SlideShare uma empresa Scribd logo

Networking in Docker EE 2.0 with Kubernetes and Swarm

Abhinandan P.b
Abhinandan P.b

The presentation is about the operator goal from networking perspective and how it is influenced by both swarm and kubernetes on the Docker EE platform

Engenharia
1 de 29
Baixar para ler offline
v Networking in Docker EE 2.0 with Kubernetes and Swarm
SW Engineer, Docker Flavio Crisciani SW Engineer, Docker Abhinandan Prativadi
Objectives Design principles behind Docker EE Focus on operator deployment goals What’s the best fit for Kubernetes and Swarm Final takeaways SWARM KUBERNETES
Docker EE Design Principles Multiple orchestrators Multiple OSs Multiple infrastructure Choice SecurityAgility Safer apps Chain of custody Threat mitigation Unified operations Cost efficiency
Docker EE Architecture Secure Cluster Management App Scheduler Swarm KubernetesOR Docker EE Cluster Universal Control Plane (UCP) Node • Each node is K8s and Swarm ready • Operator chooses the production orchestrator • Freedom to choose orchestrator Node Node
Operator network design goals Network Security Multi-tenancy Observability Flexibility Data-path Migration
Network Security Practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information Control planeData plane Management Plane Information segregation
Manager Mgmt Plane: Node identities with mutual TLS Control Plane: Encrypted gossip based DB Data Plane: Optionally encrypted with IPSec Manager Manager Network Security WorkerWorker
Network Security ucp-bundle-john $docker network create -d overlay john-network Error response from daemon: access denied: no access to Network Create, on collection ucp-bundle-admin $source env.sh Cluster "ucp_10.1.1.1:6443_admin" set. User "ucp_10.1.1.1:6443_admin" set. Context "ucp_10.1.1.1:6443_admin" created. ucp-bundle-admin $docker network create --opt encrypted --driver overlay net1 l5vtb59oqk6r7fgzrjlou6llg Jun 11 21:13:57 ubuntu-1 dockerd[4721]: time="2018-06-11T21:13:57.200950113Z" level=debug msg="Initial encryption keys: [(key: dda14, tag: 0x1eb1) (key: b6b91, tag: 0x1eb0) (key: 0e8a0, tag: 0x1eb2)]" Jun 11 21:13:57 ubuntu-1 dockerd[4721]: time="2018-06-11T21:13:57.201251695Z" level=debug msg="Initial encryption keys: [(key: dda14, tag: 0x1eb1) (key: b6b91, tag: 0x1eb0) (key: 0e8a0, tag: 0x1eb2)]"
Manager Mgmt Plane: Secure etcd, api-server access control Control Plane: Calico BGP based Control plane Data Plane: App to app encryption with service mesh Manager Manager Network Security WorkerWorker
Network Security ucp-bundle-john $source env.sh Cluster "ucp_10.1.1.1:6443_john" set. User "ucp_10.1.1.1:6443_john" set. Context "ucp_10.1.1.1:6443_john" created. ucp-bundle-john $ ucp-bundle-john $kubectl get pods -n kube-system Error from server (Forbidden): pods is forbidden: User "john" cannot list pods in the namespace "kube-system": access denied
Multi-tenancy Concept that refers to the logical isolation of shared virtual compute, storage, and network resources. Application isolation Traffic isolation
Multi-tenancy Constraints allow to specify where a workload can be deployed Containers in different networks are isolated. Worker Worker Net1 Net2
