DISCLAIMER: This is all my personal opinion. As always, I reserve the right to be totally and utterly wrong about everything 😀
In true Docker form, this is both ridiculously simple, and reassuringly secure.
Think I sound like a shill or a Docker fanboy when I say that? I challenge anybody to show that Docker is not working hard to make things simple and secure…
On the clustering side of things they’re actually using the term swarm instead of cluster. But the short and skinny is that you can pool lots Docker hosts together and have them behave like a single large Docker host. And it’s so simple it’s just ridiculous!
As of Docker 1.12 you’ll be able to spin up a swarm (cluster) with just two commands:
$ docker swarm init < This one creates the swarm $ docker swarm join < This one grows the swarm by adding hosts
And the beautiful thing…. it’s secure by default! And just in case it’s not obvious why that’s beautiful, check out just some of my old notes on how to configure a semi-secure swarm before this announcement.
Well instead of all of that ugliness above, we can do more with just two simple commands, and everything will be secured with TLS, including automatic key rotation on a schedule that you can configure. Seriously, that’s a godsend.
A bit on native orchestration
So before this announcement, creating clusters of Docker hosts and orchestrating apps on top of them was hard. Not rocket science, but still hard. You’d have to take an additional technology, something like Kubernetes, and layer it on top and do a shed-load of configuration.
With this announcement, orchestration just got waaaaaay simpler.
But as well as the native clustering, Docker 1.12 also introduces the notion of services – a declarative way to define resilient scalable containers. So instead of the old way (docker run) where you’d say something like run this container on that node, you can now say (docker service create) run this container, make sure there’s always x number of them, and spread them nicely across all nodes in the swarm. Docker then takes care of the heavy lifting behind the scenes.
But not just that….. It does native rolling updates. So you can say things like update the version of the containers in this service to a new version, do the update two containers at a time and wait 2 minutes in between each pair of containers you update. Pretty amazing stuff. But there’s still more…… You can also scale services by saying things like increase the number of containers in this service to 110.
All good stuff.
Clearly this is going toe-to-toe with ecosystem technologies like Kubernetes and Mesosphere DOCS*. And I know some people have questions over ethics of this and the potential impact on the budding 3rd party ecosystem. So here’s my thoughts….
Docker, Inc. has a philosophy of batteries included but removable. This sticks to that philosophy. The only change is the improved quality of the batteries that are included. That’s fine, they’re still removable. And as always, it’s still up to 3rd parties to produce better alternatives. I’m a massive free-market advocate and see competition as the major driving force behind innovation. I say bring it on!
QUESTION: Will this break Kubernetes?
In one word, “no”.
So here’s the thing….. Docker 1.12 is fully backwards compatible. That means whatever worked before 1.12 will still work with 1.12. The thing to note is that you don’t have to run Docker 1.12+ in swarm mode – it’s entirely optional. If you don’t enable swarm mode, then everything works exactly the same as it always has!
QUESTION: Will this kill Kubernetes and other ecosystem products?
Coming back to the competition aspect. This is a great thing for the ecosystem and I look forward to better versions of all competing products. Think about Internet Explorer – the hideous browser from Microsoft. That was bundled with Windows for years! But did it stop Mozilla, Google and others from making something far superior? Ha!
* not all three products are exactly the same, and not all three have feature parity
How good is this gonna be?
Dunno. But early signs are good.
I’ve played with it for a few weeks and can attest that simplicity and security as as advertised. Scalability is something I’ve not had a chance to put to the test, and reliability is as you would expect with any new product or major feature – you’ll need to thoroughly test it before you trust it.
On the point of reliability though….. all of the new swarm features are implemented as separate go routines. So enabling swarm mode is what brings all the new new go routines into the fray. Disabling swarm mode takes them out of the mix. Real world implication… if you’re not using the funky new stuff, the core Docker engine in Docker 1.12 is gonna be as reliable as any other point release of the product.
Final word… I like what I see.
Wanna learn everything you need to know to get up and running with Docker Swarm Mode, Services, Stacks, Bundles and all the other great stuff released with Docker 1.12….. go checkout my new Getting Started with Docker video course. Trailer below.