Open collaboration in the Moby ProjectAkihiro Suda
Â
The Moby Project is a collaborative open-source project launched by Docker, Inc. to promote software containerization.
The Moby Project provides a "lego set" of components that can be assembled into custom downstream container systems such as Docker.
Akihiro Suda, a maintainer of Moby, Moby BuildKit, and containerd, shows how the community has been collaborating in the Moby Project.
He also shows how the Moby Project relates to Docker, OCI, and CNCF projects such as Kubernetes.
http://events.linuxfoundation.org/events/open-source-forum
Parallelizing CI using Docker Swarm-ModeAkihiro Suda
Â
Presented at Open Source Summit Japan (http://sched.co/AOmo)
- - -
Slowness of CI is a critical issue in software development, because it discourages engineers from writing tests, and hence deteriorates the quality of the product.
In this presentation, Akihiro Suda will talk about how to accelerate CI by executing test functions in parallel, across a Docker Swarm-mode cluster.
One of the major challenges was the nonuniformity of the makespan. e.g. some chunk of test functions can take 30 minutes, some chunk can take just 10 seconds...
So, he mitigates such a nonuniformity by randomizing the composition of chunks of test functions.
As a result, for example, the integration test of Docker itself that had taken more than 80 minutes can be finished in 4 minutes, with 10 Docker Swarm-mode nodes.
This hack can be easily applied to CI of other software as well.
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...Akihiro Suda
Â
My talk at Open Source Summit North America (Los Angeles - September 11, 2017): http://sched.co/BDpM
---
The current Docker/OCI image format uses TAR archives, which are created for each of Dockerfile `RUN` changesets, for representing rootfs layers.
One of the problems with this format is that a container cannot be started until all the TAR archives are downloaded.
Also, the format has limitations in concurrency of downloading, and granularity of file deduplication among different versions of images.
FILEgrain solves these problems by using content-addressable store in the granularity of files, rather than of TAR archives, in the transport-agnostic way.
Since the files can be lazily downloaded, a container can be started without downloading whole the image.
The experimental result with 633MB of Java image shows that downloading 4MB of files is enough for running sh, 87MB for JRE, and 136MB for JDK.
Further information are available at https://github.com/AkihiroSuda/filegrain .
Tackling non-determinism in Hadoop - Testing and debugging distributed system...Akihiro Suda
Â
[Presented at FOSDEM 2016: https://fosdem.org/2016/schedule/event/nondeterminism_in_hadoop/]
Developing and maintaining distributed systems like Hadoop is difficult. The difficulty comes from many factors, but we believe that one of the most important reasons is lacking of a good debugger for bugs specific to distributed systems. (e.g., non-deterministic hardware faults, message ordering, ..)
In the talk, we will show Earthquake, our open-source debugging framework for distributed systems. Earthquakes permutes Ethernet packets, Filesystem events, Java/C function calls, and injected faults in various orders so as to control non-determinism in the cluster. Basically, Earthquake permutes events in a random order, but the user can write his/her own state exploration policy (in Go language) for finding deep bugs efficiently. Earthquake also controls non-determinism of the thread interleaving by calling sched_setattr(2) with randomized parameters.
We will also share our successful stories about testing some Hadoop components with Earthquake. For ZooKeeper, we found a distributed race condition bug which decreases availability of a ZooKeeper cluster. We also reproduced a known ZooKeeper bug that no one had successfully reproduced for 2 years, and analyzed its cause. For YARN, we found a disk-fault tolerance bug that inappropriately marks faulty node as healthy. We also found bugs of non-Hadoop softwares, such as etcd.
With Earthquake, you can also test your real distibuted systems without any modification.
It's 2021 and containerization has been happening for 7 years already.
In the Java space, there are several ways to package a Java application as a Docker image.
Let's discover them from the Dockerfile to the CNCF Buildpacks, mentioning the Jib way too!
Comparing Next-Generation Container Image Building ToolsAkihiro Suda
Â
http://sched.co/EaYe
Until recently, running `docker build` against Dockerfile had been the only way to build container images.
However, lots of opensource software are being proposed as successors/alternatives to `docker build`:
- BuildKit (Moby Project / Docker)
- img (Jessica Frazelle / Microsoft)
- Buildah (Project Atomic / Red Hat)
- umoci & Orca (SUSE)
- Bazel (Google)
- OpenShift S2I (Red Hat)
Akihiro Suda compares these new tools' advantages and disadvantages.
His evaluation basis would include but not be limited to:
- Performance (Cache efficiency, Concurrency, Distributed Execution)
- Secret management, e.g. SSH and AWS keys
- Support for non-Dockerfile
- Non-root execution
- UI & UX
- Governance of the community
He also proposes a unified interface for using these tools with Kubernetes in a vendor-neutral way.
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
Â
Talked at FOSDEM 2022 about IPFS-based P2P image distribution with containerd and nerdctl (Feburary 6, 2022).
https://fosdem.org/2022/schedule/event/container_ipfs_image/
nerdctl is a Docker-compatible CLI of containerd, developed as a subproject of containerd. nerdctl recently added support of P2P image distribution on IPFS. This enables to share container images among hosts without hosting or relying on the registry.
