SlideShare una empresa de Scribd logo

Multi tenancy for docker

Ananth Padmanabhan
Ananth Padmanabhan

Uploading the presentation given at the OpenStack Summit, Austin in April, 2016. The video link is here , https://www.openstack.org/videos/video/multi-tenancy-for-docker-containers-with-keystone-and-adding-quota-limits

Tecnología
1 de 16
Descargar para leer sin conexión
Multi-tenancy for Docker Containers with Keystone Satya Routray, Rahul Upadhyay Anantha Padmanabhan CB, Meenakshi Lakshmanan 27, Apr 2016
Current authorization mechanism  Username / Password based authentication  Allows user to run any docker command  Or view all provisioned containers  No limit on number of containers / resources used
Why multitenancy?  We can use standalone Keystone to provide multitenancy to Docker.  Multitenancy allows users to view/manage only the containers they provisioned  Enables Role Based Access Control (RBAC)  Enables administrator to specify quota – pay as you go model  Can utilize Keystone’s ability to support multiple backend domains  Single sign-on and Hierarchical multitenancy  Not only users-to-container authorization, but also service-to-service authorization that are running across different containers
Keystone services • Identity – Credential validation • Resources – Data about Projects and Domains • Assignment - Roles and Roles-to-Resource assignments • Token – Manages tokens • Catalog – Registry of services and end points • Policy – Rule based authorization
Authentication mechanisms UUID Tokens • UUID • Persistent PKI & PKIZ Tokens (From Grizzly) • Public Key Infrastructure – Certificate based • More informative payload but size is huge • Persistent Fernet Tokens (From Juno) • Non-persistent & Symmetric key encryption • 85% faster than UUID and 89% faster than PKI
UUID tokens Client API Token Token Generation User/Pass Verify/Generate/Store UUID Send User/Pass Cache UUID locally UUID Cache UUID Keystone Backend API Call Validation Request Send API request+UUID Request UUID Extract UUID from Request UUID Check UUID and expiry date Valid? Process Request Reject Request 2xx HTTP 4xx HTTP Update Req. status Display Req. Error Yes No API Call Validation response
PKI Tokens
What is Docker • Enables you to package an application with all its dependencies into a standardized unit • Docker separates applications from infrastructure using container technology Similar to how VMs separate the operating system from bare metal • Runs the same regardless of the environment Build Ship Run
Docker – Key Components • Docker Demon • Docker API • Cli Used to interact with Daemon • Docker Engine, (Constitutes of all the above) • Docker Machine – bring up Docker Swarm • Docker Swarm – Native clustering for Docker
Multitenant Cluster Multi-Tenant Swarm C1 C2 C3 C4 Tenant1 Tenant4Tenant3Tenant2 Keystone C1 C2 C3 C4 H1 H2 User Policy Resource Identity Catalog
Multi-tenancy with keystone User keystoneDocker HostSwarm keystoneDocker HostSwarmUser Authenticate (User, Tenant, Password) Validate and generate token Token Update config.json with token and tenant ID Docker –H swarm url <docker CMD> List tenants List tenant to which token has access Check keystone’s tenant list for user’s tenant Ensure that Tenants are isolated from each other, Each tenant can only manage and link to their own container Docker <Docker cmd>
Timelines and future work • Implementation of keystone support – In progress • Explore fernet tokens and include support for the same • Provide isolated tenant networking capabilities • Provide a framework for dockerized applications to use the multitenancy seamlessly
Connect with us… • Satya Routray (engg.sanj@gmail.com) • Rahul Upadhyay (rahuupad@cisco.com) • Anantha Padmanabhan CB (cbpadman@cisco.com) • Meenakshi Lakshmanan (mlakshma@cisco.com)
References • Identity, Authentication & Access Management in OpenStack – Implementing and Deploying Keystone - Steve Martinelli, Henry Nash & Brad Topol • https://www.mirantis.com/blog/understanding-openstack-authentication-keystone-pki/ • http://dolphm.com/the-anatomy-of-openstack-keystone-token-formats/ • https://docs.docker.com/swarm/ • https://docs.docker.com/machine/drivers/openstack/ • https://wiki.openstack.org/wiki/Keystone • http://docs.openstack.org/developer/keystone/ • https://www.mirantis.com/blog/understanding-openstack-authentication-keystone-pki/
Q&A
OpenStack Summit Austin, Texas 2016

