SlideShare a Scribd company logo

Running Dockerized services across several cloud providers

Kontena, Inc.
Kontena, Inc.

Running applications and services across several cloud providers and/or data centers can bring many benefits for organisations. Actually, in some cases it can even be a mandatory requirement. Making your application stack compliant with multiple different cloud providers can be a bit problematic as all the cloud providers have slight differences for example in networking configurations. And to make things even more difficult you should have a way to secure the intra-services’ communications between many cloud providers. In practice this means cumbersome network configurations with VPN and other networking security solutions. Luckily containers and modern (container) overlay networks can solve the complexity for you. This session was presented at Kontena meetup in Helsinki and in Leonidas Afterwork in Tampere on January 2017.

Technology
1 of 31
Download to read offline
Running Dockerized services across several cloud providers KONTENA MEETUP IS STARTING SOON ! @kontenainc " slack.kontena.io# github.com/kontena/kontena .....
Agenda 1. Kontena briefly 2. Overlay networking concepts 3. Demo
What is Kontena? © 2015 Kontena, Inc. Open Source container & micro services platform built to maximize developer happiness. Works on any cloud, easy to setup, simple to use.
Quick Facts #~1kGITHUB STARGAZERS >1MNUMBER OF INSTALLS (Docker pulls) FEATURED IN
Quotes from Community “You guys have clearly put a heck of a lot of time and thought into Kontena, it's really pretty cool.” - thecatwasnot “I’m onto day 2 on Kontena, and I think I’m close to moving a production app over to it. Very very cool project.” - cory “Your project looks amazing, and is exactly what I want.” - dbones Source: Kontena Gitter
How does it work? Kontena Grid A number of physical or virtual machines – Kontena Nodes – create a Kontena Grid. The nodes may be located anywhere; in single data center, different AZs or different cloud providers. Overlay Network Kontena will automatically create an overlay network powered by Weave and connect all nodes of a Grid. Overlay network enable services to communicate with each other in multi-host, multi-AZ environment. Service Discovery Kontena has a built-in service discovery powered by etcd. It is used to automatically assign DNS addresses for any services running in Kontena. It is also used by Kontena’s load balancer for zero-downtime operation. Orchestration Kontena’s orchestrator is distributing, running and monitoring all Kontena Services in a Grid. Services may be stateless or stateful, and they are automatically distributed across Nodes in a Grid. Containerized Workloads With Kontena, all containerized workloads are described as Services. Kontena Service is composed of containers based on the same image file. Services may be scaled and linked together to create complex elastic apps. OS Docker Kontena Nodes & Agent Kontena Agent may be installed to any machine capable of running Docker. It is running as a privileged container in a machine. Kontena Master Kontena Master is orchestrating the entire Kontena system. It provides APIs used by Kontena CLI, Web UI and third party integrations. Kontena Master may be installed as high-availability setup if needed.
All Batteries Included! Built-In Image Registry Sometimes projects can not use publicly hosted container image registries like DockerHub. Kontena comes with built-in container image registry providing private and secure solution. Built-In VPN Access All containers are run inside a virtual private network by default. Nothing is exposed to Internet unless explicitly defined. With Kontena’s built-in VPN access developers can securely access those resources. Built-In Load Balancer Kontena comes with built-in load balancer. Based on Haproxy. It features fully automatic, zero-downtime operation due to deep integration with Kontena’s service discovery and orchestration technology. Aggregated Stats & Logs Kontena provides real-time log and statistics streams containers. The streams may be grouped and aggregated to produce service level streams. This allows easy viewing of logs and statistics for your application CPU, memory, disk and network usage. User Management with Audit Trail All events and actions performed through Kontena CLI or APIs are logged into audit trail. Combined with users and access control, the audit trail support makes Kontena a reliable and secure solution for any enterprise deployments. Built-In Secrets Management When your application requires access to APIs or databases, you'll often need to use secrets such as passwords and access tokens for authenticating the access. Kontena Vault is a secure key/value storage that can be used to manage secrets in Kontena.
“Includes all the s**t you don’t want to implement by yourself”
Multi cloud/DC apps
Multi cloud/DC challenges • Deployment differences • Platforms • Networking • … • Enabling connectivity between clouds • Security • Service discovery © 2017 Kontena, Inc.
Potential solutions • VPN(s) between clouds • Custom service discovery • Port mappings © 2017 Kontena, Inc.
© 2017 Kontena, Inc.
Overlay Networking
Overlay Network © 2017 Kontena, Inc. Image credit: https://www.weave.works/wp-content/uploads/d989f137a913d15c6ab2afe14149d8acfd180db3.png
Overlay network features • Mesh networking • DNS • Encryption • Multicast • NAT traversal © 2017 Kontena, Inc.
How it works © 2017 Kontena, Inc. Image credit: https://www.weave.works/wp-content/uploads/049a8b89c3cb6526256b63378fd88d2fddc27884.png
How it works • Each node in a grid is a network peer • Peers establish TCP connections for control plane • Peers establish UDP “connections” for data plane • Network bridge on each host • Containers attached to overlay bridge with veth pairs • Network topology and container info (MACs) exchanged between peers © 2017 Kontena, Inc.
Fastdp vs. sleeve • Weave Overlay supports 2 modes: Fastdp and sleeve • Fastdp: • Kernel space forwarding with Open vSwitch&VXLAN • Sleeve: • User space UDP tunneling © 2017 Kontena, Inc.
IP Address Management • IPAM is taken care of by Kontena • Infrastructure service on each node • Data backed by Etcd on the nodes • Kind-of like DHCP J • Default overlay network used is 10.81.0.0/16 • 10.81.0.0/17 used by Kontena infrastucture services • 10.81.128.0/17 used by service containers © 2017 Kontena, Inc.
DNS • Overlay network has its own DNS service • Kontena configures DNS for each service and each container • Service level DNS has IPs of all containers • <service>.<stack>.<grid>.kontena.local • <service>-<instance_number>.<stack>.<grid>.kontena.local • For stack exposed service: <stack>.<grid>.kontena.local © 2017 Kontena, Inc.
Trusted subnets • By default overlay is configured to use sleeve encryption between peers • Not all traffic needs to be encrypted, e.g. within AWS VPC • Kontena supports trusted- subnets • Configure each trusted subnet for the grid • Within a trusted subnet, overlay will use fastdp without encryption Trusted-subnet: 192.168.100.0/24 Trusted-subnet: 10.10.0.0/24
Network Interfaces • Public address • Node tries to resolve this using http://whatismyip.akamai.com • Can be set with KONTENA_PUBLIC_IP • Private address • By default taken from eth1 • Override using KONTENA_PRIVATE_IP • KONTENA_PEER_INTERFACE controls which interface is used for overlay peering • Overlay address • Each node has 10.81.0.[1..254]/16 address on the overlay network • Sequentially allocated when node joins grid • Docker bridge • 172.17.0.1 on docker0 bridge • Overlay DNS • Provide outside connectivity for containers © 2017 Kontena, Inc.
Network interface selection • Kontena intelligence • Nodes within the same region use private interface to connect • E.g. label: region=eu-central-1 • Master figures these out when node joins the grid © 2017 Kontena, Inc.
Performance © 2017 Kontena, Inc.
Performance • Usually application is bottleneck faster than the NW • Overlay has always some overhead • Especially the encrypted peer connections • Big factor in overlay performance is MTU • By default Weave uses conservative MTU 1410 • If running on single cloud / network, big MTUs possible • Ability to configure grid level MTU, follow https://github.com/kontena/kontena/issues/1640 • With large MTU and fastdp one can get close to native throughput: https://www.weave.works/weave-docker-networking-performance-fast-data- path/ © 2015 Kontena, Inc.
Demo Time
DigitalOcean AMS 1 Node- 1 AWS VPC EU-Central-1 Node- 3 Node- 2 Master Node- 4 Node- 5 Private DC (Vagrant) Node- 6
© 2017 Kontena, Inc.
Our mission is to become number 1 container & microservices platform for developers
$ info@kontena.io ! @kontenainc " slack.kontena.io # github.com/kontena/kontena meetup.com/pro/kontena % www.kontena.io Stay up to date!
www.kontena.io Learn more about Kontena Container & Microservices platform at ! @kontenainc " slack.kontena.io# github.com/kontena/kontena

Recommended

Running Containers on Nebula OpenStack
Running Containers on Nebula OpenStackRunning Containers on Nebula OpenStack
Running Containers on Nebula OpenStack
Kontena, Inc.
 
