Docker 1.12 Integrates Orchestration Directly Into Container Engine
SEATTLE—Docker today at DockerCon 2016 here officially announced Docker Engine 1.12, which directly integrates container orchestration technology that previously had required separate technology to implement. Docker first announced the Swarm orchestration technology back in February 2015 as a stand-alone project, requiring separate installation.
"Prior to Docker 1.12, users would have had to download Docker Swarm, set it up on their own and that would be the same scenario for any other third-party container orchestration tooling," Scott Johnston, COO of Docker Inc., told eWEEK. "By building Swarm orchestration directly into Docker Engine, we're making it self-configuring, with self-discovery and, in the near term, self-healing as well."
With the integration of Swarm into Docker Engine, Docker developers have managed to remove much of the complexity and make it easier for users to deploy multi-container applications across a cluster, Johnston said. From a developer perspective, orchestration is achieved via what's known as a declarative model, under which a user defines the desired state of a cluster and the applications running on it and then Docker Engine makes it all work.
"Docker Engine 1.12 just makes it all work; Docker stands up the nodes and the containers on the nodes, it networks the containers and maintains the state," Johnston said. "So if a node goes down for some reason, Docker's integrated orchestration can redeploy a node to get the cluster and its applications back to the desired state."
Going a step further, Docker is making sure that the integrated orchestration and clustering capabilities also are secure by using Transport Layer Security (TLS) for encrypting the data links between cluster nodes. Additionally, each Docker cluster node gets its own unique cryptographic key fingerprint and identity.
"As such, anyone that tries to sniff the wire and read communications between two Docker nodes can't, since the links are encrypted," Johnston said. "Additionally, if an attacker tries to spoof a node, pretending to be a legitimate workload, that's impossible as it won't match the fingerprint and won't be allowed to join the cluster."
Despite Swarm's integration in Docker 1.12, the stand-alone Swarm project isn't being discontinued. Johnston noted Docker Swarm has been downloaded 13 million times in the last 12 months, and the technology has a strong user base. That said, the general direction for Docker in the future will be to enable an integrated approach for orchestration rather than a stand-alone experience.
However, Johnston noted, Docker is all about choice: The integrated Swarm features in Docker 1.12 are optional—users can choose to not use the integrated orchestration and instead use whatever third-party orchestration tool they want.
The Swarm implementation in Docker Engine 1.12 is actually a superset of capabilities currently available in the existing stand-alone Docker Swarm project. In addition to the functional parity with the current version of Swarm, Docker Engine 1.12 adds load balancing, service discovery, cryptographic fingerprinting of nodes and TLS encryption, he said.
Also of note in the Docker Engine 1.12 orchestration integration is the use of the Raft distributed consensus methodology for organizing a multinode, multimaster cluster. Raft is also a core element of the open-source etcd key value store technology developed by Docker rival CoreOS and used in Google's Kubernetes container orchestration engine.
Though the integration of Swarm into Docker Engine potentially could be seen as a competitive attack against Kubernetes, that's not how Johnston sees it. He emphasized that existing Kubernetes users can continue to use Docker and benefit from the improvements in the stand-alone Docker engine. Johnston also noted that the integrated orchestration in Docker 1.12 is targeted at a large segment of the market that hasn't yet fully embraced orchestration tools for containers.
"We view this as a way for users to try out Docker with orchestration and try it out in a way that has less overhead and is easier to consume versus competitive alternatives in the market," Johnston said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.