Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubernetes
Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP...
Transcript of Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP...
![Page 1: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/1.jpg)
![Page 2: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/2.jpg)
Kubernetes made easyPatrick van der Bleek
Sr. Solutions Engineer @Docker Inc.
![Page 3: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/3.jpg)
Any App, Any OS, Any Infrastructure
DEVELOPERS OPERATORS
MicroservicesBig DataML & AITraditional ServerlessISVEdge & IoT Blockchain
Docker Platform
Cloud VM Bare Metal
![Page 4: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/4.jpg)
Any App, Any OS, Any InfrastructureDEVELOPERS OPERATORS
MicroservicesBig DataML & AITraditional ServerlessISVEdge & IoT Blockchain
CHOICE
AGILITY
SECURITY
Cloud VM Bare Metal
![Page 5: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/5.jpg)
Whats is a CaaS platform?
Management Layer Container Registry
Machine Infrastructure
Container Orchestrator
Machine & OS Machine & OS Machine & OS
Container Runtime Container Runtime Container Runtime
![Page 6: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/6.jpg)
Docker Enterprise Container Platform
Universal Control Plane Docker Trusted Registry
Docker Engine - Enterprise
Physical or Virtual … On Prem vs Off Prem .. x86 vs Mainframe
Enterprise Class Support with SLAs and customer hotfixes
Swarm Mode Kubernetes
Linux Windows
Validated Configurations and
Interoperability
![Page 7: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/7.jpg)
Docker Enterprise Container Platform
Universal Control Plane Docker Trusted Registry
Docker Engine - Enterprise
Physical or Virtual … On Prem vs Off Prem .. x86 vs Mainframe
Enterprise Class Support with SLAs and customer hotfixes
Swarm Mode Kubernetes
Linux Windows
Validated Configurations and
Interoperability
![Page 8: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/8.jpg)
Docker Enterprise Edition
Docker Community Edition
containerd
12
34
The best containerdevelopment workflow
The best enterprise container security and management
Native Kubernetes integration provides full ecosystem compatibility
Industry-standard container runtime
Docker with Swarm and Kubernetes
![Page 9: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/9.jpg)
Kubernetes lifecycle
![Page 10: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/10.jpg)
A Container Platform Lifecycle
Install
UpgradeBackup
Expand
![Page 11: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/11.jpg)
Kubernetes installation As part of Docker Enterprise
● Kubernetes is installed by default in all
Universal Control Plane Installations.
● Everything in the Universal Control
Plane Runs as Containers
● All we need is a Docker Engine, and a
Bootstrapper Container and then
everything happens automagically!Infrastructure
Linux Operating System
Docker Engine - Enterprise
..
.
..
.
K8s Control Plane
K8s Networking
Stack
UCP RBAC
etcdUCP Bootstrapper
![Page 12: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/12.jpg)
Kubernetes lifecycle
![Page 13: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/13.jpg)
Growing your Kubernetes ClusterAs part of Docker Enterprise
● Seamlessly grow from 1 Kubernetes
Manager to a Highly Available
Deployment.
● Add your first worker to your <nth>
worker, all with the same command.
● UCP agent will configure TLS, start the
Kubelet, and bring up Kubernetes
Networking.
Infrastructure
Linux Operating System
Docker Engine - Enterprise
Infrastructure
Linux Operating System
Docker Engine - Enterprise
Infrastructure
Linux Operating System
Docker Engine - Enterprise
Infrastructure
Linux Operating System
Docker Engine - Enterprise
Infrastructure
Linux Operating System
Docker Engine - Enterprise
Manager 01 Manager 02 Manager 03
Worker 01 Worker 02
![Page 14: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/14.jpg)
Growing your Kubernetes ClusterAs part of Docker Enterprise
Adding a Manager Node:
docker swarm join --token SWMTKN-1-<join-token-manager> 172.31.7.143:2377
Adding a Worker Node:
docker swarm join --token SWMTKN-1-<join-token-worker> 172.31.7.143:2377
![Page 15: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/15.jpg)
Kubernetes lifecycle
![Page 16: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/16.jpg)
Upgrading your Kubernetes ClusterAs part of Docker Enterprise
● Docker Enterprise has patch releases
monthly and major releases every 6
months.
● Kubernetes may be patched as part of a
Docker Enterprise patch release,
Kubernetes will have a major upgrade as
part of a Docker Enterprise major platform
release.
● The UCP Bootstrapper tells the UCP Agents
that a new upgrade is available and then
Infrastructure
Linux Operating System
Docker Engine - Enterprise
Infrastructure
Linux Operating System
Docker Engine - Enterprise
Infrastructure
Linux Operating System
Docker Engine - Enterprise
Infrastructure
Linux Operating System
Docker Engine - Enterprise
Infrastructure
Linux Operating System
Docker Engine - Enterprise
Manager 01 Manager 02 Manager 03
Worker 01 Worker 02
UCP Bootstrapper
UCP Agent
![Page 17: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/17.jpg)
Backing up your Kubernetes ClusterAs part of Docker Enterprise
● Etcd is a centralised key value store,
containing all UCP and Kubernetes Objects
(It does not contain Swarm Objects).