Barcelona MeetUp - Kontena Intro
Barcelona MeetUp - Kontena IntroBarcelona MeetUp - Kontena Intro
Barcelona MeetUp - Kontena Intro
Kontena, Inc.
 
CoreOS Battle Stories
CoreOS Battle StoriesCoreOS Battle Stories
CoreOS Battle Stories
Kontena, Inc.
 
WordPressCafe - Deploying WordPress using Kontena
WordPressCafe - Deploying WordPress using KontenaWordPressCafe - Deploying WordPress using Kontena
WordPressCafe - Deploying WordPress using Kontena
Kontena, Inc.
 
Running and Scaling Symfony app in container(s)
Running and Scaling Symfony app in container(s)Running and Scaling Symfony app in container(s)
Running and Scaling Symfony app in container(s)
Kontena, Inc.
 
Dockerizing Ruby Applications - The Best Practices
Dockerizing Ruby Applications - The Best PracticesDockerizing Ruby Applications - The Best Practices
Dockerizing Ruby Applications - The Best Practices
Kontena, Inc.
 
Docker in Production - Stateful Services
Docker in Production - Stateful ServicesDocker in Production - Stateful Services
Docker in Production - Stateful Services
Kontena, Inc.
 
Automating the CI / CD pipeline of your containerized applications
Automating the CI / CD pipeline of your containerized applicationsAutomating the CI / CD pipeline of your containerized applications
Automating the CI / CD pipeline of your containerized applications
Kontena, Inc.
 

Recommended

Running Containers on Nebula OpenStack
Running Containers on Nebula OpenStackRunning Containers on Nebula OpenStack
Running Containers on Nebula OpenStack
Kontena, Inc.
 
Barcelona MeetUp - Kontena Intro
Barcelona MeetUp - Kontena IntroBarcelona MeetUp - Kontena Intro
Barcelona MeetUp - Kontena Intro
Kontena, Inc.
 
CoreOS Battle Stories
CoreOS Battle StoriesCoreOS Battle Stories
CoreOS Battle Stories
Kontena, Inc.
 
WordPressCafe - Deploying WordPress using Kontena
WordPressCafe - Deploying WordPress using KontenaWordPressCafe - Deploying WordPress using Kontena
WordPressCafe - Deploying WordPress using Kontena
Kontena, Inc.
 
Running and Scaling Symfony app in container(s)
Running and Scaling Symfony app in container(s)Running and Scaling Symfony app in container(s)
Running and Scaling Symfony app in container(s)
Kontena, Inc.
 
Dockerizing Ruby Applications - The Best Practices
Dockerizing Ruby Applications - The Best PracticesDockerizing Ruby Applications - The Best Practices
Dockerizing Ruby Applications - The Best Practices
Kontena, Inc.
 
Docker in Production - Stateful Services
Docker in Production - Stateful ServicesDocker in Production - Stateful Services
Docker in Production - Stateful Services
Kontena, Inc.
 
Automating the CI / CD pipeline of your containerized applications
Automating the CI / CD pipeline of your containerized applicationsAutomating the CI / CD pipeline of your containerized applications
Automating the CI / CD pipeline of your containerized applications
Kontena, Inc.
 
Beginners Guide to Kontena
Beginners Guide to KontenaBeginners Guide to Kontena
Beginners Guide to Kontena
Lauri Nevala
 
Running Docker in Production - The Good, the Bad and The Ugly
Running Docker in Production - The Good, the Bad and The UglyRunning Docker in Production - The Good, the Bad and The Ugly
Running Docker in Production - The Good, the Bad and The Ugly
Kontena, Inc.
 
OpenStack Murano introduction
OpenStack Murano introductionOpenStack Murano introduction
OpenStack Murano introduction
Victor Zhang
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker Networking
Docker, Inc.
 
Abc of docker
Abc of dockerAbc of docker
Abc of docker
shohan_slideshare
 
Container Networking Deep Dive
Container Networking Deep DiveContainer Networking Deep Dive
Container Networking Deep Dive
Open Networking Summit
 
Docker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&A
Docker, Inc.
 
Orchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failuresOrchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failures
Docker, Inc.
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker, Inc.
 
