Starting from containers as building blocks to then creating systems to architect, orchestrate, scale, secure, and deploy not only apps but also infrastructures, as a long-term goal there is probably the programmable Internet.
After SwarmKit, that's the kit for orchestration, Docker open sourced in October 2016 Infrakit, the kit for infrastructures.
While the focus of Docker Engine is containers and the focus of Docker Swarm is orchestration, the focus of Infrakit is on groups as primitives. Groups are intended of any object: Pets, cattle, unikernels, and Swarm clusters.
Infrakit is the answer to the problem of managing Docker in different infrastructures. Before Infrakit, this was difficult and not portable. The idea is to provide a consistent user experience from architecting data centers to run bare containers. Infrakit is the current highest level abstraction for creating programmable infrastructures by Docker and it describes itself as:
"InfraKit is a toolkit for creating and managing declarative, self-healing infrastructure. It breaks infrastructure automation down into simple, pluggable components. These components work together to actively ensure the infrastructure state matches the user's specifications."
Infrakit in the stack leans against the flank of container engines.
The organization is per groups. There is a group for the Infrakit itself structure, made of managers keeping a configuration. There is exactly one leader at a time, and some followers, for instance, have two. Every manager includes some group declarations. Groups may be of cattle, pets, swarms, unikernels, and so on. Every group is defined with instances (the real resources, for example, containers), and flavors (the type of resource, for example, Ubuntu Xenial or a MySQL Docker image).
Infrakit is declarative. It relies on a JSON configuration and internally uses the well-known patterns of encapsulation and composition to make configurations as inputs to process and make infrastructures to converge to a specific configuration.
The goals of Infrakit are to:
- Provide a unified toolkit to manage groups
- Be pluggable
- Provide self healing
- Release rolling updates
Groups abstract the notion of objects. They can be groups of any size and scale up, and down, they can be groups of named pets, unnamed cattle, Infrakit managers itself and/or all the above together. At the moment, in Infrakit there is only one default group configuration (the default plugin), but new group definitions may come later. The default group is an interface exposing actions such as watch/unwatch (start and stop groups), perform/stop updates, change group size.
Groups are made of instances. They may be physical resources such as VMs or containers, or interfaces to other services, such as Terraform.
On instances you can run flavors, for example, Zookeeper, MySQL, or Ubuntu Xenial.
Groups, instances, and flavors are pluggable: They run in fact as plugins that can be written in any language. At the moment, Infrakit ships some Go code, that when compiled gives a set of binaries, such as cli, which can be used to control, inspect, and perform operations on groups, instances, and flavors, and plugin binaries, such as terraform, swarm, or zookeeper.
Infrakit is thought to be able to manage inconsistencies, by continuously monitoring, detecting anomalies, and triggering actions. This propriety is called self-healing and can be used to create more robust systems.
One of the major operations supported by Infrakit will be releasing rolling updates to update instances. For example, update a package in a container, update a container image, or others maybe by using TUF (The Update Framework), a project described in the next section.
Infrakit is so early and young at the time of writing that we can't show any example that's not a Hello World. On the Internet, it will be soon full of Infrakit Hello Worlds, and the Infrakit team itself released a step-by-step tutorial to use it with the file or Terraform plugins. We can just depict it as the architectural layer in the Docker ecosystem and expect it to be able to deploy even Swarms, provisioning the hosts and interconnecting them.
Infrakit is expected to be included into the Engine, maybe as experimental in version 1.14.
At Docker Summit 16 in Berlin, another topic was discussed, TUF (https://theupdateframework.github.io/), a toolkit which has the goal to provide a secure way to roll updates.
There are many update tools available, which do the update in practice, but TUF is much more. From the project's home page:
"TUF helps developers to secure new or existing software update systems, which are often found to be vulnerable to many known attacks. TUF addresses this widespread problem by providing a comprehensive, flexible security framework that developers can integrate with any software update system."
TUF is already integrated into Docker, and the tool is called Notary, as we saw in Chapter 9, Securing a Swarm Cluster and the Docker Software Supply Chain, Notary can be used. Notary can be used to verify content and make the keys management easy. With Notary, developers can sign their content offline using keys and later make the content available, by pushing their signed trusted collection to a Notary Server.
Will TUF be merged into Docker Infrakit as the rolling update mechanism? That would be another amazing step ahead.