SlideShare a Scribd company logo

Introduction to Atomic: Tailoring a Trusted OS for Containers

Joe Brockmeier
Joe Brockmeier

Project Atomic aims to tailor a trusted OS for containers by providing an immutable and streamlined host optimized for running and managing containers using technologies like rpm-ostree, Docker, Kubernetes, and Cockpit. The Atomic Host provides core container tools while remaining minimal and preventing installation of packages on the running system. Project Atomic coordinates development of Atomic Hosts across distributions like CentOS, Fedora, and RHEL.

Technology
1 of 25
Download to read offline
Introduction toIntroduction to AtomicAtomic:: Tailoring a Trusted OS for ContainersTailoring a Trusted OS for Containers Joe Brockmeier jzb@redhat.com @jzb
Introduction ● What is Project Atomic? ● Anatomy of an Atomic Host ● Coming Soon ● Getting Involved
(I don't need to explain containers, right? Good.)
What is Project Atomic?
Project Atomic 101 ● Upstream community for developing tools and patterns for developing Atomic hosts. ● Umbrella project for Red Hat's efforts around developing, building, running, and managing containers. ● Not a new distribution – Atomic Hosts are built from CentOS, Fedora, or Red Hat Enterprise Linux.
Why Atomic? ● We can run Linux containers on CentOS, Fedora, and RHEL already! ● Provide a streamlined host optimized for running and managing containers. ● All applications should be deployed as containers, rather than installing on the host. ● Host should be “cattle” and updates should be easy to deploy and manage.
What Atomic Hosts Provide ● Streamlined host based on CentOS, Fedora, or RHEL packages + container stack. ● rpm-ostree ● /usr/bin/atomic ● Docker ● Kubernetes ● Cockpit ● Super Privileged Containers (SPC)
What Atomic Hosts Won't Provide ● Atomic hosts are “immutable” – don't expect to install packages on running systems ● Official images are minimal – that means your favorite tool probably won't be added – Aside from Atomic development or troubleshooting, you should never be logged into an Atomic Host ● More than necessary
CentOS, Fedora, or RHEL? ● Aside from rpm-ostree, all of the components that make up an Atomic Host are shared w/the parent distribution. ● You want support? Go RHEL Atomic Host. ● CentOS Atomic is currently under development, and hasn't released any “official” images. ● Fedora 21 released in December – developed by the Cloud Working Group. ● A CentOS rebuild of RHELAH is coming soon.
rpm-ostree's history ● OStree initially developed for GNOME continuous by Colin Walters ● The rpm-ostree stuff came slightly later ● “Git for operating systems” – bootable, immutable, & versioned filesystem trees – works on top of any *nix filesystem – support for UID/GID, extended attr, handling bootloader, and more.
Why rpm-ostree? ● “Atomic” updates make more sense for an immutable system ● Preserves the tooling to create packages, allows re- use of RPMs rather than re-inventing the wheel ● Easy rollback in the event you need to return to known-good tree ● Clean transaction for updates
How rpm-ostree works (high level) ● Filesystem is read-only, except /var and /etc ● /etc is 3-way merged when you do an update ● All data (e.g. containers) is unchanged on upgrade ● Problem with an upgrade? `rpm-ostree rollback`
/usr/bin/atomic ● Coherent entry point to the system: manage host and containers with the atomic command. ● Fill gaps in Linux container implementations. – e.g. “atomic install foo” can install a container with its k8s configuration and/or systemd unit file. – “atomic run” grabs the LABEL “run” with its Docker cmd line. Saves the user much typing. ● The “atomic host” command can be used for rpm- ostree updates.
Cockpit ● Cockpit started prior to Atomic ● Server manager for administering Linux servers via the Web browser ● Doesn't interfere with normal admin tools ● Designed to be multi-server ● Support for managing containers, Kubernetes ● http://cockpit-project.org/
Changes to 'docker search' & 'docker pull' ● We mostly ship vanilla Docker ● Additional registries for 'docker search' & 'docker pull' ● We add the RHEL registry to grab official RHEL content* ● Docker search lists fully qualified image name ● Ability to block registries ● Can warn on “push” to ensure private images aren't pushed to public registry
Super-Privileged Containers (SPC) ● We mean it when we say “run everything in containers” on Atomic ● Usually containers have limited interaction w/the host ● SPC containers can be run with `atomic run` which saves the need for long docker commands to enble privileges
Shipping Super-Privileged Containers (SPC) ● RHEL Atomic Tools Container Image – debugging tools like strace, traceroute, man pages, etc. needed to troubleshoot an image. ● RHEL Atomic rsyslog Container Image – runs rsyslogd service to send logs to central server, etc. (journald collects data either way) ● RHEL Atomic sadc Container Image – runs sadc from sysstat to be used w/`sar` ● More to come!
Nulecule (in early development) ● Specification for multi-container application w/dependencies (“Atomic App”) ● Lets developer describe application, sysadmin define parameters for app at runtime ● Creates super-orchestration parameters for Kubernetes ● Defines on-demand scheduling of resource utilization ● Basis for policy-based orchestration via Mesos ● Supports Docker, ACI and potentially other container formats ● github.com/projectatomic/nulecule
Kubernetes ● Initially used GearD from OpenShift, phased out in favor of Kubernetes ● Working with upstream to improve / develop Kubernetes for container management
Pulling the Pieces TogetherPulling the Pieces Together
Fedora Atomic Hosts ● Work is being done through the Cloud Work Group & will be part of the Cloud Product ● First release in Fedora 21 ● Adding new image formats in Fedora 22, updated Cockpit, etc. ● Moving to 2-week release cycle based on Rawhide or -current soon
CentOS 7 Atomic Hosts ● Work is being done through CentOS Atomic SIG ● CentOS-based Atomic Hosts are still in development, working out a few details like signing ● Will be providing a rebuild of RHEL Atomic Host soon ● CentOS SIG / Project Atomic will be providing a faster-moving release with packages in development soon
Getting Involved ● Website: projectatomic.io ● Github: github.com/projectatomic ● Facebook.com/projectatomic ● Twitter: @projectatomic ● Mailing Lists: http://www.projectatomic.io/community/
Thank you! jzb@redhat.com Twitter: @jzb @projectatomic