Multi-tenancy $docker service create --name redis_2 --constraint 'node.labels.type == queue' redis:3.0.6 $docker service create --name prod-db --network net1 alpine sleep 9000 X8qnrfhhjrcis5nk6fx6mfc5w $docker service create --name prod-web --network net2 alpine sleep 9000 T5uwwccffj0qg0zeddfnd5ouu $docker exec -it prod-web.1.87aa93qtbg1dvxip9cpizjdls sh / # ping prod-db.1.87aa93qtbg1dvxip9cpizjdls ping: bad address 'prod-db.1.87aa93qtbg1dvxip9cpizjdls'
Multi-tenancy Node Affinity, Taints and Tolerations allow to specify where a workload can be scheduled and deployed Policies define network connectivity between pods Worker Worker
Multi-tenancy $kubectl taint nodes node1 Tenant=node.org1:NoSchedule ….. tolerations: - key: ”Tenant" operator: "Equal" value: ”node.org1" effect: "NoSchedule" apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny spec: podSelector: {} policyTypes: - Ingress
Observability Is a measure of how well internal states of a system can be inferred from knowledge of its external outputs. Control Plane Data Plane Metrics
Observability Mgmt Plane: Cluster key-value store based on raft Control Plane: Gossip based datastore Metrics through swarm events Data Plane • Linux: network namespaces, iptables, IPVS • Windows: Windows Host Network Service
Observability Mgmt Plane: etcd, kubectl Control Plane: BGP for route distribution Metrics through Prometheus Data Plane • Linux: L3 forwarding, iptables and ipsets, nsenter, iproute • Windows: WinCNI that configures windows HNS
Flexibility Ability of a system to adapt to different ecosystems Network Drivers Cluster Configuration
Flexibility Allows multiple drivers, most used in is overlay Abstraction on top of physical infrastructure Dynamic network creation ORIGINAL ETHERNET FRAME VXLAN FRAME Available Drivers: Overlay, MacVlan, IPVlan, external drivers
Flexibility Multiple CNI plugins available CNI integrated with the cloud provider Static network configuration ORIGINAL ETHERNET FRAME IPINIP FRAME Available Drivers: IPinIP, Native L3 routing
Data Path Data-path traffic ingress and egress out of the cluster and between workloads Concept of Service Service Discovery Cloud Provider Performance
Data Path Service is a group of containers sharing the same image Forwarding performance depends on the driver, but leverages Linux and Windows native data path Service discovery is built-in served by the docker daemon and extensible
Data Path Service is a logical set of pods determined by label selectors. Forwarding performance depends on the driver, but leverages Linux and Windows native data path Service discovery is swappable. kube-dns by default
Migration Process of transferring apps between different systems Docker EE nodes are Swarm and K8s enabled Both networking stacks work independently Node
What fits best ? App Getting started InnovationFirst Project Scale It depends…
Docker EE allows you to choose what fits best for your purpose. Leverage your current expertise or investment. Swarm is simpler with native Docker experience. Kubernetes brings the flexibility and native integration with cloud providers. Final Takeaways
Thank you! Questions??

