Jean Rouge & David Yu, Docker
Kubernetes has taken the technology industry by storm these last few years. It delivers powerful orchestration and container management capabilities that have been leveraged by cloud-scale companies and small startups alike. But for many organizations, the learning curve for Kubernetes can be steep and organizations can't build up their skills fast enough. Luckily Docker has always had a history of making the complex easy - first with Linux containers and now with Kubernetes - both in our Desktop and Enterprise platform. In this session, we'll highlight some of the innovation Docker has added to Kubernetes to simplify configuration and ongoing operations while still providing a fully conformant Kubernetes environment. We'll cover areas like deploying applications on Kubernetes, managing access controls and multi-tenancy, end-to-end security and improved troubleshooting. Demos will highlight key comparisons to show you that you don't have to build it yourself.
3. Agenda
● Getting Started with Kubernetes
● Lifecycle Management
○ Day 1 considerations
○ Day 2 considerations
● Security
● Developer Tooling and Platform Integrations
● Kubernetes Support and Maintenance
● Next Steps
4. Getting Started with Kubernetes
Questions to ask yourself
○ Do you have the right people involved to make the platform
successful?
○ Have you picked the right use case for using Kubernetes?
○ Have you decided on the infrastructure and type of
environment?
○ Do you have experience with Kubernetes and containers at
scale?
5. Roll Your Own (RYO) Kubernetes
Areas to consider and make decisions on:
● Automated Cluster Ops
○ Provisioning Infra and Container Infrastructure (Day 1)
○ Lifecycle Management (Day 2)
● Security
● End to End platform integrations
○ Developer Tooling
○ Applications and Kube-compose
○ Registry integration
● Kubernetes Support
6. Lifecycle Management - Day 1 considerations
● Day 1 may seem very straightforward for most Kubernetes users,
however critical best practices can be missed
● Storage and Networking plugins that are certified and tested end to
end
● Integrations with existing IT systems will take lots of engineering
work to make it a reality across organizations
● Deploy container infrastructure for running services like a Registry
7. RYO Kubernetes - Container Infrastructure
● Install Kubernetes and provision nodes on your own
infrastructure via scripts and kubeadm
● Manage networking on your own (Calico, Flannel) in addition
to Kubernetes
● Deploy your own Ingress Controller
● Manage and monitor kubernetes components in case they
fail (view logs and ability to keep components alive)
● Wire Prometheus with cluster for collecting and aggregating
metrics
8. Docker Enterprise - Container Infrastructure
● Automatically provision nodes on AWS, Azure, VMware, and installs
Kubernetes software across nodes
● Built in multi-host networking with IPAM and network policies for
Kubernetes
● Packaged Ingress Controller
● Manage and monitor kubernetes components and keeps them alive
in-case they fail (self-healing capabilities)
● Built-in Prometheus for collecting and aggregating metrics
● Deploy and secure Private Registry
10. Lifecycle Management - Day 2
considerations
● Day 2 is extremely difficult, if done incorrectly it could result in you
tearing down your Kubernetes cluster and starting over again
● Support for mission critical production Kubernetes clusters are a
challenge
11. RYO Kubernetes - Backups and Upgrades
○ Backup and Restore Kubernetes clusters manually
○ Upgrade Platform manually and carefully monitor upgrades as
they occur
○ Manage upgrades of each Kubernetes components yourself
12. Docker Enterprise - Backups and
Upgrades
○ Backup and Restore Kubernetes clusters in the UI or via CLI
○ Upgrade the entire Platform without SLA downtime
○ End to end testing for both upgrades and backups/restore across
multiple platforms
14. RYO Kubernetes - Security
● Integrate LDAP and SAML for authentication and integrate with
Kubernetes RBAC
● Setting TLS on your own by generating your own certs for users to
authenticate to the cluster
● Secure your own workloads and enforce security
15. Docker Enterprise - Kubernetes Security
● Integrate LDAP and SAML for authentication and integrate with
Kubernetes RBAC
● Generate TLS bundles for authentication and tie the credential to RBAC
● Scan vulnerabilities within running containers and enforced content
trust
17. RYO Kubernetes - Developer Tooling
● Install VirtualBox, Vagrant, kubectl and deploy
miniKube
● Deploy Helm and Tiller to deploy Helm charts
18. Docker Enterprise - Developer tooling and Platform
Integrations
● Desktop client - Docker Desktop Enterprise (with
support)
○ kubectl and local Kubernetes development
○ TLS authentication to clusters without SSH
● Docker Registry - Docker Trusted Registry (with
support)
19. Docker Applications
$ docker app install user/myapp
Waiting for the stack to be stable
and running...
service1: Ready
service2: Ready
mysql: Ready
Stack hello is stable and running
- “Container of containers” defines an application that can be comprised of
multiple services
- Removes the need to manage “mountains of YAML” and eliminates
configuration overhead
○ Supports Docker Compose, Kubernetes YAML, Helm Charts and more
- Implements the new open standard, CNAB, announced by Docker and
Microsoft
- Parameterized fields allow for flexible deployment across different
environments, delivering on “code once, deploy anywhere”
my-app.yml
Docker App
APP DESCRIPTION
name-version-maintainer
APP
COMPONENTS
ENVIRONMENT
VARIABLES
22. RYO Kubernetes Support and
Maintenance
● Patch Kubernetes yourself
● Patch Golang yourself
● Perform upgrades manually for all of the components - etcd,
containerd, Calico, etc
● Continuous end to end testing with new plugins and drivers (i.e. CSI
drivers)
● Professional expertise with your Kubernetes platform