Recommended

An introduction to Docker and Project Atomic
An introduction to Docker and Project AtomicAn introduction to Docker and Project Atomic
An introduction to Docker and Project Atomic
Aditya Patawari
 
It's 2018. Are My Containers Secure Yet!?
It's 2018. Are My Containers Secure Yet!?It's 2018. Are My Containers Secure Yet!?
It's 2018. Are My Containers Secure Yet!?
Phil Estes
 
Docker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete ComponentsDocker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete Components
Phil Estes
 
Containerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimeContainerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container Runtime
Phil Estes
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Phil Estes
 
Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018
Phil Estes
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?
Phil Estes
 
Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1
dotCloud
 

Recommended

An introduction to Docker and Project Atomic
An introduction to Docker and Project AtomicAn introduction to Docker and Project Atomic
An introduction to Docker and Project Atomic
Aditya Patawari
 
It's 2018. Are My Containers Secure Yet!?
It's 2018. Are My Containers Secure Yet!?It's 2018. Are My Containers Secure Yet!?
It's 2018. Are My Containers Secure Yet!?
Phil Estes
 
Docker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete ComponentsDocker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete Components
Phil Estes
 
Containerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container RuntimeContainerd Internals: Building a Core Container Runtime
Containerd Internals: Building a Core Container Runtime
Phil Estes
 
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use CasesDocker Athens: Docker Engine Evolution & Containerd Use Cases
Docker Athens: Docker Engine Evolution & Containerd Use Cases
Phil Estes
 
Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018Containerd Project Update: FOSDEM 2018
Containerd Project Update: FOSDEM 2018
Phil Estes
 
CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?CRI Runtimes Deep-Dive: Who's Running My Pod!?
CRI Runtimes Deep-Dive: Who's Running My Pod!?
Phil Estes
 
Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1Running Docker with OpenStack | Docker workshop #1
Running Docker with OpenStack | Docker workshop #1
dotCloud
 
KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeAcademy
 
Docker 101 2015-05-28
Docker 101 2015-05-28Docker 101 2015-05-28
Docker 101 2015-05-28
Adrian Otto
 
CoreOS Intro
CoreOS IntroCoreOS Intro
CoreOS Intro
Isaac Johnston
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
Gianluca Padovani
 
Embedding Containerd For Fun and Profit
Embedding Containerd For Fun and ProfitEmbedding Containerd For Fun and Profit
Embedding Containerd For Fun and Profit
Phil Estes
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
Sreenivas Makam
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
Henryk Konsek
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge
Nicolas De Loof
 
Container (Docker) Orchestration Tools
Container (Docker) Orchestration ToolsContainer (Docker) Orchestration Tools
Container (Docker) Orchestration Tools
Dhilipsiva DS
 
The State of containerd
The State of containerdThe State of containerd
The State of containerd
Moby Project
 
Docker for mere mortals
Docker for mere mortalsDocker for mere mortals
Docker for mere mortals
Henryk Konsek
 
Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015
Leonid Mirsky
 
LinuxKit
LinuxKitLinuxKit
LinuxKit
Moby Project
 
Docker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF Meetup
Docker, Inc.
 
Docker practical solutions
Docker practical solutionsDocker practical solutions
Docker practical solutions
Kesav Kumar Kolla
 
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesWhose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Phil Estes
 
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeAcademy
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel Developments
Docker, Inc.
 
Fluentd and docker monitoring
Fluentd and docker monitoringFluentd and docker monitoring
Fluentd and docker monitoring
Vinay Krishna
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open Communities
Phil Estes
 
Running Docker containers on Mesos
Running Docker containers on MesosRunning Docker containers on Mesos
Running Docker containers on Mesos
Tomas Kral
 
Containers - What are they and Atomic
Containers - What are they and AtomicContainers - What are they and Atomic
Containers - What are they and Atomic
Syed Shaaf
 

More Related Content

What's hot

KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeAcademy
 
Docker 101 2015-05-28
Docker 101 2015-05-28Docker 101 2015-05-28
Docker 101 2015-05-28
Adrian Otto
 
CoreOS Intro
CoreOS IntroCoreOS Intro
CoreOS Intro
Isaac Johnston
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
Gianluca Padovani
 
Embedding Containerd For Fun and Profit
Embedding Containerd For Fun and ProfitEmbedding Containerd For Fun and Profit
Embedding Containerd For Fun and Profit
Phil Estes
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
Sreenivas Makam
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
Henryk Konsek
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge
Nicolas De Loof
 
Container (Docker) Orchestration Tools
Container (Docker) Orchestration ToolsContainer (Docker) Orchestration Tools
Container (Docker) Orchestration Tools
Dhilipsiva DS
 
The State of containerd
The State of containerdThe State of containerd
The State of containerd
Moby Project
 
Docker for mere mortals
Docker for mere mortalsDocker for mere mortals
Docker for mere mortals
Henryk Konsek
 
Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015
Leonid Mirsky
 
LinuxKit
LinuxKitLinuxKit
LinuxKit
Moby Project
 
Docker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF Meetup
Docker, Inc.
 
Docker practical solutions
Docker practical solutionsDocker practical solutions
Docker practical solutions
Kesav Kumar Kolla
 
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesWhose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Phil Estes
 
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeAcademy
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel Developments
Docker, Inc.
 
Fluentd and docker monitoring
Fluentd and docker monitoringFluentd and docker monitoring
Fluentd and docker monitoring
Vinay Krishna
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open Communities
Phil Estes
 

What's hot (20)

KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
KubeCon EU 2016: "rktnetes": what's new with container runtimes and Kubernetes
 
Docker 101 2015-05-28
Docker 101 2015-05-28Docker 101 2015-05-28
Docker 101 2015-05-28
 
CoreOS Intro
CoreOS IntroCoreOS Intro
CoreOS Intro
 
Docker e git lab
Docker e git labDocker e git lab
Docker e git lab
 
Embedding Containerd For Fun and Profit
Embedding Containerd For Fun and ProfitEmbedding Containerd For Fun and Profit
Embedding Containerd For Fun and Profit
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
 
Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.Containerize! Between Docker and Jube.
Containerize! Between Docker and Jube.
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge
 
Container (Docker) Orchestration Tools
Container (Docker) Orchestration ToolsContainer (Docker) Orchestration Tools
Container (Docker) Orchestration Tools
 
The State of containerd
The State of containerdThe State of containerd
The State of containerd
 
Docker for mere mortals
Docker for mere mortalsDocker for mere mortals
Docker for mere mortals
 
Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015Docker orchestration using core os and ansible - Ansible IL 2015
Docker orchestration using core os and ansible - Ansible IL 2015
 
LinuxKit
LinuxKitLinuxKit
LinuxKit
 
Docker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF MeetupDocker 1.11 @ Docker SF Meetup
Docker 1.11 @ Docker SF Meetup
 
Docker practical solutions
Docker practical solutionsDocker practical solutions
Docker practical solutions
 
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesWhose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
Whose Job Is It Anyway? Kubernetes, CRI, & Container Runtimes
 
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...
 
Container-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel DevelopmentsContainer-relevant Upstream Kernel Developments
Container-relevant Upstream Kernel Developments
 
Fluentd and docker monitoring
Fluentd and docker monitoringFluentd and docker monitoring
Fluentd and docker monitoring
 
An Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open CommunitiesAn Open Source Story: Open Containers & Open Communities
An Open Source Story: Open Containers & Open Communities
 

Viewers also liked

Running Docker containers on Mesos
Running Docker containers on MesosRunning Docker containers on Mesos
Running Docker containers on Mesos
Tomas Kral
 
Containers - What are they and Atomic
Containers - What are they and AtomicContainers - What are they and Atomic
Containers - What are they and Atomic
Syed Shaaf
 
Containerizing Web Application with Docker
Containerizing Web Application with DockerContainerizing Web Application with Docker
Containerizing Web Application with Docker
msyukor
 
Containers in the Enterprise
Containers in the EnterpriseContainers in the Enterprise
Containers in the Enterprise
Ken Thompson
 
Building Trustworthy Containers
Building Trustworthy ContainersBuilding Trustworthy Containers
Building Trustworthy Containers
Sysdig
 
Red Hat Container Strategy
Red Hat Container StrategyRed Hat Container Strategy
Red Hat Container Strategy
Red Hat Events
 
Docker and DevOps - Why it matters
Docker and DevOps - Why it mattersDocker and DevOps - Why it matters
Docker and DevOps - Why it matters
Jeremy Brown
 
Docker Basics
Docker BasicsDocker Basics
Docker Basics
DuckDuckGo
 
Containerized Cloud Computing - Redhat
Containerized Cloud Computing - RedhatContainerized Cloud Computing - Redhat
Containerized Cloud Computing - Redhat
Amazon Web Services
 
RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)
Maciej Lasyk
 
GPU Accelerated Deep Learning for CUDNN V2
GPU Accelerated Deep Learning for CUDNN V2GPU Accelerated Deep Learning for CUDNN V2
GPU Accelerated Deep Learning for CUDNN V2NVIDIA
 
Partner Busines1
Partner Busines1Partner Busines1
Partner Busines1guest4ab0dd
 
Ara Social Web 9 09 Small
Ara Social Web 9 09 SmallAra Social Web 9 09 Small
Ara Social Web 9 09 Small
mhines
 
Biweekly Financial Commentary 08 07 14
Biweekly Financial Commentary 08 07 14Biweekly Financial Commentary 08 07 14
Biweekly Financial Commentary 08 07 14Ant Wong
 
Servicio F
Servicio FServicio F
Servicio Fformacio
 
Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...
Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...
Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...
Alex G. Lee, Ph.D. Esq. CLP
 
Red Apple 2009
Red Apple 2009Red Apple 2009
Red Apple 2009
MIAF
 

Viewers also liked (20)

Running Docker containers on Mesos
Running Docker containers on MesosRunning Docker containers on Mesos
Running Docker containers on Mesos
 
Containers - What are they and Atomic
Containers - What are they and AtomicContainers - What are they and Atomic
Containers - What are they and Atomic
 
