Note: Isolation guarantees among subnets depend on your firewall policies.

Similar documents
Networking & Security for Mesos

2016 Mesosphere, Inc. All Rights Reserved.

Scale your Docker containers with Mesos

Service Discovery using Avi Vantage as IPAM and DNS

@joerg_schad Nightmares of a Container Orchestration System

Kubernetes: Twelve KeyFeatures

MESOS A State-Of-The-Art Container Orchestrator Mesosphere, Inc. All Rights Reserved. 1

CONTINUOUS DELIVERY WITH MESOS, DC/OS AND JENKINS

Docker Networking Deep Dive online meetup

Using DC/OS for Continuous Delivery

CONTINUOUS DELIVERY WITH DC/OS AND JENKINS

What Building Multiple Scalable DC/OS Deployments Taught Me about Running Stateful Services on DC/OS

POWERING THE INTERNET WITH APACHE MESOS

Project Kuryr. Antoni Segura Puimedon (apuimedo) Gal Sagie (gsagie)

Overview of Container Management

Issues Fixed in DC/OS

Docker LibNetwork Plugins. Explorer s Tale

Container Networking and Openstack. Fernando Sanchez Fawad Khaliq March, 2016

AGILE DEVELOPMENT AND PAAS USING THE MESOSPHERE DCOS

Networking Approaches in. a Container World. Flavio Castelli Engineering Manager

An Introduction to Kubernetes

利用 Mesos 打造高延展性 Container 環境. Frank, Microsoft MTC

Mesosphere and Percona Server for MongoDB. Jeff Sandstrom, Product Manager (Percona) Ravi Yadav, Tech. Partnerships Lead (Mesosphere)

Mesosphere and Percona Server for MongoDB. Peter Schwaller, Senior Director Server Eng. (Percona) Taco Scargo, Senior Solution Engineer (Mesosphere)

Zero to Microservices in 5 minutes using Docker Containers. Mathew Lodge Weaveworks

Building and Running a Solr-as-a-Service SHAI ERERA IBM

Deploying WordPress and MySQL

Advantages of using DC/OS Azure infrastructure and the implementation architecture Bill of materials used to construct DC/OS and the ACS clusters

This document provides instructions for upgrading a DC/OS cluster.

Building/Running Distributed Systems with Apache Mesos

Run containerized applications from pre-existing images stored in a centralized registry

Orchestration Ownage: Exploiting Container-Centric Datacenter Platforms

Advanced Continuous Delivery Strategies for Containerized Applications Using DC/OS

Dockercon 2017 Networking Workshop

Container Pods with Docker Compose in Apache Mesos

Container Orchestration on Amazon Web Services. Arun

Cloud Native Networking

Mesosphere and the Enterprise: Run Your Applications on Apache Mesos. Steve Wong Open Source Engineer {code} by Dell

Infoblox Kubernetes1.0.0 IPAM Plugin

Jupyter and Spark on Mesos: Best Practices. June 21 st, 2017

SCALING LIKE TWITTER WITH APACHE MESOS

Architecting for Failure in a Containerized World. Tom Faulhaber Infolace

The Emergence of the Datacenter Developer. Tobi Knaup, Co-Founder & CTO at

TungstenFabric (Contrail) at Scale in Workday. Mick McCarthy, Software Workday David O Brien, Software Workday

Table of Contents DevOps Administrators

Defining Security for an AWS EKS deployment

Network Function Virtualization over Open DC/OS Yung-Han Chen

Kubernetes: Integration vs Native Solution

Deploy an external load balancer with

Project Calico v3.1. Overview. Architecture and Key Components

Container Adoption for NFV Challenges & Opportunities. Sriram Natarajan, T-Labs Silicon Valley Innovation Center

Launching StarlingX. The Journey to Drive Compute to the Edge Pilot Project Supported by the OpenStack

CS-580K/480K Advanced Topics in Cloud Computing. Container III

Marathon & Metronome Mesosphere, Inc. All Rights Reserved. 1

Important DevOps Technologies (3+2+3days) for Deployment

Kubernetes introduction. Container orchestration

Maximizing Network Throughput for Container Based Storage David Borman Quantum

FROM MONOLITH TO DOCKER DISTRIBUTED APPLICATIONS

Cloud I - Introduction

Buenos Aires 31 de Octubre de 2018

EASILY DEPLOY AND SCALE KUBERNETES WITH RANCHER

Table of Contents 1.1. Introduction. Overview of vsphere Integrated Containers 1.2

Dan Williams Networking Services, Red Hat

LAB EXERCISE: RedHat OpenShift with Contrail 5.0

Opendaylight: Enabling 5G through Cloud Native Telco Architecture Edgar Lombara Lumina Networks Inc.

