infrastructure & tenants lifecycles Cross technology, vendor agnostic
From Enterprise Services buses to full-mesh topologies ESB Service Service Service Service Service > ServiceService Service Service Service Micro services
Fine-grained, highly decoupled and atomic purpose centric services Designed for failure Multi-versioned Scalable Micro services Stateless Share-nothing Immutable Continuously delivered Distributed
Service consumer Service provider Registry 2. Find 1. Publish 3. Bind Leverage on a Service registry to discover where are services located Micro services
Resilience & scalability: apps problem now! Vertical > horizontal Apps designed for failure & scalability Data to be externalized Dumber infrastructure  Structured: MongoDB, Hadoop, Cassandra, Elastic Search...  Binaries: object storage with Ceph, OpenStack Swift...  Helpful patterns: stateless, multi-versioning, loose coupling...  Infrastructure rationalization  Low-cost, poor-SLA commodity
« Organizations which design systems... are constrained to produce designs which are copies of the communication structures of these organizations ». - M. Conway, 1968 Consider shifting your organization if you wish to shift your architecture Forget about the central architects myth of organizing, integrating everything Consider changing your organization to expect changing the architecture!  promote feature teams Organization
Docker suits perfectly new applications challenges Create docker networks to isolate applications Docker container properties fits micro-services challenges Resilience & scalability is mostly about multiplying containers Expect to discuss roles shift in organization
Taste-an-app
Execution platform Registry Docker-machine Docker-swarm The registrator discovers new containers and feeds the registry
Application design Provider micro serviceConsumers The python app module exposes a REST service searching information in the MongoDB The NGINX reverse proxy forward app. requests on one of the python instance registered in Consul Find
Application topology & runtime The whole application topology is stored as: docker-compose yaml file docker-compose args (aka --x-networking & --x-network-driver) You can scale up or down the python instances of the micro- service using traditionnal docker-compose scale command
Network view Only the load balancer VIP is exposed externally A WAF instance could secure this entrypoint SDN « dockerconeu15 » Host network Provider micro serviceConsumers
Network view - advanced Provider micro service Consumers SDN « front » SDN « back » Host network Back Middle Front ‘’To enhance security you may decouple each application tier’’
Zoom on the registry usages Between micro-services, consumers asks the registry where a desired micro-service is located Inside a micro-service, NGINX is made aware of the backend API instances available, via the registry At container level, the registrator enable to registers any container instances, grouped per type At infrastructure level, the registry is used by swarm (internally) to be aware of the cluster’s participants Noticed the different usages of a registry ? You may consider using different registries for each usage : for example an internal registry for the micro service internal topology
Conclusions
Docker shifted from universal containers to object-oriented infrastructure Security is an app concern Software is eating the world: application architecture is the key, infrastructure is commodity
Thank you! A. Blind @adrienblind adrien.blind@sgcib.com L. Grangeau @laurentgrangeau laurent.grangeau@gmail.com

Recommandé

PioneersIO - Networking with Docker
PioneersIO - Networking with DockerPioneersIO - Networking with Docker
PioneersIO - Networking with DockerLaurent Grangeau
 
Meetup Docker : From Zero to Hero
Meetup Docker : From Zero to HeroMeetup Docker : From Zero to Hero
Meetup Docker : From Zero to HeroLaurent Grangeau
 
Meetup Mesos : Mesos, Chronos and Marathon in CI/CD factory
Meetup Mesos : Mesos, Chronos and Marathon in CI/CD factoryMeetup Mesos : Mesos, Chronos and Marathon in CI/CD factory
Meetup Mesos : Mesos, Chronos and Marathon in CI/CD factoryLaurent Grangeau
 
Microservices Cloud Club 2015-02-26
Microservices Cloud Club 2015-02-26Microservices Cloud Club 2015-02-26
Microservices Cloud Club 2015-02-26Casey Bisson
 
