Since March 20, 2013 Docker appeared in front of developers, less than two years now. "Docker has transformed from a great idea into a great technology, and from a great technology to a great ecosystem, and even from a great ecosystem to a great movement." "I remember at the Docker summit in 2013, developers were still talking about Docker, and at the 2014 Amsterdam Summit, participants were already sharing its case."
However, the commercial prospects of Docker have been criticized by many people in the industry. From the technical concept, to product development to commercial practice, Docker can successfully cross these thresholds?
January 18, 2015 domestic first Docker meetup into the Ucloud headquarters, invited to join the joint partners Wu Bingzong, Linux kernel experts Wan Lintao, Cisco Senior Engineer Yang Zhangxin, Ucloud Senior Technical experts Rocheng equivalent Docker field of technology Daniel , to bring Docker and joyent integration, Docker in Peer-to-peer Internet Financial application implementation, Kubernetes system architecture Introduction, Docker and database application and other business practices closely related to the Docker topic. Their sharing will give us an updated understanding of the problem.
application container Docker integration with infrastructure container joyent smartmachines
First, Wu Bingzong, a joint partner of the group, as Joyent representative in Greater China, shared the latest developments in "Integration of application containers and infrastructure containers", and the advantages of Joyentsmart Cloud Marvell High Performance cloud technology.
Joyent is one of the three largest public cloud providers in the United States, it is also a "wayward" company that once "invited" its Twitter client out of its own platform because of the precarious service provided by Twitter and its refusal to accept suggestions for improvement, joyent that it would affect its reputation for quality of service.
Currently, joyent support for Docker is based on KVM and will provide Smartos based Docker services in the future. Joyent's Smartos is based on Illumos, and Illumos is a version of the OpenSolaris split after Sun was acquired by Oracle. Joyent wants Smartos to be the best place to run Docker. Wu Bingzong introduces and illustrates the following three advantages of Docker+smartos:
High Scalability-vertical expansion, no restartable expansion of storage and memory ram, superior performance, leveraging arc caching for superior disk I/O
The use of
Docker in DevOps process
Wan Lintao, the technical director of DOT-Rong network operation and Management, takes the point of peer-to-peer Internet Financial application as an example to introduce the important role of Docker in the devops process of point-thaw network. Focus on Docker to simplify the development of environmental configuration, the application of rapid deployment, production environment elasticity operation and maintenance of the actual details.
At present the point melts the net in the development, the test entire production flow is using Docker, why chooses Docker? Based on the following appeals:
hope to make full use of the ability of hardware resources; Hope to simplify configuration, one configuration, multiple reuse; hope to be able to deploy on demand, point melt network belongs to the Internet Financial industry application, the flexibility of application has higher requirements; the internet financial industry has higher security requirements and hopes to be based on a safe environment.
And Docker performance is high, easy to use, in the follow-up also helps to SaaS Peer-to-peer services.
The use of Docker in point-thaw
The point melts the net to remove the firewall, the Load blance and the database, all already realized the Docker. Because the load blance does not require frequent duplication of configuration and dynamic management.
In the CI process, the point of the net is to use Docker: Git to do the management code, Jenkins do the compilation, docker the code into image files, and finally pay to runtime environment run.
Speaking of Docker in the production environment is not ready question, Wan Lintao's answer is affirmative:
First of all, Docker architecture is simple, has reached a relatively stable state ; After Docker1.2, the role of Monitor is added, the process can be monitored at any time, the Docker sandbox mechanism is also guaranteed for security; Docker also provides a complete API and library that can easily integrate and develop applications.
