Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Hashiconf NA 2019 Tooling for the modern cloud native application stack

Hashiconf NA 2019 Tooling for the modern cloud native application stack

The modern cloud native application stack typically consists of different runtimes whether it be virtual machines, Kubernetes, or serverless and cloud hosted services. How do you use the tools you know and love to build across these different environments? We will share how HashiCorp and Microsoft are collaborating in open source to provide an integrated, consistent tooling experience. Whether it be securing Kubernetes secrets with Vault, having a Consul-based service mesh that spans Virtual Machines and Kubernetes, or even packaging your application stack up in a portable bundle, we’ll share how we are making it easier for you to bring your favorite HashiCorp tools to Azure.

Lachlan Evenson

September 11, 2019
Tweet

More Decks by Lachlan Evenson

Other Decks in Technology

Transcript

  1. Tooling for the
    modern cloud native
    application stack
    Photo by JESHOOTS.COM on Unsplash

    View full-size slide

  2. What we hear
    from
    customers
    How do I integrate Consul as a
    service mesh for Kubernetes and
    VMs?
    How do I secure secrets in
    Kubernetes with Vault?
    How can I bundle up my
    application and all its
    dependencies into a single unit?
    @LachlanEvenson @ritazzhang

    View full-size slide

  3. And when we dig deeper
    Remove integration
    pain
    Use tooling they already
    trust
    Flexibility
    @LachlanEvenson @ritazzhang

    View full-size slide

  4. Our team
    100% open source
    Vendor neutral
    Strive to provide standardized
    solutions
    @LachlanEvenson @ritazzhang

    View full-size slide

  5. Lachlan Evenson @LachlanEvenson
    • Program Manager in Azure
    Container Compute
    • HashiCorp fan circa 2013
    • Upstream Consul Helm chart
    maintainer
    • Kubernetes 1.16 release lead
    • CNCF Ambassador
    • Using and contributing to open
    source software for 8 years

    View full-size slide

  6. Rita Zhang @ritazzhang
    • Software Engineer in Azure
    Container Compute
    • Maintainer of Secrets Store CSI
    Driver
    • Maintainer of Open Policy
    Agent Gatekeeper (Kubernetes
    policy controller)

    View full-size slide

  7. Case Study:
    How do I integrate
    Consul as a service
    mesh for Kubernetes
    and VMs?

    View full-size slide

  8. Why Consul
    as a service
    mesh?
    Supports multiple runtimes
    May span networks
    Production ready
    Flexible
    @LachlanEvenson @ritazzhang

    View full-size slide

  9. Integrating Consul into Kubernetes
    •Runs on Kubernetes
    •Configurable via Service Mesh
    Interface (SMI)
    •Use Kubernetes native tooling
    @LachlanEvenson @ritazzhang

    View full-size slide

  10. Configuring Consul using SMI
    https://github.com/deislabs/smi-spec
    @LachlanEvenson @ritazzhang
    Node
    Dashboard
    Pod
    Node
    Counting
    Pod
    Kubernetes Cluster
    SMI
    Consul
    Intentions

    View full-size slide

  11. Consul
    Intentions via
    SMI

    View full-size slide

  12. Case Study:
    How do I secure
    secrets in
    Kubernetes with
    Vault?

    View full-size slide

  13. • What if I already use HashiCorp
    Vault in my company?
    • Why should Kubernetes be any
    different?
    • Instead of storing my application
    secrets in etcd, is it possible to
    store them in Vault and use them
    in my Kubernetes applications?
    @LachlanEvenson @ritazzhang

    View full-size slide

  14. Why Secrets
    Store CSI
    Driver?
    Separation of concerns
    Supports multiple secrets store providers
    Application portability
    Community designed and maintained
    @LachlanEvenson @ritazzhang

    View full-size slide

  15. Container
    Storage
    Interface (CSI)
    Driver
    Standard for exposing third-
    party storage systems to
    containerized workloads
    Once the CSI plugin is deployed
    on the cluster, users can create
    volumes
    Once the Volume is attached,
    the data in it is mounted into
    the container's file system
    @LachlanEvenson @ritazzhang

    View full-size slide

  16. Secrets Store CSI driver [Vault Provider]
    Master Node
    API
    Server
    Kubelet Pod
    Pod
    Secrets Store
    CSI Driver
    Volume
    Mount path:
    /etc/foo
    Pod
    https://github.com/deislabs/secrets-store-csi-driver
    @LachlanEvenson @ritazzhang

    View full-size slide

  17. Using Secrets
    Store CSI
    Driver

    View full-size slide

  18. Using Secrets
    Store CSI
    Driver

    View full-size slide

  19. @LachlanEvenson @ritazzhang

    View full-size slide

  20. Case Study:
    How can I bundle
    up my application
    and all its
    dependencies into
    a single unit?

    View full-size slide

  21. What is a
    Cloud Native
    Application?
    Business logic Infrastructure
    Single or
    many
    microservices
    Database

    View full-size slide

  22. How we distribute Cloud Native Applications
    Terraform Kubernetes
    manifests
    BYO tools
    Package
    @LachlanEvenson @ritazzhang

    View full-size slide

  23. Why Cloud
    Native
    Application
    Bundles
    (CNAB)?
    the tools you already use
    any configuration needed for
    your app
    distributed via existing
    mechanisms
    @LachlanEvenson @ritazzhang

    View full-size slide

  24. Building bundles with Porter
    • Your app and its baggage: installed
    • Smart bundles out-of-the-box
    • Bundle management: simplified
    https://github.com/deislabs/porter
    @LachlanEvenson @ritazzhang

    View full-size slide

  25. Cloud Native Application Bundle Demo
    •Create a bucket
    •Deploy Kubernetes Cluster
    •Provision PostgreSQL Database Cluster
    •Deploy Spring Music and connect it to PostgreSQL
    •All on Digital Ocean
    https://github.com/jeremyrickard/do-porter
    @LachlanEvenson @ritazzhang

    View full-size slide

  26. Build in the
    open
    Native Integration
    Open source
    Community friendly
    No lock in
    @LachlanEvenson @ritazzhang

    View full-size slide

  27. Call to Action
    •Try it!
    •Swing by our booth
    •See you in the community!

    View full-size slide