-
Notifications
You must be signed in to change notification settings - Fork 604
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add concept of namespacing cluster-level resources #49
Comments
cc @aanand |
@stevvooe I agree with what you are saying and in fact this how it works in v1(even in compose I believe). But I don't understand the issue headline about "namespacing cluster level resources". Are you suggesting using the network as the namespacing domain? |
@mrjana No, I am talking about having a namespace for a set of resources, at the cluster-level. We need to look at other things besides networking when considering this. |
Yes, totally agree. That would be the basic building block for On Mon, Feb 29, 2016 at 9:09 PM Stephen Day notifications@github.com
|
@mrjana We need to consider at which level we support this. There is a case to support this with tools. Then, there are cases, such as multi-tenancy, where cluster-level support is required. It might be better to have a top-level notion of multiple running clusters to which access is controlled. |
I am not sure I understand the issue clearly. In the above Job spec, front and back networks have been defined. They need to be bound to actual networks defined in the cluster (the so called "runtime config"). The production cluster will have something like: "prod/network/front" and "prod/network/back" defined that front and back can bind to, while the dev cluster will have "dev/network/front" and "dev/network/back" defined. What am I missing? |
@amitshukla That is exactly what I meant. I think I'll let @aanand expand on this further. |
As a developer, I want to run multiple apps concurrently on my machine without worrying about what I'm naming my services/volumes/networks. As an ops person, I want to take multiple apps delivered to me by multiple developers and run them on a cluster without worrying that entity names will collide. I'll explain how Compose serves these use cases today.
version: "2"
services:
web:
build: .
networks:
- front
- back
db:
image: postgres
volumes:
- data:/var/lib/postgresql/data
networks:
- back
volumes:
data: {}
networks:
front: {}
back: {}
"Labels": {
"com.docker.compose.project": "myapp",
"com.docker.compose.service": "web",
"com.docker.compose.container-number": "1",
} These labels are used when querying the Engine for the set of containers belonging to the app.
What does this mean for Swarm? Arguably, from our point of view, it'd be nice if some of the work of this namespacing could be moved out of Compose, as long as all of the use cases above were still supported, with no changes to the Compose file format. I'm not sure, however, what that should look like. |
Thanks for the comprehensive response Aanand. For example, for this network:
Development environment: If there is no runtime binding to an external network specified, should we automatically create one? |
I vote no. The policy we've gone for with Compose is: if it's external to the app's namespace, you manage its lifecycle yourself. We won't create it for you, and we certainly won't ever remove it. |
As to your general question: this is already possible with Compose today. Suppose that you want to auto-create a network in development for prototyping purposes, but bind to an externally-managed network in production. You'd write two files: docker-compose.yml version: "2"
services:
web:
image: username/web
networks:
- front
networks:
front: {} docker-compose.production.yml version: "2"
networks:
front:
external:
name: production-network In development, you run In production, you'd run:
Compose expects the network |
I've added some thoughts on this here, in relation to naming: #61 (comment). I'll put together a proper write up later, but it would be good to get your thoughts on that approach before I proceed @aanand. |
OK, what you describe there sounds good. Questions:
|
As seen with #156 160, naming is currently broken. It should be addressed alongside namespacing. |
Closing this in favor of #192 |
For example, let's say we have the following:
One should be able to run the same service on different network set. For example, there may exist "production/back" and "development/back" to differentiate between production and development.
We'd want to apply the same logic to volumes, as well.
The text was updated successfully, but these errors were encountered: