SlideShare uma empresa Scribd logo

Demystifying Application Connectivity with Kubernetes in the Docker Platform

Transferir como PPTX, PDF
Nicola Kabar
Nicola Kabar

The addition of Kubernetes support to Docker Enterprise Platform presents deployments with interesting new abstractions for application connectivity. Users and Operators are often challenged with rationalizing how pod networking (with CNI plugins like Calico or Flannel), Services (via kube-proxy) and Ingress work in concert to enable application connectivity within and outside a cluster. Similarly, given the dynamic and transient nature of containerized microservice workloads, how to leverage scalable and declarative approaches like network policies to express segmentation and security primitives. This session provides an illustrative walkthrough of these core concepts by going through common deployment architectures providing design, operations, and scale considerations based on experience from numerous production deployments. The session will also showcase how to complement application and operations workflows with policy-driven business, compliance and security controls typically required in enterprise production deployments.

Tecnologia
1 de 26
Demystifying Application Connectivity with Kubernetes in the Docker Platform Session #154945
Dir. Solution Architecture,Tigera @worldhopper Karthik Prabhakar Solution Architect, Docker @nicolakabar Nicola Kabar
Quick Poll #1 Who is designing a Kubernetes Container Platform ?
Quick Poll #2 Who is intimidated by Kubernetes Networking?
...Then This Session is for You! ● Networking Design Considerations ● Calico CNI + Basics of K8S Networking ● Docker EE + Calico Integration Overview ● Application Deployment with Docker EE ● Takeaways ● Q&A
•Heterogeneous Infrastructure •Diverse Application Portfolio •Zero-Trust Security Design Considerations
Let’s Start with K8S Connectivity Basics
Kubernetes Connectivity Concepts Pod Networking (CNI) Ingress Services (Kube-proxy) Network Policy Kube-DNS
Worker Nodes UCP Manager/ K8s Master Manager Nodes Pod Creation: Kubelet Node apiserver scheduler controller- manager Etcd kubelet Node Pod Node
Worker Nodes UCP Manager/ K8s Master Manager Nodes Pod Network: Calico/CNI apiserver scheduler controller- manager Etcd kubelet Calico/CNI Calico/IPAM
Worker Nodes UCP Manager/ K8s Master Manager Nodes Pod Network: Calico/Node apiserver scheduler controller- manager Etcd kubelet Calico/CNI Calico/IPAM Calico/Node Calico/Node Calico/CNI Calico/IPAM kubelet
Worker Nodes UCP Manager/ K8s Master Manager Nodes Kubernetes Services: Kube-proxy apiserver scheduler controller- manager Etcd kubelet Calico/CNI Calico/IPAM Calico/Node Calico/Node kube-proxy kube-proxy Calico/CNI Calico/IPAM kubelet > Cluster IP > Node Port > Load Balancer
UCP Manager/ K8s Master Manager Nodes Kubernetes Services: Ingress apiserver scheduler controller- manager Etcd Worker NodesIngress Nodes pod svc A service-a.example.com
Worker Nodes UCP Manager/ K8s Master Manager Nodes Network Policy apiserver scheduler controller- manager Etcd kubelet Calico/CNI Calico/IPAM Calico/Node Calico/Node kube-proxy kube-proxy Calico/CNI Calico/IPAM kubelet
Secure networking for the cloud-native era Open source, maintained by Tigera with hundreds of third party contributors Batteries-included Container networking for Docker EE Kubernetes > Scalable, distributed control plane > Policy-driven network security > No overlay required > Integratedwith all major cloud platforms > Widely deployed, proven at scale TIGERA CALICO: WHY IT’S AWESOME
