In this blog, I will cover Docker datacenter usage with AWS. This blog is part of my Docker for AWS series and uses the sample voting application for illustration.
Docker Datacenter is Docker’s enterprise grade CaaS(Container as a service) solution where they have integrated their open source software with some proprietary software and support to make it into a commercial product. Docker Datacenter can be deployed on-premise or in cloud providers like AWS. Docker Datacenter is available free for 30 day trial period.
Docker Datacenter Architecture
Following picture shows the core components of Docker Datacenter:
(Image from Docker webpage)
Following are the key components of Docker Datacenter:
UCP(Universal control plane):
UCP provides controller to manage the platform and it integrates well with Light weight directory access protocol(LDAP) and Role based access control(RBAC). UCP also provides multi-tenancy support. This allows enterprises to integrate Docker Datacenter with their current user management solutions. Swarm is used for orchestration. UCP provides a nice GUI and same Docker APIs can be used to control UCP. Multiple UCP controllers can operate in HA mode. UCP also provides monitoring and logging support for Containers.
DTR(Docker Trusted registry):
DTR provides a secure Docker image repository and it integrates well with UCP and Docker engine.
This is the open source Docker engine with commercial support.
Docker Datacenter for AWS
Docker Datacenter is an application comprised of UCP, DTR, Docker engine and supporting services running as Containers. Docker Datacenter for AWS means running these system services on AWS instances along with running the application containers which the system services manages. System services and application containers will be run on separate instances for resiliency purposes.
Following picture shows the architecture of Docker Datacenter for AWS:
(Picture from Docker Datacenter documentation)
Following are some important notes on Docker Datacenter for AWS architecture:
- There are 3 kinds of EC2 cluster instances created. UCP controller cluster, DTR cluster, application cluster. UCP controller cluster runs UCP application, DTR cluster runs DTR application, application cluster runs user containers. UCP and DTR are developed as a micro-service with multiple containers. The EC2 instances are spread between 2 availability zones for HA.
- Each of the cluster resides in the private network for security purposes. For each of the cluster, there is a ELB in public network that exposes the cluster to the outside world.
- Docker in collaboration with AWS has created a cloudformation template to simplify the creation of Docker Datacenter infrastructure. Cloudformation template takes care of creation of the EC2 instances, deploying UCP, DTR and all associated system containers into the nodes. In addition, Cloudformation takes care of creation of ELB, VPC and all other supporting infrastructure.
Following are some pre-requisites to be done before we can deploy the voting application:
- Get Docker datacenter 30 day trial license from here.
- We need a registered DNS domainname to use Docker datacenter. UCP and DTR runs on sub-domains of the main registered domain name. In my case, i had “sreeniweb.net” domain already registered with Godaddy. I created a Route53 hosted zone in AWS and updated the nameservers in Godaddy to use AWS nameservers. The other option is to get domainname directly from AWS itself. The cost for domain name varies based on the provider.
Creation of Docker Datacenter infrastructure in AWS
Use the Cloudformation template to create the infrastructure. We need to input number and size of EC2 instances for UCP controller, DTR and application instances. This takes around 30-45 minutes. Following picture shows the user inputs that are needed:
For my case, i used m3.medium for EC2 instances and cluster size as 3. “dtr.sreeniweb.net”for DTR FQDN, “ucp.sreeniweb.net” for UCP FQDN, “*.apps.sreeniweb.net” for application FQDN. We need to enter license in JSON format in the license field.
Following is the screenshot of successful creation along with the resource outputs:
Following output shows the main UCP dashboard:
Following output shows the different EC2 instances created. This can be seen from AWS EC2 console.
In the above output, we can see 3 UCP controller instances, 3 DTR instances, 3 application node instances and 1 Jumphost. Jumphost is useful to ssh to other EC2 instances.
Following output shows the 3 classic ELBs that gets created. This can be seen from AWS EC2 console. The 3 ELBs are for UCP, DTR and application containers.
Voting application deployment
Following is the voting compose file that I tried to deploy in Docker Datacenter:
client: image: 'smakam/myubuntu:v4' command: 'ping docker.com' links: - vote:vote vote: image: 'instavote/vote:latest' ports: - '80:80'
Following output shows the application created:
In the above output, we can see that there are 3 containers in this application. I have scaled the “vote” container to have 2 instances.
Voting application exposes port 80 on each node instance. Following output shows that port 80 access to the ELB connected to application nodes getting load balanced between the 2 containers.
$ curl DockerDat-UCPNodes-1XH06TRPK2SWQ-1768209315.us-westamazonaws.com | grep -i "container id" Processed by container ID 50055eec5656 $ curl DockerDat-UCPNodes-1XH06TRPK2SWQ-1768209315.us-west-2.elb.amazonaws.com | grep -i "container id" Processed by container ID 8c8190f2fe9b
ssh into the nodes
Since the EC2 instances are not directly exposed to the outside world, we need to first ssh into the jumphost and then ssh from jumphost into the individual instances. Jumphost is automatically created by Cloudformation template. ssh access helps in debugging.
Following output shows the Docker version in 1 of the application nodes:
$ docker --version Docker version 1.11.2-cs4, build 7d4e626
Swarm mode is not yet available in Docker Datacenter as it is available only from version 1.12. It will be interesting to see how Swarm mode will be integrated to Docker Datacenter and if that will be kept as a default option instead of traditional Swarm mode.
Following output shows the running Containers in 1 of the application node:
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 847dd233475b smakam/myubuntu:v4 "ping docker.com" 40 minutes ago Up 40 minutes myvotingapp_client_1 50055eec5656 instavote/vote:latest "gunicorn app:app -b " 40 minutes ago Up 40 minutes 0.0.0.0:80->80/tcp myvotingapp_vote_1 db588e83584a docker/ucp-swarm:1.1.2 "/swarm join --discov" 3 hours ago Up 3 hours 2375/tcp ucp-swarm-join e03f9cad5763 docker/ucp-proxy:1.1.2 "/bin/run" 3 hours ago Up 3 hours 0.0.0.0:12376->2376/tcp ucp-proxy
In the above output, first 2 are application containers and next 2 are UCP system containers.
Accessing UCP through CLI
We can use the procedure here to get CLI access. This gives us access to the Swarm manager from where we can control the whole cluster. Following output shows that the complete cluster summary including the 9 nodes using the regular Docker command:
$ docker info Containers: 61 Running: 60 Paused: 0 Stopped: 1 Images: 128 Server Version: swarm/1.2.3 Role: primary Strategy: spread Filters: health, port, containerslots, dependency, affinity, constraint Nodes: 9
Integrating UCP with DTR
This link walks through the steps to integrate UCP with DTR. This would allow UCP to securely push and pull images from DTR.
For folks who want to try Docker Datacenter in the trial period, there is no option to try it out without having a registered domain name. It will be good if there is a way to workaround this.