田嘉林 打造基于Docker的PaaS平台

2020-02-27 126浏览

  • 1.
  • 2.
  • 3.Docker at Dianping! @kenshin54!http://github.com/kenshin54!i@kenshin54.me! jialin.tian@dianping.com!
  • 4.Agenda! • Introduction to Docker ! • Docker at Dianping! • Why Container? Why Docker?! • Improvement! • Problems!
  • 5.Let’s start with! Questions!
  • 6.Raise your hand if you have…! • Tried Docker (just for fun)! • Used Docker locally! • Deployed Docker for dev/test/production env!
  • 7.Docker Overview! Build, Ship and Run Any App, Anywhere!
  • 8.Docker at Dianping! • Why Container! • Why Docker! • Improvement! • Problems!
  • 9.Why Container! • We want to build a private cloud! • We want to improve resource utilization! • Application centric! • Easy to deploy and scale!
  • 10.Why Docker! • Written in Go (LXC written in C)! • GC, Concurrency…! • RESTful HTTP API! • Layered image! • Dockerfile (OPS & User friendly)! • Well-formed and detailed documentation! • Active communities and ecosystems!
  • 11.We need more …! • Seamless migration (DEV & OPS)! • Treat the container just like vm! • Public network! • Container metric collection/monitor! • Make system tools cgroup aware! • Execute command in running containers! • Change resources on the fly!
  • 12.We need more …!
  • 13.Network! • Docker use host-only network with NAT by default! • Duplicated IP addresses in multiple hosts! • • Monitor unfriendly! NAT is hard to maintenance! • Service can not access directly (ssh…)!
  • 14.Solution (Open Source)! • Pipework Software-Defined Networking tools for LXC (LinuX Containers)! • Weave Weave creates a virtual network that connects Docker containers deployed across multiple hosts.! • Kubernetes Kubernetes is an open source implementation of container cluster management.!
  • 15.Solution! • Create a network bridge with a physical interface! • Specify network settings when creating containers! • docker run — ip=“192.168.3.11/24@192.168. 3.1” tomcat! • Persistence support! • All services running on container are accessible directly!
  • 16.Tools & Metrics !
  • 17.Solution! • We collect metric data from cgroup ! • docker metric container!
  • 18.Kernel Patch! • Apply Alibaba’s kernel patch to CentOS 6.5! • Make the /proc VFS cgroup aware!
  • 19.Exec Command! in running container! • Upgrade app without restart container! • Easy to attach into container (bash…)!
  • 20.Solution! • We extend docker with the exec feature! • docker exec container command [args…]!
  • 21.Resource Control! • Docker can set resource while creating a container, but didn’t provide a way to change resource when the container is running!
  • 22.Solution! • Allow to change resource on the fly! • docker cgroup container memory.limit_in_bytes=2G!
  • 23.Image…! • Build an app-agnostic base image! • Reduce the cost of image maintenance! • Bind the app with volume feature!
  • 24.Problems! • Remove container is slow! • Host inaccessible in public network! • “Storm traffic” in public network!
  • 25.Remove container! is slow!! • We use device mapper as storage driver! • 10 seconds docker takes to remove a container! • Docker use sparse file as storage by default which need to do block discard manually!
  • 26.Solution! • Use a raw block device to improve performance!
  • 27.Host inaccessible! • After start/stop a container, the host is inaccessible in a short period! • By default bridge interfaces in Linux use, for their MAC address, the lowest MAC address among the enslaved interfaces.!
  • 28.Solution! • Config a fixed MAC address in network configuration!
  • 29.“Storm traffic”! • After shutdown a container! • Huge traffic would be caused in the same subnet! • Be accompanied with dropped packets!
  • 30.Why?! • Physical network interface enter promiscuous mode! • Docker enable ip_forward by default! • Container will inherit ip_forward configuration!
  • 31.Solution! • turn off ip_forward! • sysctl -w net.ipv4.ip_forward=0!
  • 32.Migration! • 500+ Apps! • 120+ Apps, 400+ Instances! • 60 -> 23 Hosts! • 3 seconds to scale!
  • 33.Summary! • Docker is a fantastic tool for distributed applications! • Build, Ship and Run Any App, Anywhere! • Less resource consumption! • Application scale painless! • Docker containers are like Legos, you can combine them in your ways!
  • 34.Q & A! Thank you!