Docker Enterprise Edition 2.0 + Calico Architecture Overview
Node UCP Manager Manager Nodes Load Balancer (ucp.example.com) Node Node Node UCP worker Worker Nodes Node UCP worker Node UCP worker Node DTR worker DTR Nodes Load Balancer (dtr.example.com) Node DTR worker Node DTR worker DTR Storage (Azure Storage, NFS, etc.) Logging Monitoring Image storage External CALDAP/AD Add-ons UCP Manager UCP Manager Docker Enterprise Edition Overview Load Balancer (app.example.com)
UCP Manager/ K8s Master Manager Nodes Worker Nodes Docker Enterprise Edition 2.0 Calico Integration kubelet k8s-apiserver calico-node Appl Pod A kubelet UCP / k8s Worker A kube-proxy kube-dns k8s-scheduler calico-node kube-proxy calico-node App Pod B kubelet kube-proxy UCP / k8s Worker B Pod IP Connectivity Peering Native Host Routing calico-kube-controller k8s-controller eth0 eth0
UCP Manager/ K8s Master Manager Nodes Load Balancer (ucp.example.com) Node UCP/K8S worker Worker Nodes Node UCP/K8S worker Node UCP/K8S worker UCP Manager/ K8s Master UCP Manager/ K8s Master Calico Node Calico Node Calico Node Calico Node Calico NodeCalico Node App Pods App Pods App Pods Demo 1: Docker EE + Calico Overview
UCP Manager/ K8s Master Manager Nodes Load Balancer (ucp.example.com) Node UCP/K8S worker Worker Nodes Node UCP/K8S worker Node UCP/K8S worker UCP Manager/ K8s Master UCP Manager/ K8s Master Calico Node Calico Node Calico Node Calico Node Calico NodeCalico Node Client Pod Frontend Pod Backend Pod Node UCP/K8S worker Node UCP/K8S worker Calico Node Calico Node NGINXNGINX Demo 2: Let’s Deploy a Sample Application Ingress Nodes Client Service UI Service Frontend Service Backend Service
Let’s revisit our Design Considerations.
Heterogeneous Infrastructure ➔No Underlay Dependency = No Lock-In ➔Simple Zero-Touch Provisioning ➔Any Infrastructure, Any Cloud ◆On-Prem ( VM, Bare) ◆Cloud ( AWS, Azure, GCP) ◆Hybrid
Connectivity Concept Out-of-the-Box Solution with Docker EE 2.0 Pod - Pod Calico CNI Services ClusterIP NodePort LoadBalancer Ingress NGINX Ingress Controller DNS kube-dns K8s Network Policy Calico Diverse Application Portfolio * Tigera CNX builds on Calico with enterprise security features: Hierarchical Policies, Policy RBAC, DevSecOps tools (Audit, Alerting, Compliance), etc.
Zero-Trust Security •Declarative policy-driven isolation •Fine-grained access control •Dynamic, in lock step with Kubernetes ComplianceStage/tier separation Tenant/namespace isolation Micro- segmentation
Takeaway Docker Enterprise Edition 2.0 seamlessly integrates Calico as the default CNI providing choice of using native K8S connectivity abstractions on any infrastructure all while enforcing a dynamic policy-based microsegmentation.
Thank you! Questions? Try Docker EE + Calico: trial.docker.com community.docker.com slack.projectcalico.org @docker @projectcalico @tigeraio

Recomendados

The Enterprise IT Checklist for Docker Operations
The Enterprise IT Checklist for Docker Operations The Enterprise IT Checklist for Docker Operations
The Enterprise IT Checklist for Docker Operations Nicola Kabar
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environmentsDocker, Inc.
 
Docker on docker leveraging kubernetes in docker ee
Docker on docker leveraging kubernetes in docker eeDocker on docker leveraging kubernetes in docker ee
Docker on docker leveraging kubernetes in docker eeDocker, Inc.
 
Gordon's secret session kubernetes on windows
Gordon's secret session kubernetes on windowsGordon's secret session kubernetes on windows
Gordon's secret session kubernetes on windowsDocker, Inc.
 
OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)rhirschfeld
 
K8S in prod
K8S in prodK8S in prod
K8S in prodMageshwaran Rajendran
 
K8s best practices from the field!
K8s best practices from the field!K8s best practices from the field!
K8s best practices from the field!DoiT International
 
Accessible hpc for everyone with docker and containers
Accessible hpc for everyone with docker and containersAccessible hpc for everyone with docker and containers
Accessible hpc for everyone with docker and containersDocker, Inc.
 

Recomendados

The Enterprise IT Checklist for Docker Operations
The Enterprise IT Checklist for Docker Operations The Enterprise IT Checklist for Docker Operations
The Enterprise IT Checklist for Docker Operations Nicola Kabar
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environmentsDocker, Inc.
 
Docker on docker leveraging kubernetes in docker ee
Docker on docker leveraging kubernetes in docker eeDocker on docker leveraging kubernetes in docker ee
Docker on docker leveraging kubernetes in docker eeDocker, Inc.
 
Gordon's secret session kubernetes on windows
Gordon's secret session kubernetes on windowsGordon's secret session kubernetes on windows
Gordon's secret session kubernetes on windowsDocker, Inc.
 
OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)OpenStack on Kubernetes (BOS Summit / May 2017 update)
OpenStack on Kubernetes (BOS Summit / May 2017 update)rhirschfeld
 
K8S in prod
K8S in prodK8S in prod
K8S in prodMageshwaran Rajendran
 
K8s best practices from the field!
K8s best practices from the field!K8s best practices from the field!
K8s best practices from the field!DoiT International
 
Accessible hpc for everyone with docker and containers
Accessible hpc for everyone with docker and containersAccessible hpc for everyone with docker and containers
Accessible hpc for everyone with docker and containersDocker, Inc.
 
Kubernetes Monitoring & Best Practices
Kubernetes Monitoring & Best PracticesKubernetes Monitoring & Best Practices
Kubernetes Monitoring & Best PracticesAjeet Singh Raina
 
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!smalltown
 
Enabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via KubernetesEnabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via Kubernetesmountpoint.io
 
Web後端技術的演變
Web後端技術的演變Web後端技術的演變
Web後端技術的演變inwin stack
 
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...NETWAYS
 
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Sanjeev Rampal
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesGabriel Carro
 
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes WorkloadsAWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes WorkloadsAWS Summits
 
Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)Kublr
 
How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack Meng-Ze Lee
 
Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)Allan Naim
 
Big data and Kubernetes
Big data and KubernetesBig data and Kubernetes
Big data and KubernetesAnirudh Ramanathan
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomCloud Native Day Tel Aviv
 
A Million ways of Deploying a Kubernetes Cluster
A Million ways of Deploying a Kubernetes ClusterA Million ways of Deploying a Kubernetes Cluster
A Million ways of Deploying a Kubernetes ClusterJimmy Lu
 
Openstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteOpenstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteBoyd Hemphill
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibilityDocker, Inc.
 
Ports, pods and proxies
Ports, pods and proxiesPorts, pods and proxies
Ports, pods and proxiesLibbySchulze
 
實際架構實踐演化與解決方案
實際架構實踐演化與解決方案實際架構實踐演化與解決方案
實際架構實踐演化與解決方案Camel Camel
 
Introducing LinuxKit
Introducing LinuxKitIntroducing LinuxKit
Introducing LinuxKitDocker, Inc.
 
Kubernetes and Istio
Kubernetes and IstioKubernetes and Istio
Kubernetes and IstioKetan Gote
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDocker, Inc.
 