Docker & Mesos/Marathon in production at OVH. Balthazar Rouberol

Life of a Packet. KubeCon Europe Michael Rubin TL/TLM in GKE/Kubernetes github.com/matchstick. logo. Google Cloud Platform

Armon HASHICORP

Table of Contents. Section 1: Overview 3 NetScaler Summary 3 NetScaler CPX Overview 3

CONTAINERS AND MICROSERVICES WITH CONTRAIL

NGF0502 AWS Student Slides

Elastic Load Balancing

Exam : Implementing Microsoft Azure Infrastructure Solutions

WHITE PAPER. RedHat OpenShift Container Platform. Benefits: Abstract. 1.1 Introduction

Building a Data-Friendly Platform for a Data- Driven Future

Contrail Networking: Evolve your cloud with Containers

Kubernetes Integration with Virtuozzo Storage

Kubernetes made easy with Docker EE. Patrick van der Bleek Sr. Solutions Engineer NEMEA

Kubernetes - Networking. Konstantinos Tsakalozos

Infoblox IPAM Driver for Kubernetes User's Guide

Docker DCA EXAM. m/ Product: Demo. For More Information: Docker Certified Associate

Infoblox IPAM Driver for Kubernetes. Page 1

Big Data Security. Facing the challenge

Microsoft Cloud Workshop. Containers and DevOps Hackathon Learner Guide

The bootstrap node must be network accessible from the cluster nodes. The bootstrap node must have the HTTP(S) ports open from the cluster nodes.

Logging Container. VNS3 Plugins Guide 2018

Microsoft Azure Configuration. Azure Setup for VNS3

Xen and CloudStack. Ewan Mellor. Director, Engineering, Open-source Cloud Platforms Citrix Systems

@briandorsey #kubernetes #GOTOber

Sunil Shah SECURE, FLEXIBLE CONTINUOUS DELIVERY PIPELINES WITH GITLAB AND DC/OS Mesosphere, Inc. All Rights Reserved.

Code: Slides:

Zabbix on a Clouds. Another approach to a building a fault-resilient, scalable monitoring platform

APACHE COTTON. MySQL on Mesos. Yan Xu xujyan

Introduction to Mesos and the Datacenter Operating System

Table of Contents 1.1. Overview. Containers, Docker, Registries vsphere Integrated Containers Engine

BIG-IP Local Traffic Management: Basics. Version 12.1

K8s(Kubernetes) and SDN for Multi-access Edge Computing deployment

@unterstein #bedcon. Operating microservices with Apache Mesos and DC/OS

Designing and Evaluating a Distributed Computing Language Runtime. Christopher Meiklejohn Université catholique de Louvain, Belgium

The SMACK Stack: Spark*, Mesos*, Akka, Cassandra*, Kafka* Elizabeth K. Dublin Apache Kafka Meetup, 30 August 2017.

Transcription:

Virtual Networks DC/OS supports Container Networking Interface (CNI)-compatible virtual networking solutions, including Calico and Contrail. DC/OS also provides a native virtual networking solution called DC/OS Overlay. DC/OS Overlay DC/OS Overlay provides an IP per container for Mesos and Docker containers alike. DC/OS Overlay uses CNI (Container Network Interface) for the Mesos Containerizer and Docker libnetwork for the Docker Containerizer. DC/OS Overlay allows containers launched through the Mesos Containerizer or Docker Containerizer to co-exist on the same IP network, allocating each container its own unique IP address. DC/OS Overlay offers the following advantages: Both Mesos and Docker containers can communicate from within a single node and between nodes on a cluster. Services can run in isolation from other traffic coming from any other virtual network or host in the cluster. You don t have to worry about potentially overlapping ports in applications, or using workarounds to avoid overlapping (e.g. using nonstandard ports for services). You can generate any number of instances of a class of tasks and have them all listen on the same port so that clients don t have to do port discovery. You can run applications that require intra-cluster connectivity, like

