Docker Enterprise's main components

Since Docker Enterprise piggybacks off Docker Engine-Community's Swarm mode, our discussion starts with a sample overview of Swarm clusters. Figure 1 represents a 10-node Docker Swarm cluster. It is composed of three manager nodes and seven worker nodes. Each of the nodes is a VM or bare-metal server running the Docker Engine in Swarm mode.

Our three manager nodes are members of a Raft consensus group backed by an encrypted Etcd cluster for storing things like the cluster's state, certificates, and secrets. To function properly, there needs to be an odd number of manager nodes in the health state because you need to maintain a quorum (a majority of managers need to agree on any changes to the cluster state). One manager node clusters are efficient, but if the manager goes down the cluster is dead. For higher availability, clusters generally have three and sometimes five managers for redundancy.

As the name implies, worker nodes are where containerized workloads run. There can be any number of workers and these nodes can be scaled up and down as needed:

Figure 1: Highly available Swarm cluster  © 2013-2018 Docker, Inc. All rights reserved

By now, most folks have heard the pets versus cattle phrase. It appears to trace back to Bill Baker's presentation (http://www.pass.org/eventdownload.aspx?suid=1902), but applies to container clusters too. We talk about cattle as anonymous beasts that come and go, largely without a personal connection. If there is something wrong with a cow, you don't nurse it back to health, instead you get another to replace it. Pets on the other hand are named, lovingly cared for, and we keep them around as long as possible. In a Docker Enterprise cluster, managers are your pets and worker nodes are your cattle.

Docker Enterprise adds 3 new parts to the picture:

  • The Docker Enterprise Engine: A supported version of the Docker Engine-Community platform that includes 2-year patch support for each major version. You need a key from the Docker store to install the Docker Enterprise Engine.
  • Universal Control Plane (UCP): Provides GUI, RBAC, a secure certificate-based command-line interface bundle, LDAP integration, and orchestration (Swarm and Kubernetes). UCP provides secure API access through a bearer token for scripting things such as UCP RBAC structures and grants.
  • Docker Trusted Registry (DTR): A private image registry integrated into the Docker Enterprise cluster as a critical component of a secure software pipeline. DTR provides support for RBAC-managed repos (ties into UCP RBAC infrastructure), image signing, image scanning, and image promotion. All DTR features are made available through a secure API using an authorization token to manage both images and repository metadata.

Now, to get a better feel for how Docker Enterprise components fit into a real environment, we will take a look at using them to deploy software.

上一章目录下一章