Feature Friday: DockerCon speakers sound off on Kubernetes, Service Mesh and More
DockerCon brings industry leaders and experts of the container world to one event where they share their knowledge, experience and guidance. This year is no different. For the next few weeks, we’re going to highlight a few of our amazing speakers and the talks they will be leading.
In this first highlight, we have a few of our own Docker speakers that are covering storage and networking topics, including everything from container-level networking on up to full cross-infrastructure and cross-orchestrator networking.
Persisting State for Windows Workloads in Kubernetes
More on their session here.
|
Docker Software Engineer |
Docker Software Engineer |
|
What is your breakout about? We’ll be talking about persistent storage options for Windows workloads on Kubernetes. While a lot of options exist for Linux workloads we will look at dynamic provisioning scenarios for Windows workloads. Why should people go to your session? Persistence in Windows containers is very limited. Our talk aims to tackle this hard problem and provide practical solutions. The audience will learn about ways to achieve persistent storage in their Windows container workloads and they will also hear about future direction. What is your favorite DockerCon moment? | |
Top 5 Ways to Enhance Your DockerCon Experience
DockerCon 2019 is coming soon to San Francisco and and we’ve significantly improved your DockerCon experience based on your feedback. If you haven’t reserved your spot, head over to register today.
DockerCon 2019 is coming soon to San Francisco and and we’ve significantly improved your DockerCon experience based on your feedback. If you haven’t reserved your spot, head over to register today.
After each conference, our team goes through all of your feedback and brainstorms adjustments big and small to make sure DockerCon remains a special experience for you. To everyone that filled out the event survey – thank you! We know it can seem tedious but we appreciate the feedback.
With that in mind, we wanted to share some of the new changes you’ll see in San Francisco:
- Role-based Content: This year you can find dedicated tracks on how to use Docker for Developers and for IT Infrastructure & Operations teams. These tracks are led by Docker Captains, customers and Docker Solution Architects sharing their experiences and best practices in building and running apps in containers. And, to make the experience even better – we heard you – and have a new mobile app for attendees.
- One Global DockerCon Continue reading
How to install and configure stunnel on Ubuntu
Overview
We all know how awesome stunnel is, but setting it up properly on Ubuntu (and on most other distros, really), can be a little tricky.
This post is dedicated to show you how to properly install and configure this magnificent piece of software on Ubuntu.
For this, I’ll be using Ubuntu 18.04 Server. There is a good chance however that the same procedure (maybe with slight adjustments), could work on other Ubuntu versions (or even other distros) as well. Please share your results with me so I can update this post.
Installing stunnel
This part should be simple enough. We’ll be using Ubuntu’s own repository:
sudo sh -c 'apt-get update && apt-get install stunnel4'
The installation process also comes with its own stunnel4 user, init script, and logrotate config (which we’ll take advantage of soon).
Moreover, couple of scripts are included in the package to deal with the ppp connections (to handle ppp status changes gracefully by restarting the stunnel process).
stunnel – manual mode
stunnel can be manually called with the config file as its argument and it will work.
For example, assuming the file is located at /etc/stunnel/stunnel.conf, the following command would run it: Continue reading
Find the right AMI everytime: Make your AWS application work in any region
With over 170 Amazon Web Services (AWS) modules, including 60 specifically for Elastic Compute Cloud (EC2), Ansible makes it easy to provision and manage AWS resources. Are you using resources on AWS and looking to diversify across regions to facilitate high availability and disaster recovery? Are you concerned about how Ansible handles differences among EC2 regions? This post will help you build Ansible Playbooks that operate smoothly across regions using the ec2_ami_facts module. In our example, we’ll spin up Red Hat Enterprise Linux instances in AWS.
To spin up an Amazon Machine Image (AMI), you must know the image’s ImageID, a unique identifier for that specific image. AMI ImageIDs use a human-unfriendly hex string to catalog the AMI. For example, ami-c998b6b2. Unfortunately AMI ImageIDs are unique per region, which means the ImageID for Red Hat Enterprise Linux in us-east-1 (Virginia) is not the same as the ImageID for the identical image in us-east-2 (Ohio). Some cloud operators use AWS CloudFormation templates, which include a catalog of AMI ImageIDs for every region, to make their deployment model work across regions. While this can work, it is a bit inflexible, needs constant maintenance of the CloudFormation template, and may work in one Continue reading
Advancing Windows Containers with Docker and Kubernetes
Today, the Cloud Native Computing Foundation (CNCF) announced Kubernetes 1.14, which includes support for Windows nodes. Kubernetes supporting Windows is a monumental step for the industry and it further confirms the work Docker has been doing with Microsoft to develop Windows containers over the past five years. It is evidence that containers are not just for Linux; Windows and .NET applications represent an important and sizeable footprint of applications that can benefit from both the Docker platform and Kubernetes.
