Did you know that Docker Hub has millions of users pulling roughly one billion container images every two weeks — and it all runs on Docker Enterprise Edition?
Docker Enterprise Edition 2.0 may now be available to commercial customers who require an enterprise-ready container platform, but the Docker operations team has already been using it in production for some time. As part of our commitment to delivering high quality software that is ready to support your mission-critical applications, we leverage Docker Enterprise Edition 2.0 as the platform behind Docker Hub and our other SaaS services, Docker Store, and Docker Cloud.
Some organizations call it “dogfooding;” some call it “drinking your own champagne.” Whatever you call it, the importance of this program is to be fully invested in our own container platform and share in the same operational experiences as our customers.
Our Migration to Kubernetes
One of the main features of this latest release is the integration of Kubernetes so we wanted to make sure we are leveraging this capability. Working closely with our SaaS team leads, we chose a few services to migrate to Kubernetes while keeping others on Swarm.
For people already running Docker EE, upgrading to the latest version to get a Kubernetes cluster running is really easy. It only required running a single command to upgrade our existing Universal Control Plane (UCP) in Docker EE – for new users, simply swap “upgrade” with “install”. Yes, it’s this easy:
docker run --rm -it --name ucp -v /var/run/docker.sock:/var/run/docker.sock docker/ucp:3.0.0 upgrade --interactive
You don’t need to build your own etcd cluster or follow a detailed installation guide! A vanilla Kubernetes installation is built and managed by Docker EE 2.0 out of the box, removing the complexities of a Kubernetes deployment.
We then went to work on making sure our existing architecture and solutions worked with the Kubernetes services. Good news – if you’re already working with a Docker environment, introducing Kubernetes with Docker EE 2.0 integrates without any changes in your architecture or tools for your environment. For instance, we were able to keep all of our existing logging and monitoring solutions. Only minor updates were made to our routing solution to support running Swarm and Kubernetes services in parallel, building on top of Project Calico networking components that come integrated with Docker EE 2.0.
From there, our application teams took over to move some applications into Kubernetes. No changes were needed in application code since we were only changing the container scheduler, and since we already had Compose files defining our Swarm services, it was simple to translate them for Kubernetes deployment.
This all happened before public release of Docker EE 2.0. If you pulled an image from Docker Hub in the past couple weeks, part of your request passed through a container orchestrated by Kubernetes in our Docker EE 2.0 cluster!
Secure Application Zones within the Docker Team
Our goal as an infrastructure team is to provide self-service infrastructure resources to our development teams. Because there are many teams and sets of applications that go into running Docker’s SaaS products, it’s critical that we are able to segregate the Docker EE workloads and permissions across our 100+ node production cluster. Docker EE handles this through the concept of Resource Sets, and with Docker EE 2.0, this concept has been extended into Kubernetes namespaces.
By adding nodes to Resource Sets and granting users access to that Set with the role-based access controls, we can guarantee that when a user on it will land on the correct nodes and have the correct permissions to other Kubernetes objects based on the namespace. This means we can provide infrastructure for many teams while keeping workloads secure and separate where required, and prevent resource contention between sets of applications and teams. This makes my life, and the lives of our developers, a lot easier!
To learn more about this release:
commitment to deliver the highest quality software to our customers starts with running #Docker Hub…
Click To Tweet
The post Running Docker on Docker Enterprise Edition 2.0 appeared first on Docker Blog.