Demystifying Application Connectivity with Kubernetes in the Docker Platform
Download as PPTX, PDF2 likes652 views
The session discusses Kubernetes connectivity within the Docker platform, focusing on networking design considerations, the integration of Calico as a Container Network Interface (CNI), and application deployment. Key points include zero-trust security principles, heterogeneous infrastructure support, and the benefits of using Docker Enterprise Edition 2.0 with Calico for policy-driven network security. Participants are encouraged to explore Docker EE with Calico for versatile and secure cloud-native application environments.
Demystifying Application Connectivity with Kubernetes in the Docker Platform
- 1. Demystifying Application Connectivity with Kubernetes in the Docker Platform Session #154945
- 2. Dir. Solution Architecture,Tigera @worldhopper Karthik Prabhakar Solution Architect, Docker @nicolakabar Nicola Kabar
- 3. Quick Poll #1 Who is designing a Kubernetes Container Platform ?
- 4. Quick Poll #2 Who is intimidated by Kubernetes Networking?
- 5. ...Then This Session is for You! ● Networking Design Considerations ● Calico CNI + Basics of K8S Networking ● Docker EE + Calico Integration Overview ● Application Deployment with Docker EE ● Takeaways ● Q&A
- 6. •Heterogeneous Infrastructure •Diverse Application Portfolio •Zero-Trust Security Design Considerations
- 7. Let’s Start with K8S Connectivity Basics
- 8. Kubernetes Connectivity Concepts Pod Networking (CNI) Ingress Services (Kube-proxy) Network Policy Kube-DNS
- 9. Worker Nodes UCP Manager/ K8s Master Manager Nodes Pod Creation: Kubelet Node apiserver scheduler controller- manager Etcd kubelet Node Pod Node
- 10. Worker Nodes UCP Manager/ K8s Master Manager Nodes Pod Network: Calico/CNI apiserver scheduler controller- manager Etcd kubelet Calico/CNI Calico/IPAM
- 11. Worker Nodes UCP Manager/ K8s Master Manager Nodes Pod Network: Calico/Node apiserver scheduler controller- manager Etcd kubelet Calico/CNI Calico/IPAM Calico/Node Calico/Node Calico/CNI Calico/IPAM kubelet
- 12. Worker Nodes UCP Manager/ K8s Master Manager Nodes Kubernetes Services: Kube-proxy apiserver scheduler controller- manager Etcd kubelet Calico/CNI Calico/IPAM Calico/Node Calico/Node kube-proxy kube-proxy Calico/CNI Calico/IPAM kubelet > Cluster IP > Node Port > Load Balancer
- 13. UCP Manager/ K8s Master Manager Nodes Kubernetes Services: Ingress apiserver scheduler controller- manager Etcd Worker NodesIngress Nodes pod svc A service-a.example.com
- 14. Worker Nodes UCP Manager/ K8s Master Manager Nodes Network Policy apiserver scheduler controller- manager Etcd kubelet Calico/CNI Calico/IPAM Calico/Node Calico/Node kube-proxy kube-proxy Calico/CNI Calico/IPAM kubelet
- 15. Secure networking for the cloud-native era Open source, maintained by Tigera with hundreds of third party contributors Batteries-included Container networking for Docker EE Kubernetes > Scalable, distributed control plane > Policy-driven network security > No overlay required > Integratedwith all major cloud platforms > Widely deployed, proven at scale TIGERA CALICO: WHY IT’S AWESOME
- 16. Docker Enterprise Edition 2.0 + Calico Architecture Overview
- 17. Node UCP Manager Manager Nodes Load Balancer (ucp.example.com) Node Node Node UCP worker Worker Nodes Node UCP worker Node UCP worker Node DTR worker DTR Nodes Load Balancer (dtr.example.com) Node DTR worker Node DTR worker DTR Storage (Azure Storage, NFS, etc.) Logging Monitoring Image storage External CALDAP/AD Add-ons UCP Manager UCP Manager Docker Enterprise Edition Overview Load Balancer (app.example.com)
- 18. UCP Manager/ K8s Master Manager Nodes Worker Nodes Docker Enterprise Edition 2.0 Calico Integration kubelet k8s-apiserver calico-node Appl Pod A kubelet UCP / k8s Worker A kube-proxy kube-dns k8s-scheduler calico-node kube-proxy calico-node App Pod B kubelet kube-proxy UCP / k8s Worker B Pod IP Connectivity Peering Native Host Routing calico-kube-controller k8s-controller eth0 eth0
- 19. UCP Manager/ K8s Master Manager Nodes Load Balancer (ucp.example.com) Node UCP/K8S worker Worker Nodes Node UCP/K8S worker Node UCP/K8S worker UCP Manager/ K8s Master UCP Manager/ K8s Master Calico Node Calico Node Calico Node Calico Node Calico NodeCalico Node App Pods App Pods App Pods Demo 1: Docker EE + Calico Overview
- 20. UCP Manager/ K8s Master Manager Nodes Load Balancer (ucp.example.com) Node UCP/K8S worker Worker Nodes Node UCP/K8S worker Node UCP/K8S worker UCP Manager/ K8s Master UCP Manager/ K8s Master Calico Node Calico Node Calico Node Calico Node Calico NodeCalico Node Client Pod Frontend Pod Backend Pod Node UCP/K8S worker Node UCP/K8S worker Calico Node Calico Node NGINXNGINX Demo 2: Let’s Deploy a Sample Application Ingress Nodes Client Service UI Service Frontend Service Backend Service
- 21. Let’s revisit our Design Considerations.
- 22. Heterogeneous Infrastructure ➔No Underlay Dependency = No Lock-In ➔Simple Zero-Touch Provisioning ➔Any Infrastructure, Any Cloud ◆On-Prem ( VM, Bare) ◆Cloud ( AWS, Azure, GCP) ◆Hybrid
- 23. Connectivity Concept Out-of-the-Box Solution with Docker EE 2.0 Pod - Pod Calico CNI Services ClusterIP NodePort LoadBalancer Ingress NGINX Ingress Controller DNS kube-dns K8s Network Policy Calico Diverse Application Portfolio * Tigera CNX builds on Calico with enterprise security features: Hierarchical Policies, Policy RBAC, DevSecOps tools (Audit, Alerting, Compliance), etc.
- 24. Zero-Trust Security •Declarative policy-driven isolation •Fine-grained access control •Dynamic, in lock step with Kubernetes ComplianceStage/tier separation Tenant/namespace isolation Micro- segmentation
- 25. Takeaway Docker Enterprise Edition 2.0 seamlessly integrates Calico as the default CNI providing choice of using native K8S connectivity abstractions on any infrastructure all while enforcing a dynamic policy-based microsegmentation.
- 26. Thank you! Questions? Try Docker EE + Calico: trial.docker.com community.docker.com slack.projectcalico.org @docker @projectcalico @tigeraio