Recomendados

Kubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxKubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxmacchiang
 
Global Operations with Docker Enterprise
Global Operations with Docker EnterpriseGlobal Operations with Docker Enterprise
Global Operations with Docker EnterpriseNicola Kabar
 
OpenVirtex (OVX) Tutorial
OpenVirtex (OVX) TutorialOpenVirtex (OVX) Tutorial
OpenVirtex (OVX) Tutorial동호 손
 
Docker networking
Docker networkingDocker networking
Docker networkinglakshman kumar Vit.Lakshman
 
Docker Online Meetup #29: Docker Networking is Now GA
Docker Online Meetup #29: Docker Networking is Now GA Docker Online Meetup #29: Docker Networking is Now GA
Docker Online Meetup #29: Docker Networking is Now GA Docker, Inc.
 
AWS Chicago User Group presentation: Connecting Docker Containers over the In...
AWS Chicago User Group presentation: Connecting Docker Containers over the In...AWS Chicago User Group presentation: Connecting Docker Containers over the In...
AWS Chicago User Group presentation: Connecting Docker Containers over the In...Cohesive Networks
 
Kubernetes networking & Security
Kubernetes networking & SecurityKubernetes networking & Security
Kubernetes networking & SecurityVietnam Open Infrastructure User Group
 
Dockercon EU 2015 Recap
Dockercon EU 2015 RecapDockercon EU 2015 Recap
Dockercon EU 2015 RecapLee Calcote
 

Recomendados

Kubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxKubernetes deployment on bare metal with container linux
Kubernetes deployment on bare metal with container linuxmacchiang
 
Global Operations with Docker Enterprise
Global Operations with Docker EnterpriseGlobal Operations with Docker Enterprise
Global Operations with Docker EnterpriseNicola Kabar
 
OpenVirtex (OVX) Tutorial
OpenVirtex (OVX) TutorialOpenVirtex (OVX) Tutorial
OpenVirtex (OVX) Tutorial동호 손
 
Docker networking
Docker networkingDocker networking
Docker networkinglakshman kumar Vit.Lakshman
 
Docker Online Meetup #29: Docker Networking is Now GA
Docker Online Meetup #29: Docker Networking is Now GA Docker Online Meetup #29: Docker Networking is Now GA
Docker Online Meetup #29: Docker Networking is Now GA Docker, Inc.
 
AWS Chicago User Group presentation: Connecting Docker Containers over the In...
AWS Chicago User Group presentation: Connecting Docker Containers over the In...AWS Chicago User Group presentation: Connecting Docker Containers over the In...
AWS Chicago User Group presentation: Connecting Docker Containers over the In...Cohesive Networks
 
Kubernetes networking & Security
Kubernetes networking & SecurityKubernetes networking & Security
Kubernetes networking & SecurityVietnam Open Infrastructure User Group
 
Dockercon EU 2015 Recap
Dockercon EU 2015 RecapDockercon EU 2015 Recap
Dockercon EU 2015 RecapLee Calcote
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Docker Container: isolation and security
Docker Container: isolation and securityDocker Container: isolation and security
Docker Container: isolation and security宇 傅
 
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Cloud Native Day Tel Aviv
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deploymentMichael Cherny
 
Project kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes NextProject kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes NextAntoni Segura Puimedon
 
Understanding the container landscape and it associated projects
Understanding the container landscape and it associated projectsUnderstanding the container landscape and it associated projects
Understanding the container landscape and it associated projectsAnthony Chow
 
Docker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneDocker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneMadhu Venugopal
 
Open Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -EucalyptusOpen Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -EucalyptusSameer Naik
 
Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Etsuji Nakai
 
Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes CoreOS
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolationallingeek
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containersGoogle
 
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDeep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDocker, Inc.
 
Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7Etsuji Nakai
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container securityJohn Kinsella
 
Coscup SDN workshop - mininet
Coscup SDN workshop - mininetCoscup SDN workshop - mininet
Coscup SDN workshop - mininetHungWei Chiu
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWSZvika Gazit
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloudDobrica Pavlinušić
 
Microservices Network Architecture 101
Microservices Network Architecture 101Microservices Network Architecture 101
Microservices Network Architecture 101Cumulus Networks
 
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Patrick Chanezon
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerJorge Juan Mendoza
 

Mais conteúdo relacionado

Mais procurados

Container security
Container securityContainer security
Container securityAnthony Chow
 
Docker Container: isolation and security
Docker Container: isolation and securityDocker Container: isolation and security
Docker Container: isolation and security宇 傅
 
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Cloud Native Day Tel Aviv
 
Container security
Container securityContainer security
Container securityAnthony Chow
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deploymentMichael Cherny
 
Project kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes NextProject kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes NextAntoni Segura Puimedon
 
Understanding the container landscape and it associated projects
Understanding the container landscape and it associated projectsUnderstanding the container landscape and it associated projects
Understanding the container landscape and it associated projectsAnthony Chow
 
Docker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneDocker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneMadhu Venugopal
 
Open Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -EucalyptusOpen Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -EucalyptusSameer Naik
 
Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Etsuji Nakai
 
Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes CoreOS
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolationallingeek
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containersGoogle
 
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDeep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDocker, Inc.
 
Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7Etsuji Nakai
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container securityJohn Kinsella
 
Coscup SDN workshop - mininet
Coscup SDN workshop - mininetCoscup SDN workshop - mininet
Coscup SDN workshop - mininetHungWei Chiu
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWSZvika Gazit
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloudDobrica Pavlinušić
 
Microservices Network Architecture 101
Microservices Network Architecture 101Microservices Network Architecture 101
Microservices Network Architecture 101Cumulus Networks
 

Mais procurados (20)

Container security
Container securityContainer security
Container security
 
Docker Container: isolation and security
Docker Container: isolation and securityDocker Container: isolation and security
Docker Container: isolation and security
 
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
 
Container security
Container securityContainer security
Container security
 
Security best practices for kubernetes deployment
Security best practices for kubernetes deploymentSecurity best practices for kubernetes deployment
Security best practices for kubernetes deployment
 
Project kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes NextProject kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes Next
 
Understanding the container landscape and it associated projects
Understanding the container landscape and it associated projectsUnderstanding the container landscape and it associated projects
Understanding the container landscape and it associated projects
 
Docker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-PlaneDocker summit : Docker Networking Control-plane & Data-Plane
Docker summit : Docker Networking Control-plane & Data-Plane
 
Open Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -EucalyptusOpen Source Cloud Computing -Eucalyptus
Open Source Cloud Computing -Eucalyptus
 
Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7Inside Docker for Fedora20/RHEL7
Inside Docker for Fedora20/RHEL7
 
Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes Tectonic Summit 2016: Networking for Kubernetes
Tectonic Summit 2016: Networking for Kubernetes
 
Docker: Aspects of Container Isolation
Docker: Aspects of Container IsolationDocker: Aspects of Container Isolation
Docker: Aspects of Container Isolation
 
Introduction to linux containers
Introduction to linux containersIntroduction to linux containers
Introduction to linux containers
 
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SIDeep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
Deep Dive in Docker Overlay Networks - Laurent Bernaille - Architect, D2SI
 
Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7Linux Container Technology inside Docker with RHEL7
Linux Container Technology inside Docker with RHEL7
 
Understanding container security
Understanding container securityUnderstanding container security
Understanding container security
 
Coscup SDN workshop - mininet
Coscup SDN workshop - mininetCoscup SDN workshop - mininet
Coscup SDN workshop - mininet
 
Kubernetes networking in AWS
Kubernetes networking in AWSKubernetes networking in AWS
Kubernetes networking in AWS
 
Security of Linux containers in the cloud
Security of Linux containers in the cloudSecurity of Linux containers in the cloud
Security of Linux containers in the cloud
 
Microservices Network Architecture 101
Microservices Network Architecture 101Microservices Network Architecture 101
Microservices Network Architecture 101
 

Semelhante a Networking in Docker EE 2.0 with Kubernetes and Swarm

Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Patrick Chanezon
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerJorge Juan Mendoza
 
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...Guillaume Morini
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveMadhu Venugopal
 
Container world hybridnetworking_rev2
Container world hybridnetworking_rev2Container world hybridnetworking_rev2
Container world hybridnetworking_rev2Prem Sankar Gopannan
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric OverviewMichelle Holley
 
An Introduce of OPNFV (Open Platform for NFV)
An Introduce of OPNFV (Open Platform for NFV)An Introduce of OPNFV (Open Platform for NFV)
An Introduce of OPNFV (Open Platform for NFV)Mario Cho
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerAnanth Padmanabhan
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerSatya Sanjibani Routray
 
Weave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapWeave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapPatrick Chanezon
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerRahul Krishna Upadhyaya
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld
 
Multi-Container Apps spanning Docker, Mesos and OpenStack
Multi-Container Apps spanning Docker, Mesos and OpenStackMulti-Container Apps spanning Docker, Mesos and OpenStack
Multi-Container Apps spanning Docker, Mesos and OpenStackDocker, Inc.
 