7 characteristics of container-native infrastructure, Docker Zurich 2015-09-08
7 characteristics of container-native infrastructure, Docker Zurich 2015-09-087 characteristics of container-native infrastructure, Docker Zurich 2015-09-08
7 characteristics of container-native infrastructure, Docker Zurich 2015-09-08Casey Bisson
 
Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop Cisco Canada
 
Demystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDemystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDr Ganesh Iyer
 
OpenStack and Kubernetes - A match made for Telco Heaven
OpenStack and Kubernetes - A match made for Telco HeavenOpenStack and Kubernetes - A match made for Telco Heaven
OpenStack and Kubernetes - A match made for Telco HeavenTrinath Somanchi
 

Recommandé

PioneersIO - Networking with Docker
PioneersIO - Networking with DockerPioneersIO - Networking with Docker
PioneersIO - Networking with DockerLaurent Grangeau
 
Meetup Docker : From Zero to Hero
Meetup Docker : From Zero to HeroMeetup Docker : From Zero to Hero
Meetup Docker : From Zero to HeroLaurent Grangeau
 
Meetup Mesos : Mesos, Chronos and Marathon in CI/CD factory
Meetup Mesos : Mesos, Chronos and Marathon in CI/CD factoryMeetup Mesos : Mesos, Chronos and Marathon in CI/CD factory
Meetup Mesos : Mesos, Chronos and Marathon in CI/CD factoryLaurent Grangeau
 
Microservices Cloud Club 2015-02-26
Microservices Cloud Club 2015-02-26Microservices Cloud Club 2015-02-26
Microservices Cloud Club 2015-02-26Casey Bisson
 
7 characteristics of container-native infrastructure, Docker Zurich 2015-09-08
7 characteristics of container-native infrastructure, Docker Zurich 2015-09-087 characteristics of container-native infrastructure, Docker Zurich 2015-09-08
7 characteristics of container-native infrastructure, Docker Zurich 2015-09-08Casey Bisson
 
Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop Cisco Canada
 
Demystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDemystifying Containerization Principles for Data Scientists
Demystifying Containerization Principles for Data ScientistsDr Ganesh Iyer
 
OpenStack and Kubernetes - A match made for Telco Heaven
OpenStack and Kubernetes - A match made for Telco HeavenOpenStack and Kubernetes - A match made for Telco Heaven
OpenStack and Kubernetes - A match made for Telco HeavenTrinath Somanchi
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Cynthia Thomas
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerRahul Krishna Upadhyaya
 
SDN in CloudStack
SDN in CloudStackSDN in CloudStack
SDN in CloudStackbuildacloud
 
Docker Containers Security
Docker Containers SecurityDocker Containers Security
Docker Containers SecurityStephane Woillez
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Andrew Randall
 
Inside Triton, July 2015
Inside Triton, July 2015Inside Triton, July 2015
Inside Triton, July 2015Casey Bisson
 
Webinar Docker Tri Series
Webinar Docker Tri SeriesWebinar Docker Tri Series
Webinar Docker Tri SeriesNewt Global Consulting LLC
 
Kubernetes
KubernetesKubernetes
KubernetesLinjith Kunnon
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDocker, Inc.
 
Cloud Native Computing - Part III - Containers
Cloud Native Computing - Part III - ContainersCloud Native Computing - Part III - Containers
Cloud Native Computing - Part III - ContainersLinjith Kunnon
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Cloud Native Day Tel Aviv
 
Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425Greg Ferro
 
Building microservices with docker
Building microservices with dockerBuilding microservices with docker
Building microservices with dockerRoman Melnyk
 
SDN Service Provider use cases Network Function Virtualization (NFV)
SDN Service Provider use cases Network Function Virtualization (NFV)SDN Service Provider use cases Network Function Virtualization (NFV)
SDN Service Provider use cases Network Function Virtualization (NFV)Brent Salisbury
 
Network Virtualization with quantum
Network Virtualization with quantum Network Virtualization with quantum
Network Virtualization with quantum openstackindia
 
20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"
20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"
20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"IBM France Lab
 
