The Calico team are always interested in ways in which we could bring the advantages of Calico networking to other projects. Recently, we’ve been working with Andrew Kennedy at Cloudsoft, who has been working to add Calico support to Clocker. This is an exciting use case for Calico, and we felt it was time for a post explaining what he’s been doing and why.
First, a bit of background to Clocker. Clocker is a development of Apache Brooklyn, a project that allows you to deploy applications pretty much anywhere. By simply writing some YAML configuration files, you can define what resources your application needs; what dependencies it has; when you need to spin up more instances; how the load balancer needs to be configured when another database server is added; what hosts you have available (and how to spin up more); and pretty much anything else you might need to specify. As a result, you can quickly and easily deploy and manage applications in the cloud. While that is pretty powerful stuff, to me the most interesting idea is that you aren’t tied to any one cloud provider. Whether you want to put the application on AWS, on Rackspace, or on some old servers you found in the broom cupboard, Brooklyn lets you do it without requiring you to rewrite everything.
Clocker takes the Brooklyn concept of application management in the Cloud and extends it to Docker containers: instead of deploying your application to a set of hosts, you can deploy it to a set of containers on those hosts, bringing you all the usual advantages of containers vs. VMs (reduced cost, faster startup times, etc). To achieve this, your application needs networking connectivity: if you are deploying on VMs in the cloud, then you have some kind of networking available for free, but Docker containers by default come with a very limited networking model, and so to get the best out of a container deployment you need to use a third-party networking solution. Cloudsoft has been working to integrate Clocker with a range of networking solutions, and one of these is now Calico. If you want to play with Clocker and Calico together, support is available as of the Clocker 0.8.1 release; full instructions for how to get started are on GitHub.
This integration uses the Calico Docker code, which provides a Docker wrapper for the core Calico code – making networking Docker containers as simple as providing the required network parameters on the Docker run command. Of course, one of the most important features of Calico is its flexible security model, and Clocker uses that security capability to group containers networked with Calico so that they can connect to one another if and only if they are in the same Brooklyn application.
Most application developers only get excited about networking when it doesn’t work : the normal expectation is that the network should get out of the way and let the applications do their jobs. With the integration of Clocker and Calico, it is now possible to deploy an application in a Docker cloud with all the ease and function provided by Clocker, combined with the operationally very simple and scalable Calico networking solution to provide both networking connectivity between containers and isolation of applications from one another for security. With Docker, Brooklyn and Clocker all rapidly maturing and becoming more widely deployed, this is a very exciting development for Calico.
Get updates on blog posts, new releases and more!