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...Docker, Inc.
 
Effective Data Pipelines with Docker & Jenkins - Brian Donaldson
Effective Data Pipelines with Docker & Jenkins - Brian DonaldsonEffective Data Pipelines with Docker & Jenkins - Brian Donaldson
Effective Data Pipelines with Docker & Jenkins - Brian DonaldsonDocker, Inc.
 
Cloud Computing Industrial Training In Chandigarh
Cloud Computing Industrial Training In ChandigarhCloud Computing Industrial Training In Chandigarh
Cloud Computing Industrial Training In ChandigarhArcadian Learning
 

Semelhante a Networking in Docker EE 2.0 with Kubernetes and Swarm (20)

Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...
 
Building a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in dockerBuilding a sdn solution for the deployment of web application stacks in docker
Building a sdn solution for the deployment of web application stacks in docker
 
SW Docker Security
SW Docker SecuritySW Docker Security
SW Docker Security
 
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX BoxesCloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
CloudComp 2015 - SDN-Cloud Testbed with Hyper-convergent SmartX Boxes
 
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
DockerCon EU 2018 Workshop: Container Networking for Swarm and Kubernetes in ...
 
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
 
Container world hybridnetworking_rev2
Container world hybridnetworking_rev2Container world hybridnetworking_rev2
Container world hybridnetworking_rev2
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
 
An Introduce of OPNFV (Open Platform for NFV)
An Introduce of OPNFV (Open Platform for NFV)An Introduce of OPNFV (Open Platform for NFV)
An Introduce of OPNFV (Open Platform for NFV)
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
Simplify Networking for Containers
Simplify Networking for ContainersSimplify Networking for Containers
Simplify Networking for Containers
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using docker
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using docker
 
Weave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapWeave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 Recap
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using docker
 
VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization VMworld 2013: Deploying VMware NSX Network Virtualization
VMworld 2013: Deploying VMware NSX Network Virtualization
 
Multi-Container Apps spanning Docker, Mesos and OpenStack
Multi-Container Apps spanning Docker, Mesos and OpenStackMulti-Container Apps spanning Docker, Mesos and OpenStack
Multi-Container Apps spanning Docker, Mesos and OpenStack
 
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
DockerCon EU 2015: The Missing Piece: when Docker networking unleashing soft ...
 
Effective Data Pipelines with Docker & Jenkins - Brian Donaldson
Effective Data Pipelines with Docker & Jenkins - Brian DonaldsonEffective Data Pipelines with Docker & Jenkins - Brian Donaldson
Effective Data Pipelines with Docker & Jenkins - Brian Donaldson
 
Cloud Computing Industrial Training In Chandigarh
Cloud Computing Industrial Training In ChandigarhCloud Computing Industrial Training In Chandigarh
Cloud Computing Industrial Training In Chandigarh
 

Último

CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfAsst.prof M.Gokilavani
 
Solving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptSolving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptJasonTagapanGulla
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substationstephanwindworld
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catcherssdickerson1
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgsaravananr517913
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEroselinkalist12
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfAsst.prof M.Gokilavani
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AIabhishek36461
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...121011101441
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)dollysharma2066
 
Piping Basic stress analysis by engineering
Piping Basic stress analysis by engineeringPiping Basic stress analysis by engineering
Piping Basic stress analysis by engineeringJuanCarlosMorales19600
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsSachinPawar510423
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - GuideGOPINATHS437943
 

Último (20)

CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdfCCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
CCS355 Neural Network & Deep Learning Unit II Notes with Question bank .pdf
 
Solving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.pptSolving The Right Triangles PowerPoint 2.ppt
Solving The Right Triangles PowerPoint 2.ppt
 
Earthing details of Electrical Substation
Earthing details of Electrical SubstationEarthing details of Electrical Substation
Earthing details of Electrical Substation
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor CatchersTechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
TechTAC® CFD Report Summary: A Comparison of Two Types of Tubing Anchor Catchers
 
