ibm bluemix nice meetup #5 - 20170504 - container service based on kubernetes
TRANSCRIPT
1© IBM Corporation 1
Lionel MacéBluemix Technical Sales Europe
Container Servicebased on Kubernetes
Domain Services Mobile Cognitive IoT Block
Chain Health Video
Secu
rity a
nd C
ompli
ance
Met
hods
& S
ervic
es
Developer Services
Data & Analytics Integration App Services DevOps
Tooling
Containers Cloud Foundry Event-Driven
Infrastructure Services Compute Storage Network
2
IBM Cloud Platform Portfolio
© 2016 IBM Corporation
3
Bluemix Public available on 5 Public Regions
© 2016 IBM Corporation
Dallas(us-south)
London(eu-gb)
Bluemix Public Location50+ Cloud data centers6 continents Sydney
(au-syd)
ParisBluemix
Dedicated
China
Frankfurt(eu-de)
4© IBM Corporation
Virtual Servers
“Abstraction”
“Control”
Bare Metal
Dedicated Compute
High Memory
Intensive Disk I/O
Isolation
Familiar
Full OperatingSystem Control
Containers
Portable
Flexible
Light-weight
CF Apps
Speed
Manage code,not infrastructure
OpenWhiskStateless
Event-Driven
Short-lived
…m
eets
you
r dev
elop
er n
eeds
…
Total Control FlexibilityMaximum Efficiency DevOps Minimal Cost Reactive
PaaSCaaSIaaS
IBMBluemixComputeChoice&Flexibility
5© IBM Corporation
Bare Metal ContainersVirtual Servers Cloud Foundry OpenWhisk
Actions: Code (single function)
Triggers: Events/Messages
Code
Data
Runtime
Middleware
OS
Virtualization
Servers
Storage
Networking
Code
Data
Runtime
Middleware
OS
Virtualization
Servers
Storage
Networking
Code
Data
Runtime
Middleware
OS
Virtualization
Servers
Storage
Networking
Code
Data
OS
Virtualization
Servers
Storage
Networking
Runtime
Middleware
Customer ManagedService Provider Managed
Actions & Triggers
BluemixCompute– LevelsofResponsibility
6© IBM Corporation
Image Registry
API
UIUser
Interface
CLICommand
Line Interface
Kubernetes Master
Worker Node 1
Worker Node 2
Worker Node 3
Worker Node n
KubernetesArchitecture
7© IBM Corporation
API
UIUser
Interface
CLICommand
Line Interface
Kubernetes Master
KubernetesArchitecture
API Server Scheduler Controller
etcd
8© IBM Corporation
Image Registry
Kubernetes Master
Worker Node 1, 2, 3… n
KubernetesArchitecture
Pod Pod Pod
docker Kube-proxy
ContainerContainerContainerContainerContainerContainer
ContainerContainerContainer
kubelet
9© IBM Corporation
IBM Managed Account
Image Registry
API
UIUser
Interface
CLICommand
Line Interface
Kubernetes Master
Worker Node 12 CPU - 4 GB RAM
KubernetesFree Cluster– SingleWorkerNode
10© IBM Corporation
IBM Managed Account Customer Account
Image Registry
API
UIUser
Interface
CLICommand
Line Interface
Kubernetes Master
Worker Node 1
Worker Node 2
Worker Node 3
Worker Node n
KubernetesPaidCluster- fullycustomizable,production-ready
11© IBM Corporation
IBMContainerService
• Fully dedicated, single tenant clusters
• Cluster nodes deployed within customer
account and network• Full docker and Kubernetes API support
• Fully managed masters• Integrated Bluemix services
• Integrated Micro-Services fabric
• Private cluster network with ingress and load balancers
12© IBM Corporation
KubernetesArchitectureonBluemix
https://console.ng.bluemix.net/docs/api/content/containers/images/cs_org_ov.png
13© IBM Corporation
IBM Push Notifications
Application Security Manager
Compute
Concept Insights, Dialog
Natural Language Classifier
Question and AnswerRelationship Extraction
Text to Speech
AlchemyAPI
Language Translation
Personality Insights
Concept Expansion
Retrieve and Rank
Visual Recognition
Speech To Text
Watson
CDNMedia
API Management
Service Broker
Secure GatewayService Proxy
Service Discovery
Cloud Integration
Integrate
AppScan Dynamic Analyzer
AppScan Mobile Analyzer
Key Protect
IDaaS
Access TrailFirewall
Security Groups
Mobile Analyzer for iOS
Security
IoT InsightsIoT Real Time Insights
IoT
Application Server on CloudBusiness Rules
WorkflowBig Insights
Data Cache
Session CacheMQ LightMessage Hub
Workflow Scheduler
Application
Presence Insights
Mobile DataMobile Client Access
Quality Assurance
Mobile Application Security
Push
Mobile
Block Storage
Object Storage
Storage
Networking
User Defined ServicesUser Defined APIs
Private APIs
OpenStack VMsDocker Containers
Cloud Foundry Runtimes
Event Driven Apps
Bare Metal
Blueprints (Patterns)CMS
Data & Analytics Analytics for Apache Hadoop
dashDBBigInsights for Apache Hadoop
DataWorksCloudant NoSQL DB
Elasticsearch by Compose
Apache Spark
Geospatial AnalyticsIBM DB2 on Cloud
Predictive Analytics
MongoDB by Compose
Redis by Compose
PostgreSQL by Compose
SQL Database
Insights for Twitter
Streaming AnalyticsTime Series DatabaseEmbeddable Reporting
SDNLoad BalancerVPN
Active Deploy
Image Builder
Delivery Pipeline
Tracking and Plan GIT
Auto-Scaling
Monitoring and Analytics
DevOps
Alert Notification
SeamlessintegrationofKube clusterwithBluemixServices
Insights for Weather
14© IBM Corporation
• Secure compute hosts
• Built-in security and isolation
• Hosted secured Private
image registry
• Private network overlays
• Automatic Vulnerability
scanning
Securingcontainers
https://console.ng.bluemix.net/docs/containers/container_security.html
15© IBM Corporation
Policy Violations
Vulnerable Packages
VulnerabilityAdvisor
16© IBM Corporation
VulnerabilityAdvisor– LiveContainerScanning
17© IBM Corporation http://www-03.ibm.com/security/xforce/
IntegrationbetweenVulnerabilityAdvisorandIBMX-Force
18© IBM Corporation
Leveraging container Pods, Replica Setsand Worker Nodes
ContainerApplicationResiliency– HighAvailabilityPatterns
19© IBM Corporation
• Integrated logging and monitoring on Bluemix based on ELK stack• Native Kubernetes dashboard or API
MonitoringContainers
20© IBM Corporation
IBM ContainerImage Build
Service
Image Registry
OpenToolchain