Kubernetes day 2 Operations
Kubernetes day 2 OperationsKubernetes day 2 Operations
Kubernetes day 2 OperationsPaul Czarkowski
 

Mais conteúdo relacionado

Mais procurados

Kubernetes Monitoring & Best Practices
Kubernetes Monitoring & Best PracticesKubernetes Monitoring & Best Practices
Kubernetes Monitoring & Best PracticesAjeet Singh Raina
 
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!smalltown
 
Enabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via KubernetesEnabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via Kubernetesmountpoint.io
 
Web後端技術的演變
Web後端技術的演變Web後端技術的演變
Web後端技術的演變inwin stack
 
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...NETWAYS
 
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Sanjeev Rampal
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetesGabriel Carro
 
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes WorkloadsAWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes WorkloadsAWS Summits
 
Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)Kublr
 
How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack Meng-Ze Lee
 
Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)Allan Naim
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomCloud Native Day Tel Aviv
 
A Million ways of Deploying a Kubernetes Cluster
A Million ways of Deploying a Kubernetes ClusterA Million ways of Deploying a Kubernetes Cluster
A Million ways of Deploying a Kubernetes ClusterJimmy Lu
 
Openstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteOpenstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteBoyd Hemphill
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibilityDocker, Inc.
 
Ports, pods and proxies
Ports, pods and proxiesPorts, pods and proxies
Ports, pods and proxiesLibbySchulze
 
實際架構實踐演化與解決方案
實際架構實踐演化與解決方案實際架構實踐演化與解決方案
實際架構實踐演化與解決方案Camel Camel
 
Introducing LinuxKit
Introducing LinuxKitIntroducing LinuxKit
Introducing LinuxKitDocker, Inc.
 
Kubernetes and Istio
Kubernetes and IstioKubernetes and Istio
Kubernetes and IstioKetan Gote
 

Mais procurados (20)

Kubernetes Monitoring & Best Practices
Kubernetes Monitoring & Best PracticesKubernetes Monitoring & Best Practices
Kubernetes Monitoring & Best Practices
 
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
Kubernetes Day 2017 - Build, Ship and Run Your APP, Production !!
 
Enabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via KubernetesEnabling ceph-mgr to control Ceph services via Kubernetes
Enabling ceph-mgr to control Ceph services via Kubernetes
 
Web後端技術的演變
Web後端技術的演變Web後端技術的演變
Web後端技術的演變
 
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
OSDC 2018 | Lifecycle of a resource. Codifying infrastructure with Terraform ...
 
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...
 
Introduction to kubernetes
Introduction to kubernetesIntroduction to kubernetes
Introduction to kubernetes
 
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes WorkloadsAWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
AWS Summit Singapore 2019 | Autoscaling Your Kubernetes Workloads
 
Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)Application Portability with Kubernetes (k8)
Application Portability with Kubernetes (k8)
 
How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack How to Integrate Kubernetes in OpenStack
How to Integrate Kubernetes in OpenStack
 
Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)
 
Big data and Kubernetes
Big data and KubernetesBig data and Kubernetes
Big data and Kubernetes
 
Running I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati ShalomRunning I/O intensive workloads on Kubernetes, by Nati Shalom
Running I/O intensive workloads on Kubernetes, by Nati Shalom
 
A Million ways of Deploying a Kubernetes Cluster
A Million ways of Deploying a Kubernetes ClusterA Million ways of Deploying a Kubernetes Cluster
A Million ways of Deploying a Kubernetes Cluster
 
Openstack Summit Container Day Keynote
Openstack Summit Container Day KeynoteOpenstack Summit Container Day Keynote
Openstack Summit Container Day Keynote
 
Kubernetes extensibility
Kubernetes extensibilityKubernetes extensibility
Kubernetes extensibility
 
Ports, pods and proxies
Ports, pods and proxiesPorts, pods and proxies
Ports, pods and proxies
 
實際架構實踐演化與解決方案
實際架構實踐演化與解決方案實際架構實踐演化與解決方案
實際架構實踐演化與解決方案
 
Introducing LinuxKit
Introducing LinuxKitIntroducing LinuxKit
Introducing LinuxKit
 
Kubernetes and Istio
Kubernetes and IstioKubernetes and Istio
Kubernetes and Istio
 

Semelhante a Demystifying Application Connectivity with Kubernetes in the Docker Platform

DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDocker, Inc.
 