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfgUnit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
Unit7-DC_Motors nkkjnsdkfnfcdfknfdgfggfg
 
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETEINFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
INFLUENCE OF NANOSILICA ON THE PROPERTIES OF CONCRETE
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdfCCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
CCS355 Neural Networks & Deep Learning Unit 1 PDF notes with Question bank .pdf
 
Past, Present and Future of Generative AI
Past, Present and Future of Generative AIPast, Present and Future of Generative AI
Past, Present and Future of Generative AI
 
Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...Instrumentation, measurement and control of bio process parameters ( Temperat...
Instrumentation, measurement and control of bio process parameters ( Temperat...
 
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
Call Us ≽ 8377877756 ≼ Call Girls In Shastri Nagar (Delhi)
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
Piping Basic stress analysis by engineering
Piping Basic stress analysis by engineeringPiping Basic stress analysis by engineering
Piping Basic stress analysis by engineering
 
Vishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documentsVishratwadi & Ghorpadi Bridge Tender documents
Vishratwadi & Ghorpadi Bridge Tender documents
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
Transport layer issues and challenges - Guide
Transport layer issues and challenges - GuideTransport layer issues and challenges - Guide
Transport layer issues and challenges - Guide
 

Networking in Docker EE 2.0 with Kubernetes and Swarm

  • 1. v Networking in Docker EE 2.0 with Kubernetes and Swarm
  • 2. SW Engineer, Docker Flavio Crisciani SW Engineer, Docker Abhinandan Prativadi
  • 3. Objectives Design principles behind Docker EE Focus on operator deployment goals What’s the best fit for Kubernetes and Swarm Final takeaways SWARM KUBERNETES
  • 4. Docker EE Design Principles Multiple orchestrators Multiple OSs Multiple infrastructure Choice SecurityAgility Safer apps Chain of custody Threat mitigation Unified operations Cost efficiency
  • 5. Docker EE Architecture Secure Cluster Management App Scheduler Swarm KubernetesOR Docker EE Cluster Universal Control Plane (UCP) Node • Each node is K8s and Swarm ready • Operator chooses the production orchestrator • Freedom to choose orchestrator Node Node
  • 6. Operator network design goals Network Security Multi-tenancy Observability Flexibility Data-path Migration
  • 7. Network Security Practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information Control planeData plane Management Plane Information segregation
  • 8. Manager Mgmt Plane: Node identities with mutual TLS Control Plane: Encrypted gossip based DB Data Plane: Optionally encrypted with IPSec Manager Manager Network Security WorkerWorker
  • 9. Network Security ucp-bundle-john $docker network create -d overlay john-network Error response from daemon: access denied: no access to Network Create, on collection ucp-bundle-admin $source env.sh Cluster "ucp_10.1.1.1:6443_admin" set. User "ucp_10.1.1.1:6443_admin" set. Context "ucp_10.1.1.1:6443_admin" created. ucp-bundle-admin $docker network create --opt encrypted --driver overlay net1 l5vtb59oqk6r7fgzrjlou6llg Jun 11 21:13:57 ubuntu-1 dockerd[4721]: time="2018-06-11T21:13:57.200950113Z" level=debug msg="Initial encryption keys: [(key: dda14, tag: 0x1eb1) (key: b6b91, tag: 0x1eb0) (key: 0e8a0, tag: 0x1eb2)]" Jun 11 21:13:57 ubuntu-1 dockerd[4721]: time="2018-06-11T21:13:57.201251695Z" level=debug msg="Initial encryption keys: [(key: dda14, tag: 0x1eb1) (key: b6b91, tag: 0x1eb0) (key: 0e8a0, tag: 0x1eb2)]"
  • 10. Manager Mgmt Plane: Secure etcd, api-server access control Control Plane: Calico BGP based Control plane Data Plane: App to app encryption with service mesh Manager Manager Network Security WorkerWorker