Docker’s collaboration with Microsoft started five years ago. Today, every version of Windows Server 2016 and later ships with the Docker Engine – Enterprise. In addition, to facilitate a great user experience with Windows containers, Microsoft publishes more than 129 Windows container images of its popular software on Docker Hub. Many Docker Enterprise customers are already running mixed Windows and Linux containers with Swarm, and an upcoming release of Docker Enterprise will allow our customers to expand their Windows options to Kubernetes as well. Today both Docker Enterprise and Docker Desktop users have found that the easiest way to use and manage Kubernetes is with Docker and now these users will have the same benefits with Windows containers as well.
gMSA Continue reading
Three quick ways to move your Ansible inventory into Red Hat Ansible Tower
If you’ve been using Ansible at the command line for a while, you probably have a lot of servers, network devices, and other target nodes listed in your inventory. You know that Red Hat Ansible Tower makes it easier for everyone on your team to run your Ansible Playbooks. So you’ve thought about using Ansible Tower to take your automation to the next level, but you want to retain all the data and variables in your existing inventory file or directory. Are you worried about transferring your inventory from command-line use to Ansible Tower? Let me show you how easy it is to import your existing Ansible inventory into Ansible Tower!
This blog covers three quick and effective ways to connect your existing Ansible inventory into Ansible Tower:
- Migrating an inventory file from the Ansible Tower control node (awx-manage)
- Migrating an inventory file from anywhere with a playbook
- Setting Tower to access a git source-controlled inventory file
If you don’t have Ansible Tower yet and want to download and try it out, please visit: https://www.ansible.com/products/tower
If you’re using dynamic inventory, you don't need to import your inventory into Ansible Tower. Dynamic inventory retrieves your inventory from an Continue reading
Build your Agenda for DockerCon 2019
The DockerCon Agenda builder is live! So grab a seat and a cup of coffee and take a look at the session lineup coming to San Francisco April 29th – May 2nd. This year’s DockerCon delivers the latest updates from the Docker product team, lots of how to sessions for developers and IT Infrastructure and Ops, and customer use cases. Search talks by tracks to build your agenda today.
Build Your Agenda
Use the agenda builder to select the sessions that work for you:
- Using Docker for Developers: How to talks for Developers, from beginner to intermediate. You’ll get practical advice on how implement Docker into your current deployment.
- Using Docker for IT Infrastructure and Ops: Practical sessions for IT teams and enterprise architects looking for how best to design and architect your Docker container platform environment.
- Docker Tech Talks: Delivered by the Docker team, these talks share the latest tech on the Docker Platform. You’ll learn about new features, product roadmap and more.
- Customer Case Studies: Looking to learn from companies who have been there and learned a few things along the way? In this track, industry leaders share how Docker transformed their organization – from business use cases,technical Continue reading
Spousetivities at Oktane 2019
It should come as no surprise to anyone that I’m a huge supporter of Spousetivities, and not just because it was my wife, Crystal Lowe, who launched this movement. What started as the gathering of a few folks at VMworld 2008 has grown over the last 11 years, and this year marks the appearance of Spousetivities at an entirely new conference: Oktane 2019!
Oktane is the conference for Okta, a well-known provider of identity services, and the event is happening in San Francisco from April 1 through April 4 (at Moscone West). This year, Okta is bringing Spousetivities in to add activities for those traveling to San Francisco with conference attendees.
What sort of activities are planned? The Oktane19 Spousetivities landing page has full details, but here’s a quick peek:
- A wine tour in Sonoma/Napa with private transportation (lunch is included, of course!)
- A walking food tour of San Francisco combined with a bus tour of the city and tickets to Beach Blanket Babylon
- A whale watching tour
…and more!
If you’re attending Oktane19 and are bringing along a spouse, domestic partner, family member, or even just a friend—I’d definitely recommend signing them up for Spousetivities. Continue reading
Looking Ahead: My 2019 Projects
It’s been a little while now since I published my 2018 project report card, which assessed my progress against my 2018 project goals. I’ve been giving a fair amount of thought to the areas where I’d like to focus my professional (technical) development this coming year, and I think I’ve come up with some project goals that align both with where I am professionally right now and where I want to be technically as I grow and evolve. This is a really difficult balance to strike, and we’ll see at the end of the year how well I did.
Without further ado, here’s my list of 2019 project goals, along with an optional stretch goal (where it makes sense).
Make at least one code contribution to an open source project. For the last few years, I’ve listed various programming- and development-related project goals. In all such cases, I haven’t done well with those goals because they were too vague, and—as I pointed out in previous project report cards—these less-than-ideal results are probably due to the way programming skills tend to be learned (by solving a problem/challenge instead of just learning language semantics and syntax). So, in an effort to Continue reading
Docker Pals Program 2019
At DockerCon Copenhagen we launched the Docker Pals program in order to connect attendees and help them make the most out of their trip. Attending a conference for the first time or by yourself can be intimidating and we don’t want anyone to feel that way at DockerCon! Pals get matched with a few others who are new (the “Pals”), and someone who knows their way around (the “Guide”) so you will have a familiar group before you arrive at the conference. Guides help Pals figure out which talks and activities to attend, and are available for questions.
This year we are excited to grow the program, matching more groups and adding Meet-and-Greets throughout the week. You won’t want to miss the best version of Docker Pals yet!
Here’s what Pals had to say about DockerCon Barcelona:
“Docker Pals made my DockerCon experience ten times better and I’ve made friends I hope to see again!”
“Our Guide was very helpful and I really enjoyed meeting other Pals at the conference.”
“[I enjoyed] the fact that even though I was there alone I always had a place to turn for help and fellowship.”
“[Our Continue reading
Happy Pi Day with Docker and Raspberry Pi
What better way to say “Happy Pi Day” than by installing Docker Engine – Community (CE) 18.09 on Raspberry Pi. This article will walk you through the process of installing Docker Engine 18.09 on a Raspberry Pi. There are many articles out there that show this process, but many failed due to older Engine versions and some syntax issues.
Special thanks to Docker Solutions Engineer, Stefan Scherer and his monitoring image (stefanscherer/monitor) along with the whoami image (stefanscherer/whoami) that allows Pimoroni Blinkt! LED’s to turn on/off when scaling an application within a Swarm Cluster.
Instructions
For this demo, I used 7 Raspberry Pi’s 3 (model B+) and 1 Pimoroni Blinkt! LED for each Pi.
1. Download the following Raspian image ‘2018-11-13-raspbian-stretch-full.img’ from https://www.raspberrypi.org/downloads/raspbian/
2. Use balenaEtcher to write the image to each of your microusb cards.
3. To make DNS hostname resolution a little easier, I setup local hostnames on each Pi device. Below is an example.
192.168.93.231 pi-mgr1 pi-mgr1.docker.cafe
192.168.93.232 pi-mgr2 pi-mgr2.docker.cafe
192.168.93.233 pi-mgr3 pi-mgr3.docker.cafe
192.168.93.241 pi-node1 pi-node1.docker.cafe
192. Continue reading
Split Tunneling with vpnc
vpnc is a fairly well-known VPN connectivity package available for most Linux distributions. Although the vpnc web site describes it as a client for the Cisco VPN Concentrator, it works with a wide variety of IPSec VPN solutions. I’m using it to connect to a Palo Alto Networks-based solution, for example. In this post, I’d like to share how to set up split tunneling for vpnc.
Split tunneling, as explained in this Wikipedia article, allows remote users to access corporate resources over the VPN while still accessing non-corporate resources directly (as opposed to having all traffic routed across the VPN connection). Among other things, split tunneling allows users to access things on their home LAN—like printers—while still having access to corporate resources. For users who work 100% remotely, this can make daily operations much easier.
vpnc does support split tunneling, but setting it up doesn’t seem to be very well documented. I’m publishing this post in an effort to help spread infomation on how it can be done.
