1. Introduction
1.1 Purpose & Scope
This document focuses overview of docker ee along with load balancing.
1.2 Document Evolution
This document focuses overview of docker ee along with load balancing.
1.3 Definitions, Acronyms, and Abbreviations
This subsection provides the definitions of all terms, acronyms, and abbreviations required to properly interpret the document. This information may be provided by reference to the project’s Glossary.
UCP
Universal Control Plane
DTR
Docker Trusted Registry
2. Details
2.1 UCP : Docker Universal Control Plane (UCP) is the enterprise-grade cluster management solution from Docker. You install it behind your firewall, and it helps you manage your whole cluster from a single place. High availability cluster
2.1.1 Centralized cluster management:
Docker UCP can be installed on-premises, or on a virtual private cloud. And with it, you can manage thousands of nodes as if they were a single one. You can monitor and manage your cluster using a graphical UI.
2.1.2 Deploy, manage, and monitor:
With Docker UCP you can manage the nodes of your infrastructure. You can also manage apps, containers, networks, images, and volumes, in a transparent way.
2.1.3 Built-in security and access control
Docker UCP has its own built-in authentication mechanism, and supports LDAP and Active Directory. It also supports Role Based Access Control (RBAC). This ensures that only authorized users can access and make changes to cluster.
2.1.4 UCP architecture
UCP is a containerized application, so the first step to install UCP is installing the Commercially Supported (CS) Docker Engine on all the nodes that are going to be part of the cluster.
After CS Docker Engine is installed, you install UCP, and join as many nodes as you want to the cluster.
2.1.5 Architecture
A UCP cluster has two types of nodes:
- Controller: manages the cluster and persists the cluster configurations.
- Node: run your containers.
2.1.6 UCP controller node
When you install Docker UCP on a node, the following containers are started.
2.2 DTR :
2.2.1 Docker Trusted Registry overview:
Docker Trusted Registry (DTR) is the enterprise-grade image storage solution from Docker. You install it behind your firewall so that you can securely store and manage the Docker images you use in your applications.
2.2.2 Image management:
Docker Trusted Registry can be installed on-premises, or on a virtual private cloud. And with it, you can store your Docker images securely, behind your firewall.
2.2.3 Built-in security and access control
DTR uses the same authentication mechanism as Docker Universal Control Plane. It has a built-in authentication mechanism, and also integrates with LDAP and Active Directory. It also supports Role Based Access Control (RBAC). This allows you to implement fine-grain access control policies, on who has access to your Docker images.
2.2.4 DTR architecture
Docker Trusted Registry (DTR) is a Dockerized application that runs on a Docker Universal Control Plane cluster.
2.3 Docker Swarm overview
Docker Swarm is native clustering for Docker. It turns a pool of Docker hosts into a single, virtual Docker host. Because Docker Swarm serves the standard Docker API, any tool that already communicates with a Docker daemon can use Swarm to transparently scale to multiple hosts. Supported tools include, but are not limited to, the following:
- Dokku
- Docker Compose
- Docker Machine
- Jenkins
And of course, the Docker client itself is also supported.
Like other Docker projects, Docker Swarm follows the “swap, plug, and play” principle. As initial development settles, an API will develop to enable pluggable backends. This means you can swap out the scheduling backend Docker Swarm uses out-of-the-box with a backend you prefer. Swarm’s swappable design provides a smooth out-of-box experience for most use cases, and allows large-scale production deployments to swap for more powerful backends, like Mesos.
2.4 Consul: Consul has multiple components, but as a whole, it is a tool for discovering and configuring services in your infrastructure. It provides several key features:
- Service Discovery: Clients of Consul can provide a service, such as api ormysql, and other clients can use Consul to discover providers of a given service. Using either DNS or HTTP, applications can easily find the services they depend upon.
- Health Checking: Consul clients can provide any number of health checks, either associated with a given service (“is the webserver returning 200 OK”), or with the local node (“is memory utilization below 90%”). This information can be used by an operator to monitor cluster health, and it is used by the service discovery components to route traffic away from unhealthy hosts.
- Key/Value Store: Applications can make use of Consul’s hierarchical key/value store for any number of purposes, including dynamic configuration, feature flagging, coordination, leader election, and more. The simple HTTP API makes it easy to use.
- Multi Datacenter: Consul supports multiple datacenters out of the box. This means users of Consul do not have to worry about building additional layers of abstraction to grow to multiple regions.
2.5 Service — Discovery:
3. Overall architecture
