No Man Page For Docker Command Issue 1089 Docker/for-mac
So confused by all the posts from people who say they run Swarm because kubernetes is too complicated or is only for huge deployments. I’ve had all sort of difficulties installing Docker. By hand it’s not trivial to get a secure install. Docker machine is great except it’s often broken. The Docker machine dev team is a tired, understaffed bunch that’s always playing a sisyphean whack-a-mole against dozens of cloud providers and very needy posters on Github, myself included.
Kubernetes on the other hand is trivial with GKE. It’s great for single node deployments. I run a single node on GKE and it’s awesome, easy, and very cheap. You can even run preemptible instances. The myth that kubernetes is complicated is largely perpetuated by the same kind of people who say React is complicated: the people who’ve not tried it. And like React, once you try kubernetes you never go back.
Kubernetes is actually the orchestration equivalent of React. You declare what should be true, and Kubernetes takes care of the rest. And the features it provides are useful for any-sized application! If you try kubernetes you quickly discover persistent volumes and statefulsets, which take away most of the complexities out of stateful applications (ie most applications). You also discover ingress resources and controllers, which make trivial so many things that are difficult with Swarm, like TLS termination. Swam doesn’t have such features, which any non-trivial app (say, Django, wordpress, etc) benefits from tremendously. Kubernetes on the other hand is trivial with GKE How do I install GKE on my servers?;) By hand it’s not trivial to get a secure install.
The default install (basically, adding a repo and apt-get install docker-ce on Debian and derivatives - trivial to automate with Ansible) is reasonably secure if you view Docker as a tool for packaging and task scheduling with some nice extras and don't buy the marketed isolation properties. It only listens for commands on a local socket, and permissions are sane.
I haven't looked into Swarm mode protocol traffic, though but I don't think it's tweakable anyway. The myth that kubernetes is complicated is largely perpetuated by the same kind of people who say React is complicated: the people who’ve not tried it. I've tried K8s. I've set up a test cluster, it worked, I wrote some YAML, it worked, all good. So I've worsened the conditions (explicitly going into 'I want things to break' territory) and made it fail. I've researched how hard it is to diagnose the problem and fix it - it happened to be complicated.
At least, for me. Just felt that 'if something goes wrong here, I'll have bad time trying to fix it'. Surely, this is not the case on GKE where you don't run and don't manage the cluster. I had somewhat similar experience with Docker and Docker Swarm mode, and it was significantly easier to dive into the code, find out the relevant parts and see what's going on. difficult with Swarm, like TLS termination YMMV, but I just add some labels to the service and Traefik does the rest.;) (But, yeah, Traefik with Swarm requires some reasonable but not exactly obvious networking logic. May take one deployment of 'why I'm getting 504s?!' To figure it out.
And Traefik needs access to manager nodes to work with built-in Swarm service discovery.). Hardware rental is one way to tackle provisioning. You're still left with all the other tasks required to bootstrap your own datacenter. As you build up the roll-your-own solution, you end up in the same place: hire IT headcount. If you are a small startup looking to validate market fit, your best bet is Cloud + Kubernetes. If you are an established business with millions of daily customers and serious IT headcount budget, you may look into roll-your-own. The best orchestrator at that scale is, again, Kubernetes.
Thanks for the reply. I agree with what you say.
I'm not tying to say people should all jump to k8s. Having options on the market is great. But I was trying to refute the notion that Kubernetes has no advantages unless you're running a huge cluster. My main points where:. It works great with 1 node.
It comes with many features that Swarm does not have that are useful even at 1 node (PersistentVolumes, StatefulSets are biggest for me, though there are many more I wouldn't want to go without anymore). Docker is not trivial to set up, either. How do I install GKE on my servers?;) Yes, of course.
I was just saying there's a solid option to start exploring quickly. It only listens for commands on a local socket. This is kind of a non-starter, isn't it? Of course it's easy to apt-get install docker, but then you want to control it remotely, right? Once you realize how nice it is to control Docker remotely, it's hard to imagine life before.
Actually if you are using StatefulSets and PV, then kubernetes is a better fit for you. However, Swarm is undeniably simpler to work with unless you have very specific requirements that only K8S provides. The yml file is incredibly simpler.
Docker Swarm is the Kotlin to Kubernetes' Java. It's a much pleasanter and much less intimidating way to build production systems that scale pretty well. Kubernetes needs you to have load balancers setup which can talk K8S ingress. Bare metal setup for k8s is a huge effort (and I have stuck long enough on #sig-metal to know) as compared to Swarm.
