Container Orchestration and the Network
The increasing complexity when setting up containers at scale is something that many developers can find challenging. In particular, they may encounter technology gaps such as how to integrate one’s entire developer toolkit and applications together across a multi-platform stack.
In this episode of The New Stack Analysts podcast, we explore how networking and security issues affect enterprises running containers in production, and the issues developers should consider when making containers a part of their infrastructure. The New Stack founder Alex Williams interviewed Vice President, Fellow, and Chief Technology Officer of IBM’s Cloud Platform Jason McGee for our latest EBook series on Container Networking, Security, and Storage.
#109: Container Orchestration and the Network
This conversation may also be heard on YouTube.
With orchestration tools now coming bundled into container platforms such as Docker, the question of how these affect one’s network comes into play. In particular, enterprises connecting their containers to private networks should ensure that their incoming and outgoing traffic does not end up routed over public channels. “Any abstraction that gets introduced, by definition limits what you can do with the network,” McGee noted.
Ideally, it is the aim of IBM to reduce the number of roadblocks to getting set up, streamlining how developers approach working with containers. “I don’t know that there’s technical gaps as much as there’s integration challenges. Customers have a diverse environment. They’re not going to be all running Docker, Kubernetes, or OpenStack. Most applications have to mix or integrate these technologies together,” McGee said.
“These assumptions and abstractions introduce complexity into your life because now you have to figure out how to connect stuff together,” McGee said.
Further touching on the inclusion of built-in orchestration into the Docker platform, McGee went on to explain that ensuring one’s network is secure to outside traffic should be crucial to developers working with this new feature. McGee then highlighted the ways in which today’s networking methodologies have shifted with the times, noting that rather than having a spec-driven test suite, today’s developers are testing against Swagger files.
It’s these cultural shifts and more which make up the issues facing containers, networking, and container security today. “We’re seeing a shift from infrastructure-centric, to application-centric. Historically, there was an infrastructure team and they controlled how the network, storage, and compute was set up, and the apps were designed to fit into that environment. What we’ve been seeing over a number of years, is that we’re trying to flip the model,” said McGee.
Overall, the challenge of container security remains one which must continually be addressed. McGee noted that some of these issues may stem from developers never considering them the first place. “There’s all these other concerns that most developers don’t think about. They’re not thinking about security, compliance, QOS, and what happens when some application consumes the whole pipe and takes everyone else down? There’s all these deep networking and storage concerns that don’t just go away magically because we’ve switched to an application-centric view.”
IBM and Docker are sponsors of The New Stack.