Book Image

Native Docker Clustering with Swarm

By : Fabrizio Soppelsa, Chanwit Kaewkasi
Book Image

Native Docker Clustering with Swarm

By: Fabrizio Soppelsa, Chanwit Kaewkasi

Overview of this book

Docker Swarm serves as one of the crucial components of the Docker ecosystem and offers a native solution for you to orchestrate containers. It’s turning out to be one of the preferred choices for Docker clustering thanks to its recent improvements. This book covers Swarm, Swarm Mode, and SwarmKit. It gives you a guided tour on how Swarm works and how to work with Swarm. It describes how to set up local test installations and then moves to huge distributed infrastructures. You will be shown how Swarm works internally, what’s new in Swarmkit, how to automate big Swarm deployments, and how to configure and operate a Swarm cluster on the public and private cloud. This book will teach you how to meet the challenge of deploying massive production-ready applications and a huge number of containers on Swarm. You'll also cover advanced topics that include volumes, scheduling, a Libnetwork deep dive, security, and platform scalability.

Related Content you might be interested in

Current Title:

Small book image
Native Docker Clustering with Swarm
Fabrizio Soppelsa | Chanwit Kaewkasi
Dec, 2016 | 280 pages
No titles found
Table of Contents (18 chapters)
Native Docker Clustering with Swarm
Native Docker Clustering with Swarm
Credits
Credits
About the Authors
About the Authors
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Dedication
Dedication
Preface
Preface
Free Chapter
1
Welcome to Docker Swarm
Welcome to Docker Swarm
Clustering tools and container managers
Swarm goals
Why use Swarm
Real world use case examples
Swarm features
Similar projects
The Swarm v1 architecture
Getting started with Swarm
Swarm, yesterday
Test your Swarm cluster
Swarm, today
Summary
2
Discover the Discovery Services
Discover the Discovery Services
A discovery service
Token
Raft
Etcd
ZooKeeper
Consul
Towards a decentralized discovery service
Summary
3
Meeting Docker Swarm Mode
Meeting Docker Swarm Mode
Swarmkit
Swarm mode
Summary
4
Creating a Production-Grade Swarm
Creating a Production-Grade Swarm
Tools
An HA Topology for Swarm2k
Provisioning the infrastructure with belt
Securing Managers with Docker Machine
Understanding some Swarm internals
Monitoring Swarm2k
Swarm3k
Swarm2k and Swarm3k lessons learned
Summary
5
Administer a Swarm Cluster
Administer a Swarm Cluster
Docker Swarm standalone
Docker Swarm Mode
Cluster management
Swarm health
Backing up the cluster configuration
Disaster recovery
Graphical interfaces for Swarm
Summary
6
Deploy Real Applications on Swarm
Deploy Real Applications on Swarm
Microservices
Deploy a replicated nginx
Overlay networks
Connecting services: A WordPress example
Docker Compose and Swarm mode
Introducing Docker stacks
Another app: Apache Spark
Summary
7
Scaling Up Your Platform
Scaling Up Your Platform
The Spark example, again
Docker plugins
The lab
Installing Flocker
Installing and configuring Swarm
Deploying Spark, again
Scaling Spark
Monitoring Swarm hosting apps
Summary
8
Exploring Additional Features of Swarm
Exploring Additional Features of Swarm
Libnetwork
Encryption and routing mesh
MacVLAN
Network Control Plane
Libkv
Summary
9
Securing a Swarm Cluster and the Docker Software Supply Chain
Securing a Swarm Cluster and the Docker Software Supply Chain
Software Supply Chain
Securing Swarm cluster
Securing a Swarm: Best practices
Docker Notary
Introducing Docker secrets
Summary
10
Swarm and the Cloud
Swarm and the Cloud
Docker for AWS and Azure
Docker Datacenter
Swarm on OpenStack
Summary
11
What is next?
What is next?
The challenge of provisioning
Software defined infrastructure
Docker stacks and Compose
CaaS - Containers as a Service
Unikernels
Contribute to Docker
Summary

Securing Swarm cluster

Recall the picture of a secured Swarm cluster from Chapter 4, Creating a Production-Grade Swarm; we'll explain the security aspects found in a Docker Swarm model cluster.

We have the Orchestrator as one of the main parts of a Docker Swarm manager. Diogo Monica, a member of the Docker Security team, mentioned in his Orchestration Least Privileged presentation, in Berlin 2016, that each component in the orchestration must have a limitation of what it can do.

  • Node management: A cluster operator may instruct an Orchestrator to perform actions for a set of nodes

  • Task assignment: The Orchestrator is also responsible for assigning tasks to each node

  • Cluster state reconciliation: The Orchestrator maintains the state of the cluster by reconciling each state to the desired state

  • Resource management: The Orchestrator offers and revokes resources for submitted tasks

An Orchestrator with the least privilege will make the system secure and a least privilege Orchestrator is defined based...

Previous Section
End of Section 3
Next Section