First, go ahead and create a configuration file for vpnc. For example, here’s a fictional configuration file:
IPSec gateway vpn.company.com
IPSec ID VPNGroup
IPSec secret donttellanyone
Xauth username bobsmith
Advanced AMI Filtering with JMESPath
I recently had a need to do some “advanced” filtering of AMIs returned by the AWS CLI. I’d already mastered the use of the --filters parameter, which let me greatly reduce the number of AMIs returned by aws ec2 describe-images. In many cases, using filters alone got me what I needed. In one case, however, I needed to be even more selective in returning results, and this lead me to some (slightly more) complex JMESPath queries than I’d used before. I wanted to share them here for the benefit of my readers.
What I’d been using before was a command that looked something like this:
ec2 describe-images --owners 099720109477 \
--filters Name=name,Values="*ubuntu-xenial-16.04*" \
Name=virtualization-type,Values=hvm \
Name=root-device-type,Values=ebs \
Name=architecture,Values=x86_64 \
--query 'sort_by(Images,&CreationDate)[-1].ImageId'
The part after --query is a JMESPath query that sorts the results, returning only the ImageId attribute of the most recent result (sorted by creation date). In this particular case, this works just fine—it returns the most recent Ubuntu Xenial 16.04 LTS AMI.
Turning to Ubuntu Bionic 18.04, though, I found that the same query didn’t return the result I needed. In addition to the regular builds of 18.04, Canonical apparently also builds EKS Continue reading
Technology Short Take 111
Welcome to Technology Short Take #111! I’m a couple weeks late on this one; wanted to publish it earlier but work has been keeping me busy (lots and lots of interest in Kubernetes and cloud-native technologies out there!). In any event, here you are—I hope you find something useful for you!
Networking
- Daniel Dib has a great article on how network engineers need to evolve. The network isn’t going away, it’s just changing.
- I referenced part 1 of Ajay Chenampara’s series on the Ansible
network-enginecommand parser back in Technology Short Take 102 (July of last year). I’m not sure how I missed that part 2 was published only 2 days later, so I’m rectifying that now. Go check out part 2. - Paul Fitzgerald shows how to use Hyper-V and Docker to build a VyOS 1.2.0 ISO image. (VyOS is an open source Linux-based network operating system.)
- Matt Cowger shares how to use MetalLB with the Unifi USG to take advantage of Kubernetes LoadBalancer functionality in your home lab. Nifty.
Servers/Hardware
- James Hamilton is back with a more in-depth look at the components of the AWS Nitro System.
- I must say that my conclusions regarding Continue reading
containerd Graduates Within the CNCF
We are happy to announce that as of today, containerd, an industry-standard runtime for building container solutions, graduates within the CNCF. The successful graduation demonstrates containerd has achieved the maturity, stability and community acceptance required for broad ecosystem adoption. containerd has already been deployed in tens of millions of production systems today, making it the most widely adopted runtime and an essential upstream component of the Docker platform. containerd was donated to the CNCF as a top-level project because of its strong alignment with Kubernetes, gRPC and Prometheus and is the fifth project to make it to this tier. Built to address the needs of modern container platforms like Docker Enterprise and orchestration systems like Kubernetes, containerd ensures users have a consistent dev to ops experience.
From Docker’s initial announcement that it was spinning out its core runtime to its donation to the CNCF in March 2017, the containerd project has experienced significant growth and progress over the last two years. The primary goal of Docker’s donation was to foster further innovation in the container ecosystem by providing a core container runtime that could be leveraged by container system vendors and orchestration projects such as Kubernetes, Swarm, Continue reading
Thoughts on VPNs for Road Warriors
A few days ago I was talking with a few folks on Twitter and the topic of using VPNs while traveling came up. For those that travel regularly, using a VPN to bypass traffic restrictions is not uncommon. Prompted by my former manager Martin Casado, I thought I might share a few thoughts on VPN options for road warriors. This is by no means a comprehensive list, but hopefully something I share here will be helpful.
There were a few things I wanted to share with readers:
- I found commercial VPN services too unreliable (it’s not uncommon for commercial VPN services to get blocked and thus defeat the purpose of using a VPN).
- Instead, I’ve found more success using something like AutoVPN. AutoVPN helps you stand up an on-demand OpenVPN endpoint on AWS. I used this successfully in Beijing, setting up endpoints in Seoul, Singapore, Tokyo, and sometimes Sydney. Because these IP addresses are “ephemeral,” they’re far less likely to be blocked. (Here’s another example of using AWS as a personal VPN service.)