Containerizing Web Application with Docker
Containerizing Web Application with DockerContainerizing Web Application with Docker
Containerizing Web Application with Docker
 
Containers in the Enterprise
Containers in the EnterpriseContainers in the Enterprise
Containers in the Enterprise
 
Building Trustworthy Containers
Building Trustworthy ContainersBuilding Trustworthy Containers
Building Trustworthy Containers
 
Red Hat Container Strategy
Red Hat Container StrategyRed Hat Container Strategy
Red Hat Container Strategy
 
Docker and DevOps - Why it matters
Docker and DevOps - Why it mattersDocker and DevOps - Why it matters
Docker and DevOps - Why it matters
 
Docker Basics
Docker BasicsDocker Basics
Docker Basics
 
Containerized Cloud Computing - Redhat
Containerized Cloud Computing - RedhatContainerized Cloud Computing - Redhat
Containerized Cloud Computing - Redhat
 
RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)RHEL/Fedora + Docker (and SELinux)
RHEL/Fedora + Docker (and SELinux)
 
GPU Accelerated Deep Learning for CUDNN V2
GPU Accelerated Deep Learning for CUDNN V2GPU Accelerated Deep Learning for CUDNN V2
GPU Accelerated Deep Learning for CUDNN V2
 
Partner Busines1
Partner Busines1Partner Busines1
Partner Busines1
 
HMES Sandra Paterna
HMES Sandra PaternaHMES Sandra Paterna
HMES Sandra Paterna
 
Gluco Center Concept Paper 2009
Gluco Center Concept Paper 2009Gluco Center Concept Paper 2009
Gluco Center Concept Paper 2009
 
Ara Social Web 9 09 Small
Ara Social Web 9 09 SmallAra Social Web 9 09 Small
Ara Social Web 9 09 Small
 
Biweekly Financial Commentary 08 07 14
Biweekly Financial Commentary 08 07 14Biweekly Financial Commentary 08 07 14
Biweekly Financial Commentary 08 07 14
 
Nel photos superbes
Nel photos superbesNel photos superbes
Nel photos superbes
 
Servicio F
Servicio FServicio F
Servicio F
 
Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...
Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...
Antitrust Aspects of Trade Secrets in the U.S. and the EU: Balancing Approach...
 
Red Apple 2009
Red Apple 2009Red Apple 2009
Red Apple 2009
 

Similar to Introduction to Atomic: Tailoring a Trusted OS for Containers

Introduction to Project atomic (CentOS Dojo Bangalore)
Introduction to Project atomic (CentOS Dojo Bangalore)Introduction to Project atomic (CentOS Dojo Bangalore)
Introduction to Project atomic (CentOS Dojo Bangalore)
Lalatendu Mohanty
 
Project Atomic-Nulecule
Project Atomic-NuleculeProject Atomic-Nulecule
Project Atomic-Nulecule
Lalatendu Mohanty
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
dotCloud
 
Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015
Jérôme Petazzoni
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
Jérôme Petazzoni
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
dotCloud
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
Jérôme Petazzoni
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
TheFamily
 
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
Elos Technologies s.r.o.
 
Fedora Atomic Host
Fedora Atomic HostFedora Atomic Host
Fedora Atomic Host
rranjithrajaram
 
Fedora Atomic Host
Fedora Atomic Host Fedora Atomic Host
Fedora Atomic Host
rranjithrajaram
 
Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for Kubernetes
Phil Estes
 
JOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in ProductionJOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in Production
Jordan Open Source Association
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Jérôme Petazzoni
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQDocker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Jérôme Petazzoni
 
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
javier ramirez
 
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet
 
LXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software DeliveryLXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software DeliveryDocker, Inc.
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
dotCloud
 

Similar to Introduction to Atomic: Tailoring a Trusted OS for Containers (20)

Introduction to Project atomic (CentOS Dojo Bangalore)
Introduction to Project atomic (CentOS Dojo Bangalore)Introduction to Project atomic (CentOS Dojo Bangalore)
Introduction to Project atomic (CentOS Dojo Bangalore)
 
Project Atomic-Nulecule
Project Atomic-NuleculeProject Atomic-Nulecule
Project Atomic-Nulecule
 
