+ All Categories
Home > Documents > Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise....

Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise....

Date post: 20-May-2020
Category:
Upload: others
View: 36 times
Download: 1 times
Share this document with a friend
29
Matt Bentley Director, Solutions Engineering Docker, Inc. Introduction to Docker Enterprise
Transcript
Page 1: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Matt BentleyDirector, Solutions EngineeringDocker, Inc.

Introduction to Docker Enterprise

Page 2: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

AgendaIntroduction to Docker Enterprise

Docker Enterprise Platform Architecture

What’s New in Docker Enterprise 3.0

Page 3: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Containers are the New Standard for Apps

Page 4: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

But how do you roll out a successful container strategy in your business?

● Will this work with my existing storage and networking solutions?

● How do you control access to the workloads?

● How do you ensure the system is secure?

● What kind of governance model is in place?

● Where will my content/IP live?

● What types of apps will I containerize?

● Who on my staff will maintain, patch and operate this?

● Do my developers know how to use Docker?

Page 5: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

The Docker Enterprise PlatformANY APPLICATION

END-TO-END

ANYWHEREHybrid Cloud VM Bare Metal Edge

RunBuild

Share

Page 6: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Docker Enterprise 3.0Securely build, share and run any application, anywhere

Developer Productivity:Docker Desktop Enterprise

Build

Secure Registry and Collaboration:Docker Trusted RegistryDocker Hub

Share

Application Runtime and Orchestration:Docker Engine EnterpriseDocker Universal Control Plane Kubernetes and Swarm

Run

Page 7: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

BUILD: Desktop Enterprise● One-click to install

certified Kubernetes

● Application Designer and Application Templates - faster “time-to-Docker”

● Version Packs to align to production environments

● Distributed as PKG or MSI with standard endpoint management tools

Page 8: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

SHARE: Docker Hub & Trusted Registry

100B+ Container Downloads

HUB

TRUSTED REGISTRY

● Run in your own servers or VPC● Role-based access controls● Immutable repositories● Image promotion policies

● Image vulnerability scanning● Image caching & mirroring● Policy-based tag pruning● Webhook integration for CI automation

Page 9: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

RUN: Docker Kubernetes Service with Universal Control Plane

● Integrated Kubernetes 1.14

○ Includes out-of-the-box Calico CNI plugin

○ Option to run Swarm interchangeably, using the same Compose files

○ Advanced role-based access controls with integration to LDAP/AD, SAML 2.0

● Management dashboard with healthchecks, 24-hour data retention and easy drilldown of nodes, containers, networks, volumes

Page 10: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Built on Foundation of Docker EngineDocker Engine - Enterprise

Docker Engine - Community

containerd

runc

Certified Plugins,

ISVs

Signature Verification FIPS 140-2Support

SLA

PluginsStorage

Networking

Docker Compose

dockerdDocker CLI/API

Storage mgmt libnetwork

BuildKitSwarmKitDocker Content

Trust

Image mgmt

Logs Mgmt

● Based on leading containerd runtime

● Includes BuildKit and Docker CLI

● Enterprise Engine includes:

○ Enhanced security features like FIPS 140-2 validated encryption

○ Certified plugins for networking, storage, logging

Page 11: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Docker Enterprise Architecture

Page 12: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Cluster ArchitectureDocker Enterprise Cluster

Node

Manager

Node

Manager

Node

Manager

Management Plane

Node Node Node

Worker Worker Worker

NodeNode

DTRWorker

Node

DTRWorker

DTRWorker

Page 13: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Kubernetes in Docker EnterpriseUCP Manager/Linux UCP Linux worker

calico cni pods

kubedns

kube-proxy

kubelet

kube-controller-manager

kube-manager

kube-scheduler

calico cni pods

kube-proxy

kubelet

Page 14: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

What’s New in Docker Enterprise 3.0

Automated lifecycle management on your choice of infrastructure

● Day 1 and Day 2 ops● Easy install, scheduled and

online backups, blue/green upgrades

Enhanced Kubernetes Support

● Enterprise Storage CSI, iSCSI

● Built-in Ingress - Tech Preview

Faster time-to-market for new applications

● Enterprise-ready desktop development environment

● Application templates● Multi-service compose-based

applications (Docker App)