In this session, Kohei, one of the maintainers of nerdctl, will introduce IPFS-based P2P image distribution with containerd and nerdctl. This session will also show the combination of IPFS-based distribution with the existing image distribution techniques, focusing on lazy pulling (eStargz) and image encryption (OCIcrypt). The status of integration work with other tools including Kubernetes will also be shared.
Related blog post: "P2P Container Image Distribution on IPFS With Containerd" . https://medium.com/nttlabs/nerdctl-ipfs-975569520e3d
Open collaboration in the Moby ProjectAkihiro Suda
Â
The Moby Project is a collaborative open-source project launched by Docker, Inc. to promote software containerization.
The Moby Project provides a "lego set" of components that can be assembled into custom downstream container systems such as Docker.
Akihiro Suda, a maintainer of Moby, Moby BuildKit, and containerd, shows how the community has been collaborating in the Moby Project.
He also shows how the Moby Project relates to Docker, OCI, and CNCF projects such as Kubernetes.
http://events.linuxfoundation.org/events/open-source-forum
Parallelizing CI using Docker Swarm-ModeAkihiro Suda
Â
Presented at Open Source Summit Japan (http://sched.co/AOmo)
- - -
Slowness of CI is a critical issue in software development, because it discourages engineers from writing tests, and hence deteriorates the quality of the product.
In this presentation, Akihiro Suda will talk about how to accelerate CI by executing test functions in parallel, across a Docker Swarm-mode cluster.
One of the major challenges was the nonuniformity of the makespan. e.g. some chunk of test functions can take 30 minutes, some chunk can take just 10 seconds...
So, he mitigates such a nonuniformity by randomizing the composition of chunks of test functions.
As a result, for example, the integration test of Docker itself that had taken more than 80 minutes can be finished in 4 minutes, with 10 Docker Swarm-mode nodes.
This hack can be easily applied to CI of other software as well.
FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Ima...Akihiro Suda
Â
My talk at Open Source Summit North America (Los Angeles - September 11, 2017): http://sched.co/BDpM
---
The current Docker/OCI image format uses TAR archives, which are created for each of Dockerfile `RUN` changesets, for representing rootfs layers.
One of the problems with this format is that a container cannot be started until all the TAR archives are downloaded.
Also, the format has limitations in concurrency of downloading, and granularity of file deduplication among different versions of images.
FILEgrain solves these problems by using content-addressable store in the granularity of files, rather than of TAR archives, in the transport-agnostic way.
Since the files can be lazily downloaded, a container can be started without downloading whole the image.
The experimental result with 633MB of Java image shows that downloading 4MB of files is enough for running sh, 87MB for JRE, and 136MB for JDK.
Further information are available at https://github.com/AkihiroSuda/filegrain .
Tackling non-determinism in Hadoop - Testing and debugging distributed system...Akihiro Suda
Â
[Presented at FOSDEM 2016: https://fosdem.org/2016/schedule/event/nondeterminism_in_hadoop/]
Developing and maintaining distributed systems like Hadoop is difficult. The difficulty comes from many factors, but we believe that one of the most important reasons is lacking of a good debugger for bugs specific to distributed systems. (e.g., non-deterministic hardware faults, message ordering, ..)
In the talk, we will show Earthquake, our open-source debugging framework for distributed systems. Earthquakes permutes Ethernet packets, Filesystem events, Java/C function calls, and injected faults in various orders so as to control non-determinism in the cluster. Basically, Earthquake permutes events in a random order, but the user can write his/her own state exploration policy (in Go language) for finding deep bugs efficiently. Earthquake also controls non-determinism of the thread interleaving by calling sched_setattr(2) with randomized parameters.
We will also share our successful stories about testing some Hadoop components with Earthquake. For ZooKeeper, we found a distributed race condition bug which decreases availability of a ZooKeeper cluster. We also reproduced a known ZooKeeper bug that no one had successfully reproduced for 2 years, and analyzed its cause. For YARN, we found a disk-fault tolerance bug that inappropriately marks faulty node as healthy. We also found bugs of non-Hadoop softwares, such as etcd.
With Earthquake, you can also test your real distibuted systems without any modification.
It's 2021 and containerization has been happening for 7 years already.
In the Java space, there are several ways to package a Java application as a Docker image.
Let's discover them from the Dockerfile to the CNCF Buildpacks, mentioning the Jib way too!
Comparing Next-Generation Container Image Building ToolsAkihiro Suda
Â
http://sched.co/EaYe
Until recently, running `docker build` against Dockerfile had been the only way to build container images.
However, lots of opensource software are being proposed as successors/alternatives to `docker build`:
- BuildKit (Moby Project / Docker)
- img (Jessica Frazelle / Microsoft)
- Buildah (Project Atomic / Red Hat)
- umoci & Orca (SUSE)
- Bazel (Google)
- OpenShift S2I (Red Hat)
Akihiro Suda compares these new tools' advantages and disadvantages.
His evaluation basis would include but not be limited to:
- Performance (Cache efficiency, Concurrency, Distributed Execution)
- Secret management, e.g. SSH and AWS keys
- Support for non-Dockerfile
- Non-root execution
- UI & UX
- Governance of the community
He also proposes a unified interface for using these tools with Kubernetes in a vendor-neutral way.
