Scribd
Upload
102 views

Kubernetes in The Docker Platform: Wayne Song Software Engineer, Docker Inc

Docker now includes Kubernetes distributions for Docker Desktop and Docker EE. Kubernetes clusters can be installed with one click in Docker Desktop for Mac and Windows. Docker EE 2.0 introduces integrated Kubernetes that passes all conformance tests and uses Docker's authentication, authorization, and image signing for a unified experience between Kubernetes and Docker Swarm. The document demonstrates starting Kubernetes clusters, using persistent volumes, exposing ports, and deploying applications with Compose files in Kubernetes.

Uploaded by

azure
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
102 views

Kubernetes in The Docker Platform: Wayne Song Software Engineer, Docker Inc

Docker now includes Kubernetes distributions for Docker Desktop and Docker EE. Kubernetes clusters can be installed with one click in Docker Desktop for Mac and Windows. Docker EE 2.0 introduces integrated Kubernetes that passes all conformance tests and uses Docker's authentication, authorization, and image signing for a unified experience between Kubernetes and Docker Swarm. The document demonstrates starting Kubernetes clusters, using persistent volumes, exposing ports, and deploying applications with Compose files in Kubernetes.

Uploaded by

azure
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 23

Wayne Song

Software Engineer, Docker Inc.

Kubernetes in the
Docker platform

Guillaume Tardif
Software Engineer, Docker Inc.
Kubernetes
● First introduced in Docker for Mac 17.12 and Docker for
Windows 18.02 with one-click cluster install
● Introduced in Docker EE 2.0

● Passes all Kubernetes Conformance tests


Docker Desktop Mac & Windows
● Most efficient way to use Docker on Mac & Windows
● Runs in a Linux VM; No VirtualBox, VMware Fusion, etc.
● Takes care of network & disk shares for you
● Auto-update, you get the latest Docker available
● Two distribution channels: Edge / Stable
● Download from https://store.docker.com/
Docker for Mac and Windows
Docker CLI

Docker Engine

containerd

LinuxKit VM

Filesystem sharing Hypervisor Network sharing


Starting a Kubernetes cluster
● One-click button to enable
Kubernetes
● Show or hide all kube-system
containers in docker ps
Kubernetes in Docker for Desktop
Docker CLI Kubernetes CLI

Swarm mode Kubernetes services

Docker Engine kubelet

containerd

LinuxKit VM

Filesystem sharing Hypervisor Network sharing


Boot Sequence

Host VM
1. Install kubectl 2. Run kubeadm init
6. Update ~/kube/config 3. Start kubelet
7. Open API server port 4. Wait for kubeadm init to finish
5. Run kubeadm upgrade if necessary
8. Start custom controllers :
PVC, Load balanced services, etc.
Persistent Volumes

● hostPath Volume can mount a volume in the host or in the VM


● Support of inotify: file change events are propagated to the VM
● NFS, Git, Ceph and RBD volumes can be also mounted
Persistent Volume Claims
● Persistent Volume Claim controller is included
Automatically create a hostPath volume in ~/.docker/Volumes
● StatefulSets, workload API object used to manage stateful applications,
work as expected
Exposed Ports
● Network setup with simple CNI bridge
● LoadBalancer and NodePort services automatically exposed on the host
with a VPNKit controller
v

Demo
Kubernetes in Docker for Mac
Compose for Kubernetes
So you can use kubectl, helm, deploy Kubernetes apps…

… but could we deploy to Kubernetes with


docker stack deploy -c myComposeFile … ?
Compose for Kubernetes
● Use API aggregation
● Provide a new type: Stack
● Can be use either with Docker and Kubernetes CLI.
○ kubectl get stacks
○ docker stack ls
● Automatically :
○ Create PV for Compose volumes
○ Expose ports with LoadBalancer services
v

Kubernetes in Docker EE
Try it out at trial.docker.com
v

Demo
Kubernetes in Docker EE 2.0
Kubernetes API Request Lifecycle
Kubernetes API Server

Admission
Authentication Authorization etcd
Control
Authentication
● X509 Client Certificates
○ Used for authentication of kubectl and the docker CLI via
the “client bundle” feature
● OpenID Connect Identity Provider
Authorization
● Requests authorized via the Authorization Webhook plugin
● Custom RBAC system shared between Swarm and
Kubernetes:
○ Users, Teams, Organizations, Service Accounts
○ Custom Roles
● No support for the rbac.authorization.k8s.io API,
future plans for API translation
Authorization
Admission Control
● Allows plugins to inspect, mutate or reject API requests
after authorization
● Used for:
○ Node RBAC
○ Orchestrator Selection
○ Image Signing policy enforcement
Orchestrator Selection
● Administrators can toggle between kubernetes or swarm orchestrator for any
node
● When toggling orchestrators, workloads of the previous orchestrator will be
evicted
● An admission controller ensures that kubernetes workloads can only be
scheduled on nodes labelled as “kubernetes” nodes.
● Workloads of multiple orchestrators on the same node can lead to resource
contention
Image Policy Signing Enforcement
● Enforces that all workloads deployed in the cluster have a
fully qualified image reference
● Resolves image references to always include a digest
● Contacts the registry to ensure that the referenced image
has been signed by an authorized user.
In Summary

● Docker Desktop and EE now include a


conformant Kubernetes distribution

● Integration with UCP authentication,


RBAC, and image signing for unified
experience between Kubernetes and
Swarm

● Try it out at docker.com/get-docker and


trial.docker.com

You might also like