Enhanced security and continuous compliance

● Group managed service accounts (gMSA) for Swarm

● PKI Certificate-based authentication

● Open Security Controls Assessment Language (OSCAL) - Tech Preview

Expanding Choice Enhanced SecurityHigh Velocity Innovation

Page 15: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Benefits

● Give end users as much or little control as needed

● Safeguard against performance and security issues

Key Features

● Enables Admin to pre-configure Docker Desktop i.e. company-specific defaults

● Choose which settings the user can change

Desktop Administrator settings

Page 16: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Desktop Community Desktop Enterprise

Latest Docker Engine based on containerd ✅ ✅

Certified Kubernetes ✅ ✅

Available for Windows 10 and macOS ✅ ✅

Same interface and commands shared by developers and production ✅ ✅

Production-Ready App Development

Develop in any language or framework, even multiple version simultaneously

✅ ✅

Application Designer interface to simplify creating & developing Docker applications

Synchronize Docker Engine and Kubernetes versions to match Docker Enterprise

IT Manageability

Maintain and distribute across teams with standard MSI/PKG packages

Selectable configuration restrictions ✅

Customizable application templates ✅

Technical Support SLA ✅

Page 17: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Docker ApplicationsBuild, share and run multi-service apps in a single package deployable to any infrastructure

my-app.yml

Docker App

APP DESCRIPTION

name-version-maintainer

APP COMPONENTS

ENVIRONMENT VARIABLES

default-settings.yml

● “Container of containers” defines an application that can be comprised of multiple services

● Supports Docker Compose, Kubernetes YAML, Helm Charts and more

● Implements the new open standard, CNAB, announced by Docker and Microsoft

● Parameterized fields allow for flexible deployment across different environments, delivering on “code once, deploy anywhere”

Page 18: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

End-to-End Docker Application WorkflowConsistency from Dev to Ops

BUILD:

● Define and package multiple images and their interdependencies

● Compatible with Docker Compose, Helm charts and Kubernetes YAML

SHARE:

● Collaborate and distribute via Docker Hub and Docker Trusted Registry

● Shareable applications with clear interfaces for operators

RUN:

● Run multiple versions of the same application and manage per-environment settings

● Works with Swarm and Kubernetes

DOCKER HUB

DOCKER TRUSTED REGISTRY

DOCKER DESKTOP ENTERPRISE

DOCKER ENGINE + DOCKER KUBERNETES SERVICE

Page 19: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Docker Certified Infrastructure Components

• Automation Tooling build into Docker Engine without the need to install additional software using ‘docker cluster’ command

• Reference architectures for AWS, Azure and VSphere

• Ecosystem integrations with cluster add-ons

BENEFITS

• Eliminates the need to modify Terraform and Ansible modules directly

• Out of the box provisioning and management via CLI for multiple infrastructures on all supported releases

FEATURE

Page 20: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Docker Certified Infrastructure Architecture

VMVMVMEE

Infrastructure provider

docker/cluster:latest

docker cluster create -f cluster.yml

Terraform

VM

LB

Ansible

Reference Architecture

VM

Solution briefs

Swarm/K8sMonitoring

Logging

DTRUCP

LB

EE EE

LB

EE EE

cluster.yml

Page 21: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

UCP Backup EnhancementsLifecycle

• Backups the configuration of UCP without affecting your manager nodes

• Backup via the Web UI and view history

• Backend API to create and retrieve backups

BENEFITS

• De-risks upgrades to provide a more stable platform for lifecycle operations.