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
Â
Talked at FOSDEM 2022 about IPFS-based P2P image distribution with containerd and nerdctl (Feburary 6, 2022).
https://fosdem.org/2022/schedule/event/container_ipfs_image/
nerdctl is a Docker-compatible CLI of containerd, developed as a subproject of containerd. nerdctl recently added support of P2P image distribution on IPFS. This enables to share container images among hosts without hosting or relying on the registry.
In this session, Kohei, one of the maintainers of nerdctl, will introduce IPFS-based P2P image distribution with containerd and nerdctl. This session will also show the combination of IPFS-based distribution with the existing image distribution techniques, focusing on lazy pulling (eStargz) and image encryption (OCIcrypt). The status of integration work with other tools including Kubernetes will also be shared.
Related blog post: "P2P Container Image Distribution on IPFS With Containerd" . https://medium.com/nttlabs/nerdctl-ipfs-975569520e3d
[FOSDEM 2020] Lazy distribution of container imagesAkihiro Suda
Â
https://fosdem.org/2020/schedule/event/containers_lazy_image_distribution/
The biggest problem of the OCI Image Spec is that a container cannot be started until all the tarball layers are downloaded, even though more than 90% of the tarball contents are often unneeded for the actual workload.
This session will show state-of-the-art alternative image formats, which allow runtime implementations to start a container without waiting for all its image contents to be locally available.
Especially, this session will put focus on CRFS/stargz and its implementation status in containerd (https://github.com/containerd/containerd/issues/3731). The plan for BuildKit integration will be shown as well.
[DockerCon 2020] Hardening Docker daemon with Rootless ModeAkihiro Suda
Â
"Docker supports ""Rootless mode"", which allows running the entire Docker daemon and its dependencies as a non-root user on the host, so as to protect the host from malicious containers in a simple but very strong way. Rootless mode is also attractive for users who cannot get `sudo` permission for installing Docker on shared computing machines. e.g. HPC users. In this talk, Akihiro Suda, the author of the Rootless mode, will explain how users can get started with Rootless mode. He will also explain the recent updates including support for Cgroup V2 and FUSE-OverlayFS."
https://docker.events.cube365.net/docker/dockercon/content/Videos/wHjxizoWgFgCYu6aF
Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...Anne Nicolas
Â
At this point, anyone can put a quick GNU/Linux distro together to test on almost any device. The tooling has been greatly simplified and the hardware enablement has come a long way. So why do we need this talk? Quite literally for the mountain of challenges that unfortunately get completely eclipsed by the mirage of these one-time build and forget environments and tools that everyone tickers with nowadays. Being able to produce solid repeatable results does not mean being able to run the same scripts more than once but rather a true complete Continuous Integration solution accounting for all aspects of the new product. This talk will discuss actual situations experienced by Collabora and will open the discussion for others to share and contribute.
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
Â
Rootless Containers means running the container runtimes (e.g. runc, containerd, and kubelet) as well as the containers without the host root privileges. The most significant advantage of Rootless Containers is that it can mitigate potential container-breakout vulnerability of the runtimes, but it is also useful for isolating multi-user environments on HPC hosts. This talk will contain the introduction to rootless containers and deep-dive topics about the recent updates such as Seccomp User Notification. The main focus will be on containerd (CNCF Graduated Project) and its consumer projects including Kubernetes and Docker/Moby, but topics about other runtimes will be discussed as well.
https://sched.co/fGWc
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKitAkihiro Suda
Â
https://sched.co/MPX5
BuildKit is a modern container image builder that focuses on efficiency and security, mostly known as the backend of Docker 18.06+ and Jessie Frazelle's `img`. (But it is even useful as a standalone tool!)
In this talk, Akihiro Suda, one of founding maintainers of BuildKit, shows practical tips for running BuildKit on Kubernetes clusters.
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...Kohei Tokunaga
Â
Talked about lazy pulling of container images with eStargz and Stargz Snapshotter at FOSDEM 2021.
Details: https://fosdem.org/2021/schedule/event/containers_lazy_pull/
Stargz Snapshotter: https://github.com/containerd/stargz-snapshotter
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...JĂŠrĂ´me Petazzoni
Â
Docker is two years old. While security has always been at the core of the questions revolving around Docker, the nature of those questions has changed. Last year, the main concern was "can I safely colocate containers on the same machine?" and it elicited various responses. Dan Walsh, SELinux expert, notoriously said: "containers do not contain!", and at last year's LinuxCon, JĂŠrĂ´me delivered a presentation detailing how to harden Docker and containers to isolate them better.
Today, people have new concerns. They include image transport, vulnerability mitigation, and more.
After a recap about the current state of container security, JĂŠrĂ´me will explain why those new questions showed up, and most importantly, how to address them and safely deploy containers in general, and Docker in particular.
[FOSDEM 2020] Lazy distribution of container imagesAkihiro Suda
Â
https://fosdem.org/2020/schedule/event/containers_lazy_image_distribution/
The biggest problem of the OCI Image Spec is that a container cannot be started until all the tarball layers are downloaded, even though more than 90% of the tarball contents are often unneeded for the actual workload.
This session will show state-of-the-art alternative image formats, which allow runtime implementations to start a container without waiting for all its image contents to be locally available.
Especially, this session will put focus on CRFS/stargz and its implementation status in containerd (https://github.com/containerd/containerd/issues/3731). The plan for BuildKit integration will be shown as well.
[DockerCon 2020] Hardening Docker daemon with Rootless ModeAkihiro Suda
Â
"Docker supports ""Rootless mode"", which allows running the entire Docker daemon and its dependencies as a non-root user on the host, so as to protect the host from malicious containers in a simple but very strong way. Rootless mode is also attractive for users who cannot get `sudo` permission for installing Docker on shared computing machines. e.g. HPC users. In this talk, Akihiro Suda, the author of the Rootless mode, will explain how users can get started with Rootless mode. He will also explain the recent updates including support for Cgroup V2 and FUSE-OverlayFS."
https://docker.events.cube365.net/docker/dockercon/content/Videos/wHjxizoWgFgCYu6aF
Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...Anne Nicolas
Â
At this point, anyone can put a quick GNU/Linux distro together to test on almost any device. The tooling has been greatly simplified and the hardware enablement has come a long way. So why do we need this talk? Quite literally for the mountain of challenges that unfortunately get completely eclipsed by the mirage of these one-time build and forget environments and tools that everyone tickers with nowadays. Being able to produce solid repeatable results does not mean being able to run the same scripts more than once but rather a true complete Continuous Integration solution accounting for all aspects of the new product. This talk will discuss actual situations experienced by Collabora and will open the discussion for others to share and contribute.
[KubeCon NA 2020] containerd: Rootless Containers 2020Akihiro Suda
Â
Rootless Containers means running the container runtimes (e.g. runc, containerd, and kubelet) as well as the containers without the host root privileges. The most significant advantage of Rootless Containers is that it can mitigate potential container-breakout vulnerability of the runtimes, but it is also useful for isolating multi-user environments on HPC hosts. This talk will contain the introduction to rootless containers and deep-dive topics about the recent updates such as Seccomp User Notification. The main focus will be on containerd (CNCF Graduated Project) and its consumer projects including Kubernetes and Docker/Moby, but topics about other runtimes will be discussed as well.
https://sched.co/fGWc
[KubeConEU] Building images efficiently and securely on Kubernetes with BuildKitAkihiro Suda
Â
https://sched.co/MPX5
BuildKit is a modern container image builder that focuses on efficiency and security, mostly known as the backend of Docker 18.06+ and Jessie Frazelle's `img`. (But it is even useful as a standalone tool!)
In this talk, Akihiro Suda, one of founding maintainers of BuildKit, shows practical tips for running BuildKit on Kubernetes clusters.
Build and Run Containers With Lazy Pulling - Adoption status of containerd St...Kohei Tokunaga
Â
Talked about lazy pulling of container images with eStargz and Stargz Snapshotter at FOSDEM 2021.
Details: https://fosdem.org/2021/schedule/event/containers_lazy_pull/
Stargz Snapshotter: https://github.com/containerd/stargz-snapshotter
Containers, Docker, and Security: State Of The Union (LinuxCon and ContainerC...JĂŠrĂ´me Petazzoni
Â
Docker is two years old. While security has always been at the core of the questions revolving around Docker, the nature of those questions has changed. Last year, the main concern was "can I safely colocate containers on the same machine?" and it elicited various responses. Dan Walsh, SELinux expert, notoriously said: "containers do not contain!", and at last year's LinuxCon, JĂŠrĂ´me delivered a presentation detailing how to harden Docker and containers to isolate them better.
Today, people have new concerns. They include image transport, vulnerability mitigation, and more.
After a recap about the current state of container security, JĂŠrĂ´me will explain why those new questions showed up, and most importantly, how to address them and safely deploy containers in general, and Docker in particular.
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesPhil Estes
Â
A talk given at Cloud Native London meetup, February 6, 2018 on the role of container runtimes in Kubernetes, the introduction of the Container Runtime Interface (CRI), and the history of containerd and it's use as a CRI implementing container runtime for Kubernetes.
Docker London Meetup: Docker Engine EvolutionPhil Estes
Â
A meetup talk on the evolution of the Docker engine from 2014-2019, including the refactoring and spin out of OCI runc and CNCF containerd codebases. This talk was given at the Docker London meetup group on Thursday, 31st January, 2019.
Building specialized container-based systems with Moby: a few use cases
This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios. We will cover Moby itself, the framework, and tooling around the project, as well as many of itâs components: LinuxKit, InfraKit, containerd, SwarmKit, Notary. Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.
Moby is an open source project providing a "LEGO set" of dozens of components, the framework to assemble them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
One of these assemblies is Docker CE, an open source product that lets you build, ship, and run containers.
This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios.
We will cover Moby itself, the framework, and tooling around the project, as well as many of itâs components: LinuxKit, InfraKit, containerd, SwarmKit, Notary.
Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.
Video at https://www.youtube.com/watch?v=kDp22YkD6WY
These are my slides from the November BayNode Talk Night. I spoke about our experience moving our NodeJS architecture to Docker and CoreOS as well as some tips/tricks we've learned along the way.
Container Runtimes: Comparing and Contrasting Today's EnginesPhil Estes
Â
A webinar presented for the {code} Community on August 30, 2017. In this talk, we looked at the sphere of modern container runtimes that start with Docker's emergence in 2013/2014 to today's additions of rkt, OCI's runc, containerd, cri-o, and Cloud Foundry's garden-runc project, many of them consolidating around the OCI standard for container runtime and image specifications.
docker : how to deploy Digital Experience in a container drinking a cup of co...Matteo Bisi
Â
This was my session @ IconUK 2016. We was talking about docker and ibm and giving some tips to use it and build it your own container with ibm social collaboration software
.docker : How to deploy Digital Experience in a container, drinking a cup of ...ICON UK EVENTS Limited
Â
Matteo Bisi / Factor-y srl
Andrea Fontana / SOWRE SA
Docker is one of best technologies available on market to install and run and deploy application fastest , securely like never before. In this session you will see how to deploy a complete digital experience inside containers that will enable you to deploy a Portal drinking a cup of coffee. We will start from a deep overview of docker: what is docker, where you can find that, what is a container and why you should use container instead a complete Virtual Machine. After the overview we will enter inside how install IBM software inside a container using docker files that will run the setup using silent setup script. At last part we will talk about possible use of this configuration in real work scenario like staging or development environment or in WebSphere Portal farm setup.
WebRTC Standards & Implementation Q&A - The Internals of WebRTC Browsers Impl...Amir Zmora
Â
A lot has been written about the lack of interoperability between browsers when it comes to WebRTC. Why is it so complicated? What's keeping Google from moving the standard way from SDP Plan B to Unified Plan?
All about the C++ internals of WebRTC in browsers by guest speaker Alex Gouaillard.
Docker Concepts for Oracle/MySQL DBAs and DevOpsZohar Elkayam
Â
Oracle Week 2017 Slides
Agenda:
Docker overview â why do we even need containers?
Installing Docker and getting started
Images and Containers
Docker Networks
Docker Storage and Volumes
Oracle and Docker
Docker tools, GUI and Swarm
Presentation about docker from Java User Group in Ostrava CZ (23th of November 2015). Presented by Martin Damovsky (@damovsky).
Demos are available at https://github.com/damovsky/jug-ostrava-docker
Docker Overview - Rise of the ContainersRyan Hodgin
Â
Containers allow for applications to become more portable, organized more efficiently, and configured to make better use of system resources. This presentation will explain Docker's container technology, DevOps approach, partner ecosystem, popularity, performance, challenges, and roadmap. We'll review how containers are changing application and operating system designs.
20240415 [Container Plumbing Days] Usernetes Gen2 - Kubernetes in Rootless Do...Akihiro Suda
Â
Rootless mode is a technique to harden containers by running the container engine as a non-root user. The support for rootless mode has been merged into Docker since v19.03 (2019) and in Kubernetes since v1.22 (2021). However, setting up Rootless Kubernetes has been more challenging than setting up Rootless Docker due to its complexity. This session presents Usernetes Generation 2, a Kubernetes distribution that wraps Kubernetes in Rootless Docker for ease of setting up multi-node Rootless Kubernetes clusters. Unlike the original Usernetes (Generation 1) that was based on "Kubernetes The Hard Way", Usernetes Generation 2 supports kubeadm. Usernetes Generation 2 is similar to `kind` and `minikube`, however, unlike them Usernetes Generation 2 supports forming real multi-node clusters using Flannel (VXLAN) and it can be potentially used for production clusters. https://github.com/rootless-containers/usernetes
https://github.com/rootless-containers/usernetes
Usernetes (Gen2) deploys a Kubernetes cluster inside Rootless Docker, so as to mitigate potential container-breakout vulnerabilities.
Usernetes (Gen2) is similar to Rootless kind and Rootless minikube, but Usernetes (Gen 2) supports creating a cluster with multiple hosts.
[DockerCon 2023] Reproducible builds with BuildKit for software supply chain ...Akihiro Suda
Â
Images maintained by a reputable organization or an individual are often considered to be trustworthy; however, it is hard to deny the possibility that they might have silently injected malicious codes that are not present in the source repo. Also, even if they have no malicious intent, their images can still be compromised on an accidental leakage of registry credentials.
The latest release of BuildKit solves this supply chain security concern with reproducible builds. Reproducible builds is a technique to ensure that a bit-for-bit identical image can be reproduced from its source code, by anybody, at any time. When multiple actors can attest to an image's reproducibility, it signifies that the image contains no code of a secret origin.
Audiences of this talk will learn how they can and how sometimes they cannot make their images reproducible to improve their trust.
The internals and the latest trends of container runtimesAkihiro Suda
Â
Containers are a set of various lightweight methods to isolate filesystems, CPU resources, memory resources, system permissions, etc. Containers are similar to virtual machines in many senses, but they are more efficient and often less secure. This talk roughly consists of the following three parts:
1. Introduction to containers and how they spread in the last decade
2. Internals of container runtimes: namespaces, cgroups, capabilities, seccomp, etc.
3. Latest trends: Non-Docker containers, User Namespaces, Rootless Containers, Kata Containers, gVisor, WebAssembly, etc.
http://www.cce.i.kyoto-u.ac.jp/danwa23.html
[Container Plumbing Days 2023] Why was nerdctl made?Akihiro Suda
Â
nerdctl (contaiNERD CTL) was made to facilitate development of new technologies in the containerd platform.
Such technologies include:
- Lazy-pulling with Stargz/Nydus/OverlayBD
- P2P image distribution with IPFS
- Image encryption with OCIcrypt
- Image signing with Cosign
- âRealâ read-only mounts with mount_setattr
- Slirp-less rootless containers with bypass4netns
- Interactive debugging of Dockerfiles, with buildg
nerdctl is also useful for debugging Kubernetes nodes that are running containerd.
Through this session, the audiences will learn these functionalities of nerdctl, relevant projects, and the roadmap for the future.
https://containerplumbing.org/sessions/2023/why_was_nerdctl_
[KubeCon EU 2022] Running containerd and k3s on macOSAkihiro Suda
Â
https://sched.co/ytpi
It has been very hard to use Mac for developing containerized apps. A typical way is to use Docker for Mac, but it is not FLOSS. Another option is to install Docker and/or Kubernetes into VirtualBox, often via minikube, but it doesn't propagate localhost ports, and VirtualBox also doesn't support the ARM architecture. This session will show how to run containerd and k3s on macOS, using Lima and Rancher Desktop. Lima wraps QEMU in a simple CLI, with neat features for container users, such as filesystem sharing and automatic localhost port forwarding, as well as DNS and proxy propagation for enterprise networks. Rancher Desktop wraps Lima with k3s integration and GUI.
[KubeCon EU 2021] Introduction and Deep Dive Into ContainerdAkihiro Suda
Â
Join containerd maintainers and reviewers in a combined introduction and deep dive session. They will discuss the overview and the recent updates of containerd as well as how it is being used by Kubernetes, Docker and other container-based systems. The brief introduction about its architecture and service design will be included. The talk will also deep dive into how to leverage contained by extending and customizing it for your use case with low-level plugins like remote snapshotters, as well as by implementing your own containerd client. Upcoming features and recent discussion in containerd community will also be covered.
- - -
https://kccnceu2021.sched.com/event/iE6v/introduction-and-deep-dive-into-containerd-kohei-tokunaga-akihiro-suda-ntt-corporation?iframe=no
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
Â
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operateâor are planning to operateâbroader deployments at their institution.
Strategies for Successful Data Migration Tools.pptxvarshanayak241
Â
Data migration is a complex but essential task for organizations aiming to modernize their IT infrastructure and leverage new technologies. By understanding common challenges and implementing these strategies, businesses can achieve a successful migration with minimal disruption. Data Migration Tool like Ask On Data play a pivotal role in this journey, offering features that streamline the process, ensure data integrity, and maintain security. With the right approach and tools, organizations can turn the challenge of data migration into an opportunity for growth and innovation.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Â
Les Buildpacks existent depuis plus de 10 ans ! Dâabord, ils ĂŠtaient utilisĂŠs pour dĂŠtecter et construire une application avant de la dĂŠployer sur certains PaaS. Ensuite, nous avons pu crĂŠer des images Docker (OCI) avec leur dernière gĂŠnĂŠration, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautĂŠs les soutiennent et comment ?
Venez le dĂŠcouvrir lors de cette session ignite
Large Language Models and the End of ProgrammingMatt Welsh
Â
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
First Steps with Globus Compute Multi-User EndpointsGlobus
Â
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Designing for Privacy in Amazon Web ServicesKrzysztofKkol1
Â
Data privacy is one of the most critical issues that businesses face. This presentation shares insights on the principles and best practices for ensuring the resilience and security of your workload.
Drawing on a real-life project from the HR industry, the various challenges will be demonstrated: data protection, self-healing, business continuity, security, and transparency of data processing. This systematized approach allowed to create a secure AWS cloud infrastructure that not only met strict compliance rules but also exceeded the client's expectations.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
Â
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planetâs largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Â
Even though at surface level âjava.lang.OutOfMemoryErrorâ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Â
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
Â
JASMIN is the UKâs high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERCâs long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Â
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Modern design is crucial in today's digital environment, and this is especially true for SharePoint intranets. The design of these digital hubs is critical to user engagement and productivity enhancement. They are the cornerstone of internal collaboration and interaction within enterprises.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
Â
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our teamâs work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Â
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?XfilesPro
Â
Worried about document security while sharing them in Salesforce? Fret no more! Here are the top-notch security standards XfilesPro upholds to ensure strong security for your Salesforce documents while sharing with internal or external people.
To learn more, read the blog: https://www.xfilespro.com/how-does-xfilespro-make-document-sharing-secure-and-seamless-in-salesforce/
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
Â
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
Â
Being a Moby maintainer
1. CopyrightŠ2017 NTT Corp. All Rights Reserved.
Akihiro Suda ( @_AkihiroSuda_ )
NTT Software Innovation Center
Being a Moby maintainer
Docker Tokyo (Nov 2, 2017)
https://slideshare.net/AkihiroSuda
2. 2
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Software Engineer at NTT
⢠github: @AkihiroSuda
⢠Twitter: @_AkihiroSuda_
⢠Docker Moby core maintainer (github.com/docker/docker moby/moby)
⢠In April 2017, Docker [ as a project ] transited into Moby.
⢠Now Docker [ as a product ] has been developed as one of downstream of Moby.
: â :
RHEL Fedora
Who am I
3. 3
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠BuildKit initial maintainer (github.com/moby/buildkit)
⢠Next-generation `docker build`
⢠Executes DAG vertices of Dockerfile-equivalent concurrently
⢠Soon: cache-aware distributed mode
⢠containerd maintainer (github.com/containerd/containerd)
⢠Industry-standard container runtime
⢠Can be used as a Docker-replacement for Kubernetes
Who am I
4. 4
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠What is the Moby Project
⢠Recent updates in the Moby Project
⢠How I became a maintainer (and how you can!)
Agenda
7. 7
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠A collaborative project for the container ecosystem to assemble
container-based systems
What is the Moby Project?
runc
BuildKit
Moby registry
DataKit
VPNKit
HyperKit
Moby engine
(dockerd)Moby tool
libnetwork
libentitlement
8. 8
CopyrightŠ2017 NTT Corp. All Rights Reserved.
Relationship between Moby and Docker (and Balena)
Docker Community Edition Docker Enterprise Edition
Balena: Moby-based container engine for IoT, by Resin.io
+ Support, GUI..
Add your own downstream here...
?
Third parties
Docker, Inc.'s products
Similarity
9. 9
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠`dockerd` command is part of Moby
⢠Will be renamed to `moby-engine` soon
⢠`docker` command is NOT part of Moby
⢠Because UX is basically out of scope of Moby
⢠Solely maintained by Docker, Inc. But still opensource.
⢠Desktop and cloud installers are NOT part of Moby
(Docker for Mac / Windows / AWS / Azure)
⢠Docker, Inc. 's proprietary software at the moment
⢠Dockerfile is likely to be removed from Moby... But no worry!
⢠Moby BuildKit provides a new low-level instruction set
Some Docker components are not included in Moby
10. 10
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Announcement at DockerCon EU (October 17, 2017)
Recent updates in Moby and Docker
Kubernetes
Docker
containerd
Docker
Kubernetes
containerd
API translator (unreleased)
`docker` CLI
can be used for
managing k8s
Container Runtime Interface (CRI)
k8s no longer
depends on
Docker
11. 11
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Announcement at DockerCon EU (October 17, 2017)
Recent updates in Moby and Docker
https://blog.docker.com/2017/10/kubernetes-docker-platform-and-moby-project/
Swarm is still kept
(User can choose either one)
12. 12
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠This was not a surprise, because Docker, Inc. and the Moby
community has been already working on Kubernetes-related stuff
for a year
Recent updates in Moby and Docker
https://blog.mobyproject.org/moby-and-kubernetes-bf888ab31e38
13. 13
CopyrightŠ2017 NTT Corp. All Rights Reserved.
containerd: Industry-standard container runtime
⢠Simpler architecture than the "monolith" of Docker
⢠containerd is "a la carte" of well-decoupled subsystems (runtime, image, snapshot..)
⢠Can be used as a Docker-replacement for Kubernetes (and so on)
⢠CRI-containerd, the glue module for k8s is mainly maintained by Google employees
⢠More collaborative than the past Docker in the pre-Moby era
⢠Docker, Inc. donated containerd to Cloud Native Computing Foundation (CNCF)
runc
containerd v1.0
CRI-containerd
KubernetesKubernetes
Docker (Moby)
runc
containerd v0.2
Docker (Moby)
Docker 18.XX (unreleased)
14. 14
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Assembles VM images for running certain service like Docker
⢠Now officially supports Kubernetes as well (with CRI-containerd)
⢠Usecases are not limited to Docker/Kubernetes
⢠e.g. "RedisOS" without Docker nor Kubernetes
⢠Everything is containerd container
⢠No systemd nor SysV init
⢠Everything is immutable by design
⢠When you need to update or customize your LinuxKit VM instances, you just
dispose the existing instances and create new ones (as in Docker containers!)
LinuxKit: Toolkit for custom Linux distribution
LinuxKit
namespace
Kubernetes
namespace
dhcpd
ntpd
kubelet
cri-containerd
e.g., nginx
containerd
15. 15
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Deploys distributed system like Docker Swarm-mode to IaaS like EC2
⢠Self-healing
⢠Recreate instances if the actual state differs from the desired state
⢠Now supports deploying Kubernetes as well
(implemented by Yuji Oshima)
⢠InfraKit maintainer
⢠My colleague at NTT
InfraKit: Toolkit for infrastructure orchestration
Infrakit LinuxKit LinuxKit
EC2 EC2
LinuxKit
EC2
Docker Swarm-mode / Kubernetes
16. 16
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Compiles Dockerfile to LLB DAG
⢠LLB: low-level build instruction set
⢠DAG: directed acyclic graph
⢠LLB DAG allows concurrent build
⢠Third party languages could be compiled to LLB DAG as well
BuildKit: next-generation `docker build`
Compile
Dockerfile
LLB DAG
Third party languages
docker-image://alpine
Image
git://foo/bar
docker-image://gcc
Run("apk add ..")Run("make")
17. 17
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Distributed mode (on Kubernetes) is on plan
⢠Workers reports LLB DAG vertex cache info and performance stats to masters
⢠Master assigns a vertex job to the worker which seems the best (just heuristic)
⢠Designed to be stateless as much as possible for ease of deployment
BuildKit: next-generation `docker build`
Master
Master
Master
LBClient
Worker
Worker
Worker
18. 18
CopyrightŠ2017 NTT Corp. All Rights Reserved.
Even useful for non-container
usecases, as a generic
concurrent / distributed
compiler toolkit
BuildKit: next-generation `docker build`
19. 19
CopyrightŠ2017 NTT Corp. All Rights Reserved.
libentitlement: high-level permissions and security profile
https://www.slideshare.net/Docker/moby-and-kubernetes-entitlements
20. 20
CopyrightŠ2017 NTT Corp. All Rights Reserved.
libentitlement: high-level permissions and security profile
https://www.slideshare.net/Docker/moby-and-kubernetes-entitlements
21. 21
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Previously, Solomon Hykes (CTO, Docker, Inc.) was the BDFL
⢠Benevolent Dictator For Life
⢠Now "Technical Steering Committee" is being established (in this
November) as the replacement for the BDFL role
⢠A single company cannot hold more than 1/3 seats
Moby governance
22. 22
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Some components under the Moby umbrella belong to other
organizations
⢠containerd, Notary: CNCF (Cloud Native Computing Foundation)
⢠InfraKit is also proposed to CNCF
⢠runc: OCI (Open Containers Initiative)
⢠Moby Technical Steering Committee will help cross-project and
cross-organization collaboration
Moby Project, CNCF, and OCI
23. 23
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Maintainers (aka "committers" in other FLOSS communities)
⢠Can approve other contributors' pull requests (with 2 LGTMs usually)
⢠Can manage GitHub issues
⢠Can add and remove other maintainers (with 66% approval vote)
⢠Elected from active contributors who:
⢠Send pull requests
⢠Bug fix
⢠Enhancement
⢠New feature
⢠Review other contributors pull requests
⢠Triage GitHub issues
Who are maintainers and how they are elected
24. 24
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Began contribution to Docker in December, 2015
⢠I was working on some fault injection tool (github.com/osrg/namazu), and got
stuck in "false ZooKeeper bug" due to AUFS hang-up: #18180
⢠This is not a bug of Docker but mainly tracked in Docker community
⢠Became a Docker maintainer in November, 2016
⢠Docker ď Moby in April, 2017
⢠(I think) Mainly contributed to filesystem issues
⢠Both AUFS and overlayfs have some stability and compatibility issues
⢠Also proposed some new features
⢠`docker network prune` (merged): #27525
⢠introspection mount (procfs-like stuff for containers. unmerged yet): #24893, #26331
⢠TCP port forwarder (withdrawn): #26365
⢠...
How I became a Docker/Moby maintainer
25. 25
CopyrightŠ2017 NTT Corp. All Rights Reserved.
How I became a Docker/Moby maintainer
JVM processes in Docker were extremely unstable due to an
AUFS issue.
The issue was very critical for many users, but very hard to
debug because of non-determinism.
26. Actually, it was not me who firstly identified
the cause of the issue (Also, I didn't wrote
the patch to fix the issue in the fact)
But I made some demonstration
tools for confirming the cause of
the issue
27. I made some reports to AUFS community,
and the AUFS maintainer (not me) fixed the
issue
Created "cheat sheet" for Linux
distribution-specific workarounds
Encouraged Linux distributors to
apply the AUFS patch
32. 32
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Initial maintainer from the beginning of the project (2017 summer)
⢠Initially I proposed DAG-based builder (but without idea of LLB)
⢠Coincidently, Tþnis Tiigi (Docker, Inc.) was planning similar but
even better idea, which turned into BuildKit
⢠TĂľnis invited me to an initial maintainer of BuildKit ď
How I became a BuildKit maintainer
33.
34.
35. 35
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Began contribution in December, 2016
⢠Became a maintainer in September, 2017
⢠Mainly contributed to filesystem and image issues
⢠Though contribution to Docker / Moby, I found filesystem issues are hard to
maintain
⢠I needed to reform containerd interfaces and data formats for my experimental OCI
Image extension
⢠FILEgrain: transport-agnostic, fine-grained content-addressable container image layout
(github.com/AkihiroSuda/filegrain)
How I became a containerd maintainer
36. 36
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Collaborativeness (the most important)
⢠Comprehensiveness
⢠Issue analysis, Bug-fix, enhancement, feature addition...
⢠But when you plan to add a big feature, please coordinate with maintainers in GitHub
issue or Slack before opening a PR!
⢠Continuity
⢠One-shot contribution is always welcomed, but maintainership requires continuous
activity
⢠Number of git commits and LOCs are not so important
And how you can become maintainers! (my personal view)
37. 37
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠Moby engine
⢠Recently integrated containerd v1.0 runtime. We need to make sure there is no
regression.
⢠The next step is to integrate containerd v1.0 snapshot subsystem. (Much harder for
compatibility)
⢠BuildKit
⢠Dockerfile2LLB compiler is not stable. Testing is highly welcomed.
⢠Design for distributed mode is still under discussion.
⢠containerd
⢠Adding tests and performance optimizations are welcomed.
⢠And more!
Good chances to contribution (my personal view)
38. 38
CopyrightŠ2017 NTT Corp. All Rights Reserved.
⢠The Moby Project is getting more collaborative
⢠You can contribute and become a maintainer as well!
Recap
https://blog.docker.com/2017/04/introducing-the-moby-project/