Dev with Docker WCPHX 2019
Dev with Docker WCPHX 2019Dev with Docker WCPHX 2019
Dev with Docker WCPHX 2019
Maura Teal
 
ContainerDayVietnam2016: Containers with OpenStack
ContainerDayVietnam2016: Containers with OpenStackContainerDayVietnam2016: Containers with OpenStack
ContainerDayVietnam2016: Containers with OpenStack
Docker-Hanoi
 
The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker Ecosystem
Dmitry Skaredov
 
Cloudfoundry Overview
Cloudfoundry OverviewCloudfoundry Overview
Cloudfoundry Overview
rajdeep
 
DCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless WorldDCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless World
Docker, Inc.
 
Introduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupIntroduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore Meetup
Ajeet Singh Raina
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup Slides
Docker, Inc.
 
DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...
DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...
DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...
Docker, Inc.
 
DockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General Session
Docker, Inc.
 
Kubernetes networks
Kubernetes networksKubernetes networks
Kubernetes networks
Che-Chia Chang
 
Current Status of Kubernetes-powered Docker for Mac Platform
Current Status of Kubernetes-powered Docker for Mac PlatformCurrent Status of Kubernetes-powered Docker for Mac Platform
Current Status of Kubernetes-powered Docker for Mac Platform
Ajeet Singh Raina
 
Beginners Guide To Kontena
Beginners Guide To KontenaBeginners Guide To Kontena
Beginners Guide To Kontena
Kontena, Inc.
 
Andrei Petcu: Rocket vs Docker: Battle for the Linux Container at I T.A.K.E. ...
Andrei Petcu: Rocket vs Docker: Battle for the Linux Container at I T.A.K.E. ...Andrei Petcu: Rocket vs Docker: Battle for the Linux Container at I T.A.K.E. ...
Andrei Petcu: Rocket vs Docker: Battle for the Linux Container at I T.A.K.E. ...
Mozaic Works
 

More Related Content

What's hot

Docker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&A
Docker, Inc.
 
Orchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failuresOrchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failures
Docker, Inc.
 
DCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless WorldDCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless World
Docker, Inc.
 

What's hot (20)

Beginners Guide to Kontena
Beginners Guide to KontenaBeginners Guide to Kontena
Beginners Guide to Kontena
 
Running Docker in Production - The Good, the Bad and The Ugly
Running Docker in Production - The Good, the Bad and The UglyRunning Docker in Production - The Good, the Bad and The Ugly
Running Docker in Production - The Good, the Bad and The Ugly
 
OpenStack Murano introduction
OpenStack Murano introductionOpenStack Murano introduction
OpenStack Murano introduction
 
Practical Design Patterns in Docker Networking
Practical Design Patterns in Docker NetworkingPractical Design Patterns in Docker Networking
Practical Design Patterns in Docker Networking
 
Abc of docker
Abc of dockerAbc of docker
Abc of docker
 
Container Networking Deep Dive
Container Networking Deep DiveContainer Networking Deep Dive
Container Networking Deep Dive
 
Docker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&A
 
Orchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failuresOrchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failures
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
 
Dev with Docker WCPHX 2019
Dev with Docker WCPHX 2019Dev with Docker WCPHX 2019
Dev with Docker WCPHX 2019
 
ContainerDayVietnam2016: Containers with OpenStack
ContainerDayVietnam2016: Containers with OpenStackContainerDayVietnam2016: Containers with OpenStack
ContainerDayVietnam2016: Containers with OpenStack
 
The Docker Ecosystem
The Docker EcosystemThe Docker Ecosystem
The Docker Ecosystem
 
Cloudfoundry Overview
Cloudfoundry OverviewCloudfoundry Overview
Cloudfoundry Overview
 
DCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless WorldDCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless World
 
Introduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupIntroduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore Meetup
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup Slides
 
DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...
DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...
DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...
 
DockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General Session
 
Kubernetes networks
Kubernetes networksKubernetes networks
Kubernetes networks
 
Current Status of Kubernetes-powered Docker for Mac Platform
Current Status of Kubernetes-powered Docker for Mac PlatformCurrent Status of Kubernetes-powered Docker for Mac Platform
Current Status of Kubernetes-powered Docker for Mac Platform
 

Viewers also liked

An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
Imesh Gunaratne
 

Viewers also liked (14)

Beginners Guide To Kontena
Beginners Guide To KontenaBeginners Guide To Kontena
Beginners Guide To Kontena
 
Andrei Petcu: Rocket vs Docker: Battle for the Linux Container at I T.A.K.E. ...
Andrei Petcu: Rocket vs Docker: Battle for the Linux Container at I T.A.K.E. ...Andrei Petcu: Rocket vs Docker: Battle for the Linux Container at I T.A.K.E. ...
Andrei Petcu: Rocket vs Docker: Battle for the Linux Container at I T.A.K.E. ...
 