Kubernetes day 2 Operations
Kubernetes day 2 OperationsKubernetes day 2 Operations
Kubernetes day 2 OperationsPaul Czarkowski
 
Fabio rapposelli pks-vmug
Fabio rapposelli pks-vmugFabio rapposelli pks-vmug
Fabio rapposelli pks-vmugVMUG IT
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMwareVMUG IT
 
[Global logic] container runtimes and kubernetes
[Global logic] container runtimes and kubernetes[Global logic] container runtimes and kubernetes
[Global logic] container runtimes and kubernetesGlobalLogic Ukraine
 
The App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxThe App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxNebulaworks
 
Yannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflowYannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflowMarynaHoldaieva
 
Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...
Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...
Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...Lviv Startup Club
 
Kubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of ContainersKubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of ContainersKel Cecil
 
Effective Building your Platform with Kubernetes == Keep it Simple
Effective Building your Platform with Kubernetes == Keep it Simple Effective Building your Platform with Kubernetes == Keep it Simple
Effective Building your Platform with Kubernetes == Keep it Simple Wojciech Barczyński
 
Successful K8S Platforms in Airgapped Environments
Successful K8S Platforms in Airgapped EnvironmentsSuccessful K8S Platforms in Airgapped Environments
Successful K8S Platforms in Airgapped EnvironmentsKubernetesCommunityD
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)QAware GmbH
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on KubernetesOpsta
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to KubernetesSamuel Dratwa
 
Kubermatic CNCF Webinar - start.kubermatic.pdf
Kubermatic CNCF Webinar - start.kubermatic.pdfKubermatic CNCF Webinar - start.kubermatic.pdf
Kubermatic CNCF Webinar - start.kubermatic.pdfLibbySchulze
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionEric Gustafson
 
Virtual Flink Forward 2020: Integrate Flink with Kubernetes natively - Yang Wang
Virtual Flink Forward 2020: Integrate Flink with Kubernetes natively - Yang WangVirtual Flink Forward 2020: Integrate Flink with Kubernetes natively - Yang Wang
Virtual Flink Forward 2020: Integrate Flink with Kubernetes natively - Yang WangFlink Forward
 
Kubernetes meetup geneva june 2021
Kubernetes meetup geneva june 2021Kubernetes meetup geneva june 2021
Kubernetes meetup geneva june 2021SebastienSEYMARC
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Patrick Chanezon
 

Semelhante a Demystifying Application Connectivity with Kubernetes in the Docker Platform (20)

DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
 
Kubernetes day 2 Operations
Kubernetes day 2 OperationsKubernetes day 2 Operations
Kubernetes day 2 Operations
 
Fabio rapposelli pks-vmug
Fabio rapposelli pks-vmugFabio rapposelli pks-vmug
Fabio rapposelli pks-vmug
 
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
01 - VMUGIT - Lecce 2018 - Fabio Rapposelli, VMware
 
[Global logic] container runtimes and kubernetes
[Global logic] container runtimes and kubernetes[Global logic] container runtimes and kubernetes
[Global logic] container runtimes and kubernetes
 
The App Developer's Kubernetes Toolbox
The App Developer's Kubernetes ToolboxThe App Developer's Kubernetes Toolbox
The App Developer's Kubernetes Toolbox
 
Yannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflowYannis Zarkadas. Enterprise data science workflows on kubeflow
Yannis Zarkadas. Enterprise data science workflows on kubeflow
 
Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...
Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...
Yannis Zarkadas. Stefano Fioravanzo. Enterprise data science workflows on kub...
 
Kubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of ContainersKubernetes - Sailing a Sea of Containers
Kubernetes - Sailing a Sea of Containers
 
Effective Building your Platform with Kubernetes == Keep it Simple
Effective Building your Platform with Kubernetes == Keep it Simple Effective Building your Platform with Kubernetes == Keep it Simple
Effective Building your Platform with Kubernetes == Keep it Simple
 
Successful K8S Platforms in Airgapped Environments
Successful K8S Platforms in Airgapped EnvironmentsSuccessful K8S Platforms in Airgapped Environments
Successful K8S Platforms in Airgapped Environments
 
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
Kubernetes One-Click Deployment: Hands-on Workshop (Mainz)
 
Deploy Application on Kubernetes
Deploy Application on KubernetesDeploy Application on Kubernetes
Deploy Application on Kubernetes
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Kubermatic.pdf
Kubermatic.pdfKubermatic.pdf
Kubermatic.pdf
 
Kubermatic CNCF Webinar - start.kubermatic.pdf
Kubermatic CNCF Webinar - start.kubermatic.pdfKubermatic CNCF Webinar - start.kubermatic.pdf
Kubermatic CNCF Webinar - start.kubermatic.pdf
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
Virtual Flink Forward 2020: Integrate Flink with Kubernetes natively - Yang Wang
Virtual Flink Forward 2020: Integrate Flink with Kubernetes natively - Yang WangVirtual Flink Forward 2020: Integrate Flink with Kubernetes natively - Yang Wang
Virtual Flink Forward 2020: Integrate Flink with Kubernetes natively - Yang Wang
 
Kubernetes meetup geneva june 2021
Kubernetes meetup geneva june 2021Kubernetes meetup geneva june 2021
Kubernetes meetup geneva june 2021
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
 

Último

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Último (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Demystifying Application Connectivity with Kubernetes in the Docker Platform

