Kubernetes NetworkPolicies in Docker Enterprise Edition

Solutions / / , , , , , , , , , , ,

Kubernetes running under Docker UCP uses the Calico CNI plugin so that you can use Kubernetes NetworkPolicies to control pod to pod communication as well as communication between pods and other network endpoints.

This blog post will walk you through an example of configuring Kubernetes NetworkPolicies. We will block traffic from one namespace into another namespace, while still allowing external traffic to access the “restricted” namespace. As a high-level use case, we will consider the situation where a development team is working on multiple branches of a project, and the pods in the different branches should not be able to communicate with each other. If you are not familiar with the basic concepts of NetworkPolicies, see the Kubernetes documentation here.

Kubernetes NetworkPolicies in Docker Enterprise EditionRead More »

Kubernetes NetworkPolicies in Docker Enterprise Edition Read More »

Help! I need to change the pod CIDR in my Kubernetes cluster

Solutions / / , , , ,

 

Your Docker EE Kubernetes cluster has been working great for months. The DevOps team is fully committed to deploying critical applications as Kubernetes workloads using their pipeline, and there are several production applications already deployed in your Kubernetes cluster.

But today the DevOps team tells you something is wrong; they can’t reach a group of internal corporate servers from Kubernetes pods. They can reach those same servers using basic Docker containers and Swarm services. You’re sure its just another firewall misconfiguration and you enlist the help of your network team to fix it. After several hours of troubleshooting, you realize that the problem is that you are using a CIDR (Classless Inter-Domain Routing) range for your cluster’s pod CIDR range that overlaps the CIDR range that the servers use.

Help! I need to change the pod CIDR in my Kubernetes clusterRead More »

Help! I need to change the pod CIDR in my Kubernetes cluster Read More »

32-bit Apps in a 64-bit Docker Container

Solutions / / , , , , , , ,

I started my career in December of 1989 at a company named Planning Research Corporation which contracted a considerable amount of work with the Department of Defense. I spent one year working in Fortran 77. The next 6 years were far more interesting to me as I dove into the world of ANSI C programming using the Kernighan & Ritchie bible. I still have my book on a shelf.

Our systems ran on 3 different Unix operating systems. We managed Makefiles that targeted SunOS, DEC Ultrix, and IBM AIX platforms. At times this was quite challenging. However, everything in this environment was 32 bit architecture; but what did that matter to me at the time? 64 bit processors didn’t come along for many more years.

Looking to innovate? Eager to answer your questions? Capstone Labs explores the latest IT advancements and helps you demonstrate the value of application modernization.

Ask your tech questions

 

32-bit Apps in a 64-bit Docker ContainerRead More »

32-bit Apps in a 64-bit Docker Container Read More »

SSL Options with Kubernetes – Part 2

Solutions / / , , , , , , , ,

In the first post in this series, SSL Options with Kubernetes – Part 1, we saw how to use the Kubernetes LoadBalancer service type to terminate SSL for your application deployed on a Kubernetes cluster in AWS. In this post, we will see how this can be done for a Kubernetes cluster in Azure.

In general, Kubernetes objects are portable across the various types of infrastructure underlying the cluster, i.e. public cloud, private cloud, virtualized, bare metal, etc. However, some objects are implemented through the Kubernetes concept of Cloud Providers. The LoadBalancer service type is one of these. AWS, Azure, and GCP (as well as vSphere, OpenStack and others) all implement a load balancer service using the existing load balancer(s) their cloud service provides. As such, each implementation is different. These differences are accounted for in the annotations to the Service object. For example, here is the specification we used for our service in the previous post.

SSL Options with Kubernetes – Part 2Read More »

SSL Options with Kubernetes – Part 2 Read More »

How to securely deploy Docker EE on the AWS Cloud

Solutions / / , , , , , , ,

Overview

This reference deployment guide provides the step-by-step instructions for deploying Docker Enterprise Edition on the Amazon Web Services (AWS) Cloud. This automation references deployments that use the Docker Certified Infrastructure (DCI) template which is based on Terraform to launch, configure and run the AWS compute, network, storage and other services required to deploy a specific workload on AWS. The DCI template uses Ansible playbooks to configured the Docker Enterprise cluster environment.

How to securely deploy Docker EE on the AWS CloudRead More »

How to securely deploy Docker EE on the AWS Cloud Read More »

First Year at Capstone

Business, Working at Capstone / / , , , , , , , , , , , ,

Last month I finished my first year working part time at Capstone. That’s long enough to feel like you know a company, and still short enough to be new. I’ve been reflecting about the differences to my 36 years working full time at IBM (38 years if you count my part time student work there.) This is NOT a technical blog post.  …

First Year at CapstoneRead More »

First Year at Capstone Read More »