The 12 Factor App
The 12 Factor AppThe 12 Factor App
The 12 Factor App
 
Container Orchestration Wars (Micro Edition)
Container Orchestration Wars (Micro Edition)Container Orchestration Wars (Micro Edition)
Container Orchestration Wars (Micro Edition)
 
Drone.io のご紹介
Drone.io のご紹介Drone.io のご紹介
Drone.io のご紹介
 
Container Orchestration Wars
Container Orchestration WarsContainer Orchestration Wars
Container Orchestration Wars
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Docker Swarm 0.2.0
Docker Swarm 0.2.0Docker Swarm 0.2.0
Docker Swarm 0.2.0
 
Achieving CI/CD with Kubernetes
Achieving CI/CD with KubernetesAchieving CI/CD with Kubernetes
Achieving CI/CD with Kubernetes
 
Amazon ECS
Amazon ECSAmazon ECS
Amazon ECS
 
Amazon EC2 Container Service: Deep Dive
Amazon EC2 Container Service: Deep DiveAmazon EC2 Container Service: Deep Dive
Amazon EC2 Container Service: Deep Dive
 
The Nordcloud CODE
The Nordcloud CODEThe Nordcloud CODE
The Nordcloud CODE
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 
Anatomy of a Continuous Integration and Delivery (CICD) Pipeline
Anatomy of a Continuous Integration and Delivery (CICD) PipelineAnatomy of a Continuous Integration and Delivery (CICD) Pipeline
Anatomy of a Continuous Integration and Delivery (CICD) Pipeline
 

Similar to Running Dockerized services across several cloud providers

Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Patrick Chanezon
 
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
MRA AMA Part 10: Kubernetes and the Microservices Reference ArchitectureMRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
NGINX, Inc.
 

Similar to Running Dockerized services across several cloud providers (20)

The Developer Friendly Container & Micro Services Platform
The Developer Friendly Container & Micro Services PlatformThe Developer Friendly Container & Micro Services Platform
The Developer Friendly Container & Micro Services Platform
 
Kontena@Berlin OpenSource MeetUp
Kontena@Berlin OpenSource MeetUpKontena@Berlin OpenSource MeetUp
Kontena@Berlin OpenSource MeetUp
 
Running and Scaling Docker Containers with Kontena
Running and Scaling Docker Containers with KontenaRunning and Scaling Docker Containers with Kontena
Running and Scaling Docker Containers with Kontena
 
Continuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & KontenaContinuous Delivery of Containers with Drone & Kontena
Continuous Delivery of Containers with Drone & Kontena
 
Multiple ways of building hybrid clouds on Kubernetes
Multiple ways of building hybrid clouds on KubernetesMultiple ways of building hybrid clouds on Kubernetes
Multiple ways of building hybrid clouds on Kubernetes
 
Rami Sayar - Node microservices with Docker
Rami Sayar - Node microservices with DockerRami Sayar - Node microservices with Docker
Rami Sayar - Node microservices with Docker
 
Docker Application to Scientific Computing
Docker Application to Scientific ComputingDocker Application to Scientific Computing
Docker Application to Scientific Computing
 
stackconf 2020 | The Path to OpenSource DBaaS with Kubernetes by Peter Zaitsev
stackconf 2020 | The Path to OpenSource DBaaS with Kubernetes by Peter Zaitsevstackconf 2020 | The Path to OpenSource DBaaS with Kubernetes by Peter Zaitsev
stackconf 2020 | The Path to OpenSource DBaaS with Kubernetes by Peter Zaitsev
 
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
 
20150425 experimenting with openstack sahara on docker
20150425 experimenting with openstack sahara on docker20150425 experimenting with openstack sahara on docker
20150425 experimenting with openstack sahara on docker
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in docker
 
Docker's Killer Feature: The Remote API
Docker's Killer Feature: The Remote APIDocker's Killer Feature: The Remote API
Docker's Killer Feature: The Remote API
 
Docker with devops program
Docker with devops programDocker with devops program
Docker with devops program
 
Docker with devops program
Docker with devops programDocker with devops program
Docker with devops program
 
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
Docker Orchestration: Welcome to the Jungle! Devoxx & Docker Meetup Tour Nov ...
 
