Data Centre Application Architect at Mesosphere
Core Developer & Evangelist at Project Calico
In this talk hosted at BlackRock, speakers Michael Hausenblas and Ed Harrison discussed the roles of Mesos and Kubernetes in building containerized applications and showed how they fit together, using the DCOS (Datacenter Operating System). They also covered orchestration requirements in a cluster setup, such as resource management and workload scheduling and demonstrate Mesos and Kubernetes in action, for further information, also refer to – https://docs.mesosphere.com/services/kubernetes/
The talk also covered securing micro-services with Mesos, Kubernetes and Calico. Traditional tiered network security architectures (across the presentation, application and data “tiers”) fail to meet the requirements of the new micro-service architectures. And as they pointed out, developers move at an increasingly fast pace, deploying new and updated services at ever greater scale and hence they can no longer wait for days for operations teams to update firewall rules. Moreover, the central assumption of systems such as Kubernetes or DCOS is that the data center is an undifferentiated pool of resources – trying to carve this into network tiers for security purposes breaks this assumption.
Instead, they highlighted ways in which Project Calico provides different security models where each instance of a micro-service is secured with per-workload network isolation, by distributing the network firewall to every host in the data center. Ed also explained further about this model and then showed how the Calico team has integrated Mesos and Kubernetes into their infrastructure to provide this level of security.
For more photos of the session, please check out this event’s meetup page here!