Docker Swarm and Kubernetes – Docker Belfast Meetup Welcomes Scott Coulton.
At a different venue than previously used for the last Docker Meetup – the QUB Computer Science Building and the Belfast Docker meetup had a guest speaker – Scott who gave a talk on Docker Swarm and Kubernetes.
The main sections of Scott’s talk were
Build for failure
Make Sure Its Secure
Can We Log that?
and
Deploy, Deploy, Deploy.
At the outset Scott did a quick poll to see which elements of the technology stack were in use and advised that there would be some elements new to the audience. This is a good sign I’d suggest because you need something to learn from the experience ! Docker Swarm and Kubernetes are not yet a part of my work but I have no doubt that as projects progress that they will. Scott took several opportunities to show where the two approaches to architecture for Docker Swarm and Kubernetes deviated and the potential impact of those differences. He mentioned the Docker swarm mode option and the commercial Universal Control Panel and advised that the native clustering could provide load balancing and service discovery via dns as well as scheduling.
Scott advised attendees to try Docker Swarm first if going down this route – although if multi-tenant suggesting Kubernetes. He pointed out that Swarm init is powerful and opinionated whereas Kubernetes is not as opinionated. The Universal Control Panel got some further coverage as its built on top of swarm mode and includes TLS auth, a GUI for management , ldap and RBAC and real time metrics.The Docker Trusted Registry (DTR) and Docker Notary were outlined and APPARMOR was touched on.
Docker Trusted Notary
The DTR was described as docker hub on premises with images scanned for vulnerabilities with scanning automated on a docker push operation. DTR includes prebuilt dashboards to show those results. The importance of image signing and Docker Notary was next up. Scott mentioned the –security-opt flag – more about it here and how it applies to the container not the swarm. Logging and Logsprout specifically was pointed out in the context of handling many containers logging – and the importance of activating logging before using swarm init.
Regarding automation and integration the use of Jenkins and Json to call the Docker API finished out the presentation. Alas a demo was not possible due to technical wireless difficulties and a number of questions wwere taken from the floor. There were also a couple of announcements for Docker related events. A practical “getting started with Docker on Raspberry PI” was mentioned as the potential content for the next meeting and I can’t wait !
Resources
The organisers kindly put up the links to the slides and other resources referenced – repeated here for ease of reference
https://github.com/scotty-c/dockercon-17
https://www.slideshare.net/Docker/docker-for-ops-scott-coulton-puppet