Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hashiconf NA 2019 Tooling for the modern cloud ...

Lachlan Evenson
September 11, 2019
Technology
0
100

Hashiconf NA 2019 Tooling for the modern cloud native application stack

The modern cloud native application stack typically consists of different runtimes whether it be virtual machines, Kubernetes, or serverless and cloud hosted services. How do you use the tools you know and love to build across these different environments? We will share how HashiCorp and Microsoft are collaborating in open source to provide an integrated, consistent tooling experience. Whether it be securing Kubernetes secrets with Vault, having a Consul-based service mesh that spans Virtual Machines and Kubernetes, or even packaging your application stack up in a portable bundle, we’ll share how we are making it easier for you to bring your favorite HashiCorp tools to Azure.

Lachlan Evenson

September 11, 2019
Tweet

More Decks by Lachlan Evenson

See All by Lachlan Evenson
Service Mesh Interface
lachie83
3
170
Dive into Kubeflow
lachie83
1
140
Helm Summit PDX 2018 - Securing Helm
lachie83
0
790
KubeCon NA 2017 - Setting Sail with Istio
lachie83
0
240

Other Decks in Technology

See All in Technology
スクラムチームを立ち上げる〜チーム開発で得られたもの・得られなかったもの〜
ohnoeight
2
350
開発生産性を上げながらビジネスも30倍成長させてきたチームの姿
kamina_zzz
2
1.7k
サイバーセキュリティと認知バイアス:対策の隙を埋める心理学的アプローチ
shumei_ito
0
380
安心してください、日本語使えますよ―Ubuntu日本語Remix提供休止に寄せて― 2024-11-17
nobutomurata
0
980
リンクアンドモチベーション ソフトウェアエンジニア向け紹介資料 / Introduction to Link and Motivation for Software Engineers
lmi
4
300k
Lambdaと地方とコミュニティ
miu_crescent
2
370
Why does continuous profiling matter to developers? #appdevelopercon
salaboy
0
180
The Role of Developer Relations in AI Product Success.
giftojabu1
0
120
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
180
Platform Engineering for Software Developers and Architects
syntasso
1
510
DMARC 対応の話 - MIXI CTO オフィスアワー #04
bbqallstars
1
160
障害対応指揮の意思決定と情報共有における価値観 / Waroom Meetup #2
arthur1
5
470

Featured

See All Featured
How GitHub (no longer) Works
holman
310
140k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
10
720
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
Building an army of robots
kneath
302
43k
Building Applications with DynamoDB
mza
90
6.1k
Six Lessons from altMBA
skipperchong
27
3.5k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
A better future with KSS
kneath
238
17k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
Optimizing for Happiness
mojombo
376
70k
Testing 201, or: Great Expectations
jmmastey
38
7.1k

Transcript

  1. Tooling for the modern cloud native application stack Photo by

    JESHOOTS.COM on Unsplash

  2. What we hear from customers How do I integrate Consul

    as a service mesh for Kubernetes and VMs? How do I secure secrets in Kubernetes with Vault? How can I bundle up my application and all its dependencies into a single unit? @LachlanEvenson @ritazzhang

  3. And when we dig deeper Remove integration pain Use tooling

    they already trust Flexibility @LachlanEvenson @ritazzhang

  4. Our team 100% open source Vendor neutral Strive to provide

    standardized solutions @LachlanEvenson @ritazzhang

  5. Lachlan Evenson @LachlanEvenson • Program Manager in Azure Container Compute

    • HashiCorp fan circa 2013 • Upstream Consul Helm chart maintainer • Kubernetes 1.16 release lead • CNCF Ambassador • Using and contributing to open source software for 8 years

  6. Rita Zhang @ritazzhang • Software Engineer in Azure Container Compute

    • Maintainer of Secrets Store CSI Driver • Maintainer of Open Policy Agent Gatekeeper (Kubernetes policy controller)

  7. Case Study: How do I integrate Consul as a service

    mesh for Kubernetes and VMs?

  8. Why Consul as a service mesh? Supports multiple runtimes May

    span networks Production ready Flexible @LachlanEvenson @ritazzhang

  9. Integrating Consul into Kubernetes •Runs on Kubernetes •Configurable via Service

    Mesh Interface (SMI) •Use Kubernetes native tooling @LachlanEvenson @ritazzhang

  10. Configuring Consul using SMI https://github.com/deislabs/smi-spec @LachlanEvenson @ritazzhang Node Dashboard Pod

    Node Counting Pod Kubernetes Cluster SMI Consul Intentions

  11. Consul Intentions via SMI

  12. None

  13. Case Study: How do I secure secrets in Kubernetes with

    Vault?

  14. • What if I already use HashiCorp Vault in my

    company? • Why should Kubernetes be any different? • Instead of storing my application secrets in etcd, is it possible to store them in Vault and use them in my Kubernetes applications? @LachlanEvenson @ritazzhang

  15. Why Secrets Store CSI Driver? Separation of concerns Supports multiple

    secrets store providers Application portability Community designed and maintained @LachlanEvenson @ritazzhang

  16. Container Storage Interface (CSI) Driver Standard for exposing third- party

    storage systems to containerized workloads Once the CSI plugin is deployed on the cluster, users can create volumes Once the Volume is attached, the data in it is mounted into the container's file system @LachlanEvenson @ritazzhang

  17. Secrets Store CSI driver [Vault Provider] Master Node API Server

    Kubelet Pod Pod Secrets Store CSI Driver Volume Mount path: /etc/foo Pod https://github.com/deislabs/secrets-store-csi-driver @LachlanEvenson @ritazzhang

  18. Using Secrets Store CSI Driver

  19. Using Secrets Store CSI Driver

  20. @LachlanEvenson @ritazzhang

  21. Case Study: How can I bundle up my application and

    all its dependencies into a single unit?

  22. What is a Cloud Native Application? Business logic Infrastructure Single

    or many microservices Database

  23. How we distribute Cloud Native Applications Terraform Kubernetes manifests BYO

    tools Package @LachlanEvenson @ritazzhang

  24. Why Cloud Native Application Bundles (CNAB)? the tools you already

    use any configuration needed for your app distributed via existing mechanisms @LachlanEvenson @ritazzhang

  25. Building bundles with Porter • Your app and its baggage:

    installed • Smart bundles out-of-the-box • Bundle management: simplified https://github.com/deislabs/porter @LachlanEvenson @ritazzhang

  26. Cloud Native Application Bundle Demo •Create a bucket •Deploy Kubernetes

    Cluster •Provision PostgreSQL Database Cluster •Deploy Spring Music and connect it to PostgreSQL •All on Digital Ocean https://github.com/jeremyrickard/do-porter @LachlanEvenson @ritazzhang
  27. None

  28. Build in the open Native Integration Open source Community friendly

    No lock in @LachlanEvenson @ritazzhang

  29. Call to Action •Try it! •Swing by our booth •See

    you in the community!