  • 1. Demystifying Application Connectivity with Kubernetes in the Docker Platform Session #154945
  • 2. Dir. Solution Architecture,Tigera @worldhopper Karthik Prabhakar Solution Architect, Docker @nicolakabar Nicola Kabar
  • 3. Quick Poll #1 Who is designing a Kubernetes Container Platform ?
  • 4. Quick Poll #2 Who is intimidated by Kubernetes Networking?
  • 5. ...Then This Session is for You! ● Networking Design Considerations ● Calico CNI + Basics of K8S Networking ● Docker EE + Calico Integration Overview ● Application Deployment with Docker EE ● Takeaways ● Q&A
  • 6. •Heterogeneous Infrastructure •Diverse Application Portfolio •Zero-Trust Security Design Considerations
  • 7. Let’s Start with K8S Connectivity Basics
  • 8. Kubernetes Connectivity Concepts Pod Networking (CNI) Ingress Services (Kube-proxy) Network Policy Kube-DNS
  • 9. Worker Nodes UCP Manager/ K8s Master Manager Nodes Pod Creation: Kubelet Node apiserver scheduler controller- manager Etcd kubelet Node Pod Node
  • 10. Worker Nodes UCP Manager/ K8s Master Manager Nodes Pod Network: Calico/CNI apiserver scheduler controller- manager Etcd kubelet Calico/CNI Calico/IPAM
  • 11. Worker Nodes UCP Manager/ K8s Master Manager Nodes Pod Network: Calico/Node apiserver scheduler controller- manager Etcd kubelet Calico/CNI Calico/IPAM Calico/Node Calico/Node Calico/CNI Calico/IPAM kubelet
  • 12. Worker Nodes UCP Manager/ K8s Master Manager Nodes Kubernetes Services: Kube-proxy apiserver scheduler controller- manager Etcd kubelet Calico/CNI Calico/IPAM Calico/Node Calico/Node kube-proxy kube-proxy Calico/CNI Calico/IPAM kubelet > Cluster IP > Node Port > Load Balancer
  • 13. UCP Manager/ K8s Master Manager Nodes Kubernetes Services: Ingress apiserver scheduler controller- manager Etcd Worker NodesIngress Nodes pod svc A service-a.example.com
  • 14. Worker Nodes UCP Manager/ K8s Master Manager Nodes Network Policy apiserver scheduler controller- manager Etcd kubelet Calico/CNI Calico/IPAM Calico/Node Calico/Node kube-proxy kube-proxy Calico/CNI Calico/IPAM kubelet
  • 15. Secure networking for the cloud-native era Open source, maintained by Tigera with hundreds of third party contributors Batteries-included Container networking for Docker EE Kubernetes > Scalable, distributed control plane > Policy-driven network security > No overlay required > Integratedwith all major cloud platforms > Widely deployed, proven at scale TIGERA CALICO: WHY IT’S AWESOME
  • 16. Docker Enterprise Edition 2.0 + Calico Architecture Overview
  • 17. Node UCP Manager Manager Nodes Load Balancer (ucp.example.com) Node Node Node UCP worker Worker Nodes Node UCP worker Node UCP worker Node DTR worker DTR Nodes Load Balancer (dtr.example.com) Node DTR worker Node DTR worker DTR Storage (Azure Storage, NFS, etc.) Logging Monitoring Image storage External CALDAP/AD Add-ons UCP Manager UCP Manager Docker Enterprise Edition Overview Load Balancer (app.example.com)
  • 18. UCP Manager/ K8s Master Manager Nodes Worker Nodes Docker Enterprise Edition 2.0 Calico Integration kubelet k8s-apiserver calico-node Appl Pod A kubelet UCP / k8s Worker A kube-proxy kube-dns k8s-scheduler calico-node kube-proxy calico-node App Pod B kubelet kube-proxy UCP / k8s Worker B Pod IP Connectivity Peering Native Host Routing calico-kube-controller k8s-controller eth0 eth0
  • 19. UCP Manager/ K8s Master Manager Nodes Load Balancer (ucp.example.com) Node UCP/K8S worker Worker Nodes Node UCP/K8S worker Node UCP/K8S worker UCP Manager/ K8s Master UCP Manager/ K8s Master Calico Node Calico Node Calico Node Calico Node Calico NodeCalico Node App Pods App Pods App Pods Demo 1: Docker EE + Calico Overview
  • 20. UCP Manager/ K8s Master Manager Nodes Load Balancer (ucp.example.com) Node UCP/K8S worker Worker Nodes Node UCP/K8S worker Node UCP/K8S worker UCP Manager/ K8s Master UCP Manager/ K8s Master Calico Node Calico Node Calico Node Calico Node Calico NodeCalico Node Client Pod Frontend Pod Backend Pod Node UCP/K8S worker Node UCP/K8S worker Calico Node Calico Node NGINXNGINX Demo 2: Let’s Deploy a Sample Application Ingress Nodes Client Service UI Service Frontend Service Backend Service
  • 21. Let’s revisit our Design Considerations.
  • 22. Heterogeneous Infrastructure ➔No Underlay Dependency = No Lock-In ➔Simple Zero-Touch Provisioning ➔Any Infrastructure, Any Cloud ◆On-Prem ( VM, Bare) ◆Cloud ( AWS, Azure, GCP) ◆Hybrid
  • 23. Connectivity Concept Out-of-the-Box Solution with Docker EE 2.0 Pod - Pod Calico CNI Services ClusterIP NodePort LoadBalancer Ingress NGINX Ingress Controller DNS kube-dns K8s Network Policy Calico Diverse Application Portfolio * Tigera CNX builds on Calico with enterprise security features: Hierarchical Policies, Policy RBAC, DevSecOps tools (Audit, Alerting, Compliance), etc.
  • 24. Zero-Trust Security •Declarative policy-driven isolation •Fine-grained access control •Dynamic, in lock step with Kubernetes ComplianceStage/tier separation Tenant/namespace isolation Micro- segmentation
  • 25. Takeaway Docker Enterprise Edition 2.0 seamlessly integrates Calico as the default CNI providing choice of using native K8S connectivity abstractions on any infrastructure all while enforcing a dynamic policy-based microsegmentation.
  • 26. Thank you! Questions? Try Docker EE + Calico: trial.docker.com community.docker.com slack.projectcalico.org @docker @projectcalico @tigeraio