$30 off During Our Annual Pro Sale. View Details »

Hashiconf NA 2019 Tooling for the modern cloud native application stack

Hashiconf NA 2019 Tooling for the modern cloud native application stack

The modern cloud native application stack typically consists of different runtimes whether it be virtual machines, Kubernetes, or serverless and cloud hosted services. How do you use the tools you know and love to build across these different environments? We will share how HashiCorp and Microsoft are collaborating in open source to provide an integrated, consistent tooling experience. Whether it be securing Kubernetes secrets with Vault, having a Consul-based service mesh that spans Virtual Machines and Kubernetes, or even packaging your application stack up in a portable bundle, we’ll share how we are making it easier for you to bring your favorite HashiCorp tools to Azure.

Lachlan Evenson

September 11, 2019
Tweet

More Decks by Lachlan Evenson

Other Decks in Technology

Transcript

  1. Tooling for the modern cloud native application stack Photo by

    JESHOOTS.COM on Unsplash
  2. What we hear from customers How do I integrate Consul

    as a service mesh for Kubernetes and VMs? How do I secure secrets in Kubernetes with Vault? How can I bundle up my application and all its dependencies into a single unit? @LachlanEvenson @ritazzhang
  3. And when we dig deeper Remove integration pain Use tooling

    they already trust Flexibility @LachlanEvenson @ritazzhang
  4. Our team 100% open source Vendor neutral Strive to provide

    standardized solutions @LachlanEvenson @ritazzhang
  5. Lachlan Evenson @LachlanEvenson • Program Manager in Azure Container Compute

    • HashiCorp fan circa 2013 • Upstream Consul Helm chart maintainer • Kubernetes 1.16 release lead • CNCF Ambassador • Using and contributing to open source software for 8 years
  6. Rita Zhang @ritazzhang • Software Engineer in Azure Container Compute

    • Maintainer of Secrets Store CSI Driver • Maintainer of Open Policy Agent Gatekeeper (Kubernetes policy controller)
  7. Case Study: How do I integrate Consul as a service

    mesh for Kubernetes and VMs?
  8. Why Consul as a service mesh? Supports multiple runtimes May

    span networks Production ready Flexible @LachlanEvenson @ritazzhang
  9. Integrating Consul into Kubernetes •Runs on Kubernetes •Configurable via Service

    Mesh Interface (SMI) •Use Kubernetes native tooling @LachlanEvenson @ritazzhang
  10. Configuring Consul using SMI https://github.com/deislabs/smi-spec @LachlanEvenson @ritazzhang Node Dashboard Pod

    Node Counting Pod Kubernetes Cluster SMI Consul Intentions
  11. Consul Intentions via SMI

  12. None
  13. Case Study: How do I secure secrets in Kubernetes with

    Vault?
  14. • What if I already use HashiCorp Vault in my

    company? • Why should Kubernetes be any different? • Instead of storing my application secrets in etcd, is it possible to store them in Vault and use them in my Kubernetes applications? @LachlanEvenson @ritazzhang
  15. Why Secrets Store CSI Driver? Separation of concerns Supports multiple

    secrets store providers Application portability Community designed and maintained @LachlanEvenson @ritazzhang
  16. Container Storage Interface (CSI) Driver Standard for exposing third- party

    storage systems to containerized workloads Once the CSI plugin is deployed on the cluster, users can create volumes Once the Volume is attached, the data in it is mounted into the container's file system @LachlanEvenson @ritazzhang
  17. Secrets Store CSI driver [Vault Provider] Master Node API Server

    Kubelet Pod Pod Secrets Store CSI Driver Volume Mount path: /etc/foo Pod https://github.com/deislabs/secrets-store-csi-driver @LachlanEvenson @ritazzhang
  18. Using Secrets Store CSI Driver

  19. Using Secrets Store CSI Driver

  20. @LachlanEvenson @ritazzhang

  21. Case Study: How can I bundle up my application and

    all its dependencies into a single unit?
  22. What is a Cloud Native Application? Business logic Infrastructure Single

    or many microservices Database
  23. How we distribute Cloud Native Applications Terraform Kubernetes manifests BYO

    tools Package @LachlanEvenson @ritazzhang
  24. Why Cloud Native Application Bundles (CNAB)? the tools you already

    use any configuration needed for your app distributed via existing mechanisms @LachlanEvenson @ritazzhang
  25. Building bundles with Porter • Your app and its baggage:

    installed • Smart bundles out-of-the-box • Bundle management: simplified https://github.com/deislabs/porter @LachlanEvenson @ritazzhang
  26. Cloud Native Application Bundle Demo •Create a bucket •Deploy Kubernetes

    Cluster •Provision PostgreSQL Database Cluster •Deploy Spring Music and connect it to PostgreSQL •All on Digital Ocean https://github.com/jeremyrickard/do-porter @LachlanEvenson @ritazzhang
  27. None
  28. Build in the open Native Integration Open source Community friendly

    No lock in @LachlanEvenson @ritazzhang
  29. Call to Action •Try it! •Swing by our booth •See

    you in the community!