Orchestrator Wars

Transcript

1. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.

   Orchestrator Wars Liz Rice @LizRice | @AquaSecTeam

2. 2

3. 3 Slide from contiv.github.io/articles/2016/03/06/scaling-microservices.html

4. 4 Microservices

5. 5 @LizRice | @AquaSecTeam Container orchestrators ▪ What do orchestrators

   do? ▪ Choosing an orchestrator @LizRice | @AquaSecTeam

6. What does an orchestrator do?

7. 7

8. 8

9. 9

10. 10 @LizRice | @AquaSecTeam Container orchestrator scope ▪ Scheduling -

    find space for containers to run ▪ Service discovery ▪ Availability / fault tolerance ▪ Scaling ▪ Upgrades @LizRice | @AquaSecTeam

11. 11

12. 12

13. Cattle not pets

14. 14

15. 15

16. Some popular container orchestrators

17. Kubernetes

18. 18

19. 19 @LizRice | @AquaSecTeam Kubernetes ▪ Huge community, many distributions

    ▪ CNCF (Linux Foundation) ▪ Abstraction of machines into clusters ▪ Scheduling pods of containers ▪ Load balancing of services ▪ Management through labels ▪ Customization points

20. OpenShift

21. 21

22. 22 @LizRice | @AquaSecTeam OpenShift ▪ RedHat support & enterprise

    credibility ▪ Built on Kubernetes

23. Docker Swarm

24. 24

25. 25 @LizRice | @AquaSecTeam Docker Swarm ▪ Huge user base

    ▪ Docker Inc ▪ Ease of use ▪ Schedule by task = one container ▪ Secrets out-of-the-box

26. Mesos / Marathon

27. 27

28. 28 @LizRice | @AquaSecTeam Mesos / Marathon ▪ Heritage in

    big data jobs (Hadoop, Spark) ▪ Mesos manages clusters ▪ Marathon schedules jobs (containers) ▪ ZooKeeper for service discovery ▪ Not written in Go! ▪ Enterprise DC/OS

29. Nomad

30. 30

31. 31 @LizRice | @AquaSecTeam Nomad ▪ Hashicorp pedigree - Terraform,

    Vagrant, Consul... ▪ Manages non-containerized jobs

32. Amazon ECS

33. 33

34. 34 @LizRice | @AquaSecTeam Amazon ECS ▪ Well-integrated with Amazon

    ▪ Elastic Load Balancer ▪ CloudTrail ▪ Autoscaling groups ▪ Tasks groups into services

35. How to choose an orchestrator

36. 36 Popularity

37. 37 Popularity

38. 38 @LizRice | @AquaSecTeam Anecdotally... ▪ Depends what you measure

    ▪ Measure by people: Docker Swarm ▪ Measure by workload: Mesos / Marathon

39. 39 Community

40. 40 Community

41. 41 @LizRice | @AquaSecTeam Shifting sands ▪ March 2016 -

    Microsoft invests in Mesosphere ▪ March 2017 - Microsoft acquires Deis ▪ May 2017 - Moby project

42. 42

43. 43 @LizRice | @AquaSecTeam Greatest strengths Docker Swarm Kubernetes /

    OpenShift Amazon ECS Mesos / Marathon Nomad Works out-of-the-box X X Community X Scale X X X Big data workloads X Non-containerised workloads X X

44. 44 To be continued...

45. Copyright @ 2017 Aqua Security Software Ltd. All Rights Reserved.

    Questions? Liz Rice @LizRice | @AquaSecTeam