You should try out Swarm - you might choose not to use it, but you will enjoy the experience. Kubernetes has no advantages unless you're running a huge cluster. You're absolutely correct.
Kubernetes has its advantages, even in a single-node setup. What many others are pointing out is that it also has significant disadvantages, too. but then you want to control it remotely, right? By the way, I do talk to Docker (Swarm mode or standalone) deployments remotely, forwarding the socket via SSH.
Ssh -nNT -L /tmp/example.docker.sock:/run/docker.sock example.org docker -H unix:///tmp/example.docker.sock info (Needs user to have access to the socket, of course. If sudo with password-requirements is desirable, `ssh + sudo socat` is a viable alternative.) But, really, there is Ansible for this. Declare `dockerservice` and get it deployed (or updated) as a part of the playbook. And ELK (with logging.driver=gelf for the containers or application-level) for logging. (BTW, what's nice about K8s is that IIRC it allows to exec into pods with just `kubectl exec`. With Swarm you need some script to discover the the right node and container ID, SSH into it and run `docker exec` there - no remote access.). it's not more expensive to use GKE than to roll your own Kubernetes elsewhere.
$13 per month per egress rule, bandwidth costs a factor of 100 more expensive than dedicated hosters, and costs for hardware 10x of what dedicated hosters offer. I’m not sure what your definition of 'more expensive' is, but compared to renting dedicated hardware (e.g., from Hetzner), or colocating, GKE is significantly more expensive.
Of course, if you’re on the scale of Spotify, you can get much better deals – but from what I see on, it’s not cost-effective. Though I should emphasize that I'm using GKE. So it's zero config, zero ops. I am running a single n1-standard-2 node on GKE for a smallish app right now.
Comes to 30-40 dollars a month all in (egress traffic, cloud storage, other services). I am working hard on getting people to use this app, and it's great to know that scaling will be best-in-class if I succeed. But I stress it's not about the scaling. It's about the features even at a single node. I wouldn't be spending time writing this stuff had it not been revelatory for me.
If you're not able to try it on GKE, there's also. GKE is great for trying, at least, though. Just get a cluster running and get rolling with the concepts. Then you'll know what it's all about. There isn't that much to it, and what there is to it is great and well documented with a great community.
I've run 2 Mesos stacks in production and have experience setting up a k8s stack (on prem). First off in my experience k8s ops is way more complex that the DC/OS stack. I recently setup a new DC/OS deployment (80% of the cluster resources was Spark, which works natively with Mesos and I'd rather run the ancillary services on Marathon, then spend another 80% of my time on k8s). If I didn't have the Spark requirement I would have went k8s.
Despite going with mesos I really had to contend with the fact that k8s just has way, way more developer support - there are so many rich applications in the k8s sphere. Meanwhile I can probably name all the well supported Mesos frameworks offhand. Next, marathon 'feels' dead. They recently killed their UI interface as I imagine that they are having trouble giving resources to marathon. 3 years ago I wanted a reverse proxy solution that integrated with mesos as well as non-mesos services so I hacked Caddy to make that work 1. 3 years later, I was looking for a similar solution and found traefik. It claimed to work with mesos/marathon, but the marathon integration was broken and the mesos integration required polling even though mesos had an events API, so I hacked traefik to make that work 2.
On the other side of the fence, you have companies like Buoyant who rewrote a core piece of their tech (Linkerd) just to support K8s (and only K8s). This has a compounding effect, where over the years things will just become more reliant on assuming you are running k8s. That 'cost' you pay to setup Mesos/k8s is usually a one time cost on the order of a month.
I feel however, that k8s is going to give you a better ROI (Unless, you are managing 100s of nodes with Spark/YARN/HDFS, then Mesos continues to be the clear winner). I normally used minikube for openfaas development - I appreciate the efforts of the project, it's an invalueable tool. The DfM integration works very well for local development and I've got some screenshots below: Make sure you do a context-switch for kubectl too. I see some people talking about Swarm vs Kubernetes.
Swarm has always maintained a less modular approach which made it simpler to work with - it's obviously not going anywhere since there are customers relying on it in production. Out of the two it's the only one that can actually fit into and run on a Raspberry Pi Zero because K8s has such high base requirements at idle in comparison. For a better comparison see my blog post. Docker-compose trades a better initial UX for far less flexibility and, funnily enough, higher practical complexity in the long run.