● UCP handles the deployment, high
availability and security of etcd.
● The UCP Bootstrapper container, can
backup the etcd k/v. Backing up all
Kubernetes objects (Workload Data stored
in Volumes is not backed up).
Infrastructure
Linux Operating System
Docker Engine - Enterprise
Manager 01
Infrastructure
Linux Operating System
Docker Engine - Enterprise
Manager 02
Infrastructure
Linux Operating System
Docker Engine - Enterprise
Manager 03
UCP Bootstrapper
![Page 18: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/18.jpg)
Kubernetes lifecycle
![Page 19: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/19.jpg)
Kubernetes Security and Multi-Tenancy
![Page 20: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/20.jpg)
Managing Kubernetes UsersWith Docker Enterprise: AuthN
● UCP integrates in to backend providers for
syncing Users, Teams and Organisations.
○ LDAP / Active Directory
○ SAML v2 (Okta, Pingfederate)
● Integrate Kubernetes seamlessly to external
processes and tooling through UCP Client
Bundles.
● Authorisation across all endpoints. UCP UI,
UCP API, UCP CLI, and DTR
User interacts with Kubernetes
UCP RBAC Engine
UCP populates User Database from AD /
LDAP
![Page 21: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/21.jpg)
Managing Kubernetes Access ControlWith Docker Enterprise: AuthZ
● UCP’s RBAC Engine integrates with the
Kubernetes RBAC APIs.
○ Roles - Matches Verbs (view, list...)
with Objects (Pods, Persistent
Volumes...)
○ RoleBindings - Matches a Role with a
User / Team.
● UCPs Users / Teams can be bound to
Logical Grouping of Resources (Kubernetes
Namespaces) or Physical Grouping of
Namespace 1 Namespace 2
Namespace 3
![Page 22: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/22.jpg)
User Management in Docker Enterprise
![Page 23: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/23.jpg)
Securing Kubernetes NetworkingWith Docker Enterprise and Project Calico
● Docker Enterprise provides a batteries included but
swappable Kubernetes networking stack. Leveraging
the Container Networking Interface (CNI).
● Project Calico is a fully supported CNI within Docker
Enterprise, through a partnership with Tigera.
● Project Calico lifecycle is managed by the Universal
Control Plane for Installation and Upgrades.
![Page 24: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/24.jpg)
Securing Kubernetes NetworkingKubernetes Network Policies with Project Calico
● By default Kubernetes operates a flat
networking stack. All pods can
communicate with all pods.
● Kubernetes Network Policy isolates pods,
so that a pod can reject any connections
that are not granted by a Network Policy.
○ Namespace to Namespace
○ Pod to Pod
Namespace 1 Namespace 2
![Page 25: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/25.jpg)
Securing Kubernetes NetworkingNetwork Encryption in Docker Enterprise
● Protect internal application traffic on
untrusted infrastructure through
external networking encryption.
● Once enabled all tenants and users get to
take advantage without intervention or
awareness from users.
● Traffic is encrypted by the in-kernel IPSec
capabilities of Linux
Host
Pod
app
Host
Pod
app
![Page 26: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/26.jpg)
Kubernetes Application Deployments
![Page 27: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/27.jpg)
Docker Compose for Swarm & KubernetesApplication Definition abstracts even the orchestrator away
● Write Application Definition once, agnostic of your Environment.
● All applications, whether they are Windows or Linux, Kubernetes or Swarm, can all be defined the same way.
● Use existing Docker Compose files and choose at runtime to deploy on either Swarm or Kubernetes.
● 100% Open Source https://github.com/docker/compose-on-kubernetes
Docker Compose
Application Definition
![Page 28: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/28.jpg)
Docker Enterprise Container Platform
Docker Engine
IT Management
Developer Productivity Tools
Swarm & K8s Orchestration
Compute Network Storage
Swarm & K8s Orchestration
Federated App Management
Service Mesh
Service Brokers
API Gateway
C N S C N S
Engine Engine
Community Containers
Docker Desktop Enterprise
Docker Trusted Registry
Application Format, Operations, & Security
Image Lifecycle Automation
Image Format
Image Registry & Distribution
Docker Certified Containers
Community Containers
DEVELOPERS OPERATORS
Docker Hub Docker Universal Control Plane
![Page 29: Kubernetes made easy...and Multi-Tenancy Managing Kubernetes Users With Docker Enterprise: AuthN UCP integrates in to backend providers for syncing Users, Teams and Organisations.](https://reader033.fdocuments.in/reader033/viewer/2022051811/6026af2adc4e1e4a210f6a20/html5/thumbnails/29.jpg)
Want to try it out?
https://www.docker.com/eval
Thank you!