Upload
docker-inc
View
1.807
Download
1
Embed Size (px)
Citation preview
Agenda• Presentation
– Docker Ops 101– Containers-as-a-Service– Docker Datacenter Walkthrough
• Workshop Labs– Install Docker Datacenter– Deploy Container– Deploy Apps– Set up RBAC and Teams– Extra: Set up LDAP based Teams
5
Introducing Containers
•Each root file system is called a container•Each container also has its own
–Processes–Memory–Devices–Network stack
Containerization uses the kernel on the host operating system to run multiple root file systems
Docker BasicsDocker ImageThe basis of a Docker container
Docker ContainerThe standard unit in which the application service resides
Docker Engine Creates, ships and runs Docker containers deployable on physical or virtual host locally, in a datacenter or cloud service provider
Docker Trusted RegistryFor image storing and secure collaboration
6
Orchestration
7
Machine Provisions Docker installed infrastructure onto servers and VPCsHas Drivers to integrate with infrastructure partners
SwarmA powerful, scalable clustering solution for Docker enginesTool can leverage all existing Docker APIs
ComposeAllows users to deploy multi-container applications into any Dockerized environment with Compose
Benefits of Docker• Separation of concerns but consistent experience
–Developers focus on building their apps –System admins focus on deployment–Everyone deploys using the same image and the same API
• Application portability– Build in one environment, ship to another– Images are portable across infra providers
• Scalability– Easily spin up new containers if needed
• Higher Infrastructure utilization
Transforming the Dev Landscape
9
Loosely Coupled Services
Many Small Servers or devices
~2000 Today
Monolithic
Big Servers
Slow changing
Rapidly updated
Development VM
QA Server
Public Cloud
Disaster Recovery
Contributor’s Laptop
Production Servers
Production Cluster
Data Center
Containerization is the catalyst
Static Website
Web Front End
Background Workers
User DB
Analytics DB
QueueAPI Endpoint
Running a global software supply chain
Build, ship, run any application, anywhere
Development Center
Cloud Zone 1
Datacenter
Headquarters
Cloud Zone 2
What Should I Worry About?Non-Trivial changes for Ops team • Containers can be either Cattle or Pets• Material impact to how much you monitoring or logging you ingest
– Container Logging– Engine Logging
• Monitoring• Security Review of your containers and Engine deployments (CIS, NIST, SecComp, etc.)
First attempt: PaaS
• Developer self service – point and deploy
• Everything packaged together
• Need for customization eventually exceeds PaaS
PaaS
Infrastructure
Languages
OS
Tooling
Embedded
CaaS is the best of both worlds
Containers as a Service (CaaS)
PaaSAn open, customizable platformbuilt on standard containers.
+ Existing on prem infrastructure (e.g. RHEL/Ubuntu, Windows, ++)
CaaS Value Propositions for Enterprise
17
Management at scale
Integrated Content Trust
Secure Access (RBAC)
Integrates with existing systems
Full support of Docker API
Seamless dev to prod workflow
Infrastructure, network and storage portability
Easy to setup and use
Native Docker solution
Extend existing Docker developer experience
+ +Agility Portability Control
Agility, Portability and Control for Devs and IT Ops
Developers IT Operations
• Freedom to create and deploy apps fast
• Define and package application needs
• Quickly and flexibly respond to changing needs
• Standardize, secure, and manage
Frictionless portability across teams, environments, infrastructure
18
Containers as a Service for EnterpriseAn IT Ops managed and secure application environment for developers to self service build and deploy applications
Enabling CaaS for Developers and ITDevelopers IT Operations
BUILDDevelopment Environments
SHIPSecure Content & Collaboration
RUNDeploy, Manage, Scale
20
Docker DatacenterDocker commercial CaaS solution for an on-premises or virtual private cloud environment
Operating Systems Config Mgt Monitoring LoggingCI/CD ..more..
Infrastructure
Docker Universal Control PlaneApp and cluster management
SecurityContent Trust, RBAC, LDAP/AD
Docker EngineContainer runtime, orchestration, networking, volumes, plugins
Docker Trusted Registry Image management and distribution
Images Networking Volumes
VirtualizationPublic Cloud Physical/Converged
Docker Datacenter Architectural Overview
Client
Compose
Partner IntegrationsDocker Integrations
VolumePlug-ins
Monitoring Logging
NetworkPlug-ins
Docker Universal Control Plane
22
Docker Trusted Registry
On premises Datacenter Virtual Private Cloud
Commercially supported Docker Engines
Docker Swarm
Docker Datacenter
Docker Content TrustStorage Drivers
LDAP/ AD
Confidential, Not for Reproduction
UCP: Orchestration and integrations at scale
Universal Control Plane
High Availability Access Control
3rd Party PluginsSwarm Managed
GUI Management
Docker Native Integration
Monitoring
23
DTR: Secure Image Collaboration
Trusted Registry
Log Aggregator
Authorization Server
Registry ServiceContent Trust
24
LDAP/AD
Logs
Storage
Image Repo
Image Repo
Image Repo
Admin Server
Notary Server
Web UI
CLI
High Availability (DTR+UCP)
UCP Controller
LDAP/ADExternal CA
DTR Replica
DTR Replica
DTR Replica
Replicated DTR Config, State, and CAs across DTR Replicas
Replicated UCP CAs, Config, and Auth Stateacross UCP Controllers
UCP ControllerUCP Controller
UCP NodeUCP NodeUCP NodeUCP Node
Secure Runtime Access
Set up options• LDAP/AD support• Built-in
Granular RBAC• Users and Teams• Roles• Permission labels
User Experience• Single sign on
26
27
Central IT maintained registry with signed base images
Application teams self service from central registry
Central IT managed infrastructure, app deployment and ongoing management
Central Registry Central Management
Scenario 1: Centralized CaaS Model
Scenario 2: Decentralized CaaS Model
Private datacenter for regulated apps
Central IT maintained portal to provision compute resources and marketplace of app images
VPC 1 VPC2
App 1
App 2
App 1
App 2 App
De-centralized development and infrastructure provisioning
De-centralized deployment and management of infrastructure and applications
Cloud Portability
App Portability
28
Central Portal
Cloud for all other apps
• Provision resources
• RBAC to VPC / datacenter
• Trusted Registry hosted application templates
App
In this workshop we will…https://github.com/docker-training/DCUS16-DDC-workshop
•Install the Commercially Supported Docker Engine•Install UCP and deploy containerized applications•Install DTR and push/pull container images•Use Role-Based Access Control to secure your user environment•Extra Credit Assignments
–Connect with an external LDAP server for authentication–Integrate UCP and DTR for single-sign-on image push/pulls
Ask us for assistance!
Tips and Tricks!•Install UCP on the “Controller” node. Perform a UCP “join” on the
remaining 2 nodes (dtr, node)–When complete, you should see 3 nodes in your UCP GUI (controller,
node, dtr)•To get a Trial License go to
https://store.docker.com/bundles/docker-datacenter•When Installing DTR, use $NODE_HOSTNAME = dtr• When first logging into DTR, make sure follow instructions to trust the
CA from DTR on the docker host you are doing ‘docker login’ or ‘docker pull…’
•Install docker-compose on the node instead of the controller•Send us feedback! [email protected]