Docker Kubernetes service¶

The Docker Kubernetes Service fully supports all Docker Enterprise features, including role-based access control, LDAP/AD integration, image scanning and signing enforcement policies, and security policies.

Docker Kubernetes Services features include:

• Kubernetes orchestration full feature set
• CNCF Certified Kubernetes conformance
• Kubernetes app deployment via MKE web UI or CLI (kubectl)
• Compose stack deployment for Swarm and Kubernetes apps (docker stack deploy)
• Role-based access control for Kubernetes workloads
• Ingress Controllers with Kubernetes L7 routing
• Pod Security Policies to define a set of conditions that a pod must run with in order to be accepted into the system
• Container Storage Interface (CSI) support
• iSCSI support for Kubernetes
• Kubernetes-native ingress (Istio)

In addition, MKE integrates with Kubernetes by using admission controllers, which enable:

• Authenticating user client bundle certificates when communicating directly with the Kubernetes API server
• Authorizing requests via the MKE role-based access control model
• Assigning nodes to a namespace by injecting a NodeSelector automatically to workloads via admission control
• Keeping all nodes in both Kubernetes and Swarm orchestrator inventories
• Fine-grained access control and privilege escalation prevention without the PodSecurityPolicy admission controller
• Resolving images of deployed workloads automatically, and accepting or rejecting images based on MKE’s signing-policy feature

The default Docker Enterprise installation includes both Kubernetes and Swarm components across the cluster, so every newly joined worker node is ready to schedule Kubernetes or Swarm workloads.

kubectl cluster-info

Kubernetes master is running at https://54.200.115.43:6443
KubeDNS is running at https://54.200.115.43:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info
dump'.