An overview on Docker Data Center and Universal Control Plane. We will cover how to install for production and integrate Docker Trusted Registry.
Led by DDC + UCP Champ:
Vivek Saraswat
Experience Level: Attendees need no prior experience with Docker, but should be familiar with basic linux command-line.
2. Agenda
• Presentation
– Docker Ops 101
– Containers-as-a-Service
– Docker Datacenter Walkthrough
• Workshop Labs
– Install Docker Datacenter
– Deploy Container
– Deploy Apps
– Set up RBAC and Teams
– Extra: Set up LDAP based Teams
5. Introducing Containers
•Each root file system is called a container
•Each container also has its own
–Processes
–Memory
–Devices
–Network stack
5
Containerization uses the kernel on the host operating
system to run multiple root file systems
6. Docker Basics
Docker Image
The basis of a Docker container
Docker Container
The standard unit in which the application service resides
Docker Engine
Creates, ships and runs Docker containers deployable on physical or virtual
host locally, in a datacenter or cloud service provider
Docker Trusted Registry
For image storing and secure collaboration
6
7. Orchestration
7
Machine
Provisions Docker installed infrastructure onto servers and VPCs
Has Drivers to integrate with infrastructure partners
Swarm
A powerful, scalable clustering solution for Docker engines
Tool can leverage all existing Docker APIs
Compose
Allows users to deploy multi-container applications into any Dockerized
environment with Compose
8. Benefits of Docker
• Separation of concerns but consistent experience
–Developers focus on building their apps
–System admins focus on deployment
–Everyone deploys using the same image and the same API
• Application portability
– Build in one environment, ship to another
– Images are portable across infra providers
• Scalability
– Easily spin up new containers if needed
• Higher Infrastructure utilization
9. Transforming the Dev Landscape
9
Loosely
Coupled
Services
Many Small
Servers or devices
~2000 Today
Monolithic
Big Servers
Slow
changing
Rapidly
updated
11. Running a global software supply chain
Build, ship, run any
application, anywhere Development
Center
Cloud
Zone 1
Datacenter
Headquarters
Cloud
Zone 2
12. What Should I Worry About?
Non-Trivial changes for Ops team
• Containers can be either Cattle or Pets
• Material impact to how much you monitoring or logging you ingest
– Container Logging
– Engine Logging
• Monitoring
• Security Review of your containers and Engine deployments (CIS,
NIST, SecComp, etc.)
14. First attempt: PaaS
• Developer self service – point and deploy
• Everything packaged together
• Need for customization eventually exceeds PaaS
PaaS
Infrastructure
Languages
OS
Tooling
Embedded
16. CaaS is the best of both worlds
Containers as a Service (CaaS)
PaaS
An open, customizable platform
built on standard containers.
+ Existing on prem infrastructure (e.g. RHEL/Ubuntu, Windows, ++)
17. CaaS Value Propositions for Enterprise
17
Management at scale
Integrated Content Trust
Secure Access (RBAC)
Integrates with existing
systems
Full support of Docker API
Seamless dev to prod
workflow
Infrastructure, network and
storage portability
Easy to setup and use
Native Docker solution
Extend existing Docker
developer experience
+ +Agility Portability Control
18. Agility, Portability and Control for Devs and IT Ops
Developers IT Operations
• Freedom to create and
deploy apps fast
• Define and package
application needs
• Quickly and flexibly
respond to changing needs
• Standardize, secure, and
manage
Frictionless portability across teams, environments, infrastructure
18
19. Containers as a Service for Enterprise
An IT Ops managed and secure application environment for developers to
self service build and deploy applications
20. Enabling CaaS for Developers and IT
Developers IT Operations
BUILD
Development Environments
SHIP
Secure Content & Collaboration
RUN
Deploy, Manage, Scale
20
21. Docker Datacenter
Docker commercial CaaS solution for an on-premises or virtual private cloud environment
Operating
Systems Config Mgt Monitoring LoggingCI/CD ..more..
Infrastructure
Docker Universal Control Plane
App and cluster management
Security
Content Trust,
RBAC, LDAP/AD
Docker Engine
Container runtime, orchestration, networking, volumes, plugins
Docker Trusted Registry
Image management and distribution
Images Networking Volumes
VirtualizationPublic Cloud Physical/Converged
22. Docker Datacenter Architectural Overview
Client
Compose
Partner IntegrationsDocker Integrations
Volume
Plug-ins
Monitoring Logging
Network
Plug-ins
Docker Universal
Control Plane
22
Docker Trusted
Registry
On premises Datacenter Virtual Private Cloud
Commercially supported Docker Engines
Docker Swarm
Docker Datacenter
Docker Content Trust
Storage
Drivers
LDAP/
AD
Confidential, Not for Reproduction
23. UCP: Orchestration and integrations at scale
Universal Control Plane
High
Availability
Access Control
3rd Party PluginsSwarm Managed
GUI
Management
Docker Native
Integration
Monitoring
23
24. DTR: Secure Image Collaboration
Trusted Registry
Log
Aggregator
Authorization
Server
Registry ServiceContent Trust
24
LDAP/AD
Logs
Storage
Image Repo Image Repo Image Repo
Admin Server
Notary
Server
Web UI
CLI
25. High Availability (DTR+UCP)
UCP Controller
LDAP/ADExternal CA
DTR
Replica
DTR
Replica
DTR
Replica
Replicated DTR Config, State, and CAs
across DTR Replicas
Replicated UCP CAs, Config, and Auth State
across UCP Controllers
UCP ControllerUCP Controller
UCP NodeUCP NodeUCP NodeUCP Node
26. Secure Runtime Access
Set up options
• LDAP/AD support
• Built-in
Granular RBAC
• Users and Teams
• Roles
• Permission labels
User Experience
• Single sign on
26
27. 27
Central IT maintained registry with
signed base images
Application teams self service from
central registry
Central IT managed infrastructure, app
deployment and ongoing management
Central Registry Central Management
Scenario 1: Centralized CaaS Model
28. Scenario 2: Decentralized CaaS Model
Private datacenter for regulated apps
Central IT maintained portal to
provision compute resources and
marketplace of app images
VPC 1 VPC2
App
1
App
2
App
1
App
2 App
De-centralized development and
infrastructure provisioning
De-centralized deployment and management
of infrastructure and applications
Cloud
Portability
App
Portability
28
Central Portal
Cloud for all other apps
• Provision resources
• RBAC to VPC / datacenter
• Trusted Registry hosted
application templates
App
30. In this workshop we will…
https://github.com/docker-training/DCUS16-DDC-workshop
• Install the Commercially Supported Docker Engine
• Install UCP and deploy containerized applications
• Install DTR and push/pull container images
• Use Role-Based Access Control to secure your user environment
• Extra Credit Assignments
– Connect with an external LDAP server for authentication
– Integrate UCP and DTR for single-sign-on image push/pulls
Ask us for assistance!
31. Tips and Tricks!
• Install UCP on the “Controller” node. Perform a UCP “join” on the
remaining 2 nodes (dtr, node)
– When complete, you should see 3 nodes in your UCP GUI (controller,
node, dtr)
• To get a Trial License go to https://store.docker.com/bundles/docker-
datacenter
• When Installing DTR, use $NODE_HOSTNAME = dtr
• When first logging into DTR, make sure follow instructions to trust the
CA from DTR on the docker host you are doing ‘docker login’ or ‘docker
pull…’
• Install docker-compose on the node instead of the controller
• Send us feedback! banjot@docker.com