Network Virtualization
Network VirtualizationNetwork Virtualization
Network VirtualizationKingston Smiler
 
Docker Enterprise Deployment Planning
Docker Enterprise Deployment PlanningDocker Enterprise Deployment Planning
Docker Enterprise Deployment PlanningStephane Woillez
 
Docker - Portable Deployment
Docker - Portable DeploymentDocker - Portable Deployment
Docker - Portable Deploymentjavaonfly
 
OpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoOpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoLew Tucker
 
Meetup Openstack : At the heart of IT revolution
Meetup Openstack : At the heart of IT revolutionMeetup Openstack : At the heart of IT revolution
Meetup Openstack : At the heart of IT revolutionLaurent Grangeau
 
Preparing for examination
Preparing for examinationPreparing for examination
Preparing for examinationJnana Prabodhini Educational Resource Center
 

Contenu connexe

Tendances

Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Cynthia Thomas
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerRahul Krishna Upadhyaya
 
SDN in CloudStack
SDN in CloudStackSDN in CloudStack
SDN in CloudStackbuildacloud
 
Docker Containers Security
Docker Containers SecurityDocker Containers Security
Docker Containers SecurityStephane Woillez
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Andrew Randall
 
Inside Triton, July 2015
Inside Triton, July 2015Inside Triton, July 2015
Inside Triton, July 2015Casey Bisson
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDocker, Inc.
 
Cloud Native Computing - Part III - Containers
Cloud Native Computing - Part III - ContainersCloud Native Computing - Part III - Containers
Cloud Native Computing - Part III - ContainersLinjith Kunnon
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Cloud Native Day Tel Aviv
 
Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425Greg Ferro
 
Building microservices with docker
Building microservices with dockerBuilding microservices with docker
Building microservices with dockerRoman Melnyk
 
SDN Service Provider use cases Network Function Virtualization (NFV)
SDN Service Provider use cases Network Function Virtualization (NFV)SDN Service Provider use cases Network Function Virtualization (NFV)
SDN Service Provider use cases Network Function Virtualization (NFV)Brent Salisbury
 
Network Virtualization with quantum
Network Virtualization with quantum Network Virtualization with quantum
Network Virtualization with quantum openstackindia
 
20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"
20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"
20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"IBM France Lab
 
Docker Enterprise Deployment Planning
Docker Enterprise Deployment PlanningDocker Enterprise Deployment Planning
Docker Enterprise Deployment PlanningStephane Woillez
 
Docker - Portable Deployment
Docker - Portable DeploymentDocker - Portable Deployment
Docker - Portable Deploymentjavaonfly
 
OpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoOpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoLew Tucker
 

Tendances (20)

Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using docker
 
SDN in CloudStack
SDN in CloudStackSDN in CloudStack
SDN in CloudStack
 
Docker Containers Security
Docker Containers SecurityDocker Containers Security
Docker Containers Security
 
Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016Container Networking Meetup March 31 2016
Container Networking Meetup March 31 2016
 
Inside Triton, July 2015
Inside Triton, July 2015Inside Triton, July 2015
Inside Triton, July 2015
 
Webinar Docker Tri Series
Webinar Docker Tri SeriesWebinar Docker Tri Series
Webinar Docker Tri Series
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 
Cloud Native Computing - Part III - Containers
Cloud Native Computing - Part III - ContainersCloud Native Computing - Part III - Containers
Cloud Native Computing - Part III - Containers
 
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
Lessons learned from global telecom operators' cloud journeys - Zeev Likworni...
 
Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425Cloud Networking is not Virtual Networking - London VMUG 20130425
Cloud Networking is not Virtual Networking - London VMUG 20130425
 
Building microservices with docker
Building microservices with dockerBuilding microservices with docker
Building microservices with docker
 
SDN Service Provider use cases Network Function Virtualization (NFV)
SDN Service Provider use cases Network Function Virtualization (NFV)SDN Service Provider use cases Network Function Virtualization (NFV)
SDN Service Provider use cases Network Function Virtualization (NFV)
 
Network Virtualization with quantum
Network Virtualization with quantum Network Virtualization with quantum
Network Virtualization with quantum
 
20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"
20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"
20190613 - IBM Cloud Côte d'Azur meetup - "Cloud & Containers"
 
Network Virtualization
Network VirtualizationNetwork Virtualization
Network Virtualization
 
Docker Enterprise Deployment Planning
Docker Enterprise Deployment PlanningDocker Enterprise Deployment Planning
Docker Enterprise Deployment Planning
 
Docker - Portable Deployment
Docker - Portable DeploymentDocker - Portable Deployment
Docker - Portable Deployment
 
OpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at CiscoOpenStack As A Strategy For Future Growth at Cisco
OpenStack As A Strategy For Future Growth at Cisco
 

En vedette

Meetup Openstack : At the heart of IT revolution
Meetup Openstack : At the heart of IT revolutionMeetup Openstack : At the heart of IT revolution
Meetup Openstack : At the heart of IT revolutionLaurent Grangeau
 
Muskuloskeletal assesment for spinal and hamstring flexibility
Muskuloskeletal assesment for spinal and hamstring flexibilityMuskuloskeletal assesment for spinal and hamstring flexibility
Muskuloskeletal assesment for spinal and hamstring flexibilityDian Kusumaningtyas
 
PORTFOLIO 2015 net
PORTFOLIO 2015 netPORTFOLIO 2015 net
PORTFOLIO 2015 net3darchdeco
 
Ερευνητές
ΕρευνητέςΕρευνητές
Ερευνητέςstne
 
Λαογράφοι
ΛαογράφοιΛαογράφοι
Λαογράφοιstne
 
Lptw proper-10 a-yc-ot lesson for sunday skol
Lptw proper-10 a-yc-ot lesson for sunday skolLptw proper-10 a-yc-ot lesson for sunday skol
Lptw proper-10 a-yc-ot lesson for sunday skolGemma Diaz
 
Eine Symfony Application um CMS-Funktionen erweitern
Eine Symfony Application um CMS-Funktionen erweiternEine Symfony Application um CMS-Funktionen erweitern
Eine Symfony Application um CMS-Funktionen erweiternMaximilian Berghoff
 
RESTing on HTTP - FrOSCon 10 - 2015-08-23
RESTing on HTTP - FrOSCon 10 - 2015-08-23RESTing on HTTP - FrOSCon 10 - 2015-08-23
RESTing on HTTP - FrOSCon 10 - 2015-08-23Maximilian Berghoff
 
आपली पृथ्वी आणि तिची वैशिष्ट्ये
आपली पृथ्वी आणि तिची वैशिष्ट्येआपली पृथ्वी आणि तिची वैशिष्ट्ये
आपली पृथ्वी आणि तिची वैशिष्ट्येJnana Prabodhini Educational Resource Center
 

En vedette (20)

Meetup Openstack : At the heart of IT revolution
Meetup Openstack : At the heart of IT revolutionMeetup Openstack : At the heart of IT revolution
Meetup Openstack : At the heart of IT revolution
 
Preparing for examination
Preparing for examinationPreparing for examination
Preparing for examination
 
Andaimeparte3ok
Andaimeparte3okAndaimeparte3ok
Andaimeparte3ok
 
Muskuloskeletal assesment for spinal and hamstring flexibility
Muskuloskeletal assesment for spinal and hamstring flexibilityMuskuloskeletal assesment for spinal and hamstring flexibility
Muskuloskeletal assesment for spinal and hamstring flexibility
 
APT - CANTEIRO DE OBRA
APT - CANTEIRO DE OBRAAPT - CANTEIRO DE OBRA
APT - CANTEIRO DE OBRA
 
Symfony-CMF/SeoBundle - unKonf
Symfony-CMF/SeoBundle - unKonfSymfony-CMF/SeoBundle - unKonf
Symfony-CMF/SeoBundle - unKonf
 