Docker_AGH_v0.1.3
Docker_AGH_v0.1.3Docker_AGH_v0.1.3
Docker_AGH_v0.1.3
 
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewireIntroduction to Docker at SF Peninsula Software Development Meetup @Guidewire
Introduction to Docker at SF Peninsula Software Development Meetup @Guidewire
 
Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015Containers: from development to production at DevNation 2015
Containers: from development to production at DevNation 2015
 
A Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things ContainersA Gentle Introduction To Docker And All Things Containers
A Gentle Introduction To Docker And All Things Containers
 
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQIntroduction to Docker and all things containers, Docker Meetup at RelateIQ
Introduction to Docker and all things containers, Docker Meetup at RelateIQ
 
Introduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" EditionIntroduction to Docker, December 2014 "Tour de France" Edition
Introduction to Docker, December 2014 "Tour de France" Edition
 
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme PetazzoniWorkshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
Workshop : 45 minutes pour comprendre Docker avec Jérôme Petazzoni
 
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...
 
Fedora Atomic Host
Fedora Atomic HostFedora Atomic Host
Fedora Atomic Host
 
Fedora Atomic Host
Fedora Atomic Host Fedora Atomic Host
Fedora Atomic Host
 
Let's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for KubernetesLet's Try Every CRI Runtime Available for Kubernetes
Let's Try Every CRI Runtime Available for Kubernetes
 
JOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in ProductionJOSA TechTalks - Docker in Production
JOSA TechTalks - Docker in Production
 
Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9 Docker Introduction + what is new in 0.9
Docker Introduction + what is new in 0.9
 
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQDocker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQ
 
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...
 
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3 Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
Puppet Camp Seattle 2014: Docker and Puppet: 1+1=3
 
LXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software DeliveryLXC Docker and the Future of Software Delivery
LXC Docker and the Future of Software Delivery
 
LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013LXC, Docker, and the future of software delivery | LinuxCon 2013
LXC, Docker, and the future of software delivery | LinuxCon 2013
 

More from Joe Brockmeier

Thinking inside the box (shared)
Thinking inside the box (shared)Thinking inside the box (shared)
Thinking inside the box (shared)
Joe Brockmeier
 
Community Over Code: How to Build a Successful Project
Community Over Code: How to Build a Successful ProjectCommunity Over Code: How to Build a Successful Project
Community Over Code: How to Build a Successful Project
Joe Brockmeier
 
Sharing Apache's Goodness: How We Should be Telling Apache's Story
Sharing Apache's Goodness: How We Should be Telling Apache's StorySharing Apache's Goodness: How We Should be Telling Apache's Story
Sharing Apache's Goodness: How We Should be Telling Apache's Story
Joe Brockmeier
 
Solving the Package Problem
Solving the Package ProblemSolving the Package Problem
Solving the Package Problem
Joe Brockmeier
 
Apache CloudStack: API to UI (STLLUG)
Apache CloudStack: API to UI (STLLUG)Apache CloudStack: API to UI (STLLUG)
Apache CloudStack: API to UI (STLLUG)
Joe Brockmeier
 
Apache CloudStack: From API to UI (NYLUG)
Apache CloudStack: From API to UI (NYLUG)Apache CloudStack: From API to UI (NYLUG)
Apache CloudStack: From API to UI (NYLUG)
Joe Brockmeier
 
Deploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIDeploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UI
Joe Brockmeier
 
Taking the open cloud to 11
Taking the open cloud to 11Taking the open cloud to 11
Taking the open cloud to 11
Joe Brockmeier
 
Getting Started with Apache CloudStack
Getting Started with Apache CloudStackGetting Started with Apache CloudStack
Getting Started with Apache CloudStack
Joe Brockmeier
 
How I Learned to Stop Worrying, and Love Open Source Software Foundations
How I Learned to Stop Worrying, and Love Open Source Software FoundationsHow I Learned to Stop Worrying, and Love Open Source Software Foundations
How I Learned to Stop Worrying, and Love Open Source Software Foundations
Joe Brockmeier
 
Bootstrapping coverage
Bootstrapping coverageBootstrapping coverage
Bootstrapping coverageJoe Brockmeier
 