It's great if you want to get from zero to MVP with as little thinking about what your infrastructure needs will be as possible. It's pretty awful, however, when you want to truly productionalize what you've done and you find out that in order to do so you'll have to use the newest Compose format, and your docker-compose.yml (and possibly additional supporting Compose) files are not at all easier to read or simpler to write than e.g. K8s objects in YAML. It is usable for the vast majority of users.
If it is causing an issue please file a detailed bug report, with diagnostic ID, also try the Edge releases, and give some information about what you are actually running, for example how to replicate it. Most of the bug reports in that thread are totally unhelpful.
Quite likely it is not even the same cause for different people, as some people said it was fixed on Edge while others did not. Even a single well thought out detailed bug report would make it much easier to investigate the issue. Are you sure it works for vast majority of users?
At least in my developers circle who use macOS for web. development - all of them have issues with docker high cpu usage due IO.
Some use docker-sync to go around the issue. As for bug reports - zero feedback from anyone on that thread from maintainers. If you are one of the maintainers - it might be good to write this comment on that thread instead of HN.
I understand that web developers might be a small percentage of users and my case doesn't represent everybody. I am not a maintainer but do work on LinuxKit which is used. If docker-sync helps, then that suggests that you have an issue specifically related to file sharing. Please file a new issue, do not add to this one, which explains how to reproduce your development setup. Different setups work very differently (eg polling vs notifications), and people use things very differently, there is no one set of tooling and setup that is 'web development', but it sounds like in your company you all use similar tools and setup, so it is not surprising you all have the same issue. We have a performance guide here that covers some use cases.
I run 10-15 containers on my Mac and don't notice it after fixing particular containers (I don't doubt there is a more general issue) Find out what is causing the CPU spikes with docker stats or screen into the Docker for Mac VM and diagnose with top etc. Screen /Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty I found particular containers were causing the issues and fixed it with alternate builds, prior versions or resource limitations on containers Docker for Mac/Windows is a great product - it has allowed me to roll out Docker to developers who wouldn't otherwise deal with Vagrant or other solutions. No, it didn't. Yes, k8s has 'won' in large-scale deployments, but if you're working at a small shop, then just imitating what Google does with millions of servers is dumb. Do what works at your scale - and Swarm is extremely easy to manage. Many people ask why would someone use an orchestrator on a small cluster (dozens of hosts). Swarm is very easy to manage and maintain, using Puppet or Ansible is not less complicated at all.
The future of Docker, Inc. Is of course Docker EE, and the future of Docker EE is not the scheduler, it's everything around it. Swarm is very easy to manage and maintain, using Puppet or Ansible is not less complicated The idea that dockerized software somehow is less dependent on configuration management seems to be a popular and completely misguided one. The two trends are completely separate, but I would argue from experience that unless you have absolutely nailed the configuration and integration of all your moving parts, don't even look at containers yet. Containers tend to lead to more moving parts, not less.
And unless you know how to configure them, and perhaps even more importantly how to test them, that will only make matters worse. If you design your infrastructure and choose your tooling well, then containerized (not 'dockerized') software is far less dependent upon configuration management; indeed, using Chef/Puppet/etc can be completely unnecessary for the containerized workload. To be clear, however, there is absolutely still a need for the now-traditional configuration management layer at the level of the hosts running your containerized workloads. What's kind of exciting about this is that the giant spaghetti madness that our configuration management repo has become—and I'm pretty sure it's not just us;-)— at our org is going to be reduced in complexity and LOC by probably an order of magnitude as we transition to Kubernetes-based infrastructure. indeed, using Chef/Puppet/etc can be completely unnecessary for the containerized workload This is more than naive. As long as your software needs any kind of configuration, there is a need for configuration management.
There will be access tokens, certificates, backend configuration, partner integration of various kinds, and monitoring and backup configuration and you will want guarantees that these are consistent for your various testing and staging environments. You will want to track and bisect changes. You can either roll your own framework for this or use Ansible/Puppet. Whether you distribute your software pieces with tar balls, linux packages or docker images or completely orthogonal to how you tie these pieces to a working whole. And the need for configuration management absolutely increases when moving towards containerized solutions, not by the change in software packaging format but by the organizational changes most go through where more people are empowered to deploy more software which can only increase integration across your environment.