• Allows you to schedule backups at any given time without issues

FEATURE

etcd rethinkdb

UCP volumes

tar file

HTTP GET

Page 22: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Container Storage Interface (CSI) for K8sStorage

Storage Plugin

Container Storage Interface

Kubernetes

• CSI is a community-driven standardized interface for storage drivers across container orchestrators

• Docker Enterprise supports CSI through certified CSI drivers

Standardized Storage Interface

• Dynamic provisioning/deprovisioning• Attachment/Detachment • Mounting/Unmounting• Supports block and file storage types• Snapshotting • Provisioning volumes from snapshot

Volume Lifecycle Management

Page 23: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

iSCSI Target

iSCSI Support for K8sStorage

External Provisioner

Kubernetes

Kubelet

Host (iSCSI Initiator)

Pod

Volume

• Provision block, centralized, on-premise storage for high performance workloads

• Enables plugins for hardware-based storage that uses iSCSI for network storage

iSCSI

Page 24: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Kubernetes Cluster Ingress (Experimental)Networking

● Layer L7 ingress services such as:○ L7 routing○ Load balancing○ TLS termination○ API metrics○ Application deployment strategies

● Shipping as experimental in Docker Enterprise 3.0. Will be GA in a subsequent release.

● Istio-based ingress controller offering the ingress capabilities of the Envoy proxy.

Ingress Controller

Kubernetes

Pod

Client

IngressProxy

Control Plane Traffic

Application Traffic

Experimental

Page 25: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Standalone Engine GPU SupportGPU

$ docker run -it --rm --gpus all ubuntu nvidia-smiThu Apr 4 21:47:41 2019+-----------------------------------------------------------------------------+| NVIDIA-SMI 384.130 Driver Version: 384.130 ||-------------------------------+----------------------+----------------------+| GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC || Fan Temp Perf Pwr:Usage/Cap| Memory-Usage | GPU-Util Compute M. ||===============================+======================+======================|| 0 GRID K520 Off | 00000000:00:03.0 Off | N/A || N/A 36C P0 39W / 125W | 0MiB / 4036MiB | 0% Default |+-------------------------------+----------------------+----------------------+

+-----------------------------------------------------------------------------+| Processes: GPU Memory || GPU PID Type Process name Usage ||=============================================================================|| No running processes found |+-----------------------------------------------------------------------------+

● Support for Nvidia GPUs use inside containers with correct Nvidia drivers.

GPU

Page 26: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Manage multiple clusters using Docker ContextCLI

$ docker context listNAME DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATORlocal * An example context unix:///var/run/docker.sock https://192.168.65.3:6443 (default) kubernetesremote A remote context tcp://myserver:2376 swarmcurrent An automatic context tcp://myserver:2376 swarm

$ docker context use remote

• Seamlessly work with multiple Docker and Kubernetes clusters, without manual configuration

• Easily export and import contexts when moving between machines

• Supported in all Docker CLI commands

Docker Context

$ docker context create current --description "An automatic example" --docker from-current=true --kubernetes from-current=true

1. Create a context to store cluster credentials (including from UCP bundles)

2. List and manage your contexts

3. Set the context using the CLI or environment

PS> $Env:DOCKER_CONTEXT="remote"

Page 27: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

Open Security Controls Assessment Language (OSCAL) - (Experimental)

Security

Docker EnterpriseCatalogs and profiles in OSCAL format

Automated Assessment

Automated Reporting

Standardized reporting in OSCAL format

● “Tech preview” integration of NIST’s new OSCAL standard (https://github.com/usnistgov/OSCAL)

● Compliance automation and built-in security control auditing

● Standardized reporting against multiple security control catalogs

○ NIST 800-53 only for alpha-1○ CIS Docker and Kube

Benchmarks coming in a future dev release

● Available via new UCP API endpoints (refer to live API docs)

○ OSCAL formatted JSON output● New open source OSCAL SDK

(https://github.com/docker/oscalkit)

Experimental

Page 28: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

• Docker Enterprise is the industry-leading enterprise container platform

• The only container platform that extends from developers’ desktops to the cloud

• Enabling applications of all kinds

In Summary

Page 29: Docker, Inc. Director, Solutions Engineering · Docker, Inc. Introduction to Docker Enterprise. Agenda Introduction to Docker Enterprise Docker Enterprise Platform Architecture ...

3:00-5:00pm, Continental Ballroom

How to build your containerization strategy

1:00-1:45pm, International Ballroom A

Check out these sessions:

Developing New Applications with Docker App Package


Recommended