Recomendados

FeliCa Liteの片側認証
FeliCa Liteの片側認証FeliCa Liteの片側認証
FeliCa Liteの片側認証Hirokuma Ueno
 
Telemetryについて
TelemetryについてTelemetryについて
Telemetryについてtetsusat
 
Mexico Electronic Invoicing and Tax Reporting Requirements
Mexico Electronic Invoicing and Tax Reporting RequirementsMexico Electronic Invoicing and Tax Reporting Requirements
Mexico Electronic Invoicing and Tax Reporting RequirementsInvoiceware International
 
MySQLのバックアップ運用について色々
MySQLのバックアップ運用について色々MySQLのバックアップ運用について色々
MySQLのバックアップ運用について色々yoku0825
 
Test acceptance
Test acceptanceTest acceptance
Test acceptanceYannick Quenec'hdu
 
(very short) intro to OMNITRACKER
(very short) intro to OMNITRACKER(very short) intro to OMNITRACKER
(very short) intro to OMNITRACKEROMNINET USA
 
Mqtt presentation
Mqtt presentationMqtt presentation
Mqtt presentationShiang - Chi Lee
 
第11回ACRiウェビナー_東工大/坂本先生ご講演資料
第11回ACRiウェビナー_東工大/坂本先生ご講演資料第11回ACRiウェビナー_東工大/坂本先生ご講演資料
第11回ACRiウェビナー_東工大/坂本先生ご講演資料直久 住川
 

Recomendados

FeliCa Liteの片側認証
FeliCa Liteの片側認証FeliCa Liteの片側認証
FeliCa Liteの片側認証Hirokuma Ueno
 
Telemetryについて
TelemetryについてTelemetryについて
Telemetryについてtetsusat
 
Mexico Electronic Invoicing and Tax Reporting Requirements
Mexico Electronic Invoicing and Tax Reporting RequirementsMexico Electronic Invoicing and Tax Reporting Requirements
Mexico Electronic Invoicing and Tax Reporting RequirementsInvoiceware International
 
MySQLのバックアップ運用について色々
MySQLのバックアップ運用について色々MySQLのバックアップ運用について色々
MySQLのバックアップ運用について色々yoku0825
 
Test acceptance
Test acceptanceTest acceptance
Test acceptanceYannick Quenec'hdu
 
(very short) intro to OMNITRACKER
(very short) intro to OMNITRACKER(very short) intro to OMNITRACKER
(very short) intro to OMNITRACKEROMNINET USA
 
Mqtt presentation
Mqtt presentationMqtt presentation
Mqtt presentationShiang - Chi Lee
 
第11回ACRiウェビナー_東工大/坂本先生ご講演資料
第11回ACRiウェビナー_東工大/坂本先生ご講演資料第11回ACRiウェビナー_東工大/坂本先生ご講演資料
第11回ACRiウェビナー_東工大/坂本先生ご講演資料直久 住川
 
Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...
Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...
Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...Felix Gessert
 
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeAcademy
 
Building a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containersBuilding a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containersaslomibm
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerAnanth Padmanabhan
 
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeAcademy
 
Monitoring docker container and dockerized applications
Monitoring docker container and dockerized applicationsMonitoring docker container and dockerized applications
Monitoring docker container and dockerized applicationsAnanth Padmanabhan
 
Docker, cornerstone of an hybrid cloud?
Docker, cornerstone of an hybrid cloud?Docker, cornerstone of an hybrid cloud?
Docker, cornerstone of an hybrid cloud?Adrien Blind
 
