Book Image

Native Docker Clustering with Swarm

By : Fabrizio Soppelsa, Chanwit Kaewkasi
Book Image

Native Docker Clustering with Swarm

By: Fabrizio Soppelsa, Chanwit Kaewkasi

Overview of this book

Docker Swarm serves as one of the crucial components of the Docker ecosystem and offers a native solution for you to orchestrate containers. It’s turning out to be one of the preferred choices for Docker clustering thanks to its recent improvements. This book covers Swarm, Swarm Mode, and SwarmKit. It gives you a guided tour on how Swarm works and how to work with Swarm. It describes how to set up local test installations and then moves to huge distributed infrastructures. You will be shown how Swarm works internally, what’s new in Swarmkit, how to automate big Swarm deployments, and how to configure and operate a Swarm cluster on the public and private cloud. This book will teach you how to meet the challenge of deploying massive production-ready applications and a huge number of containers on Swarm. You'll also cover advanced topics that include volumes, scheduling, a Libnetwork deep dive, security, and platform scalability.

Related Content you might be interested in

Current Title:

Small book image
Native Docker Clustering with Swarm
Fabrizio Soppelsa | Chanwit Kaewkasi
Dec, 2016 | 280 pages
No titles found
Table of Contents (18 chapters)
Native Docker Clustering with Swarm
Native Docker Clustering with Swarm
Credits
Credits
About the Authors
About the Authors
About the Reviewer
About the Reviewer
www.PacktPub.com
www.PacktPub.com
Dedication
Dedication
Preface
Preface
Free Chapter
1
Welcome to Docker Swarm
Welcome to Docker Swarm
Clustering tools and container managers
Swarm goals
Why use Swarm
Real world use case examples
Swarm features
Similar projects
The Swarm v1 architecture
Getting started with Swarm
Swarm, yesterday
Test your Swarm cluster
Swarm, today
Summary
2
Discover the Discovery Services
Discover the Discovery Services
A discovery service
Token
Raft
Etcd
ZooKeeper
Consul
Towards a decentralized discovery service
Summary
3
Meeting Docker Swarm Mode
Meeting Docker Swarm Mode
Swarmkit
Swarm mode
Summary
4
Creating a Production-Grade Swarm
Creating a Production-Grade Swarm
Tools
An HA Topology for Swarm2k
Provisioning the infrastructure with belt
Securing Managers with Docker Machine
Understanding some Swarm internals
Monitoring Swarm2k
Swarm3k
Swarm2k and Swarm3k lessons learned
Summary
5
Administer a Swarm Cluster
Administer a Swarm Cluster
Docker Swarm standalone
Docker Swarm Mode
Cluster management
Swarm health
Backing up the cluster configuration
Disaster recovery
Graphical interfaces for Swarm
Summary
6
Deploy Real Applications on Swarm
Deploy Real Applications on Swarm
Microservices
Deploy a replicated nginx
Overlay networks
Connecting services: A WordPress example
Docker Compose and Swarm mode
Introducing Docker stacks
Another app: Apache Spark
Summary
7
Scaling Up Your Platform
Scaling Up Your Platform
The Spark example, again
Docker plugins
The lab
Installing Flocker
Installing and configuring Swarm
Deploying Spark, again
Scaling Spark
Monitoring Swarm hosting apps
Summary
8
Exploring Additional Features of Swarm
Exploring Additional Features of Swarm
Libnetwork
Encryption and routing mesh
MacVLAN
Network Control Plane
Libkv
Summary
9
Securing a Swarm Cluster and the Docker Software Supply Chain
Securing a Swarm Cluster and the Docker Software Supply Chain
Software Supply Chain
Securing Swarm cluster
Securing a Swarm: Best practices
Docker Notary
Introducing Docker secrets
Summary
10
Swarm and the Cloud
Swarm and the Cloud
Docker for AWS and Azure
Docker Datacenter
Swarm on OpenStack
Summary
11
What is next?
What is next?
The challenge of provisioning
Software defined infrastructure
Docker stacks and Compose
CaaS - Containers as a Service
Unikernels
Contribute to Docker
Summary

Securing a Swarm: Best practices

We will now summarize the checklist for securing a Swarm cluster. The Swarm team is working hard to achieve the goals of preventing attacks on the full stack, but the following rules apply in any case.

Certification Authorities

The first important step to guarantee security is deciding on how to use CA. When you form a cluster with the first node, it will automatically create a self-signed CA for the whole cluster. After spinning up, it creates CA, signs the certificate itself, adds the certificate for the manager, which is itself, and becomes the ready-to-operate 1-node cluster. When a new node joins, it gets the certificate by providing the correct token. Every node has its own identity which is cryptographically signed. Also, the system has a certificate for each rule, worker, or manager. The role is inside the identity information to tell who a node is. In the case that a manager leaks the root CA, the whole cluster is compromised. Docker Swarm mode supports...

Previous Section
End of Section 4
Next Section