The sharing of computing resources among applications and users solves many challenges and presents opportunities for enterprise IT. It leads to better infrastructure efficiency and the specialization of responsibilities in the IT stack. Shared resources across diverse organizations and applications also introduce new hurdles. Tenants need to access their resources securely and with complete privacy from other tenants. This requires secure segmentation, access control, and more.
Container multi-tenancy is much more than cgroups and namespaces. This talk focuses on the advanced Access Control features in Docker Enterprise Edition that provide the fine-grained control to segment cluster resources. This includes how to design fine-grained roles, the architecture and grouping of resources, and how to apply these as Access Control policy. Walk through practical examples from current production designs and understand how they can be applied to your organization.
4. • Payments team can view their containers and
logs only
• Mobile team can view their containers and logs
only
• Admins - Full capabilities, full stack
• Ops team Full capabilities against application
nodes
Access Control at OrcaBank
8. • Admins - Full capabilities, full stack
• Ops team Full capabilities against application
nodes
• Payments team can view their containers only
• Mobile team can view their containers only
Access Control at OrcaBank
16. OrcaBank “DevOps” Cluster
New Requirements
• Mobile Team - Full capabilities to deploy in
“mobile” collection
• Payments Team - Full capabilities to deploy
in “payments” collection
• DB Team - Full capabilities to deploy in “db”
collection
• Each team will also have dedicated nodes