FOLIO - An open source multi-tenant platform
FOLIO - An open source multi-tenant platformFOLIO - An open source multi-tenant platform
FOLIO - An open source multi-tenant platformAndrew Nagy
 
Making Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredMaking Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredPaul Fremantle
 
Docker. General overview
Docker. General overviewDocker. General overview
Docker. General overviewMirantis IT Russia
 
Aptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloud
Aptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloudAptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloud
Aptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloudAptible
 
Monitoring Docker Containers and Dockererized Application
Monitoring Docker Containers and Dockererized ApplicationMonitoring Docker Containers and Dockererized Application
Monitoring Docker Containers and Dockererized ApplicationRahul Krishna Upadhyaya
 
Pachyderm: Data Storage and Processing with Docker
Pachyderm: Data Storage and Processing with DockerPachyderm: Data Storage and Processing with Docker
Pachyderm: Data Storage and Processing with DockerJoseph Zwicker
 
What is Virtualization. Talk from Pycon 2013 India.
What is Virtualization. Talk from Pycon 2013 India.What is Virtualization. Talk from Pycon 2013 India.
What is Virtualization. Talk from Pycon 2013 India.Rahul Krishna Upadhyaya
 
Federated mesos clusters for global data center designs
Federated mesos clusters for global data center designsFederated mesos clusters for global data center designs
Federated mesos clusters for global data center designsKrishna-Kumar
 
Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)Imesh Gunaratne
 
Dalla parte degli utenti: riprogettare un sito della PA
Dalla parte degli utenti: riprogettare un sito della PADalla parte degli utenti: riprogettare un sito della PA
Dalla parte degli utenti: riprogettare un sito della PAMaria Cristina Lavazza
 
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...festival ICT 2016
 
Big Data Applications
Big Data ApplicationsBig Data Applications
Big Data ApplicationsJoseph Zwicker
 
VuFind on FOLIO @ VuFind Summit 2016
VuFind on FOLIO @ VuFind Summit 2016VuFind on FOLIO @ VuFind Summit 2016
VuFind on FOLIO @ VuFind Summit 2016Andrew Nagy
 
Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesDocker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesThomas Barlow
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker, Inc.
 

Más contenido relacionado

Destacado

Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...
Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...
Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...Felix Gessert
 
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeAcademy
 
Building a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containersBuilding a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containersaslomibm
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerAnanth Padmanabhan
 
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeAcademy
 
Monitoring docker container and dockerized applications
Monitoring docker container and dockerized applicationsMonitoring docker container and dockerized applications
Monitoring docker container and dockerized applicationsAnanth Padmanabhan
 
Docker, cornerstone of an hybrid cloud?
Docker, cornerstone of an hybrid cloud?Docker, cornerstone of an hybrid cloud?
Docker, cornerstone of an hybrid cloud?Adrien Blind
 
FOLIO - An open source multi-tenant platform
FOLIO - An open source multi-tenant platformFOLIO - An open source multi-tenant platform
FOLIO - An open source multi-tenant platformAndrew Nagy
 
Making Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredMaking Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredPaul Fremantle
 
Aptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloud
Aptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloudAptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloud
Aptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloudAptible
 
Monitoring Docker Containers and Dockererized Application
Monitoring Docker Containers and Dockererized ApplicationMonitoring Docker Containers and Dockererized Application
Monitoring Docker Containers and Dockererized ApplicationRahul Krishna Upadhyaya
 
Pachyderm: Data Storage and Processing with Docker
Pachyderm: Data Storage and Processing with DockerPachyderm: Data Storage and Processing with Docker
Pachyderm: Data Storage and Processing with DockerJoseph Zwicker
 
What is Virtualization. Talk from Pycon 2013 India.
What is Virtualization. Talk from Pycon 2013 India.What is Virtualization. Talk from Pycon 2013 India.
What is Virtualization. Talk from Pycon 2013 India.Rahul Krishna Upadhyaya
 
Federated mesos clusters for global data center designs
Federated mesos clusters for global data center designsFederated mesos clusters for global data center designs
Federated mesos clusters for global data center designsKrishna-Kumar
 
Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)Imesh Gunaratne
 
Dalla parte degli utenti: riprogettare un sito della PA
Dalla parte degli utenti: riprogettare un sito della PADalla parte degli utenti: riprogettare un sito della PA
Dalla parte degli utenti: riprogettare un sito della PAMaria Cristina Lavazza
 
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...festival ICT 2016
 
VuFind on FOLIO @ VuFind Summit 2016
VuFind on FOLIO @ VuFind Summit 2016VuFind on FOLIO @ VuFind Summit 2016
VuFind on FOLIO @ VuFind Summit 2016Andrew Nagy
 

Destacado (20)

Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...
Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...
Building a Global-Scale Multi-Tenant Cloud Platform on AWS and Docker: Lesson...
 
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant Kubernetes
 
Building a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containersBuilding a multi-tenant cloud service from legacy code with Docker containers
Building a multi-tenant cloud service from legacy code with Docker containers
 
Optimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using dockerOptimising nfv service chains on open stack using docker
Optimising nfv service chains on open stack using docker
 
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
 
Monitoring docker container and dockerized applications
Monitoring docker container and dockerized applicationsMonitoring docker container and dockerized applications
Monitoring docker container and dockerized applications
 
Docker, cornerstone of an hybrid cloud?
Docker, cornerstone of an hybrid cloud?Docker, cornerstone of an hybrid cloud?
Docker, cornerstone of an hybrid cloud?
 
FOLIO - An open source multi-tenant platform
FOLIO - An open source multi-tenant platformFOLIO - An open source multi-tenant platform
FOLIO - An open source multi-tenant platform
 
Making Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and MeteredMaking Apache Tomcat Multi-tenant, Elastic and Metered
Making Apache Tomcat Multi-tenant, Elastic and Metered
 
Docker. General overview
Docker. General overviewDocker. General overview
Docker. General overview
 
Aptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloud
Aptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloudAptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloud
Aptible, AWS, and Telepharm: Architecting HIPAA compliance for the cloud
 
Monitoring Docker Containers and Dockererized Application
Monitoring Docker Containers and Dockererized ApplicationMonitoring Docker Containers and Dockererized Application
Monitoring Docker Containers and Dockererized Application
 
Pachyderm: Data Storage and Processing with Docker
Pachyderm: Data Storage and Processing with DockerPachyderm: Data Storage and Processing with Docker
Pachyderm: Data Storage and Processing with Docker
 
What is Virtualization. Talk from Pycon 2013 India.
What is Virtualization. Talk from Pycon 2013 India.What is Virtualization. Talk from Pycon 2013 India.
What is Virtualization. Talk from Pycon 2013 India.
 
Federated mesos clusters for global data center designs
Federated mesos clusters for global data center designsFederated mesos clusters for global data center designs
Federated mesos clusters for global data center designs
 
Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)Multitenancy in WSO2 Carbon 5 (C5)
Multitenancy in WSO2 Carbon 5 (C5)
 
Dalla parte degli utenti: riprogettare un sito della PA
Dalla parte degli utenti: riprogettare un sito della PADalla parte degli utenti: riprogettare un sito della PA
Dalla parte degli utenti: riprogettare un sito della PA
 
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
Il paradigma UCaaS: come migliorare i processi di business dell’azienda attra...
 
Big Data Applications
Big Data ApplicationsBig Data Applications
Big Data Applications
 
VuFind on FOLIO @ VuFind Summit 2016
VuFind on FOLIO @ VuFind Summit 2016VuFind on FOLIO @ VuFind Summit 2016
VuFind on FOLIO @ VuFind Summit 2016
 

Similar a Multi tenancy for docker

Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesDocker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesThomas Barlow
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker, Inc.
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in Dockerdocker-athens
 
Getting started with google kubernetes engine
Getting started with google kubernetes engineGetting started with google kubernetes engine
Getting started with google kubernetes engineShreya Pohekar
 
DockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaDockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaRoman Dembitsky
 
The ABC of Docker: The Absolute Best Compendium of Docker
The ABC of Docker: The Absolute Best Compendium of DockerThe ABC of Docker: The Absolute Best Compendium of Docker
The ABC of Docker: The Absolute Best Compendium of DockerAniekan Akpaffiong
 
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Edureka!
 
