This document discusses Docker container networking and publishing applications securely with Docker Enterprise. It provides an overview of key Kubernetes networking concepts like pods, services, ingress and network policies. It then details how Docker Enterprise integrates with Calico for container networking and policy-driven security. The integration provides connectivity between pods and services out of the box. It also allows enforcing network policies and zero-trust security through Calico's policy engine. The document concludes with demos of publishing sample applications using Docker Swarm services and Kubernetes ingress resources.
7. Secure networking for the cloud-native era
Open source, maintained by Tigera with hundreds of
third party contributors
Batteries-included Container networking for Docker
Enterprise Kubernetes
> Scalable, distributed control plane
> Policy-driven network security
> No overlay required
> Integrated with all major cloud platforms
> Widely deployed, proven at scale
TIGERA CALICO: WHY IT’S AWESOME
8. ➔ No Underlay Dependency = No Lock-In
➔ Simple Zero-Touch Provisioning
➔ Any Infrastructure, Any Cloud
◆ On-Prem ( VM, Bare)
◆ Cloud ( AWS, Azure, GCP)
◆ Hybrid
Heterogeneous Infrastructure
9. Connectivity Concept Out-of-the-Box Solution with Docker Enterprise 2.1
Pod - Pod Calico CNI
Services ClusterIP
NodePort
LoadBalancer
Ingress NGINX Ingress Controller
DNS kube-dns
K8s Network Policy Calico
Diverse Application Portfolio
* Tigera CNX builds on Calico with enterprise security features: Hierarchical Policies, Policy RBAC, DevSecOps tools (Audit, Alerting, Compliance), etc.
10. Zero-Trust Security
•Declarative policy-driven isolation
•Fine-grained access control
•Dynamic, in lock step with Kubernetes
ComplianceStage/tier
separation
Tenant/namespace
isolation
Micro-
segmentation
11. UCP Manager/ K8s Master
Manager Nodes
Worker Nodes
Docker Enterprise 2.1 Calico Integration
kubelet
k8s-apiserver
calico-node
Appl Pod A
kubelet
UCP / k8s Worker A
kube-proxy
kube-dns
k8s-scheduler
calico-node
kube-proxy
calico-node
App Pod B
kubelet kube-proxy
UCP / k8s Worker B
Pod IP Connectivity
Peering
Native Host Routing
calico-kube-controller
k8s-controller
eth0 eth0
28. UCP Manager/
K8s Master
Manager Nodes
Load Balancer (ucp.example.com)
Node
UCP/K8S
worker
Worker Nodes
Node
UCP/K8S
worker
Node
UCP/K8S
worker
UCP Manager/
K8s Master
UCP Manager/
K8s Master
Calico Node Calico Node Calico Node
Calico Node Calico NodeCalico Node
Red
Pod
Blue
Pod
Node
UCP/K8S
worker
Node
UCP/K8S
worker
Calico Node Calico Node
NGINXKong
Demo 2: Let’s Deploy a Sample Application
Ingress Nodes
Red
Service
Blue
Service
Red
Pod
Blue
Pod
Red
Pod
Black
Service
Black
Pod
29. Takeaway
Docker Enterprise allows you to:
• Easily publish your applications using Docker Swarm or
Kubernetes
• Integrate with various solutions to support your choices of
using any infrastructure
• Enforce a dynamic policy-based microsegmentation
31. Take A Breakout Survey
Access your session and/or workshop surveys for the conference at any time by tapping the
Sessions link on the navigation menu or block on the home screen.
Find the session/workshop you attended and tap on it to view the session details. On this page, you
will find a link to the survey.
32. Come Join Us In San Francisco
April 29-May 2
2019