- I also had success using AutoVPN not to get around traffic restrictions, but to change my source IP. My wife needed to access some real Continue reading
Docker’s 6th Birthday: How do you #Docker?
Docker is turning 6 years old! Over the years, Docker Community members have found some amazing and innovative ways of using Docker technology and we’ve been blown away by all the use-cases we’ve seen from the community at DockerCon. From Docker for Space where NASA used Docker technology to build software to deflect asteroids to using “gloo” to glue together traditional apps, microservices and serverless, you all continue to amaze us year over year.
So this year, we want to celebrate you! From March 18th to the 31st, Docker User Groups all over the world will be hosting local birthday show-and-tell celebrations. Participants will each have 10-15 minutes of stage time to present how they’ve been using Docker. Think of these as lightning talks – your show-and-tell doesn’t need to be polished and it can absolutely be a fun hack and/or personal project. Everyone who presents their work will get a Docker Birthday #6 t-shirt and have the opportunity to submit their Docker Birthday Show-and-tell to present at DockerCon.
Are you new to Docker? Not sure you’d like to present? No worries! Join in the fun and come along to listen, learn, add to your sticker collection and Continue reading
Docker Desktop Enterprise Preview: Version Packs
This is the first in a series of articles we are publishing to provide more details on Docker Desktop Enterprise, which we announced at DockerCon Barcelona. Keep up with the latest Docker Desktop Enterprise news and release updates by signing up for the Docker Desktop Enterprise announcement list.
Docker’s engineers have been hard at work completing features and getting everything in ship-shape (pun intended) following our announcement of Docker Desktop Enterprise, a new desktop product that is the easiest, fastest and most secure way to develop production-ready containerized applications and the easiest way for developers to get Kubernetes running on their own machine.
In the first post of this series I want to highlight how we are working to bridge the gap between development and production with Docker Desktop Enterprise using our new Version Packs feature. Version Packs let you easily swap your Docker Engine and Kubernetes orchestrator versions to match the versions running in production on your Docker Enterprise clusters. For example, imagine you have a production environment running Docker Enterprise 2.0. As a developer, in order to make sure you don’t use any APIs or incompatible features that will break when you push an application to production Continue reading
Kubernetes, Kubeadm, and the AWS Cloud Provider
Over the last few weeks, I’ve noticed quite a few questions appearing in the Kubernetes Slack channels about how to use kubeadm to configure Kubernetes with the AWS cloud provider. You may recall that I wrote a post about setting up Kubernetes with the AWS cloud provider last September, and that post included a few snippets of YAML for kubeadm config files. Since I wrote that post, the kubeadm API has gone from v1alpha2 (Kubernetes 1.11) to v1alpha3 (Kubernetes 1.12) and now v1beta1 (Kubernetes 1.13). The changes in the kubeadm API result in changes in the configuration files, and so I wanted to write this post to explain how to use kubeadm 1.13 to set up a Kubernetes cluster with the AWS cloud provider.
I’d recommend reading the previous post from last September first. In that post, I listed four key configuration items that are necessary to make the AWS cloud provider work:
- Correct hostname (must match the EC2 Private DNS entry for the instance)
- Proper IAM role and policy for Kubernetes control plane nodes and worker nodes
- Kubernetes-specific tags on resources needed by the cluster
- Correct command-line flags added to the Kubernetes API server, controller Continue reading
Ansible Community Update — February 2019
Ansible is a popular project by many metrics, including over 42,000 commits on GitHub. Our community contributes a lot of pull requests (PRs) every month. Unfortunately, the volume of incoming PRs means contributors often have to wait days, weeks, or months for PRs to be merged. Sometimes it takes that long for a cursory review. We want to change that, but we need your help!
The Core team and community at large are kicking off new initiatives under the contributor experience umbrella. The idea is to help address causes that slow down quality PRs from being merged into Ansible's codebase.
To help with this, we are dedicating one day a month to doing a community review. The goals we are setting for these meetings are:
-
Give potential new community members a place to learn and experiment with Ansible's review process and exchange feedback
-
Identify process and documentation improvements via feedback provided from the Ansible community
-
Give PRs needed attention; remove blockers where necessary
-
Identify PRs that could be merged or closed
We’re particularly interested in feedback from people starting their journey with open source as it helps us to improve our processes and documentation. It’s helpful to have new contributors Continue reading