Cassandra, HDFS, and Riak. You can create multiple virtual networks to isolate different portions of your organization, for instance, development, marketing, and production. Note: Isolation guarantees among subnets depend on your firewall policies. Architecture Here is the DC/OS Overlay architecture: DC/OS Overlay does not require an external IP address management (IPAM) solution because IP allocation is handled via the Mesos Master replicated log. DC/OS Overlay does not support external IPAMs. The components of the DC/OS Overlay interact in the following ways: Both the Mesos master and the Mesos agents run DC/OS overlay modules that communicate directly. The CNI isolator is used for the Mesos containerizer. DNI is used for the

Docker containerizer, shelling out to the Docker daemon. For intra-node IP discovery we use an overlay orchestrator called Virtual Network Service. This operator-facing system component is responsible for programming the overlay backend using a library called lashup that implements a gossip protocol to disseminate and coordinate overlay routing information among all Mesos agents in the DC/OS cluster. Note: Your network must adhere to the DC/OS system requirements to use DC/OS Overlay. Limitations DC/OS Overlay does not allow services to reserve IP addresses that result in ephemeral addresses for containers across multiple incarnations on the virtual network. This restriction ensures that a given client connects to the correct service. VIPs (virtual IP addresses) are built in to DC/OS and offer a clean way of allocating static addresses to services. If you are using DC/OS Overlay, you should use VIPs to access your services to support cached DNS requests and static IP addresses. The limitation on the total number of containers on DC/OS Overlay is the same value as the number of IP addresses available on the overlay subnet. However, the limitation on the number of containers on an agent depends on the subnet (which will be a subset of the overlay subnet) allocated to the agent. For a given agent subnet, half the address space is allocated to the MesosContainerizer and the other half is allocated to the DockerContainerizer. In DC/OS overlay, the subnet of a virtual network is sliced into smaller subnets and these smaller subnets are allocated to agents. When an agent has exhausted its allocated address range and a service tries to launch a container on the virtual network on this agent, the container

launch will fail and the service will receive a TASK_FAILED message. Since there is no API to report the exhaustion of addresses on an agent, it is up to the service to infer that containers cannot be launched on a virtual network due to lack of IP addresses on the agent. This limitation has a direct impact on the behavior of services, such as Marathon, that try to launch services with a specified number of instances. Due to this limitation, services such as Marathon might not be able to complete their obligation of launching a service on a virtual network if they try to launch instances of a service on an agent that has exhausted its allocated IP address range. Keep this limitation in mind when debugging issues on frameworks that use a virtual network and you see the TASK_FAILED message. DC/OS Overlay uses Linux bridge devices on agents to connect Mesos and Docker containers to the virtual network. The names of these bridge devices are derived from the virtual network name. Since Linux has a limitation of fifteen characters on network device names, there is a character limit of thirteen characters for the virtual network name (two characters are used to distinguish between a CNI bridge and a Docker bridge on the virtual network). Certain names are reserved and cannot be used as DC/OS Overlay names. The is because DC/OS Overlay uses Docker networking underneath to connect Docker containers to the overlay, which in turn reserves certain network names. The reserved names are: host, bridg e and default. Marathon health checks will not work with certain DC/OS Overlay configurations. If you are not using the default DC/OS Overlay configuration and Marathon is isolated from the virtual network, health checks will fail consistently even if the service is healthy. Marathon health checks will work in any of the following circumstances: You are using the default DC/OS Overlay configuration. Marathon has access to the virtual network.

You use a command health check. Virtual Network Service: DNS The Virtual Network Service maps names to IPs on your virtual network. You can use these DNS addresses to access your task: Container IP: Provides the container IP address: <taskname>.<framewo rk_name>.containerip.dcos.thisdcos.directory Auto IP: Provides a best guess of a task s IP address: <taskname>.<fra mework_name>.autoip.dcos.thisdcos.directory. This is used during migrations to the overlay. Terminology: taskname : The name of the task framework_name : The name of the framework, if you are unsure, it is likely marathon

Configuring IP-per-Container in Virtual Networks The virtual network feature is enabled by default in DC/OS. The default configuration of DC/OS provides a virtual network, dcos, whose YAML configuration is as follows:

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback