Production sec ops with kubernetes in docker

•

1 like•418 views

In this talk, Scott Coulton will walk through how to build a container as a service platform with Docker EE. Starting from scratch he will help you figure out what orchestrator to choose by deep diving into the technical differences between swarm and kubernetes on the EE platform as well as cover some of the practical considerations that could influence your decision. He will also share various automation solutions to deploy your cluster into production. Once the cluster is up and and running, Scott will delve into sec ops and discuss security best practices - including signing images in DTR (Docker Trusted Registry) and CVE scanning to provide a secure supply chain into production. You’ll leave this talk with the knowledge needed to build your own container platform in production. And did I mention it will all be done live, step-by-step?

Presentations & Public Speaking

Scott Coulton
Principal software
engineer, Puppet
Production
SecOps With
Kubernetes In
Docker

v
Let’s build a CaaS
What's the difference (Swarm vs Kubernetes)
Now for the fun stuff secops with Kubernetes
Agenda

So let's look at the platform
architecture

Operating
Systems
Platform Architecture
Config Mgt Monitoring LoggingCI/CD ..more..Images Networking Volumes
PhysicalVirtualizationPublic Cloud
Platform
Security
Developer
Services
Registry
Services
Access
Policies
App Lifecycle
Management
Automation &
Extensibility
Networking Orchestration Storage
Container Engine
ENTERPRISE EDITION PLATFORM

Docker EE Architecture
Docker EE Cluster
Node Node Node
DOCKER ENTERPRISE EDITION
Node
Manager
Worker
Node
Worker Worker Worker
Node
Manager
Node
Manager
Management Plane

Docker EE Orchestration
Secure Cluster Management
App Scheduler
Swarm KubernetesOR
Docker EE Cluster
Node Node Node

● Uses docker cli
● Deploys applications through ‘stacks’
● Overlay networking
Swarm

● kubectl as the cli tool
● More deployment definitions ie pods, svc,
deployments
● Plug and play networking with CNI
Kubernetes

Now for the fun stuff secops with
Kubernetes

https://www.fortinet.com/blog/threat-research/yet-another-
crypto-mining-botnet.html
https://github.com/docker/hub-feedback/issues/1121
This attack allowed the hackers to gain access to your
Docker host via a vulnerable image.
Hackers going to hack

Secure Supply Chain
TEST STAGING
• Signature
verification
• Native encryption
Scanning SigningAutomated
PoliciesDocker for Mac
or
Docker for Windows
PRODUCTION

Production Environments
Docker Trusted Registry
Docker UCP
Production Environments
Version Control
Docker UCP
Non-Production EnvironmentsDeveloper Machine
Development CI/CD Operations
Datacenter 1
Datacenter 2
Docker Trusted Registry
Docker for
Secure Supply Chain

CI Workflow Docker Trusted
Registry
Build container
$ git clone
$ mvn deploy
Repository
Manager
binaries
Version Control
src
Dockerfiles
docker-compose.yml
files
pull
push
CI Agent
$ docker run -it
--rm builder build
runs
build
start
CI Agent
$ git clone
$ docker build -t myapp
$ docker push myapp
push
pull
CI Agent
$ eval $(<env.sh)
$ docker run
$ docker service
$ docker-compose up
Docker UCP
Test Environment
CI Agent
$ eval $(<env.sh)
$ docker run -it --rm test uat
$ docker pull myapp
$ docker push myapp
test
pull
1
2
3 4runs
app
runs
tests

$Notary client config for DockerHub ~/.notary/config.json { "trust_dir" : "~/.docker/trust", "remote_server": { "url": "https://notary.docker.io" } }$

$Notary client config for your registry ~/.notary/config.json { "trust_dir" : "~/.docker/trust", "remote_server": { "url": "dtr_url", "root-ca": "dtr_ca.pem" } }$

$Push and sign your application $ export DOCKER_CONTENT_TRUST=1 $ docker push {dtr_url/registry_url}/{account}/{repository}:{tag}$

The one take away from this talk
“Sign your images”
Scott Coulton
Principal software engineer Puppet

Run as non root
apiVersion: v1
kind: Pod
metadata:
name: my-dockercon-app
spec:
securityContext:
runAsUser: 1000

Read only file system
apiVersion: v1
kind: Pod
metadata:
name: my-dockercon-app
spec:
securityContext:
readOnlyRootFilesystem: true

Privilege escalation
apiVersion: v1
kind: Pod
metadata:
name: my-dockercon-app
spec:
securityContext:
allowPrivilegeEscalation: false

You don't have to chose one
apiVersion: v1
kind: Pod
metadata:
name: my-dockercon-app
spec:
securityContext:
runAsUser: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false

A great blog post on this stuff
https://blog.jessfraz.com/post/containers-security-and-echo-chambers/

Apparmor
apiVersion: v1
kind: Pod
metadata:
name: my-dockercon-app
annotations:
container.apparmor.security.beta.kubernetes.io/dockercon: runtime/default
spec:
containers:
- name: dockercon

Selinux
apiVersion: v1
kind: Pod
metadata:
name: my-dockercon-app
spec:
securityContext:
seLinuxOptions:
level: "s0:c123,c456"
containers:
- name: dockercon

What's hot

At Docker, we like to “eat our own dog food” or “drink our own champagne.” Whatever your favorite phrase, the importance of a software company using their own software is critical to relating to our customers. In this talk, we will discuss how the Docker Infrastructure and engineering teams have deployed and operationalized Docker Enterprise Edition (EE) for our staging and production environments, what we have learned in the process, and how it's making Docker EE better.

Docker on Docker

Docker, Inc.

How does awesome Android benefit from dazzling Docker? With an introduction to the Docker way of continuous integration for Android, it would help you get a consistent Android development and build environment with minimal effort. Syllabus: * Background story - where the problem happened * Why Android dev should care? * How to provision an Android environment to build project usually? How Docker is gonna solve it? * Typical machine dependant failing unit tests examples, which could be revealed by using Docker * Philosophy, features, improvements, comparison against traditional approach * Limitations * Quick setup of Jenkins using AndroidSDK docker slaves (live demo)

Android Meets Docker

Docker, Inc.

Presented by Casper S. Jensen, Software Engineer, Uber At Uber, we've been introducing Docker to give service owners more control over their environments. However, everything at Uber is moving very fast so we have had to do it a way such that Docker fitted into the existing infrastructure and services could be migrated seamlessly to Docker without any service interruptions. In this talk we will talk about the challenges we faced while doing this, such as handling both non-Docker and Docker builds, image replication, integration with our deployment systems and other challenges when deploying Docker at scale.

DockerCon EU 2015: Placing a container on a train at 200mph

Docker, Inc.

Lukonde Mwila, Entelect As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

Build & Deploy Multi-Container Applications to AWS

Docker, Inc.

The Docker Enterprise Edition platform helps customers deploy and manage applications faster and it secures the application pipeline at a lower cost than traditional application delivery models. But it takes more than just great technology to achieve the desired results. The organization and culture of your enterprise directly impacts what you transform, how it’s done, and who does it. Success requires a strategy for how you will govern the Docker EE container platform, how to assess your application estate, what your delivery pipeline will look like, and how to ensure developers, operators, security teams and others play nicely together. In this talk I will cover topics such as different types of workloads (legacy, microservices, FaaS, big data, ...), how your org chart can influence whether you deploy a CaaS (Containers as a Service) vs CLaaS (Clusters as a Service), how "shifting left" can determine if you can outsource, centralized vs distributed CI/CD and how containers play a role, transforming your pets into cattle, how giant whale balloons are used for onboarding, and a prescriptive and comprehensive methodology for successfully deploying Docker in your enterprise.

How to build your containerization strategy

Docker, Inc.

Deploying containers on Heterogeneous IOT devices by Daniel Bruzual

Docker, Inc.

Break -> inspect -> fix is the Ops workflow for infrastructure stacks of the past. Distributed infrastructure and applications claim to be the new generation, but why is it so much more painful to maintain and troubleshoot them? Much of the pain comes from outdated operational models relying on reactive or, worse yet, manual monitoring and Ops. This talk lays out a proactive Ops model for container infrastructure. By focusing on event monitoring, infrastructure state monitoring, trend analysis, and distributed log collection, a proactive Ops model delivers observability for distributed apps that was not possible before. Using real-world examples from Swarm and Kubernetes, we'll demonstrate the tools used and how we relieve Ops pain in container orchestration.

Proactive ops for container orchestration environments

Docker, Inc.

Docker ee an architecture and operations overview

Docker, Inc.

Cloud spanner architecture and use cases

GDG Cloud Bengaluru

Over the past 20 years, Assa Abloy has transformed from a mechanical lock producer to the global leader in door-opening solutions. Today, Assa Abloy is at the forefront of innovation when it comes to digital access solutions. During this talk, we will discuss how Assa Abloy is using Docker EE to build a Common Access Technology platform based on microservices running in containers. We will share the architectural decisions that were made and how those resulted in deploying Docker EE on AWS. We will discuss both the technical challenges Assa Abloy encountered and the organizational changes that affected the way they develop their software. Next, we will share how Assa Abloy plans to roll out on a global scale.

How Docker EE Helps Open Doors at Assa Abloy

Docker, Inc.

"Technologies that are going to affect our lives in the next decade are being tested and developed in the video game sphere." In January 2016 Activision approved a pilot project to build a containerised continuous delivery pipeline using Docker. This project spanned multiple devops teams and would culminate in launching a production title "Skylanders Imaginators" in October 2016. The Mission Statement : “Our mission is to deliver an amazing build, test and deploy pipeline that aims to be so reliable, effective and easy to use that our product and title departments will end up writing high value gaming services all day long without giving a second thought to how they may reliably deliver these in record time.” This talk will discuss the cultural and technical challenges faced throughout the pilot. Spoiler alert: Not everyone was happy with the decision to use Docker. The talk will cover the concerns and how we handled them. It will cover why it is important, especially in the games industry, to be evaluating and integrating technologies like Docker in order to remain relevant. For the first time in Demonware history developers were responsible for the launch and support of a title. We are also the first studio under Activision to be running Docker in Production.

Activision's Skypilot: Delivering Amazing Game Experiences Through Containeri...

Docker, Inc.

Jules Testard - Software Engineer, Docker Inc Since the advent of AWS Lambda in 2014, the Function as a Service (FaaS) programming paradigm has gained a lot of traction in the cloud community. Since then, interest has increased for developers and entreprises to build their own open source solutions on top of Kubernetes. A number of competing frameworks in this space have been developed. In this talk, we will look at three specific frameworks (OpenFaas, Nuclio and FN) and for each framework we will: Show how to create, deploy, and invoke a function using that framework Show how Docker images and containers are used by each framework under the hood Investigate how the frameworks leverage KNative to build, ship and run applications on Kubernetes

DCEU 18: Docker Containers in a Serverless World

Docker, Inc.

Networking in Docker EE 2.0 with Kubernetes and Swarm

Abhinandan P.b

Two things are for certain – space is hard, and Docker is not just for web content! Space software development traditionally lags behind state of the art software process for good reason – our missions are long (7+ years), we run on highly constrained embedded hardware, and the software cannot fail. Docker, along with a devops mentality, has helped us create a scalable, parallelizable and rapidly deployable test infrastructure for DART, NASA’s mission to hit an asteroid at 6 km/s. During the presentation, we will walk through how our dev cycle has changed from a human based testing system to an automated one. We will outline how we are using Docker (and NASA Goddard’s Core Flight Executive) for both our embedded development environment and our scalable test environment. Next, we will discuss what deployment means to us (and how different it is from web deployment). Lastly, we will explore lessons learned on how our hardware-centric testing approach was adapted into a software-based approach: what worked, what didn’t, what we wish we could do someday. How can you help? We are new to Docker. We are excited to share our experiences and hear from the Docker community on our use cases, technological hurdles that we faced, our solutions to these problems, and how we can harness Docker to the fullest extent.

Automated hardware testing using docker for space

Docker, Inc.

Francisco Javier Ramírez Urea - IT Architect, Hoplasoftware Guillaume Morini - SE, Docker The integration of Kubernetes orchestration into the Docker Enterprise Platform presents deployments with interesting new abstractions for application connectivity. Devs and Ops are often challenged with rationalizing how pod networking (with CNI plugins like Calico or Flannel), Services (via kube-proxy) and Ingress work in concert to enable application connectivity within and outside a cluster. Similarly, given the dynamic and transient nature of containerized microservice workloads, how to leverage scalable and declarative approaches like network policies to express segmentation and security primitives. This session provides an illustrative walkthrough of these core concepts by going through common deployment architectures providing design, operations, and scale considerations based on experience from numerous production deployments. We will discuss Kubernetes publishing methods and deep dive into Ingress Controllers. This session will also showcase how to complement application and operations workflows with policy-driven business, compliance and security controls typically required in enterprise production deployments including going further into limiting traffic to services, session persistence, rewriting, and activating container health checks.

DCEU 18: Docker Container Networking

Docker, Inc.

About 94% of AI Adopters are planning to use containers in the next 1 year. What’s driving this exponential growth? Faster time to deployment and Faster AI workload processing are the two major reasons. You can use GPUs in big data applications such as machine learning, data analytics, and genome sequencing. Docker containerization makes it easier for you to package and distribute applications. You can enable GPU support when using YARN on Docker containers. In this talk, I will demonstrate how Docker accelerates the AI workload development and deployment over the IoT Edge devices in efficient manner

Delivering Docker & K3s worloads to IoT Edge devices

Ajeet Singh Raina

Monitoring Docker Application in Production

Alois Reitbauer

The whole Docker ecosystem exists today because of every single developer who found ways of using Docker to improve how they build software; whether streamlining production deployments, speeding up continuous integration systems or standing up an application on your laptop to hack on. In this talk we want to take a step back and look at where Docker sits today from the software developers point of view - and then jump ahead and talk about where it might go in the future. In this talk, we’ll discuss: * Making Docker an everyday part of the developing software on the desktop, with Docker for Windows and Docker for Mac * Docker Compose, and the future of describing applications as code * How Docker provides the best tools for developing applications destined to run on any Kubernetes cluster This session should be of interest to anyone who writes software; from people who want to hack on a few personal projects, to polyglot open source programmers and to professional developers working in tightly controlled environments. Everyone deserves a better developer experience.

Docker for developers on mac and windows

Docker, Inc.

In addition of being used for visualization, the highly parallel architecture of GPUs also make them a natural fit for accelerating data-parallel and throughput oriented computations such as machine learning or numerical simulations. When GPUs applications are deployed inside data centers they suffer from the same packaging issues as CPU applications, aggravated by a strong need to get reproducible performance results. The Docker ecosystem is mostly CPU-centric and aims to be hardware-agnostic. This is not the case for GPUs applications since specialized hardware and a specific kernel device driver are now required. We will show how we reconciled those seemingly opposed requirements to enable containerization and execution of GPU applications with Docker.

Using Docker for GPU-accelerated Applications by Felix Abecassis and Jonathan...

Docker, Inc.

In this session, we'll go into details about the latest developments around some of the components behind the core features of the Docker Platform. We'll cover the containerd runtime that was built to serve as an underlying daemon for Docker and Kubernetes, and BuildKit, a toolkit that builds on containerd to provide next-generation capabilities for building software with the help of containers. You will learn about the architecture and design choices of these projects, for example, the power of containerd's rich client library and BuildKit's frontend model that allows introducing new build languages or Dockerfile features. You can discover how you can use these projects directly and how they are being integrated into the Docker Platform.

Docker Platform Internals: Taking runtimes and image creation to the next lev...

Docker, Inc.

What's hot (20)

Docker on Docker

Android Meets Docker

DockerCon EU 2015: Placing a container on a train at 200mph

Build & Deploy Multi-Container Applications to AWS

How to build your containerization strategy

Deploying containers on Heterogeneous IOT devices by Daniel Bruzual

Proactive ops for container orchestration environments

Docker ee an architecture and operations overview

Cloud spanner architecture and use cases

How Docker EE Helps Open Doors at Assa Abloy

Activision's Skypilot: Delivering Amazing Game Experiences Through Containeri...

DCEU 18: Docker Containers in a Serverless World

Networking in Docker EE 2.0 with Kubernetes and Swarm

Automated hardware testing using docker for space

DCEU 18: Docker Container Networking

Delivering Docker & K3s worloads to IoT Edge devices

Monitoring Docker Application in Production

Docker for developers on mac and windows

Using Docker for GPU-accelerated Applications by Felix Abecassis and Jonathan...

Docker Platform Internals: Taking runtimes and image creation to the next lev...

Similar to Production sec ops with kubernetes in docker

Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...

Docker, Inc.

Oliver Pomeroy - Solution Engineer, Docker Laura Frank Tacho - Director of Engineering, CloudBees Enterprises often want to provide automation and standardisation on top of their container platform, using a pipeline to build and deploy their containerized applications. However this opens up new challenges… Do I have to build a new CI/CD Stack? Can I build my CI/CD pipeline with Kubernetes orchestration? What should my build agents look like? How do I integrate my pipeline into my enterprise container registry? In this session full of examples and “how-to”s, Olly and Laura will guide you through common situations and decisions related to your pipelines. We’ll cover building minimal images, scanning and signing images, and give examples on how to enforce compliance standards and best practices across your teams.

DCEU 18: Building Your Development Pipeline

Docker, Inc.

Scaling Docker Containers using Kubernetes and Azure Container Service

Ben Hall

Azure Bootcamp 2016 - Docker Orchestration on Azure with Rancher

Karim Vaes

Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...

Patrick Chanezon

Oliver Pomeroy, Docker & Laura Tacho, Cloudbees Enterprises often want to provide automation and standardisation on top of their container platform, using a pipeline to build and deploy their containerized applications. However this opens up new challenges; Do I have to build a new CI/CD Stack? Can I build my CI/CD pipeline with Kubernetes orchestration? What should my build agents look like? How do I integrate my pipeline into my enterprise container registry? In this session full of examples and how-to's, Olly and Laura will guide you through common situations and decisions related to your pipelines. We'll cover building minimal images, scanning and signing images, and give examples on how to enforce compliance standards and best practices across your teams.

DCSF 19 Building Your Development Pipeline

Docker, Inc.

ContainerDayVietnam2016: Dockerize a small business

Docker-Hanoi

Getting started with Angular is now easier than ever... said no one ever. Yet with the right tool-set we too can create magic. When I code with Angular I can deploy to Azure within minutes. We'll go through a simple development to production workflow. First, we code with a little help from the Angular CLI. Then we build for production - Webpack to the rescue. We then push our code to Github and deploy it to Node on Azure. Mission accomplished, the application is now up in the cloud!

Deploy Angular to the Cloud (ngBucharest)

Simona Cotin

Docker, a new LINUX container technology based light weight virtualization

Suresh Balla

Introduction to Docker and Linux Containers @ Cloud Computing Rhein Main

Puja Abbassi

廣宣學堂: 容器進階實務 - Docker進深研究班

Paul Chao

In this deck from the Stanford HPC Conference, Christian Kniep from Docker, Inc. gives a tutorial on linux containers. "This tutorial provides a detailed overview of the components needed to run containerized applications and explores how distributed HPC applications can be tackled. We’ll explain the concept of Linux Containers and describe the bits and pieces participants will explore following step-by-step examples. The workshop will introduce the predominant forms of orchestration in the industry; what problems they solve and how to approach the problem. Attendees will explore the benefits and drawbacks of orchestrators first hand with their own small exemplary stack deployments. Finally the workshop will introduce how HPC and Big Data workloads can be tackled on-top of these service-oriented clusters." Watch the video: https://youtu.be/LJinZpCTyk0 Learn more: http://www.docker.com/ and http://hpcadvisorycouncil.com Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter

DevOps Workflow: A Tutorial on Linux Containers

inside-BigData.com

Docker 進階實務班

Philip Zheng

Containers as a Service with Docker

Docker, Inc.

Docker Container As A Service - March 2016

Patrick Chanezon

“Docker, Docker, Docker.” It’s a phrase we hear often, but what are containers, what can they be used for, and why should you know more about them? In this session, Grace (Puppet) and Tricia (AppDynamics) will introduce attendees to Docker and help them build and deploy their first container with Puppet. They will leverage the docker_image_build module from the Puppet Forge and take attendees through the proper workflow for coupling Docker and Puppet together. The session will focus on how to use some of the newest Docker features, such as multi-stage build files and password stores within Docker so you can pass "secrets" to a swarm for login credentials. The goal is to provide newcomers with a working proficiency of how to get started deploying containers using Puppet as their automation tool.

PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...

Puppet

Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes

Thomas Barlow

The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration

Erica Windisch

DevOps is gericht op het tot stand brengen van een cultuur binnen organisaties waardoor het ontwikkelen, valideren en releasen van software sneller, meer betrouwbaar en frequenter kan verlopen. Om dit te realiseren staan het automatiseren van het 'software delivery process' en de bijhorende infrastructurele veranderingen centraal. Door de opkomst van 'Microservice Architecture' neemt het belang hiervan nog verder toe.

Docker and Cloud - Enables for DevOps - by ACA-IT

Stijn Wijndaele

Sprekers: Stijn Van den Enden & Stijn Wijndaele (ACA IT-Solutions) DevOps is gericht op het tot stand brengen van een cultuur binnen organisaties waardoor het ontwikkelen, valideren en releasen van software sneller, meer betrouwbaar en frequenter kan verlopen. Om dit te realiseren staan het automatiseren van het 'software delivery process' en de bijhorende infrastructurele veranderingen centraal. Door de opkomst van 'Microservice Architecture' neemt het belang hiervan nog verder toe. In deze avondconferentie werd, na een korte toelichting over DevOps, nagegaan wat Docker en de Cloud kunnen betekenen voor uw business, en hoe zij als enablers kunnen dienen voor het tot stand brengen van een DevOps-cultuur. Het container-landschap waarvan tools zoals Kubernetes, Docker Swarm, ...een belangrijk onderdeel vormen, wordt toegelicht en er wordt ingegaan op de wijze waarop deze tools aangewend kunnen worden om 'development' en 'operations' efficiënt te laten samenwerken.

'DOCKER' & CLOUD: ENABLERS For DEVOPS

ACA IT-Solutions

Similar to Production sec ops with kubernetes in docker (20)

Build, Publish, Deploy and Test Docker images and containers with Jenkins Wor...

DCEU 18: Building Your Development Pipeline

Scaling Docker Containers using Kubernetes and Azure Container Service

Azure Bootcamp 2016 - Docker Orchestration on Azure with Rancher

Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...

DCSF 19 Building Your Development Pipeline

ContainerDayVietnam2016: Dockerize a small business

Deploy Angular to the Cloud (ngBucharest)

Docker, a new LINUX container technology based light weight virtualization

Introduction to Docker and Linux Containers @ Cloud Computing Rhein Main

廣宣學堂: 容器進階實務 - Docker進深研究班

DevOps Workflow: A Tutorial on Linux Containers

Docker 進階實務班

Containers as a Service with Docker

Docker Container As A Service - March 2016

PuppetConf 2017: What’s in the Box?!- Leveraging Puppet Enterprise & Docker- ...

Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes

The Docker "Gauntlet" - Introduction, Ecosystem, Deployment, Orchestration

Docker and Cloud - Enables for DevOps - by ACA-IT

'DOCKER' & CLOUD: ENABLERS For DEVOPS

More from Docker, Inc.

Raymond Arifianto, AccelByte and Mark Mandel, Google - We have been deploying containerized micro-services for our Game Backend Services for a while. Now we are tackling the challenge to scale up fleets of game dedicated servers in multiple regions, multiple data centers and multiple providers - some in bare metal, some in Cloud. So we leverage docker containerization to deploy Game Servers to achieve Portability, Fast Deployment and Predictability, enabling us to scale up to thousands of servers, on demand, without a sweat.

Containerize Your Game Server for the Best Multiplayer Experience

Docker, Inc.

Nicholas Dille, Haufe-Lexware + Docker Captain - Docker continues to be the standard tool for building container images. For more than a year Docker ships with BuildKit as an alternative image builder, providing advanced features for secret and cache management. These features help to make image builds faster and more secure. In this session, Docker Captain Nicholas Dille will teach you how to use Buildkit features to your advantage.

How to Improve Your Image Builds Using Advance Docker Build

Docker, Inc.

Lukonde Mwila, Entelect - As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

Build & Deploy Multi-Container Applications to AWS

Docker, Inc.

Kevin Jones, NGNIX - NGINX is one of the most popular images on Docker Hub and has been at the forefront of the web since the early 2000's. In this talk we will discuss how and why NGINX's lightweight and powerful architecture makes it a very popular choice for securing containerized applications as a sidecar reverse proxy within containers. We will highlight important aspects of application security that NGINX can help with, such as TLS, HTTP, AuthN, AuthZ and traffic control.

Securing Your Containerized Applications with NGINX

Docker, Inc.

Kathleen Juell, Digital Ocean - Containers are an essential part of today's microservice ecosystem, as they allow developers and operators to maintain standards of reliability and reproducibility in fast-paced deployment scenarios. And while there are best practices that extend across stacks in containerized environments, there are also things that make each stack distinct, starting with the application image itself. This talk will dive into some of these particularities, both at the image and service level, while also covering general best practices for building and running Node applications with database backends using Docker and Compose.

How To Build and Run Node Apps with Docker and Compose

Docker, Inc.

Hands-on Helm

Docker, Inc.

Jeff Hajewski, Salesforce - There is a wealth of information on building deep learning models with PyTorch or TensorFlow. Anyone interested in building a deep learning model is only a quick search away from a number of clear and well written tutorials that will take them from zero knowledge to having a working image classifier. But what happens when you need to deploy these models in a production setting? At Salesforce, we use TensorFlow models to help us provide customers with insights into their data, and we do this as close to real-time as possible. Designing these systems in a scalable manner requires overcoming a number of design challenges, but the core component is Docker. Docker enables us to design highly scalable systems by allowing us to focus on service interactions, rather than how our services will interact with the hardware. Docker is also at the core of our test infrastructure, allowing developers and data scientists to build and test the system in an end to end manner on their local machines. While some of this may sound complex, the core message is simplicity - Docker allows us to focus on the aspects of the system that matter, greatly simplifying our lives.

Distributed Deep Learning with Docker at Salesforce

Docker, Inc.

James Fuller, webcomposite s.r.o. - Curl is the venerable (yet very modern) 'swiss army knife' command line tool and library for transferring data with URLs. Recently we (the Curl team) decided to build a release for Docker Hub. This talk will outline our current development workflow with respect to the docker image and provide insights on what it takes to build a docker image for mass public consumption. We are also keen to learn from users and other developers how we might improve and enhance the official curl docker image.

The First 10M Pulls: Building The Official Curl Image for Docker Hub

Docker, Inc.

Fabian Stäber, Instana - In recent years, we saw a great paradigm shift in software engineering away from static monolithic applications towards dynamic distributed horizontally scalable architectures. Docker is one of the key technologies enabling this development. This shift poses a lot of new challenges for application monitoring, ranging from practical issues (need for automation) to technical challenges (Docker networking) to organizational topics (blurring line between software engineers and operations) to fundamental questions (define what is an application). In this talk we show how Docker changed the way we do monitoring, how modern application monitoring systems work, and what future developments we expect.

Monitoring in a Microservices World

Docker, Inc.

Clemente Biondo, Engineering Ingegneria Informatica - When the COVID 19 pandemic started, Engineering Ingegneria Informatica Group (1.25 billion euros of revenues, 65 offices around the world, 12.000 employees) was forced to put their digital transformation to the test in order to maintain operational continuity. In this session, Clemente Biondo, the Tech Lead of the Information Systems Department, will share how his company is reacting to this unforeseeable scenario and how Docker-driven digital transformation had paved the path for work to continue remotely. Clemente will discuss learnings moving from colocated teams, manual approaches, email based-business processes, and a monolithic application to a mature DevOps culture characterized by a distributed autonomous workforce and a continuous deployment process that deploys backward-compatible Docker containerized microservices into hybrid multi cloud datacenters an average of twice a day with zero-downtime. He will detail how they use Docker to unify dev, test and production environments, and as an efficient and automated mechanism for deploying applications. Lastly, Clemente shares how, in our darkest hour, he and others are working to shine their brightest light.

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

Docker, Inc.

Chris Lauer, NOAA Space Weather Prediction Center - This is the story of how adopting a containerized workflow changed the way our small software team works at NOAA’s Space Weather Prediction Center. Our old architecture, a big ball of mud shared-database integration, just wasn’t cutting it - it was killing our agility. Over the past two years, our small team has adopted a microservice style architecture, using Docker with docker-compose and environment files as our deployment strategy for all new development. We’ve discovered the joys of using containers for identical dev, staging, and production environments. We work closely with scientists: much of the code we’re running has complicated and conflicting library dependencies. Docker captures these beautifully - we’ve even had some success teaching our scientists to use it! I’ll share what we’ve learned, some of the persistent challenges we face, and one place we really got it wrong. This talk builds off of a popular hallway track from DockerCon 2019.

Predicting Space Weather with Docker

Docker, Inc.

Brian Christner, 56k + Docker Captain - In this session, we will unlock the full potential of using Microsoft Visual Studio Code (VS Code) and Docker Desktop to turn you into a Docker Power User. When we expand and utilize the VS Code Docker plugin, we can take our projects and Docker skills to the next level. In addition to using VS Code, we streamline our Docker Desktop development workflow with less context switching and built-in shortcuts. You will learn how to bootstrap new projects, quickly write Dockerfiles utilizing templates, build, run, and interact with containers all from VS Code.

Become a Docker Power User With Microsoft Visual Studio Code

Docker, Inc.

How to Use Mirroring and Caching to Optimize your Container Registry

Docker, Inc.

Ashish Sharma, SS&C Eze - SS&C Eze provides various products in the stock market domain. We spent the last couple of years building Eclipse which is an investment suite born in cloud. The journey so far has been very interesting. The very first version of the product were a bunch of monolithic windows services and deployed using Octopus tool. We successfully managed to bring all the monolithic problem to the cloud and created a nightmare for ourselves. We then started applying microservices architecture principles and started breaking the monolithic into small services. Very soon we realized that we need a better packaging/deployment tool. Docker looked like a magical solution to our problem. Since its adoption, It has not only solved the deployment problem for us but has made a deep impact on different aspects of SDLC. It allowed us to use heterogeneous technology stacks, simplified development environment setup, simplified our testing strategy, improved our speed of delivery, and made our developers more productive. In this talk I would like to share our experience of using Docker and its positive impact on our SDLC.

Monolithic to Microservices + Docker = SDLC on Steroids!

Docker, Inc.

Ara Pulido, Datadog - Container technologies, although not new, have increased their popularity in the past few years, with container orchestrators allowing companies around the world to adopt these technologies to help them ship and scale microservices with precision and velocity. Kubernetes is currently the most popular container orchestration platform, and while many organizations are migrating their workloads to it, Kubernetes is still relatively immature. New corner cases, errors, and quirks are regularly discovered as users push the boundaries of size and scale. When Datadog adopted Kubernetes we discovered some of these boundaries the hard way, and we continuously challenge and modify our infrastructure decisions in order to fit our use case. Join me in this talk for our story on what we learned while we scaled our Kubernetes clusters, the contributions to Kubernetes we made along the way, and how you can apply those learnings when growing your Kubernetes clusters from a handful to hundreds or thousands of nodes.

Kubernetes at Datadog Scale

Docker, Inc.

Andy Clemenko, StackRox - One underutilized, and amazing, thing about the docker image scheme is labels. Labels are a built in way to document all aspects about the image itself. Think about all the information that the tags inside your clothing carry. If you care to look you can find out everything about the garment. All that information can be very valuable. Now think about how we can leverage labels to carry similar information. We can even use the labels to contain Docker Compose or even Kubernetes Yaml. We can even include labels into the CI/CD process making things more secure and smoother. Come find out some fun techniques on how to leverage labels to do some fun and amazing things.

Labels, Labels, Labels

Docker, Inc.

Patrick Deloulay, Micro Focus - Micro Focus started their digital transformation 3 years ago, moving the entire portfolio into hundreds of container images. Leveraging Docker Hub as our primary registry service, we will cover how we ended up building a simple but secure push/pull model to publish and deliver our premium assets to our customers and partners to both meet the high agility of our DevOps teams while greatly simplifying the deployment of our applications.

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Docker, Inc.

Elton Stoneman, Docker Captain + Container Consultant and Trainer How do you provide a SaaS offering when your product is a 10-year old Fortran app, currently built to run on Windows 10? With Docker and Kubernetes of course - and you can do it in a week (... to prototype level at least). In this session I'll walk through the processes and practicalities of taking an older Windows app, making it run in containers with Kubernetes, and then building a simple API wrapper to host the whole stack as a cloud-based SaaS product. There's a lot of technology here from a real world case study, and I'll focus on: - running Windows apps in Docker containers - building a .NET Core API which can run in Linux or Windows containers - running the stack in Kubernetes with Docker Desktop locally and AKS in the cloud - configuring AKS workloads in Azure to burst out to Azure Container Instances And there's a core theme to this session: Docker and Kubernetes are complex technologies, but they're the key to modern development. If you invest time learning them, they make projects like this simple, portable, fast and fun.

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

Docker, Inc.

This virtual meetup introduces the concepts and best practices of using Docker containers for software development for the Arm architecture across a variety of hardware systems. Using Docker Desktop on Windows or Mac, Amazon Web Services (AWS) A1 instances, and embedded Linux, we will demonstrate the latest Docker features to build, share, and run multi-architecture images with transparent support for Arm.

Developing with Docker for the Arm Architecture

Docker, Inc.

For many, the idea of speaking in front of a bunch of strangers can be enough to prevent you from ever responding to a CFP. But don't let it! Speaking at conferences, meetups, or even at your own company is a fantastic way to share you knowledge, meet others, advance your career, and give back. Whether you are on the fence, have decided to take the plunge and submit a CFP, or have already even a few talks, this session is for you. Drawing on their experience reviewing DockerCon CFPs and prepping speakers (including themselves) for a variety of conferences, Jenny Burcio and Ashlynn Polini will outline tips and strategies for turning your idea into a winning proposal and ultimately a compelling talk. They will share how to submit and prepare for your first - or next - conference talk.

Sharing is Caring: How to Begin Speaking at Conferences

Docker, Inc.

More from Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience

How to Improve Your Image Builds Using Advance Docker Build

Build & Deploy Multi-Container Applications to AWS

Securing Your Containerized Applications with NGINX

How To Build and Run Node Apps with Docker and Compose

Hands-on Helm

Distributed Deep Learning with Docker at Salesforce

The First 10M Pulls: Building The Official Curl Image for Docker Hub

Monitoring in a Microservices World

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

Predicting Space Weather with Docker

Become a Docker Power User With Microsoft Visual Studio Code

How to Use Mirroring and Caching to Optimize your Container Registry

Monolithic to Microservices + Docker = SDLC on Steroids!

Kubernetes at Datadog Scale

Labels, Labels, Labels

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

Developing with Docker for the Arm Architecture

Sharing is Caring: How to Begin Speaking at Conferences

Recently uploaded

Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...

amilabibi1

My Presentation "In Your Hands" by Halle Bailey

hlharris

Despite remarkable successes in various domains such as robotics and games, Reinforcement Learning (RL) still struggles with exploration inefficiency. For example, in hard Atari games, state-of-the-art agents often require billions of trial actions, equivalent to years of practice, while a moderately skilled human player can achieve the same score in just a few hours of play. This contrast emerges from the difference in exploration strategies between humans, leveraging memory, intuition and experience, and current RL agents, primarily relying on random trials and errors. This tutorial reviews recent advances in enhancing RL exploration efficiency through intrinsic motivation or curiosity, allowing agents to navigate environments without external rewards. Unlike previous surveys, we analyze intrinsic motivation through a memory-centric perspective, drawing parallels between human and agent curiosity, and providing a memory-driven taxonomy of intrinsic motivation approaches. The talk consists of three main parts. Part A provides a brief introduction to RL basics, delves into the historical context of the explore-exploit dilemma, and raises the challenge of exploration inefficiency. In Part B, we present a taxonomy of self-motivated agents leveraging deliberate, RAM-like, and replay memory models to compute surprise, novelty, and goal, respectively. Part C explores advanced topics, presenting recent methods using language models and causality for exploration. Whenever possible, case studies and hands-on coding demonstrations. will be presented.

Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity

Hung Le

SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf

Mahamudul Hasan

Zone Chairperson Role and Responsibilities New updated.pptx

lionnarsimharajumjf

Digital collaboration with Microsoft 365 as extension of Drupal

Fabian de Rijk

Proofreading: Basics to Artificial Intelligence Integration. Become a Professional Proofreader and Editor Leveraging Human Expertise and Artificial Intelligence (AI) Technology and Tools. Table of Contents MODULE 1: INTRODUCTION TO PROOFREADING What is proofreading, and how is it different from editing? The importance of proofreading in publishing and communication Types of materials that require proofreading (books, articles, websites, legal documents, etc.) Proofreading marks and symbols MODULE 2: DEVELOPING PROOFREADING SKILLS MODULE 3: PROOFREADING TECHNIQUES Preparing for the proofreading process (setting up the workspace, tools, etc.) Reading techniques (line-by-line, word-by-word, backwards reading) Using proofreading checklists and guidelines Cross-checking against style guides and reference materials Marking up corrections and queries MODULE 4: PROOFREADING DIFFERENT TYPES OF CONTENT Proofreading fiction and non-fiction books Fiction Books: Non-Fiction Books: Proofreading academic and scientific papers Proofreading legal and business documents Proofreading websites and digital content Proofreading marketing and advertising materials MODULE 5: PROOFREADING TOOLS AND RESOURCES MODULE 6: PROOFREADING WORKFLOWS AND BEST PRACTICES MODULE 7: BUILDING A SUCCESSFUL PROOFREADING CAREER MODULE 8: AI TEXT EDITING AND PROOFREADING Benefits and limitations of AI in this field Benefits of AI in Proofreading: Limitations of AI in Proofreading: Examples of AI-powered text editing and proofreading tools Combining AI with Human Expertise AI Ethics and Bias in Text Editing Future Trends and Developments in AI Text Editing This cutting-edge course equips you with the essential skills and tools to become a proofreading pro in the age of AI technology. Designed for writers, editors, content creators, and anyone seeking to elevate their proofreading game, this masterclass combines time-tested proofreading techniques with the latest AI-powered text editing solutions. Through in-depth modules, you will master the art of proofreading, from developing razor-sharp attention to detail to mastering grammar, punctuation, and style guidelines. This masterclass also dives deep into the world of AI text editing. You’ll discover how AI-powered tools can aid in grammar and style checking, context-aware spell checking, consistency management, content optimization, and more. You will learn to seamlessly integrate AI tools into your proofreading workflows, combining the best of human expertise and AI technology for unparalleled results. Finally, this course will help you discover how to harness the power of AI to streamline your proofreading workflows, enhance accuracy, and deliver impeccable content every time, thanks to advanced proofreading techniques, such as line-by-line reading, backward reading, and cross-checking against reference materials, ensuring no error goes unnoticed.

Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...

David Celestin

Report Writing Webinar Training

KylaCullinane

ICT role in 21st century education and it's challenges.pdf

Islamia university of Rahim Yar khan campus

Introduction to Artificial intelligence.

thamaeteboho94

Dreaming Marissa Sánchez Music Video Treatment

nswingard

in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City

Abortion pills in Kuwait Cytotec pills in Kuwait

Klinik_ Apotek Onlin 085657271886 Solusi Menggugurkan Masalah Kehamilan Anda Jual Obat Aborsi Di Jakarta. KLINIK ABORSI TERPEECAYA _ Jual Obat Aborsi Cytotec Misoprostol Asli 100% Ampuh Hanya 3 Jam Langsung Gugur || OBAT PENGGUGUR KANDUNGAN AMPUH MANJUR OBAT ABORSI OLINE" APOTIK Jual Obat Cytotec, Gastrul, Gynecoside Asli Ampuh. JUAL ” Obat Aborsi Tuntas | Obat Aborsi Manjur | Obat Aborsi Ampuh | Obat Penggugur Janin | Obat Pencegah Kehamilan | Obat Pelancar Haid | Obat terlambat Bulan | Ciri Obat Aborsi Asli | Obat Telat Bulan | Pil Aborsi Asli | Cara Menggugurkan Konten | Cara Aborsi Tuntas | Harga Obat Aborsi Asli | Pil Aborsi | Jual Obat Aborsi Cytotec | Cara Aborsi Sendiri | Cara Aborsi Usia 1 Bulan | Cara Aborsi Usia 2 Tahun | Cara Aborsi Usia 3 Bulan | Obat Aborsi Usia 4 Bulan | Cara Abrasi Usia 5 Bulan | Cara Menggugurkan Konten | Kandungan Obat Penggugur | Cara Menghitung Usia Konten | Cara Mengatasi Terlambat Bulan | Penjual Obat Aborsi Asli | Obat Aborsi Garansi | Kandungan Obat Peluntur | Obat Telat Datang Bulan | Obat Telat Haid | Obat Aborsi Paling Murah | Klinik Jual Obat Aborsi | Jual Pil Cytotec | Apotik Jual Obat Aborsi | Kandungan Dokter Abrasi | Cara Aborsi Cepat | Jual Obat Aborsi Bergaransi | Jual Obat Cytotec Asli | Obat Aborsi Aman Manjur | Obat Misoprostol Cytotec Asli. "APA ITU ABORSI" “Aborsi Adalah dengan membendung hormon yang di perlukan untuk mempertahankan kehamilan yaitu hormon progesteron, karena hormon ini dibendung, maka jalur kehamilan mulai membuka dan leher rahim menjadi melunak,sehingga mengeluarkan darah yang merupakan tanda bahwa obat telah bekerja || maksimal 1 jam obat diminum || PENJELASAN OBAT ABORSI USIA 1 _7 BULAN Pada usia kandungan ini, pasien akan merasakan sakit yang sedikit tidak berlebihan || sekitar 1 jam ||. namun hanya akan terjadi pada saatdarah keluar merupakan pertanda menstruasi. Hal ini dikarenakan pada usiakandungan 3 bulan,janin sudah terbentuk sebesar kepalan tangan orang dewasa. Cara kerja obat aborsi : JUAL OBAT ABORSI AMPUH dosis 3 bulan secara umum sama dengan cara kerja || DOSIS OBAT ABORSI 2 bulan”, hanya berbedanya selain mengisolasijanin juga menghancurkan janin dengan formula methotrexate dikandungdidalamnya. Formula methotrexate ini sangat ampuh untuk menghancurkan janinmenjadi serpihan-serpihan kecil akan sangat berguna pada saat dikeluarkan nanti. APA ALASAN WANITA MELAKUKAN ABORSI? Aborsi di lakukan wanita hamil baik yang sudah menikah maupun belum menikah dengan berbagai alasan , akan tetapi alasan yang utama adalah alasan-alasan non medis (termasuk aborsi sendiri / di sengaja/ buatan] MELAYANI PEMESANAN OBAT ABORSI SETIAP HARI, SIAP KIRIM KESELURUH KOTA BESAR DI INDONESIA DAN LUAR NEGERI. HUBUNGI PEMESANAN LEBIH NYAMAN VIA WA/: 085657271886

Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...

ZurliaSoop

I had the honour of presenting my reflections on the autobiography of Professor Isaac Folorunso Adewole, titled "Uncommon Grace." As someone deeply invested in documentation and history, I found Professor Adewole's decision to narrate his journey from humble beginnings to occupying one of the highest offices in the land both inspiring and invaluable. In this eloquently written memoir, Professor Adewole provides a comprehensive account of his life, from his ancestral roots to his time as Minister of Health in Nigeria. The unique aspect of this autobiography is that he portrayed himself authentically without taking the help of third-party narratives, which is often seen in accounts of high-ranking officials. His upbringing was greatly influenced by his father's commitment to education. He became a prominent figure in advocating for the rights of the underprivileged through trade unionism. His story is one of unwavering determination, resilience, and faith. His experiences, including both successes and struggles, provide priceless lessons on leadership, perseverance, and the alignment of personal values with public service. While reading "Uncommon Grace," I was struck by the deep leadership lessons that are embedded within its chapters. Professor Adewole stresses the importance of inclusivity, servant leadership, and planning, which are all highly relevant in today's complex world. His commitment to accountability, as well as his primary responsibility as a researcher, serves as a guiding light for aspiring leaders across various disciplines. During his tenure as the Vice Chancellor of the University of Ibadan, he led with visionary leadership and transformative impact. His accomplishments have been meticulously documented in the book, which can serve as a blueprint for rejuvenating institutions and promoting academic excellence. In the latter part of his autobiography, Professor Adewole shares his experiences as a Minister, detailing the challenges he faced while serving the public with integrity and courage. His reflections on the complexities of public service, coupled with his commitment to the well-being of the nation, offer practical insights for policymakers and citizens alike. I have carefully read "Uncommon Grace" and it is more than just a memoir. It is a timeless book that is hard to put down once you start reading. While intellectuals may continue to debate whether uncommon grace was made possible by uncommon preparation or the other way around, I applaud Professor Adewole for sharing his ideas, knowledge, and experience with the public. I highly recommend this book to everyone.

Uncommon Grace The Autobiography of Isaac Folorunso

Kayode Fayemi

lONG QUESTION ANSWER PAKISTAN STUDIES10.

lodhisaajjda

• For a full set of 390+ questions. Go to https://skillcertpro.com/product/aws-data-engineer-associate-dea-c01-exam-questions/ • SkillCertPro offers detailed explanations to each question which helps to understand the concepts better. • It is recommended to score above 85% in SkillCertPro exams before attempting a real exam. • SkillCertPro updates exam questions every 2 weeks. • You will get life time access and life time free updates • SkillCertPro assures 100% pass guarantee in first attempt.

AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf

SkillCertProExams

Dreaming Music Video Treatment _ Project & Portfolio III

NhPhngng3

Recently uploaded (17)

Bring back lost lover in USA, Canada ,Uk ,Australia ,London Lost Love Spell C...

My Presentation "In Your Hands" by Halle Bailey

Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity

SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf

Zone Chairperson Role and Responsibilities New updated.pptx

Digital collaboration with Microsoft 365 as extension of Drupal

Proofreading- Basics to Artificial Intelligence Integration - Presentation:Sl...

Report Writing Webinar Training

ICT role in 21st century education and it's challenges.pdf

Introduction to Artificial intelligence.

Dreaming Marissa Sánchez Music Video Treatment

in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City

Jual obat aborsi Jakarta 085657271886 Cytote pil telat bulan penggugur kandun...

Uncommon Grace The Autobiography of Isaac Folorunso

lONG QUESTION ANSWER PAKISTAN STUDIES10.

AWS Data Engineer Associate (DEA-C01) Exam Dumps 2024.pdf

Dreaming Music Video Treatment _ Project & Portfolio III

Production sec ops with kubernetes in docker

1. Scott Coulton Principal software engineer, Puppet Production SecOps With Kubernetes In Docker

2. About me @scottcoulton

3. v Let’s build a CaaS What's the difference (Swarm vs Kubernetes) Now for the fun stuff secops with Kubernetes Agenda

4. Let’s build a CaaS

5. Live demo time

6. So let's look at the platform architecture

7. Operating Systems Platform Architecture Config Mgt Monitoring LoggingCI/CD ..more..Images Networking Volumes PhysicalVirtualizationPublic Cloud Platform Security Developer Services Registry Services Access Policies App Lifecycle Management Automation & Extensibility Networking Orchestration Storage Container Engine ENTERPRISE EDITION PLATFORM

8. Docker EE Architecture Docker EE Cluster Node Node Node DOCKER ENTERPRISE EDITION Node Manager Worker Node Worker Worker Worker Node Manager Node Manager Management Plane

9. Docker EE Orchestration Secure Cluster Management App Scheduler Swarm KubernetesOR Docker EE Cluster Node Node Node

10. What’s the difference ?

11. ● Uses docker cli ● Deploys applications through ‘stacks’ ● Overlay networking Swarm

12. ● kubectl as the cli tool ● More deployment definitions ie pods, svc, deployments ● Plug and play networking with CNI Kubernetes

13. In Docker EE you can swap and change

14. Live demo time

15. Now for the fun stuff secops with Kubernetes

16. Real life attacks

17. https://www.fortinet.com/blog/threat-research/yet-another- crypto-mining-botnet.html https://github.com/docker/hub-feedback/issues/1121 This attack allowed the hackers to gain access to your Docker host via a vulnerable image. Hackers going to hack

18. Hackers going to hack

19. How do we protect from this threat ?

20. Secure Supply Chain

21. Secure Supply Chain TEST STAGING • Signature verification • Native encryption Scanning SigningAutomated PoliciesDocker for Mac or Docker for Windows PRODUCTION

22.

23. Production Environments Docker Trusted Registry Docker UCP Production Environments Version Control Docker UCP Non-Production EnvironmentsDeveloper Machine Development CI/CD Operations Datacenter 1 Datacenter 2 Docker Trusted Registry Docker for Secure Supply Chain

24. CI Workflow Docker Trusted Registry Build container $ git clone $ mvn deploy Repository Manager binaries Version Control src Dockerfiles docker-compose.yml files pull push CI Agent $ docker run -it --rm builder build runs build start CI Agent $ git clone $ docker build -t myapp $ docker push myapp push pull CI Agent $ eval $(<env.sh) $ docker run $ docker service $ docker-compose up Docker UCP Test Environment CI Agent $ eval $(<env.sh) $ docker run -it --rm test uat $ docker pull myapp $ docker push myapp test pull 1 2 3 4runs app runs tests

25. Notary client config for DockerHub ~/.notary/config.json { "trust_dir" : "~/.docker/trust", "remote_server": { "url": "https://notary.docker.io" } }

26. Notary client config for your registry ~/.notary/config.json { "trust_dir" : "~/.docker/trust", "remote_server": { "url": "dtr_url", "root-ca": "dtr_ca.pem" } }

27. Push and sign your application $ export DOCKER_CONTENT_TRUST=1 $ docker push {dtr_url/registry_url}/{account}/{repository}:{tag}

28. The one take away from this talk “Sign your images” Scott Coulton Principal software engineer Puppet

29.

30. Run as non root apiVersion: v1 kind: Pod metadata: name: my-dockercon-app spec: securityContext: runAsUser: 1000

31. Read only file system apiVersion: v1 kind: Pod metadata: name: my-dockercon-app spec: securityContext: readOnlyRootFilesystem: true

32. Privilege escalation apiVersion: v1 kind: Pod metadata: name: my-dockercon-app spec: securityContext: allowPrivilegeEscalation: false

33. You don't have to chose one apiVersion: v1 kind: Pod metadata: name: my-dockercon-app spec: securityContext: runAsUser: 1000 readOnlyRootFilesystem: true allowPrivilegeEscalation: false

34.

35. A great blog post on this stuff https://blog.jessfraz.com/post/containers-security-and-echo-chambers/

36. Apparmor apiVersion: v1 kind: Pod metadata: name: my-dockercon-app annotations: container.apparmor.security.beta.kubernetes.io/dockercon: runtime/default spec: containers: - name: dockercon

37. Selinux apiVersion: v1 kind: Pod metadata: name: my-dockercon-app spec: securityContext: seLinuxOptions: level: "s0:c123,c456" containers: - name: dockercon

38. v Questions

39. v Thank you !

Production sec ops with kubernetes in docker

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Production sec ops with kubernetes in docker

Similar to Production sec ops with kubernetes in docker (20)

More from Docker, Inc.

More from Docker, Inc. (20)

Recently uploaded

Recently uploaded (17)

Production sec ops with kubernetes in docker