More from Joe Brockmeier (13)

Thinking inside the box (shared)
Thinking inside the box (shared)Thinking inside the box (shared)
Thinking inside the box (shared)
 
Community Over Code: How to Build a Successful Project
Community Over Code: How to Build a Successful ProjectCommunity Over Code: How to Build a Successful Project
Community Over Code: How to Build a Successful Project
 
Sharing Apache's Goodness: How We Should be Telling Apache's Story
Sharing Apache's Goodness: How We Should be Telling Apache's StorySharing Apache's Goodness: How We Should be Telling Apache's Story
Sharing Apache's Goodness: How We Should be Telling Apache's Story
 
Solving the Package Problem
Solving the Package ProblemSolving the Package Problem
Solving the Package Problem
 
Apache CloudStack: API to UI (STLLUG)
Apache CloudStack: API to UI (STLLUG)Apache CloudStack: API to UI (STLLUG)
Apache CloudStack: API to UI (STLLUG)
 
Apache CloudStack: From API to UI (NYLUG)
Apache CloudStack: From API to UI (NYLUG)Apache CloudStack: From API to UI (NYLUG)
Apache CloudStack: From API to UI (NYLUG)
 
Deploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UIDeploying Apache CloudStack from API to UI
Deploying Apache CloudStack from API to UI
 
Taking the open cloud to 11
Taking the open cloud to 11Taking the open cloud to 11
Taking the open cloud to 11
 
Getting Started with Apache CloudStack
Getting Started with Apache CloudStackGetting Started with Apache CloudStack
Getting Started with Apache CloudStack
 
How I Learned to Stop Worrying, and Love Open Source Software Foundations
How I Learned to Stop Worrying, and Love Open Source Software FoundationsHow I Learned to Stop Worrying, and Love Open Source Software Foundations
How I Learned to Stop Worrying, and Love Open Source Software Foundations
 
Intro to CloudStack
Intro to CloudStackIntro to CloudStack
Intro to CloudStack
 
Txlf2012
Txlf2012Txlf2012
Txlf2012
 
Bootstrapping coverage
Bootstrapping coverageBootstrapping coverage
Bootstrapping coverage
 

Recently uploaded

Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 

Recently uploaded (20)

Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 

Introduction to Atomic: Tailoring a Trusted OS for Containers

  • 1. Introduction toIntroduction to AtomicAtomic:: Tailoring a Trusted OS for ContainersTailoring a Trusted OS for Containers Joe Brockmeier jzb@redhat.com @jzb
  • 2. Introduction ● What is Project Atomic? ● Anatomy of an Atomic Host ● Coming Soon ● Getting Involved
  • 3. (I don't need to explain containers, right? Good.)
  • 4. What is Project Atomic?
  • 5. Project Atomic 101 ● Upstream community for developing tools and patterns for developing Atomic hosts. ● Umbrella project for Red Hat's efforts around developing, building, running, and managing containers. ● Not a new distribution – Atomic Hosts are built from CentOS, Fedora, or Red Hat Enterprise Linux.
  • 6. Why Atomic? ● We can run Linux containers on CentOS, Fedora, and RHEL already! ● Provide a streamlined host optimized for running and managing containers. ● All applications should be deployed as containers, rather than installing on the host. ● Host should be “cattle” and updates should be easy to deploy and manage.
  • 7. What Atomic Hosts Provide ● Streamlined host based on CentOS, Fedora, or RHEL packages + container stack. ● rpm-ostree ● /usr/bin/atomic ● Docker ● Kubernetes ● Cockpit ● Super Privileged Containers (SPC)
  • 8. What Atomic Hosts Won't Provide ● Atomic hosts are “immutable” – don't expect to install packages on running systems ● Official images are minimal – that means your favorite tool probably won't be added – Aside from Atomic development or troubleshooting, you should never be logged into an Atomic Host ● More than necessary
  • 9. CentOS, Fedora, or RHEL? ● Aside from rpm-ostree, all of the components that make up an Atomic Host are shared w/the parent distribution. ● You want support? Go RHEL Atomic Host. ● CentOS Atomic is currently under development, and hasn't released any “official” images. ● Fedora 21 released in December – developed by the Cloud Working Group. ● A CentOS rebuild of RHELAH is coming soon.
  • 10. rpm-ostree's history ● OStree initially developed for GNOME continuous by Colin Walters ● The rpm-ostree stuff came slightly later ● “Git for operating systems” – bootable, immutable, & versioned filesystem trees – works on top of any *nix filesystem – support for UID/GID, extended attr, handling bootloader, and more.
  • 11. Why rpm-ostree? ● “Atomic” updates make more sense for an immutable system ● Preserves the tooling to create packages, allows re- use of RPMs rather than re-inventing the wheel ● Easy rollback in the event you need to return to known-good tree ● Clean transaction for updates
  • 12. How rpm-ostree works (high level) ● Filesystem is read-only, except /var and /etc ● /etc is 3-way merged when you do an update ● All data (e.g. containers) is unchanged on upgrade ● Problem with an upgrade? `rpm-ostree rollback`
  • 13. /usr/bin/atomic ● Coherent entry point to the system: manage host and containers with the atomic command. ● Fill gaps in Linux container implementations. – e.g. “atomic install foo” can install a container with its k8s configuration and/or systemd unit file. – “atomic run” grabs the LABEL “run” with its Docker cmd line. Saves the user much typing. ● The “atomic host” command can be used for rpm- ostree updates.
  • 14. Cockpit ● Cockpit started prior to Atomic ● Server manager for administering Linux servers via the Web browser ● Doesn't interfere with normal admin tools ● Designed to be multi-server ● Support for managing containers, Kubernetes ● http://cockpit-project.org/
  • 15.
  • 16. Changes to 'docker search' & 'docker pull' ● We mostly ship vanilla Docker ● Additional registries for 'docker search' & 'docker pull' ● We add the RHEL registry to grab official RHEL content* ● Docker search lists fully qualified image name ● Ability to block registries ● Can warn on “push” to ensure private images aren't pushed to public registry
  • 17. Super-Privileged Containers (SPC) ● We mean it when we say “run everything in containers” on Atomic ● Usually containers have limited interaction w/the host ● SPC containers can be run with `atomic run` which saves the need for long docker commands to enble privileges
  • 18. Shipping Super-Privileged Containers (SPC) ● RHEL Atomic Tools Container Image – debugging tools like strace, traceroute, man pages, etc. needed to troubleshoot an image. ● RHEL Atomic rsyslog Container Image – runs rsyslogd service to send logs to central server, etc. (journald collects data either way) ● RHEL Atomic sadc Container Image – runs sadc from sysstat to be used w/`sar` ● More to come!
  • 19. Nulecule (in early development) ● Specification for multi-container application w/dependencies (“Atomic App”) ● Lets developer describe application, sysadmin define parameters for app at runtime ● Creates super-orchestration parameters for Kubernetes ● Defines on-demand scheduling of resource utilization ● Basis for policy-based orchestration via Mesos ● Supports Docker, ACI and potentially other container formats ● github.com/projectatomic/nulecule
  • 20. Kubernetes ● Initially used GearD from OpenShift, phased out in favor of Kubernetes ● Working with upstream to improve / develop Kubernetes for container management
  • 21. Pulling the Pieces TogetherPulling the Pieces Together
  • 22. Fedora Atomic Hosts ● Work is being done through the Cloud Work Group & will be part of the Cloud Product ● First release in Fedora 21 ● Adding new image formats in Fedora 22, updated Cockpit, etc. ● Moving to 2-week release cycle based on Rawhide or -current soon
  • 23. CentOS 7 Atomic Hosts ● Work is being done through CentOS Atomic SIG ● CentOS-based Atomic Hosts are still in development, working out a few details like signing ● Will be providing a rebuild of RHEL Atomic Host soon ● CentOS SIG / Project Atomic will be providing a faster-moving release with packages in development soon
  • 24. Getting Involved ● Website: projectatomic.io ● Github: github.com/projectatomic ● Facebook.com/projectatomic ● Twitter: @projectatomic ● Mailing Lists: http://www.projectatomic.io/community/