Docker experience
Docker The default storage is the loop device method, Wan Lintao recommends that Volum be placed directly on disk to break the limits of performance and storage size; It is recommended to implement configuration through environment variables to simplify subsequent configuration changes; Pay attention to streamlining Docke images, Can save a lot of unnecessary resource consumption;
Docker problem
the service interrupts each Docker update and cannot be updated without interruption. The good news is that this issue has been submitted to the CEO of Docker, the bad news is long overdue, but has not been resolved; the granularity of permission control is too large, when ordinary users are added to a group of groups, they will have all the permissions, such a design is not safe. The current practice is that the host OS is not open to ordinary users; user Mapping:uid does not exist on host, log, etc. the official image image is not very stable, Wan Lintao recommended several domestic mirroring services: daocloud.io,docker.cn and dockerpool.com; The combination of network virtualization and Docker is not good enough;
Introduction to
kubernetes system architecture
Cisco Senior Engineer Yang Zhangxin, first introduced the basic information of kubernetes, Kubernetes is Google Open source container cluster management tools, with light, simple, wide applicability, scalable and self-healing characteristics.
There are several core concepts in kubernetes that understand them to understand the core architecture of Kubernetes:
Kubernetes Architecture
A collection of pod:docker containers that can be created, dispatched, managed by Kubernetes, Boundpod: A collection of containers running on a host; Replicationcontroller:pod collection, Replicas copy, Ensure that a specified number of Pods are in operation at any time, managing pod lifecycle; Services: Single access portal for a range of pods, service IP, service port, load balancer; Labels/selector: A key-value pair that is used to manage and select a set of objects;
Based on these concepts, Yang Zhangxin describes the system architecture of kubernetes, the kubernetes components, the main functions of each component and how each component communicates and works together.
Combination of
Docker and database application
Ucloud Senior Technical expert Rocheng, brings the speech content is Docker and the database application Union. As early as 2013, Ucloud began to practise Docker. For the rapid growth of Ucloud's own business and the explosion of business data, UDB-MONGODB product itself has high availability, high scalability, so the internal business will Docker Udb-mongodb as the first choice. On-demand applications, speed deployment is perfect to solve the storage pressure brought by the business. At present, the Udb-mongodb cluster is running stably, the Docker container provides data service and network service to support the company's part cloud platform and supports many product lines.
Rocheng to finally share some valuable experience in the practice and the advantages and disadvantages of Docker, I think it is very instructive:
Experience
Image: To ensure that the source is clean and reliable (recommended official website), not more than being cited more reliable mirror image, the use of Dockerfile to install the necessary tools, a reasonable version of the maintenance of the operating system: Kernel version and Docker to fit; cgroups mount point; Maximum number of files, Limit the number of connections to DB and so on; Data volume persistence data: Set reasonable read and write permissions;
Security is a problem that many people have been concerned about, Rocheng that Docker has provided good security features, if the security requirements are very high, can be further improved from the following aspects:
Network settings: Custom Network Bridge, limit Docker0, intranet isolation, prohibit exposure port, configure DNS, security enhancement: Enable SELINUX/GRSEC, enable ability mechanism, attention to some super rights; Dockerdaemon Protection: Host root directory is forbidden to map, Abuse of root permissions is prohibited.
Problems and Countermeasures of Docker
Rocheng mainly introduces the following problems and countermeasures:
Service Exception: The problem of stop clothing, automatic restart (extremely low probability), resulting in uncertainty of container survival status, the response measures are real-time monitoring dockerservice; Data volume read and write exception: RW variable RO (small probability event), resulting in the mapping directory can not write, The response is to reboot the Container;docker version upgrade exception: down incompatible, resulting in the existence of images disappeared, this situation can only be prevented, keep the stock machine does not upgrade; Dockercgroup exception, will cause the use of resources over quotas, resulting in oom, The response is to monitor the utilization rate of resources in real time.
The Docker Meetup, the author's biggest feeling is that everyone has been in the practice of using Docker, sharing the content more and more practical, I believe that 2015 we will see more practical applications in China, there will be more related to the start-up enterprises emerge, 2015 will be Docker in the country really landed a year!
If you need more information about Docker or technical documentation to access the Docker technology community, if you have more questions, please put it in the Dcoker Technical Forum and we will invite experts to answer. CSDN Docker Technology Exchange QQ Group: 303806405.