Container security Familiar problems in new technology
Container security Familiar problems in new technologyContainer security Familiar problems in new technology
Container security Familiar problems in new technologyFrank Victory
 
Attacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisAttacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisOWASP Hacker Thursday
 
CONTAINERIZATION WITH DOCKER .pptx
CONTAINERIZATION WITH DOCKER .pptxCONTAINERIZATION WITH DOCKER .pptx
CONTAINERIZATION WITH DOCKER .pptxSanjuGamesphere
 
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Docker, Inc.
 
Dockercon EU 2015 Recap
Dockercon EU 2015 RecapDockercon EU 2015 Recap
Dockercon EU 2015 RecapLee Calcote
 
Backend Master | 3.4.2 Deploy - Docker Introduction
Backend Master | 3.4.2 Deploy - Docker IntroductionBackend Master | 3.4.2 Deploy - Docker Introduction
Backend Master | 3.4.2 Deploy - Docker IntroductionKyunghun Jeon
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Patrick Chanezon
 
Devoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and BoltsDevoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and BoltsPatrick Chanezon
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Docker, Inc.
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHansFarroCastillo1
 
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...Alexey Bokov
 

Similar a Multi tenancy for docker (20)

Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesDocker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup Slides
 
Kubernetes in Docker
Kubernetes in DockerKubernetes in Docker
Kubernetes in Docker
 
Getting started with google kubernetes engine
Getting started with google kubernetes engineGetting started with google kubernetes engine
Getting started with google kubernetes engine
 
DockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaDockerCon EU 2015 Barcelona
DockerCon EU 2015 Barcelona
 
The ABC of Docker: The Absolute Best Compendium of Docker
The ABC of Docker: The Absolute Best Compendium of DockerThe ABC of Docker: The Absolute Best Compendium of Docker
The ABC of Docker: The Absolute Best Compendium of Docker
 
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
Kubernetes Networking | Kubernetes Services, Pods & Ingress Networks | Kubern...
 
Container security Familiar problems in new technology
Container security Familiar problems in new technologyContainer security Familiar problems in new technology
Container security Familiar problems in new technology
 
Attacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin JoisAttacking and Defending Kubernetes - Nithin Jois
Attacking and Defending Kubernetes - Nithin Jois
 
CONTAINERIZATION WITH DOCKER .pptx
CONTAINERIZATION WITH DOCKER .pptxCONTAINERIZATION WITH DOCKER .pptx
CONTAINERIZATION WITH DOCKER .pptx
 
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
 
Dockercon EU 2015 Recap
Dockercon EU 2015 RecapDockercon EU 2015 Recap
Dockercon EU 2015 Recap
 
Backend Master | 3.4.2 Deploy - Docker Introduction
Backend Master | 3.4.2 Deploy - Docker IntroductionBackend Master | 3.4.2 Deploy - Docker Introduction
Backend Master | 3.4.2 Deploy - Docker Introduction
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
 
Devoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and BoltsDevoxx 2016 - Docker Nuts and Bolts
Devoxx 2016 - Docker Nuts and Bolts
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
 
Kubernetes integration with ODL
Kubernetes integration with ODLKubernetes integration with ODL
Kubernetes integration with ODL
 
Hybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptxHybrid - Seguridad en Contenedores v3.pptx
Hybrid - Seguridad en Contenedores v3.pptx
 
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...
Azure: Docker Container orchestration, PaaS ( Service Farbic ) and High avail...
 
