Running applications and services across several cloud providers and/or data centers can bring many benefits for organisations. Actually, in some cases it can even be a mandatory requirement. Making your application stack compliant with multiple different cloud providers can be a bit problematic as all the cloud providers have slight differences for example in networking configurations. And to make things even more difficult you should have a way to secure the intra-services’ communications between many cloud providers. In practice this means cumbersome network configurations with VPN and other networking security solutions. Luckily containers and modern (container) overlay networks can solve the complexity for you.
This session was presented at Kontena meetup in Helsinki and in Leonidas Afterwork in Tampere on January 2017.
5. Quotes from Community
“You guys have clearly put a heck of a lot of time and thought
into Kontena, it's really pretty cool.”
- thecatwasnot
“I’m onto day 2 on Kontena, and I think I’m close to moving a
production app over to it. Very very cool project.”
- cory
“Your project looks amazing, and is exactly what I want.”
- dbones
Source: Kontena Gitter
6. How does it work?
Kontena Grid
A number of physical or virtual machines – Kontena Nodes
– create a Kontena Grid. The nodes may be located
anywhere; in single data center, different AZs or different
cloud providers.
Overlay Network
Kontena will automatically create an overlay network
powered by Weave and connect all nodes of a Grid. Overlay
network enable services to communicate with each other
in multi-host, multi-AZ environment.
Service Discovery
Kontena has a built-in service discovery powered by etcd. It
is used to automatically assign DNS addresses for any
services running in Kontena. It is also used by Kontena’s
load balancer for zero-downtime operation.
Orchestration
Kontena’s orchestrator is distributing, running and
monitoring all Kontena Services in a Grid. Services may be
stateless or stateful, and they are automatically distributed
across Nodes in a Grid.
Containerized Workloads
With Kontena, all containerized workloads are described as
Services. Kontena Service is composed of containers based
on the same image file. Services may be scaled and linked
together to create complex elastic apps.
OS
Docker
Kontena Nodes & Agent
Kontena Agent may be installed to
any machine capable of running
Docker. It is running as a privileged
container in a machine.
Kontena Master
Kontena Master is orchestrating the
entire Kontena system. It provides
APIs used by Kontena CLI, Web UI and
third party integrations.
Kontena Master may be installed as
high-availability setup if needed.
7. All Batteries Included!
Built-In Image Registry
Sometimes projects can not use publicly
hosted container image registries like
DockerHub. Kontena comes with built-in
container image registry providing private and
secure solution.
Built-In VPN Access
All containers are run inside a virtual private
network by default. Nothing is exposed to
Internet unless explicitly defined. With
Kontena’s built-in VPN access developers can
securely access those resources.
Built-In Load Balancer
Kontena comes with built-in load balancer.
Based on Haproxy. It features fully automatic,
zero-downtime operation due to deep
integration with Kontena’s service discovery
and orchestration technology.
Aggregated Stats & Logs
Kontena provides real-time log and statistics
streams containers. The streams may be
grouped and aggregated to produce service
level streams. This allows easy viewing of logs
and statistics for your application CPU,
memory, disk and network usage.
User Management with Audit Trail
All events and actions performed through
Kontena CLI or APIs are logged into audit trail.
Combined with users and access control, the
audit trail support makes Kontena a reliable
and secure solution for any enterprise
deployments.
Built-In Secrets Management
When your application requires access to APIs
or databases, you'll often need to use secrets
such as passwords and access tokens for
authenticating the access. Kontena Vault is a
secure key/value storage that can be used to
manage secrets in Kontena.
21. Trusted subnets
• By default overlay is configured
to use sleeve encryption
between peers
• Not all traffic needs to be
encrypted, e.g. within AWS VPC
• Kontena supports trusted-
subnets
• Configure each trusted subnet
for the grid
• Within a trusted subnet, overlay
will use fastdp without
encryption
Trusted-subnet:
192.168.100.0/24
Trusted-subnet:
10.10.0.0/24