I see organizations that have ignored this because they believe this magic container dust will alleviate the need of keeping a tight grip over what they run, and find themselves with this logic spread over their whole toolchain instead. That's when they need help cleaning up the mess. Commonly you use PXE to avoid having these locally. I’ve not seen PXE used anywhere that the DC wasn’t O&O (or essentially close to it). As that’s the exception to the rule these days, isn’t your premise a bit cavalier? I’ve used PXE a lot in my past 0 to great benefit (well, more specifically iPXE through chainloading), so I’m not detracting from it, just saying it’s applicability is limited for most folks. 0 I wrote “Genesis” for Tumblr which handled initial machine provisioning from first power-on after racking to being ready for deploys.
people ask why would someone use an orchestrator on a small cluster (dozens of hosts) I’d love to know who these mythical folks are? 1) dozens of hosts (heck, hosts 1) is exactly why you need orchestration 2) while there are huge deployments across the globe, I wouldn’t consider “dozens of hosts” small by no means. That’s actually probably above average. 3) k8s is actually easier to maintain than you allude. I see these comments about Swarm over k8s generally from folks who never even tried it (or did so years ago), is that the case here? From what I saw, it's not very easy to have a deployment with multiple applications on the swarm, is that wrong? For example, I have ten applications, and each requires a database, a redis instance, a celery instance and two web workers.
No Man Page For Docker Command Issue 1089 Docker/for-machine
Dokku lets me deploy these independently of each other, but uses the same nginx instance and proxies them transparently. As I understand it, Swarm has no notion of multiple projects.
Each swarm is running a single deployment, where all containers are equal, is that correct? Basically, Dokku is a self-hosted Heroku, which is what I need (I want to be able to easily create a project that I can run semi-independently of the others on the same server).
My understanding is that, to do that with Swarm, I'd have to have a single termination container that would connect to every app, but apps wouldn't be any more segregated than that. Maybe I'm complicating things, though. Have you used Swarm for such a use case?
I tried the official tutorial, but couldn't get it to work, as the instructions appeared outdated and didn't work for single-host deployments, and were geared more towards Windows and Mac than Linux. Would you happen to have a good 'getting started' document? All my apps are already using docker-compose. EDIT: Also, a machine that's a manager doesn't want to join the swarm as a worker as well, that's why I'm saying that it doesn't appear good for single-server deployments: Error response from daemon: This node is already part of a swarm. Use 'docker swarm leave' to leave this swarm and join another one.
The docker stack deploy command does automatic diffing of which services have changed. So your deploys are automatically optimized. This is generally the philosophy of Swarm vs kubernetes - everything is built in. You can argue this is less powerful, but in general it works brilliantly. In so far as separating out the different 'applications', you simply put them on a separate overlay network (encrypted if you want). Also, if you are dead-set on making them entirely separate, every separate 'application' is a separate 'Stack'.
So you can stack deploy them separately. If I had to do what you just told me - single nginx proxying to two different 'applications' - i would do this. Stack 1 - application 1 + network 1 2. Stack 2 - application 2 + network 1 3.
Stack 3 - nginx + network 1 now you can deploy any of them independently. You can make this even more sophisticated by having each stack on a different overlay network (encrypted as well).
And nginx bridging between them. Not sure why you are facing problem with the official tutorial - btw, a manager is a worker;) I have a fairly large dev swarms on a single node.
Kubernetes supports HA masters now: Note that even if you don't have HA, Kubernetes being a SPOF isn't necessarily critical. Barring some kind of catastropic, cascading fault that affects multiple nodes and requires rescheduling pods to new nodes, a master going down doesn't actually affect what's currently running. Autoscaling and cronjobs won't work, clients using the API will fail, and failed pods won't be replicated, but if the cluster is otherwise fine, pods will just continue running as before. Ny analogy, it's a bit like turning off the engines during spaceflight.
You will continue to coast at the same speed, but you can't change course. Apple rebranded 'Mac OS X' to 'OS X' and later rebranded that to 'macOS'.
It's not like they're different lines of operating systems; it was a rename of the whole line, so my impression is it's fine to use the term 'macOS' to refer to any of the versions since 2001, or it's also fine to use the name that was given at release when referring to a specific version. In other words, probably best to not worry about any particular phrasing, and not try to put exact technical meaning on any of these terms.:-) For example, Wikipedia1 has a page called 'OS X Yosemite' which describes it as 'A version of the macOS operating system', and the Wikipedia article on macOS2 says it was first released in 2001. Running a Linux VM on Mac defeats some of the purpose of Docker, but it's still valuable:. Docker is useful for production and has various other benefits, and Docker for Mac is a nice way to develop locally with Docker even if it's not as efficient as on Linux. Docker for Mac uses some built-in virtualization tools in macOS to share network and filesystem more efficiently than you could do with the older VirtualBox approach. So it's maybe a little closer to native OS support than you're thinking. A typical configuration has a single Linux VM holding many Docker containers, which is better than the alternative of many VMs.