Flocker
FlockerFlocker
Flocker
 

Último

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Último (20)

Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

Multi tenancy for docker

  • 1. Multi-tenancy for Docker Containers with Keystone Satya Routray, Rahul Upadhyay Anantha Padmanabhan CB, Meenakshi Lakshmanan 27, Apr 2016
  • 2. Current authorization mechanism  Username / Password based authentication  Allows user to run any docker command  Or view all provisioned containers  No limit on number of containers / resources used
  • 3. Why multitenancy?  We can use standalone Keystone to provide multitenancy to Docker.  Multitenancy allows users to view/manage only the containers they provisioned  Enables Role Based Access Control (RBAC)  Enables administrator to specify quota – pay as you go model  Can utilize Keystone’s ability to support multiple backend domains  Single sign-on and Hierarchical multitenancy  Not only users-to-container authorization, but also service-to-service authorization that are running across different containers
  • 4. Keystone services • Identity – Credential validation • Resources – Data about Projects and Domains • Assignment - Roles and Roles-to-Resource assignments • Token – Manages tokens • Catalog – Registry of services and end points • Policy – Rule based authorization
  • 5. Authentication mechanisms UUID Tokens • UUID • Persistent PKI & PKIZ Tokens (From Grizzly) • Public Key Infrastructure – Certificate based • More informative payload but size is huge • Persistent Fernet Tokens (From Juno) • Non-persistent & Symmetric key encryption • 85% faster than UUID and 89% faster than PKI
  • 6. UUID tokens Client API Token Token Generation User/Pass Verify/Generate/Store UUID Send User/Pass Cache UUID locally UUID Cache UUID Keystone Backend API Call Validation Request Send API request+UUID Request UUID Extract UUID from Request UUID Check UUID and expiry date Valid? Process Request Reject Request 2xx HTTP 4xx HTTP Update Req. status Display Req. Error Yes No API Call Validation response
  • 8. What is Docker • Enables you to package an application with all its dependencies into a standardized unit • Docker separates applications from infrastructure using container technology Similar to how VMs separate the operating system from bare metal • Runs the same regardless of the environment Build Ship Run
  • 9. Docker – Key Components • Docker Demon • Docker API • Cli Used to interact with Daemon • Docker Engine, (Constitutes of all the above) • Docker Machine – bring up Docker Swarm • Docker Swarm – Native clustering for Docker
  • 10. Multitenant Cluster Multi-Tenant Swarm C1 C2 C3 C4 Tenant1 Tenant4Tenant3Tenant2 Keystone C1 C2 C3 C4 H1 H2 User Policy Resource Identity Catalog
  • 11. Multi-tenancy with keystone User keystoneDocker HostSwarm keystoneDocker HostSwarmUser Authenticate (User, Tenant, Password) Validate and generate token Token Update config.json with token and tenant ID Docker –H swarm url <docker CMD> List tenants List tenant to which token has access Check keystone’s tenant list for user’s tenant Ensure that Tenants are isolated from each other, Each tenant can only manage and link to their own container Docker <Docker cmd>
  • 12. Timelines and future work • Implementation of keystone support – In progress • Explore fernet tokens and include support for the same • Provide isolated tenant networking capabilities • Provide a framework for dockerized applications to use the multitenancy seamlessly
  • 13. Connect with us… • Satya Routray (engg.sanj@gmail.com) • Rahul Upadhyay (rahuupad@cisco.com) • Anantha Padmanabhan CB (cbpadman@cisco.com) • Meenakshi Lakshmanan (mlakshma@cisco.com)
  • 14. References • Identity, Authentication & Access Management in OpenStack – Implementing and Deploying Keystone - Steve Martinelli, Henry Nash & Brad Topol • https://www.mirantis.com/blog/understanding-openstack-authentication-keystone-pki/ • http://dolphm.com/the-anatomy-of-openstack-keystone-token-formats/ • https://docs.docker.com/swarm/ • https://docs.docker.com/machine/drivers/openstack/ • https://wiki.openstack.org/wiki/Keystone • http://docs.openstack.org/developer/keystone/ • https://www.mirantis.com/blog/understanding-openstack-authentication-keystone-pki/
  • 15. Q&A