Hashiconf NA 2019 Tooling for the modern cloud native application stack

Transcript

1. Tooling for the modern cloud native application stack Photo by

   JESHOOTS.COM on Unsplash

2. What we hear from customers How do I integrate Consul

   as a service mesh for Kubernetes and VMs? How do I secure secrets in Kubernetes with Vault? How can I bundle up my application and all its dependencies into a single unit? @LachlanEvenson @ritazzhang

3. And when we dig deeper Remove integration pain Use tooling

   they already trust Flexibility @LachlanEvenson @ritazzhang

4. Our team 100% open source Vendor neutral Strive to provide

   standardized solutions @LachlanEvenson @ritazzhang

5. Lachlan Evenson @LachlanEvenson • Program Manager in Azure Container Compute

   • HashiCorp fan circa 2013 • Upstream Consul Helm chart maintainer • Kubernetes 1.16 release lead • CNCF Ambassador • Using and contributing to open source software for 8 years

6. Rita Zhang @ritazzhang • Software Engineer in Azure Container Compute

   • Maintainer of Secrets Store CSI Driver • Maintainer of Open Policy Agent Gatekeeper (Kubernetes policy controller)

7. Case Study: How do I integrate Consul as a service

   mesh for Kubernetes and VMs?

8. Why Consul as a service mesh? Supports multiple runtimes May

   span networks Production ready Flexible @LachlanEvenson @ritazzhang

9. Integrating Consul into Kubernetes •Runs on Kubernetes •Configurable via Service

   Mesh Interface (SMI) •Use Kubernetes native tooling @LachlanEvenson @ritazzhang

10. Configuring Consul using SMI https://github.com/deislabs/smi-spec @LachlanEvenson @ritazzhang Node Dashboard Pod

    Node Counting Pod Kubernetes Cluster SMI Consul Intentions

11. Consul Intentions via SMI

12. None

13. Case Study: How do I secure secrets in Kubernetes with

    Vault?

14. • What if I already use HashiCorp Vault in my

    company? • Why should Kubernetes be any different? • Instead of storing my application secrets in etcd, is it possible to store them in Vault and use them in my Kubernetes applications? @LachlanEvenson @ritazzhang

15. Why Secrets Store CSI Driver? Separation of concerns Supports multiple

    secrets store providers Application portability Community designed and maintained @LachlanEvenson @ritazzhang

16. Container Storage Interface (CSI) Driver Standard for exposing third- party

    storage systems to containerized workloads Once the CSI plugin is deployed on the cluster, users can create volumes Once the Volume is attached, the data in it is mounted into the container's file system @LachlanEvenson @ritazzhang

17. Secrets Store CSI driver [Vault Provider] Master Node API Server

    Kubelet Pod Pod Secrets Store CSI Driver Volume Mount path: /etc/foo Pod https://github.com/deislabs/secrets-store-csi-driver @LachlanEvenson @ritazzhang

18. Using Secrets Store CSI Driver

19. Using Secrets Store CSI Driver

20. @LachlanEvenson @ritazzhang

21. Case Study: How can I bundle up my application and

    all its dependencies into a single unit?

22. What is a Cloud Native Application? Business logic Infrastructure Single

    or many microservices Database

23. How we distribute Cloud Native Applications Terraform Kubernetes manifests BYO

    tools Package @LachlanEvenson @ritazzhang

24. Why Cloud Native Application Bundles (CNAB)? the tools you already

    use any configuration needed for your app distributed via existing mechanisms @LachlanEvenson @ritazzhang

25. Building bundles with Porter • Your app and its baggage:

    installed • Smart bundles out-of-the-box • Bundle management: simplified https://github.com/deislabs/porter @LachlanEvenson @ritazzhang

26. Cloud Native Application Bundle Demo •Create a bucket •Deploy Kubernetes

    Cluster •Provision PostgreSQL Database Cluster •Deploy Spring Music and connect it to PostgreSQL •All on Digital Ocean https://github.com/jeremyrickard/do-porter @LachlanEvenson @ritazzhang
27. None

28. Build in the open Native Integration Open source Community friendly

    No lock in @LachlanEvenson @ritazzhang

29. Call to Action •Try it! •Swing by our booth •See

    you in the community!