Container orchestration with Docker Datacenter

Hello, I am Richard Weber, a Devops consultant here at Eficode. I attended the Devops2016 conference and today I am writing about the presentation that Markus Suonto held about Docker Datacenter.

The presentation started with a high level overview of the system, which components it consist of and what they do. After that he showed a short demo of how the system is used in practice when developing software for it, and when deploying said software into the environment.

The system consists for two main components, the Docker Universal Control Plane, which is the controlling system for the compute environment where applications are run, and the Docker Trusted Registry, which is a system where you store Docker images. It is Dockers commercial product for running an on-premises Docker Registry where you store your images (the SaaS counterpart is the Docker Hub).

The Docker Universal Control Plane (UCP) build on top of the open source components, the Docker Engine, Docker Compose, and the clustering system Docker Swarm. What it adds to these is a web based graphical user interface where you get an overview of everything running in your cluster, and the ability to do user access control. Markus focused on the user access control part, which he thought was good, but still lacking. The concept is that you provide users and teams with labels that they have access to. This system is very good in theory as it allows for very fine control of what different users can access, but I have to agree with him on the lacking part. These labels are only available for Containers. The other resources, like networks and volumes, do not yet support these. Once these labels are available for other resources this system will be a lot more mature.

The Docker Trusted Registry is a more mature product, and as these components can be run separately you don’t need to have the UCP to be able to run the Registry. The registry has user access control, but it is not label based. It has teams and users, and both entities can own repositories (images). So if you need an on-premises Docker Registry and don’t want to set one up with the various open source alternatives, or maybe you want the ability to send a support ticket, this could be a great tool for you.

Next he went on to show a demonstration on how you as a developer use Docker Compose to define the entire Docker based stack that your application needs, and how that file can be used to quickly run said stack locally on your laptop. After that he proceeded to push the images that he built of his application to the Docker Trusted Registry. He then showed how the same Docker Compose commands were used to deploy the application in the cluster. The only thing that changed was that he downloaded a bundle that contained certificates and configuration files from the UCP, one of the files were a simple shell script that exported a couple of environment variables that the Docker client uses to determine where it should point its commands.

In total I think that the Docker Datacenter package can be great for those who are familiar with the Docker commands and environments, as the same commands are used to control the system. Once the access system in the UCP is more mature I believe that this is going to be a strong competitor on the market when Docker orchestration is concerned.

If you were unable to be at the event and would be interested in this presentation, you can watch it here (Markus Suonto, Eficode):

https://www.youtube.com/watch?v=2HmI3MocKJk&index=9&list=PLvo3403u1dyiNuttzUKaPThO3UXBBug3w

Thanks for reading!

P.S. Since version 1.11 of the Docker Engine labels will be supported for networks and volumes, which means that the lacking part of the permission system may go away sooner rather than later.