PORTFOLIO 2015 net
PORTFOLIO 2015 netPORTFOLIO 2015 net
PORTFOLIO 2015 net
 
Ερευνητές
ΕρευνητέςΕρευνητές
Ερευνητές
 
Mit dem API ins CMS
Mit dem API ins CMSMit dem API ins CMS
Mit dem API ins CMS
 
Λαογράφοι
ΛαογράφοιΛαογράφοι
Λαογράφοι
 
Fns sst-apt- 27-passagem inferior
Fns sst-apt- 27-passagem inferiorFns sst-apt- 27-passagem inferior
Fns sst-apt- 27-passagem inferior
 
Lptw proper-10 a-yc-ot lesson for sunday skol
Lptw proper-10 a-yc-ot lesson for sunday skolLptw proper-10 a-yc-ot lesson for sunday skol
Lptw proper-10 a-yc-ot lesson for sunday skol
 
Eine Symfony Application um CMS-Funktionen erweitern
Eine Symfony Application um CMS-Funktionen erweiternEine Symfony Application um CMS-Funktionen erweitern
Eine Symfony Application um CMS-Funktionen erweitern
 
RESTing on HTTP - FrOSCon 10 - 2015-08-23
RESTing on HTTP - FrOSCon 10 - 2015-08-23RESTing on HTTP - FrOSCon 10 - 2015-08-23
RESTing on HTTP - FrOSCon 10 - 2015-08-23
 
Modelagem computacional
Modelagem computacionalModelagem computacional
Modelagem computacional
 
Animals
AnimalsAnimals
Animals
 
Rest
RestRest
Rest
 
आपली पृथ्वी आणि तिची वैशिष्ट्ये
आपली पृथ्वी आणि तिची वैशिष्ट्येआपली पृथ्वी आणि तिची वैशिष्ट्ये
आपली पृथ्वी आणि तिची वैशिष्ट्ये
 
Magnesium m
Magnesium mMagnesium m
Magnesium m
 
क्रांतीयुग
क्रांतीयुगक्रांतीयुग
क्रांतीयुग
 

Similaire à DockerCon - The missing piece : when Docker networking unleashes software archtecture 2.0

DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...Docker, Inc.
 
Docker, cornerstone of cloud hybridation ? [Cloud Expo Europe 2016]
Docker, cornerstone of cloud hybridation ? [Cloud Expo Europe 2016]Docker, cornerstone of cloud hybridation ? [Cloud Expo Europe 2016]
Docker, cornerstone of cloud hybridation ? [Cloud Expo Europe 2016]Adrien Blind
 
56K.cloud Docker Training
56K.cloud Docker Training56K.cloud Docker Training
56K.cloud Docker TrainingBrian Christner
 
Unleash software architecture leveraging on docker
Unleash software architecture leveraging on dockerUnleash software architecture leveraging on docker
Unleash software architecture leveraging on dockerAdrien Blind
 
Docker, cornerstone of an hybrid cloud?
Docker, cornerstone of an hybrid cloud?Docker, cornerstone of an hybrid cloud?
Docker, cornerstone of an hybrid cloud?Adrien Blind
 
08 sdn system intelligence short public beijing sdn conference - 130828
08 sdn system intelligence short public beijing sdn conference - 13082808 sdn system intelligence short public beijing sdn conference - 130828
08 sdn system intelligence short public beijing sdn conference - 130828Mason Mei
 
Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014Ryan Koop
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackQAware GmbH
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17Mario-Leander Reimer
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Brad Eckert
 
The Microservices world in. NET Core and. NET framework
The Microservices world in. NET Core and. NET frameworkThe Microservices world in. NET Core and. NET framework
The Microservices world in. NET Core and. NET frameworkMassimo Bonanni
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsAraf Karsh Hamid
 
Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...
Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...
Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...Docker, Inc.
 
Azure Day Rome 2019 Reloaded - Strangle(r pattern) your legacy application ru...
Azure Day Rome 2019 Reloaded - Strangle(r pattern) your legacy application ru...Azure Day Rome 2019 Reloaded - Strangle(r pattern) your legacy application ru...
Azure Day Rome 2019 Reloaded - Strangle(r pattern) your legacy application ru...azuredayit
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerJorge Juan Mendoza
 
Accelerate Digital Transformation with IBM Cloud Private
Accelerate Digital Transformation with IBM Cloud PrivateAccelerate Digital Transformation with IBM Cloud Private
Accelerate Digital Transformation with IBM Cloud PrivateMichael Elder
 
Are you ready to be edgy? Bringing applications to the edge of the network
Are you ready to be edgy? Bringing applications to the edge of the networkAre you ready to be edgy? Bringing applications to the edge of the network
Are you ready to be edgy? Bringing applications to the edge of the networkMegan O'Keefe
 
Making Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdfMaking Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdfRakuten Group, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker, Inc.
 

Similaire à DockerCon - The missing piece : when Docker networking unleashes software archtecture 2.0 (20)

DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
 
Docker, cornerstone of cloud hybridation ? [Cloud Expo Europe 2016]
Docker, cornerstone of cloud hybridation ? [Cloud Expo Europe 2016]Docker, cornerstone of cloud hybridation ? [Cloud Expo Europe 2016]
Docker, cornerstone of cloud hybridation ? [Cloud Expo Europe 2016]
 
56K.cloud Docker Training
56K.cloud Docker Training56K.cloud Docker Training
56K.cloud Docker Training
 
Unleash software architecture leveraging on docker
Unleash software architecture leveraging on dockerUnleash software architecture leveraging on docker
Unleash software architecture leveraging on docker
 
Docker, cornerstone of an hybrid cloud?
Docker, cornerstone of an hybrid cloud?Docker, cornerstone of an hybrid cloud?
Docker, cornerstone of an hybrid cloud?
 
08 sdn system intelligence short public beijing sdn conference - 130828
08 sdn system intelligence short public beijing sdn conference - 13082808 sdn system intelligence short public beijing sdn conference - 130828
08 sdn system intelligence short public beijing sdn conference - 130828
 
Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014Docker meetup talk - chicago March 2014
Docker meetup talk - chicago March 2014
 
A hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stackA hitchhiker‘s guide to the cloud native stack
A hitchhiker‘s guide to the cloud native stack
 
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
A Hitchhiker’s Guide to the Cloud Native Stack. #CDS17
 
Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure Multicloud as the Next Generation of Cloud Infrastructure
Multicloud as the Next Generation of Cloud Infrastructure
 
The Microservices world in. NET Core and. NET framework
The Microservices world in. NET Core and. NET frameworkThe Microservices world in. NET Core and. NET framework
The Microservices world in. NET Core and. NET framework
 
Cloud to Edge
Cloud to EdgeCloud to Edge
Cloud to Edge
 
Microservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native AppsMicroservices Architecture - Cloud Native Apps
Microservices Architecture - Cloud Native Apps
 
Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...
Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...
Docker Networking in Production at Visa - Sasi Kannappan, Visa and Mark Churc...
 
Azure Day Rome 2019 Reloaded - Strangle(r pattern) your legacy application ru...
Azure Day Rome 2019 Reloaded - Strangle(r pattern) your legacy application ru...Azure Day Rome 2019 Reloaded - Strangle(r pattern) your legacy application ru...
Azure Day Rome 2019 Reloaded - Strangle(r pattern) your legacy application ru...
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in docker
 
Accelerate Digital Transformation with IBM Cloud Private
Accelerate Digital Transformation with IBM Cloud PrivateAccelerate Digital Transformation with IBM Cloud Private
Accelerate Digital Transformation with IBM Cloud Private
 
Are you ready to be edgy? Bringing applications to the edge of the network
Are you ready to be edgy? Bringing applications to the edge of the networkAre you ready to be edgy? Bringing applications to the edge of the network
Are you ready to be edgy? Bringing applications to the edge of the network
 
Making Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdfMaking Cloud Native CI_CD Services.pdf
Making Cloud Native CI_CD Services.pdf
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to Docker
 

Dernier

TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxNIMMANAGANTI RAMAKRISHNA
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 

Dernier (11)

TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 

DockerCon - The missing piece : when Docker networking unleashes software archtecture 2.0

  • 1. The missing piece: when Docker networking unleashes software architecture 2.0 A. Blind DevOps coach Societe Generale @adrienblind L. Grangeau Solutions architect Finaxys @laurentgrangeau
  • 2. Agenda 2 - Starters Docker networking & volume features discovered 4 - Dessert Taste-an-app 1 - Apetizer Back on current Docker paradigms 3 - Main course Application architecture shifts
  • 4. Back on Docker paradigms ‘’A universal, self-sufficient and standard artifact embedding an app module, and its subsequent infrastructure configuration’’ Immutable Versionned Light Portable Disposable Programatic Social Incremental  It’s mainly focused on enclosing computing capabilities: what about storage ? Network ?
  • 8. Docker networking The Container Network Model (CNM) A docker container Endpoint A docker container Endpoint A docker container EndpointEndpoint Network sandbox Network sandbox Network sandbox Front network Back network
  • 9. Docker networking $ docker network create mynetwork 5000dec7c180a63d87031de7e6bfcf2b25cf1e5daef6338f16fbd4 451210a938 $ docker network create –d overlay multihostnetwork e6537b859359843bc02392245ab226070f79dbf87be2d492969c84 3f89fb6de6
  • 10. Docker networking $ docker network inspect mynetwork [ { "Name": "mynetwork", "Id": "5000dec7c180a63d87031de7e6bfcf2b25cf1e5daef6338f16fbd4451 210a938", "Scope": "local", "Driver": "bridge", "IPAM": { "Driver": "default", "Config": [ {} ] }, "Containers": {}, "Options": {} } ]
  • 11. Docker networking Host Host Host Host SDNs SDN 1 SDN 2 SDN 3
  • 13. Docker networking Docker Compose evolved to embrace new networking features $ docker-compose --x-networking --x-network-driver=overlay up $ docker-compose up
  • 15. Docker volumes Host file system Host file system ‘’Former data management locked in a host’’
  • 16. Docker volumes Host file system Container Volume ‘’Containers mount a volume which may be backed externaly’’
  • 17. Docker volumes $ docker volume create –d volplugin --name pool/name Cf872ca21d27843f6b6319ac1a34390dd38d94ed4649cd985456d5 23fb05d4cc $ docker run –d –p 8080:8080 –v pool/name:/var/jenkins_home jenkins 96aec6f4e45e050dfb4f75a1009e7f105bced5b406752e62d47061 5d07348b07
  • 18. Docker volumes $ docker volume ls DRIVER VOLUME NAME local cf872ca21d27843f6b6319ac1a34390… local f19f50251f48c64a6b33a5c637c2330… $ docker volume inspect cf872ca21d27843f6b6319ac1a34390dd38d94… [ { "Name": "cf872ca21d27843f6b6319ac1a34390dd38d94…", "Driver": "local", "Mountpoint": "/mnt/sda1/var/lib/docker/volumes/[…]/_data" } ]
  • 21. Application Compute (Run containers) Storage (Volumes) ‘’Immutability of containers, resiliency & scalability led to data externalization in separate objects’’
  • 22. ‘’Fine-granularity of containers led to closely interconnect them’’ Application Compute (Run containers) Storage (Volumes) Transport (Network)
  • 23. ‘’The whole topology can now be described’’ Application Compute (Run containers) Storage (Volumes) Transport (Network) Topology (Compose)
  • 24. ‘’Docker finally shifted to object-oriented infra. architecture’’ Application Compute (Run containers) Storage (Volumes) Transport (Network) Topology (Compose) CaaS platform (Swarm, Machine...)
  • 27. Security paradigms shifts Your IT opens up • Externalization (housing, hosting) • Cloud (IaaS/PaaS/SaaS) Open up your IS • B2B, services exposition • Multi tenancy More & more breaches appears in your Great Wall of China!
  • 28. Security paradigms shifts The necessary porosity of your IS requires to stick security closer to each application: sandbox your apps and expose protected interfaces! Network is part of application topology Security is an app topic, not just infra. concern Onboard security in feature teamSecDevOps
