Automated deployment of Docker Universal Control Plane with Terraform and Ansible

You got into the Docker Universal Control Plane beta and you are ready to get going, and then you see a list of manual commands to set it up. As you don’t want to do anything manually, this guide will help you setup DUCP in a few minutes by using just a couple of variables. If you don’t know what DUCP is, you can read the post I made earlier. The setup is based on one controller, and a configurable amount of replicas which will automatically join the controller to form a cluster. There a few requirements we need to address to make this work, like setting the external (public) IP while running the installer and passing the controller’s certificate fingerprint to the replicas during setup. We will use Terraform to spin up the instances, and Ansible to provision the instances and let them connect to each other.Read more →

Security is maturing in the Docker ecosystem

Security is probably one of the biggest subjects when it comes to containers. Developers love containers, some ops do as well. But it most of the time boils down to the security aspects of containers. Is it safe to use, what if someone breaks out? The characteristics of containers which we love, could also be a weak spot when it comes to security. In this blog I want to show some common methods to establish a defence in depth around your containers. This is container-specific, so I won’t be talking about locking down the host nodes or reducing the attack surface i.e. by disabling Linux daemons.

Read more →

Docker to the on-premise rescue

During the second day at Dockercon EU 2015 in Barcelona, Docker introduced the missing glue which they call “Containers as a Service Platform”. With both focus on public cloud and on-premise, this is a great addition to the eco system. For this blogpost I would like to focus on the Run part of the “Build-Ship-Run” thought of Docker, and with the focus on on-premise. To realize this, Docker launched the Docker Universal Control Plane which was the project formerly known as Orca.

caas-private I got to play with version 0.4.0 of the software during a hands-on lab and I will try to summarize what I’ve learned.

Read more →