Applications are rarely delivered in a single container. Even simple applications typically have a front end, a back end, and a database. Deploying modern microservices based applications in containers means deploying multiple containers, sometimes on the same host and sometimes distributed across multiple node hosts as shown in the following diagram:
Managing container deployment at scale must consider the following questions:
-
Which containers should be deployed to which hosts?
-
Which host has more capacity?
-
Which containers need access to each other? How will they discover each other?
-
How do you control access to and management of shared resources, like network and storage?
-
How do you monitor container health?
-
How do you automatically scale application capacity to meet demand?
-
How can I enable developer self-service while also meeting security requirements?
To address these questions, {product-title} has built-in management and security features, allowing your team to focus your energies on building the applications that provide business value.
-
{product-title} Architecture: Kubernetes Infrastructure
{product-title} delivers container orchestration, automation of scheduling and running application containers on clusters of physical or virtual machines, through inclusion and extension of the open source Kubernetes project. Kubernetes, originally developed by Google, uses master hosts to manage the complexity of container cluster orchestration.
Given the wealth of capabilities for both developers and operators, strong role-based access control is a critical element of the container platform. For example, the orchestration masters are a central point of access and should receive the highest level of security scrutiny.
APIs are key to automating container management at scale. APIs are used to:
-
Validate and configure the data for pods, services, and replication controllers.
-
Perform project validation on incoming requests and invoke triggers on other major system components.
-
{product-title} Architecture: How Is {product-title} Secured?