  • 29. Network paradigms shifts VM VM VM VM VM VM VM VM VM Internet Internet DMZ Physical overview Logical overview Tenant #1 Tenant #2 LAN LAN DMZ1 DMZ2 Traditional networks relies a lot on low layers (L2, etc.) Application topologies are quite different from physical ones
  • 30. Network paradigms shifts SDNs propose network solutions embracing cloud paradigms Massively multi-tenant Thousands tenants, massively scalable Easy & fast (de)provisioning Infra as code, API centric Infrastructure agnostic L3, does not stick with lower levels (physical designs, vlans & co) Decouple infrastructure & tenants lifecycles Cross technology, vendor agnostic
  • 31. From Enterprise Services buses to full-mesh topologies ESB Service Service Service Service Service > ServiceService Service Service Service Micro services
  • 32. Fine-grained, highly decoupled and atomic purpose centric services Designed for failure Multi-versioned Scalable Micro services Stateless Share-nothing Immutable Continuously delivered Distributed
  • 33. Service consumer Service provider Registry 2. Find 1. Publish 3. Bind Leverage on a Service registry to discover where are services located Micro services
  • 34. Resilience & scalability: apps problem now! Vertical > horizontal Apps designed for failure & scalability Data to be externalized Dumber infrastructure  Structured: MongoDB, Hadoop, Cassandra, Elastic Search...  Binaries: object storage with Ceph, OpenStack Swift...  Helpful patterns: stateless, multi-versioning, loose coupling...  Infrastructure rationalization  Low-cost, poor-SLA commodity
  • 35. « Organizations which design systems... are constrained to produce designs which are copies of the communication structures of these organizations ». - M. Conway, 1968 Consider shifting your organization if you wish to shift your architecture Forget about the central architects myth of organizing, integrating everything Consider changing your organization to expect changing the architecture!  promote feature teams Organization
  • 36. Docker suits perfectly new applications challenges Create docker networks to isolate applications Docker container properties fits micro-services challenges Resilience & scalability is mostly about multiplying containers Expect to discuss roles shift in organization
  • 39. Application design Provider micro serviceConsumers The python app module exposes a REST service searching information in the MongoDB The NGINX reverse proxy forward app. requests on one of the python instance registered in Consul Find
  • 40. Application topology & runtime The whole application topology is stored as: docker-compose yaml file docker-compose args (aka --x-networking & --x-network-driver) You can scale up or down the python instances of the micro- service using traditionnal docker-compose scale command
  • 41. Network view Only the load balancer VIP is exposed externally A WAF instance could secure this entrypoint SDN « dockerconeu15 » Host network Provider micro serviceConsumers
  • 42. Network view - advanced Provider micro service Consumers SDN « front » SDN « back » Host network Back Middle Front ‘’To enhance security you may decouple each application tier’’
  • 43. Zoom on the registry usages Between micro-services, consumers asks the registry where a desired micro-service is located Inside a micro-service, NGINX is made aware of the backend API instances available, via the registry At container level, the registrator enable to registers any container instances, grouped per type At infrastructure level, the registry is used by swarm (internally) to be aware of the cluster’s participants Noticed the different usages of a registry ? You may consider using different registries for each usage : for example an internal registry for the micro service internal topology
  • 45. Docker shifted from universal containers to object-oriented infrastructure Security is an app concern Software is eating the world: application architecture is the key, infrastructure is commodity
  • 46. Thank you! A. Blind @adrienblind adrien.blind@sgcib.com L. Grangeau @laurentgrangeau laurent.grangeau@gmail.com