  • 11. Network Security ucp-bundle-john $source env.sh Cluster "ucp_10.1.1.1:6443_john" set. User "ucp_10.1.1.1:6443_john" set. Context "ucp_10.1.1.1:6443_john" created. ucp-bundle-john $ ucp-bundle-john $kubectl get pods -n kube-system Error from server (Forbidden): pods is forbidden: User "john" cannot list pods in the namespace "kube-system": access denied
  • 12. Multi-tenancy Concept that refers to the logical isolation of shared virtual compute, storage, and network resources. Application isolation Traffic isolation
  • 13. Multi-tenancy Constraints allow to specify where a workload can be deployed Containers in different networks are isolated. Worker Worker Net1 Net2
  • 14. Multi-tenancy $docker service create --name redis_2 --constraint 'node.labels.type == queue' redis:3.0.6 $docker service create --name prod-db --network net1 alpine sleep 9000 X8qnrfhhjrcis5nk6fx6mfc5w $docker service create --name prod-web --network net2 alpine sleep 9000 T5uwwccffj0qg0zeddfnd5ouu $docker exec -it prod-web.1.87aa93qtbg1dvxip9cpizjdls sh / # ping prod-db.1.87aa93qtbg1dvxip9cpizjdls ping: bad address 'prod-db.1.87aa93qtbg1dvxip9cpizjdls'
  • 15. Multi-tenancy Node Affinity, Taints and Tolerations allow to specify where a workload can be scheduled and deployed Policies define network connectivity between pods Worker Worker
  • 16. Multi-tenancy $kubectl taint nodes node1 Tenant=node.org1:NoSchedule ….. tolerations: - key: ”Tenant" operator: "Equal" value: ”node.org1" effect: "NoSchedule" apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny spec: podSelector: {} policyTypes: - Ingress
  • 17. Observability Is a measure of how well internal states of a system can be inferred from knowledge of its external outputs. Control Plane Data Plane Metrics
  • 18. Observability Mgmt Plane: Cluster key-value store based on raft Control Plane: Gossip based datastore Metrics through swarm events Data Plane • Linux: network namespaces, iptables, IPVS • Windows: Windows Host Network Service
  • 19. Observability Mgmt Plane: etcd, kubectl Control Plane: BGP for route distribution Metrics through Prometheus Data Plane • Linux: L3 forwarding, iptables and ipsets, nsenter, iproute • Windows: WinCNI that configures windows HNS
  • 20. Flexibility Ability of a system to adapt to different ecosystems Network Drivers Cluster Configuration
  • 21. Flexibility Allows multiple drivers, most used in is overlay Abstraction on top of physical infrastructure Dynamic network creation ORIGINAL ETHERNET FRAME VXLAN FRAME Available Drivers: Overlay, MacVlan, IPVlan, external drivers
  • 22. Flexibility Multiple CNI plugins available CNI integrated with the cloud provider Static network configuration ORIGINAL ETHERNET FRAME IPINIP FRAME Available Drivers: IPinIP, Native L3 routing
  • 23. Data Path Data-path traffic ingress and egress out of the cluster and between workloads Concept of Service Service Discovery Cloud Provider Performance
  • 24. Data Path Service is a group of containers sharing the same image Forwarding performance depends on the driver, but leverages Linux and Windows native data path Service discovery is built-in served by the docker daemon and extensible
  • 25. Data Path Service is a logical set of pods determined by label selectors. Forwarding performance depends on the driver, but leverages Linux and Windows native data path Service discovery is swappable. kube-dns by default
  • 26. Migration Process of transferring apps between different systems Docker EE nodes are Swarm and K8s enabled Both networking stacks work independently Node
  • 27. What fits best ? App Getting started InnovationFirst Project Scale It depends…
  • 28. Docker EE allows you to choose what fits best for your purpose. Leverage your current expertise or investment. Swarm is simpler with native Docker experience. Kubernetes brings the flexibility and native integration with cloud providers. Final Takeaways