Docker Datacenter Workshop IntroBanjot Chanana@banjot

Agenda• Presentation

– Docker Ops 101– Containers-as-a-Service– Docker Datacenter Walkthrough

• Workshop Labs– Install Docker Datacenter– Deploy Container– Deploy Apps– Set up RBAC and Teams– Extra: Set up LDAP based Teams

Docker Ops 101

Containers

4

5

Introducing Containers

•Each root file system is called a container•Each container also has its own

–Processes–Memory–Devices–Network stack

Containerization uses the kernel on the host operating system to run multiple root file systems

Docker BasicsDocker ImageThe basis of a Docker container

Docker ContainerThe standard unit in which the application service resides

Docker Engine Creates, ships and runs Docker containers deployable on physical or virtual host locally, in a datacenter or cloud service provider

Docker Trusted RegistryFor image storing and secure collaboration

6

Orchestration

7

Machine Provisions Docker installed infrastructure onto servers and VPCsHas Drivers to integrate with infrastructure partners

SwarmA powerful, scalable clustering solution for Docker enginesTool can leverage all existing Docker APIs

ComposeAllows users to deploy multi-container applications into any Dockerized environment with Compose

Benefits of Docker• Separation of concerns but consistent experience

–Developers focus on building their apps –System admins focus on deployment–Everyone deploys using the same image and the same API

• Application portability– Build in one environment, ship to another– Images are portable across infra providers

• Scalability– Easily spin up new containers if needed

• Higher Infrastructure utilization

Transforming the Dev Landscape

9

Loosely Coupled Services

Many Small Servers or devices

~2000 Today

Monolithic

Big Servers

Slow changing

Rapidly updated

Development VM

QA Server

Public Cloud

Disaster Recovery

Contributor’s Laptop

Production Servers

Production Cluster

Data Center

Containerization is the catalyst

Static Website

Web Front End

Background Workers

User DB

Analytics DB

QueueAPI Endpoint

Running a global software supply chain

Build, ship, run any application, anywhere

Development Center

Cloud Zone 1

Datacenter

Headquarters

Cloud Zone 2

What Should I Worry About?Non-Trivial changes for Ops team • Containers can be either Cattle or Pets• Material impact to how much you monitoring or logging you ingest

– Container Logging– Engine Logging

• Monitoring• Security Review of your containers and Engine deployments (CIS, NIST, SecComp, etc.)

Containers as a Service (CaaS)and Docker Datacenter

First attempt: PaaS

• Developer self service – point and deploy

• Everything packaged together

• Need for customization eventually exceeds PaaS

PaaS

Infrastructure

Languages

OS

Tooling

Embedded

Everyone outgrows their PaaS. Then what?

?

IaaSPaaS

CaaS is the best of both worlds

Containers as a Service (CaaS)

PaaSAn open, customizable platformbuilt on standard containers.

+ Existing on prem infrastructure (e.g. RHEL/Ubuntu, Windows, ++)

CaaS Value Propositions for Enterprise

17

Management at scale

Integrated Content Trust

Secure Access (RBAC)

Integrates with existing systems

Full support of Docker API

Seamless dev to prod workflow

Infrastructure, network and storage portability

Easy to setup and use

Native Docker solution

Extend existing Docker developer experience

+ +Agility Portability Control

Agility, Portability and Control for Devs and IT Ops

Developers IT Operations

• Freedom to create and deploy apps fast

• Define and package application needs

• Quickly and flexibly respond to changing needs

• Standardize, secure, and manage

Frictionless portability across teams, environments, infrastructure

18

Containers as a Service for EnterpriseAn IT Ops managed and secure application environment for developers to self service build and deploy applications

Enabling CaaS for Developers and ITDevelopers IT Operations

BUILDDevelopment Environments

SHIPSecure Content & Collaboration

RUNDeploy, Manage, Scale

20

Docker DatacenterDocker commercial CaaS solution for an on-premises or virtual private cloud environment

Operating Systems Config Mgt Monitoring LoggingCI/CD ..more..

Infrastructure

Docker Universal Control PlaneApp and cluster management

SecurityContent Trust, RBAC, LDAP/AD

Docker EngineContainer runtime, orchestration, networking, volumes, plugins

Docker Trusted Registry Image management and distribution

Images Networking Volumes

VirtualizationPublic Cloud Physical/Converged

Docker Datacenter Architectural Overview

Client

Compose

Partner IntegrationsDocker Integrations

VolumePlug-ins

Monitoring Logging

NetworkPlug-ins

Docker Universal Control Plane

22

Docker Trusted Registry

On premises Datacenter Virtual Private Cloud

Commercially supported Docker Engines

Docker Swarm

Docker Datacenter

Docker Content TrustStorage Drivers

LDAP/ AD

Confidential, Not for Reproduction

UCP: Orchestration and integrations at scale

Universal Control Plane

High Availability Access Control

3rd Party PluginsSwarm Managed

GUI Management

Docker Native Integration

Monitoring

23

DTR: Secure Image Collaboration

Trusted Registry

Log Aggregator

Authorization Server

Registry ServiceContent Trust

24

LDAP/AD

Logs

Storage

Image Repo

Image Repo

Image Repo

Admin Server

Notary Server

Web UI

CLI

High Availability (DTR+UCP)

UCP Controller

LDAP/ADExternal CA

DTR Replica

DTR Replica

DTR Replica

Replicated DTR Config, State, and CAs across DTR Replicas

Replicated UCP CAs, Config, and Auth Stateacross UCP Controllers

UCP ControllerUCP Controller

UCP NodeUCP NodeUCP NodeUCP Node

Secure Runtime Access

Set up options• LDAP/AD support• Built-in

Granular RBAC• Users and Teams• Roles• Permission labels

User Experience• Single sign on

26

27

Central IT maintained registry with signed base images

Application teams self service from central registry

Central IT managed infrastructure, app deployment and ongoing management

Central Registry Central Management

Scenario 1: Centralized CaaS Model

Scenario 2: Decentralized CaaS Model

Private datacenter for regulated apps

Central IT maintained portal to provision compute resources and marketplace of app images

VPC 1 VPC2

App 1

App 2

App 1

App 2 App

De-centralized development and infrastructure provisioning

De-centralized deployment and management of infrastructure and applications

Cloud Portability

App Portability

28

Central Portal

Cloud for all other apps

• Provision resources

• RBAC to VPC / datacenter

• Trusted Registry hosted application templates

App

Q&A

In this workshop we will…https://github.com/docker-training/DCUS16-DDC-workshop

•Install the Commercially Supported Docker Engine•Install UCP and deploy containerized applications•Install DTR and push/pull container images•Use Role-Based Access Control to secure your user environment•Extra Credit Assignments

–Connect with an external LDAP server for authentication–Integrate UCP and DTR for single-sign-on image push/pulls

Ask us for assistance!

Tips and Tricks!•Install UCP on the “Controller” node. Perform a UCP “join” on the

remaining 2 nodes (dtr, node)–When complete, you should see 3 nodes in your UCP GUI (controller,

node, dtr)•To get a Trial License go to

https://store.docker.com/bundles/docker-datacenter•When Installing DTR, use $NODE_HOSTNAME = dtr• When first logging into DTR, make sure follow instructions to trust the

CA from DTR on the docker host you are doing ‘docker login’ or ‘docker pull…’

•Install docker-compose on the node instead of the controller•Send us feedback! banjot@docker.com