CCCNA17 Introduction
CCCNA17 IntroductionCCCNA17 Introduction
CCCNA17 Introduction
 
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
MRA AMA Part 10: Kubernetes and the Microservices Reference ArchitectureMRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
 
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
Secure Your Containers: What Network Admins Should Know When Moving Into Prod...
 
Virtualized containers
Virtualized containersVirtualized containers
Virtualized containers
 
Hybrid cloud openstack meetup
Hybrid cloud openstack meetupHybrid cloud openstack meetup
Hybrid cloud openstack meetup
 

Recently uploaded

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 

Recently uploaded (20)

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Running Dockerized services across several cloud providers

  • 1. Running Dockerized services across several cloud providers KONTENA MEETUP IS STARTING SOON ! @kontenainc " slack.kontena.io# github.com/kontena/kontena .....
  • 2. Agenda 1. Kontena briefly 2. Overlay networking concepts 3. Demo
  • 3. What is Kontena? © 2015 Kontena, Inc. Open Source container & micro services platform built to maximize developer happiness. Works on any cloud, easy to setup, simple to use.
  • 4. Quick Facts #~1kGITHUB STARGAZERS >1MNUMBER OF INSTALLS (Docker pulls) FEATURED IN
  • 5. Quotes from Community “You guys have clearly put a heck of a lot of time and thought into Kontena, it's really pretty cool.” - thecatwasnot “I’m onto day 2 on Kontena, and I think I’m close to moving a production app over to it. Very very cool project.” - cory “Your project looks amazing, and is exactly what I want.” - dbones Source: Kontena Gitter
  • 6. How does it work? Kontena Grid A number of physical or virtual machines – Kontena Nodes – create a Kontena Grid. The nodes may be located anywhere; in single data center, different AZs or different cloud providers. Overlay Network Kontena will automatically create an overlay network powered by Weave and connect all nodes of a Grid. Overlay network enable services to communicate with each other in multi-host, multi-AZ environment. Service Discovery Kontena has a built-in service discovery powered by etcd. It is used to automatically assign DNS addresses for any services running in Kontena. It is also used by Kontena’s load balancer for zero-downtime operation. Orchestration Kontena’s orchestrator is distributing, running and monitoring all Kontena Services in a Grid. Services may be stateless or stateful, and they are automatically distributed across Nodes in a Grid. Containerized Workloads With Kontena, all containerized workloads are described as Services. Kontena Service is composed of containers based on the same image file. Services may be scaled and linked together to create complex elastic apps. OS Docker Kontena Nodes & Agent Kontena Agent may be installed to any machine capable of running Docker. It is running as a privileged container in a machine. Kontena Master Kontena Master is orchestrating the entire Kontena system. It provides APIs used by Kontena CLI, Web UI and third party integrations. Kontena Master may be installed as high-availability setup if needed.
  • 7. All Batteries Included! Built-In Image Registry Sometimes projects can not use publicly hosted container image registries like DockerHub. Kontena comes with built-in container image registry providing private and secure solution. Built-In VPN Access All containers are run inside a virtual private network by default. Nothing is exposed to Internet unless explicitly defined. With Kontena’s built-in VPN access developers can securely access those resources. Built-In Load Balancer Kontena comes with built-in load balancer. Based on Haproxy. It features fully automatic, zero-downtime operation due to deep integration with Kontena’s service discovery and orchestration technology. Aggregated Stats & Logs Kontena provides real-time log and statistics streams containers. The streams may be grouped and aggregated to produce service level streams. This allows easy viewing of logs and statistics for your application CPU, memory, disk and network usage. User Management with Audit Trail All events and actions performed through Kontena CLI or APIs are logged into audit trail. Combined with users and access control, the audit trail support makes Kontena a reliable and secure solution for any enterprise deployments. Built-In Secrets Management When your application requires access to APIs or databases, you'll often need to use secrets such as passwords and access tokens for authenticating the access. Kontena Vault is a secure key/value storage that can be used to manage secrets in Kontena.
