Docker - Building a Secure Swarm

notion: an impulse or desire
              a conception of or belief about something.

quorum: the smallest number of people needed to be present at a meeting before it can officially begin and before official decisions can be taken

Docker - Building a Secure Swarm

Swarm is the future of Docker

Swarm is a secure cluster of Docker nodes

Swarm hs two parts
  1. Secure Cluster part
  2. Orchestrator part
What is a secure swarm cluster?

Well at the highest level, it's a cluster of docker nodes.
We got managers and workers and everything secure.
So we have got mutual TLS where workers and managers mutually authenticate each other, and all of the network chat is encrypted.
Plus the cluster stores encrypted, and it gets automatically distributed to all managers.
And we can use labels to tag nodes and customize the cluster how we want it.


Once we got the cluster we can start scheduling containers to it.
So instead of running individual Docker Container run commands against specific nodes, and everytime having to think about which node we should be running them on, Well instead of that, we just throw commands at the cluster, and we let swarm decide.
So Swarm does all of the workload balancing and the likes.


We can run two types of work on the cluster
  1. Native Swarm Work
  2. Kubernetes

Swarm Deep Dive

Docker is a set of nicely packaged tools.

If you pop the hood you are going to see a bunch of smaller tools. Docker just bundles them and wraps them in a slick API.So stuff like Mobi Engine, Container d, runC and Swarmkit, they are all seperate tools.  
Swarmkit powers Swarm mode.

Ever since 1.12 Docker had this notion Single-engine mode and Swarm mode

Single Engine mode is where you install individual docker instances and you work with them all separately.

Swarm mode though that where you bring them all together as a cluster.
Any node running as part of a Swarm cluster is in Swarm mode.
Node not in a cluster is in Single Engine mode



No of managers best practice can have 3, 5 or 7.
Just keep it in odd numbers, that increases the chances of achieving a quorum and therefore avoiding split brain.

Suppose if we have a even number 4 if we end up 2 on this side and 2 on the other side. Then we cant take the decision right. SO thats why choose odd numbers.

Because of even numbers sometimes neither side got the majority, so update stop happening.

Raft is not a fan of slow or unreliable networks.
So connect your managers over decent reliable networks.

For Ex if you are using AWS dont go putting then in Different regions.

Across Availability Zones with in a region? Thats probably alright.
But going cross regions is just asking for pain.

Adding workers is same, Docker swarm join again. And we can have a mix of Linux and Windows. Great if you are running Hybrid apps.

Now when you join a worker it does not get access to the Cluster Store. Thats just for managers. What workers get is full list of IPs for all the managers. So if one of them dies the worker can just talk to the others.

The workers do all the application work.






Commands

docker system info

//to initialize a swarm
docker swarm init

docker node ls

docker swarm join-token manager

Now login into another instance and add the manager
docker swarm join --token [MANAGER_TOKEN]









Adding the worker is same we just need the worker join token

docker swarm join-token worker

Worker cannot query cluster store docker node ls command wont work in worker node

docker swarm join --token [WORKER_TOKEN]

Suppose if the hacker got our worker token or the system got compromised we need to change the worker token right. For that
docker swarm join-token --rotate worker

The above command needs to be run on the manager instance only.

It wont affect the existing workers.






#

Restarting a manager or Restoring an Old Backup

Docker gives the option to lock a swarm. Its called Autolock.




To update the certificate expiry time, we just go docker swarm update again

docker swarm update --cert-expiry 48h 

docker system info

Comments

Post a Comment

Popular posts from this blog

Postgresql Hacked ? - FATAL: pg_hba.conf rejects connection for host "127.0.0.1", user "postgres", database "", SSL on

Two Main Reason : One (Might Not Be Hacked) : Just change Config it will work as given in this link https://dba.stackexchange.com/questions/83984/connect-to-postgresql-server-fatal-no-pg-hba-conf-entry-for-host Second (Might Be Hacked) Oney way to find that is list users and check postgres=#   \du It will list users. If you find " pgdbadm " user good chance your PostgreSQL got hacked One main thing they mainly do is they will add these two rules in begining of the  pg_hba.conf file Hack Code host all postgres 0.0.0.0/0 reject host all pgdbadm 0.0.0.0/0 md5 For more info check the below links https://gist.github.com/andywer/1c7aaa23e758f555b483e171c51514e7 https://dba.stackexchange.com/questions/215294/why-does-pg-hba-conf-sometimes-have-random-rules-added-to-it-postgresql https://stackoverflow.com/questions/52197486/fatal-pg-hba-conf-rejects-connection-for-host-127-0-0-1-user-postgres-dat
Read more

AWS RDS

Image
There is a maximum of 30 database per instance and 4 TB on each instance, so if your application depends on an architecture where you need to have 100 databases in the same instance then this is a showstopper for RDS.
Read more