Monday, June 20, 2016

Docker Brings Built-in Container Orchestration

Docker is adding built-in orchestration capabilities to it Docker Engine, thereby enabling developers and IT organization to form a self-organizing, self-healing pool of machines on which to run multi-container distributed applications – both traditional apps and microservices – at scale in production. Specifically, Docker 1.12 will offer an optional “Swarm mode” feature that users can select to “turn on” built-in orchestration, or they can also elect to use either their own custom tooling or third-party orchestrators that run on Docker Engine.

“Orchestration is at the same stage today as containerization was before Docker. You either need an army of experts to build it, or you lock yourself to a monolithic platform which will drastically reduce your choice of suppliers,” said Solomon Hykes, founder and CTO at Docker. “Three years ago we brought containerization into the mainstream by making it usable for non-experts, without lock-in. We think it’s time to do the same for orchestration. This is a necessary step for the industry to move forward, and as the leaders of the containerization market it’s our responsibility to lead this change.”

The upcoming Docker 1.12 release simplifies the process of creating groups of Docker Engines, also known as swarms, which are now backed by automated service discovery and a built-in distributed datastore. The company said that unlike other systems, the swarm itself has no single point of failure. The state of all services is replicated in real time across a group of managers so containers can be rescheduled after any node failure. Docker orchestration includes a unique in-memory caching layer that maintains state of the entire swarm, providing a non-blocking architecture which assures scheduling performance even during peak times. Additionally, the system has a built-in routing mesh technology that addresses the challenge of how to provide container-aware load balancing. The routing mesh ensures that requests are made to the right containers regardless of where they have been scheduled within the swarm.

For security, each Engine is automatically assigned a cryptographic identity which ensures that only validated Engines can be accepted into a swarm. Moreover, Docker Engine comes with mutually authenticated TLS, providing authentication, authorization and end-to-end encrypted communications among every node participating in the swarm, without the operator having to take any steps to enable it.


Post a Comment

See also