  • 8. “Includes all the s**t you don’t want to implement by yourself”
  • 10. Multi cloud/DC challenges • Deployment differences • Platforms • Networking • … • Enabling connectivity between clouds • Security • Service discovery © 2017 Kontena, Inc.
  • 11. Potential solutions • VPN(s) between clouds • Custom service discovery • Port mappings © 2017 Kontena, Inc.
  • 14. Overlay Network © 2017 Kontena, Inc. Image credit: https://www.weave.works/wp-content/uploads/d989f137a913d15c6ab2afe14149d8acfd180db3.png
  • 15. Overlay network features • Mesh networking • DNS • Encryption • Multicast • NAT traversal © 2017 Kontena, Inc.
  • 16. How it works © 2017 Kontena, Inc. Image credit: https://www.weave.works/wp-content/uploads/049a8b89c3cb6526256b63378fd88d2fddc27884.png
  • 17. How it works • Each node in a grid is a network peer • Peers establish TCP connections for control plane • Peers establish UDP “connections” for data plane • Network bridge on each host • Containers attached to overlay bridge with veth pairs • Network topology and container info (MACs) exchanged between peers © 2017 Kontena, Inc.
  • 18. Fastdp vs. sleeve • Weave Overlay supports 2 modes: Fastdp and sleeve • Fastdp: • Kernel space forwarding with Open vSwitch&VXLAN • Sleeve: • User space UDP tunneling © 2017 Kontena, Inc.
  • 19. IP Address Management • IPAM is taken care of by Kontena • Infrastructure service on each node • Data backed by Etcd on the nodes • Kind-of like DHCP J • Default overlay network used is 10.81.0.0/16 • 10.81.0.0/17 used by Kontena infrastucture services • 10.81.128.0/17 used by service containers © 2017 Kontena, Inc.
  • 20. DNS • Overlay network has its own DNS service • Kontena configures DNS for each service and each container • Service level DNS has IPs of all containers • <service>.<stack>.<grid>.kontena.local • <service>-<instance_number>.<stack>.<grid>.kontena.local • For stack exposed service: <stack>.<grid>.kontena.local © 2017 Kontena, Inc.
  • 21. Trusted subnets • By default overlay is configured to use sleeve encryption between peers • Not all traffic needs to be encrypted, e.g. within AWS VPC • Kontena supports trusted- subnets • Configure each trusted subnet for the grid • Within a trusted subnet, overlay will use fastdp without encryption Trusted-subnet: 192.168.100.0/24 Trusted-subnet: 10.10.0.0/24
  • 22. Network Interfaces • Public address • Node tries to resolve this using http://whatismyip.akamai.com • Can be set with KONTENA_PUBLIC_IP • Private address • By default taken from eth1 • Override using KONTENA_PRIVATE_IP • KONTENA_PEER_INTERFACE controls which interface is used for overlay peering • Overlay address • Each node has 10.81.0.[1..254]/16 address on the overlay network • Sequentially allocated when node joins grid • Docker bridge • 172.17.0.1 on docker0 bridge • Overlay DNS • Provide outside connectivity for containers © 2017 Kontena, Inc.
  • 23. Network interface selection • Kontena intelligence • Nodes within the same region use private interface to connect • E.g. label: region=eu-central-1 • Master figures these out when node joins the grid © 2017 Kontena, Inc.
  • 25. Performance • Usually application is bottleneck faster than the NW • Overlay has always some overhead • Especially the encrypted peer connections • Big factor in overlay performance is MTU • By default Weave uses conservative MTU 1410 • If running on single cloud / network, big MTUs possible • Ability to configure grid level MTU, follow https://github.com/kontena/kontena/issues/1640 • With large MTU and fastdp one can get close to native throughput: https://www.weave.works/weave-docker-networking-performance-fast-data- path/ © 2015 Kontena, Inc.
  • 29. Our mission is to become number 1 container & microservices platform for developers
  • 30. $ info@kontena.io ! @kontenainc " slack.kontena.io # github.com/kontena/kontena meetup.com/pro/kontena % www.kontena.io Stay up to date!
  • 31. www.kontena.io Learn more about Kontena Container & Microservices platform at ! @kontenainc " slack.kontena.io# github.com/kontena/kontena