Project Atomic aims to tailor a trusted OS for containers by providing an immutable and streamlined host optimized for running and managing containers using technologies like rpm-ostree, Docker, Kubernetes, and Cockpit. The Atomic Host provides core container tools while remaining minimal and preventing installation of packages on the running system. Project Atomic coordinates development of Atomic Hosts across distributions like CentOS, Fedora, and RHEL.
Slides from my workshop at the Centos Dojo 2014, Bangalore.
This workshop focused on getting started with Docker with an introduction to Project Atomic. We discussed why Docker can be a better choice than Linux containers and virtual machines in many scenarios. We also discussed rpm-ostree and its advantages followed by running a CentOS Atomic host feeding it cloud-init data. A took a short ride to cockpit project for managing Atomic hosts and containers. We created custom docker images from CentOS image which can be shipped anywhere via docker repositories.
It's 2018. Are My Containers Secure Yet!?Phil Estes
A talk given at DevOps Pro Vilnius on March 15, 2018 about container security. In this talk we discussed the core topics around the container ecosystem (host, runtime, image) applicable to both Docker and Kubernetes, as well as discussing usable security/secure by default, and defense in depth principles. Also discussed were security futures like Project Grafeas, libentitlement, LinuxKit concepts, and trusted/untrusted container runtimes in Kubernetes.
Docker Engine Evolution: From Monolith to Discrete ComponentsPhil Estes
A talk given on Tuesday and Wednesday the 27th and 28th of February 2018 at the Docker Mountain View and Docker SF meetup groups. In this talk, Docker Captain Phil Estes provides a history of the Docker engine from its early days as a single statically linked binary providing all the Docker engine functions to today's Moby and Docker CE projects comprising multiple projects and layers, including the Open Container Initiative (OCI) specifications and runC implementation, and the Cloud Native Computing Foundation (CNCF) containerd project. This talk also describes how these lower layer components spun out from Docker are being used to enhance other projects and offerings in the container ecosystem.
Containerd Internals: Building a Core Container RuntimePhil Estes
A talk given at OpenSource Summit, North America in Los Angeles, CA on September 11th, 2017. Stephen Day (Docker) and Phil Estes (IBM) presented the history, design, architecture, and use cases for the containerd 1.0 core container runtime open source CNCF project.
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
These slides are from a talk presented at the Docker Athens meetup on Thursday, May 31, 2018. They start by covering the evolution of the Docker engine of 2014/2015 into the separate components of OCI runc, (now) CNCF containerd, and the Docker client and daemon projects. Finally, various use cases for the CNCF containerd "core container runtime" project are detailed, from the Docker engine itself to serverless frameworks like OpenWhisk, to the container runtime interface (CRI) within Kubernetes.
Presentation given on Sunday, February 4th, 2018 in the containers devroom at FOSDEM 2018. This presentation covers the containerd project background, history, architecture, and current status as a CNCF project used by Docker, Kubernetes, and other projects requiring a stable, performant core container runtime.
CRI Runtimes Deep-Dive: Who's Running My Pod!?Phil Estes
A talk given at QCon NYC on Wednesday, June 27, 2018 in the Container track, focused on helping developers understand the inner workings of pluggable container runtimes in the Kubernetes world. The second half of this talk is not available in slide form, but should be available via QCon video. The non-slide talk content included hands-on-keyboard demonstrations of various tools which can be used to investigate and introspect kubelet and pod -> container runtime boundaries and details, all shown in IBM Cloud using the containerd runtime underneath a Kubernetes 1.11 cluster.
Slides from my workshop at the Centos Dojo 2014, Bangalore.
This workshop focused on getting started with Docker with an introduction to Project Atomic. We discussed why Docker can be a better choice than Linux containers and virtual machines in many scenarios. We also discussed rpm-ostree and its advantages followed by running a CentOS Atomic host feeding it cloud-init data. A took a short ride to cockpit project for managing Atomic hosts and containers. We created custom docker images from CentOS image which can be shipped anywhere via docker repositories.
It's 2018. Are My Containers Secure Yet!?Phil Estes
A talk given at DevOps Pro Vilnius on March 15, 2018 about container security. In this talk we discussed the core topics around the container ecosystem (host, runtime, image) applicable to both Docker and Kubernetes, as well as discussing usable security/secure by default, and defense in depth principles. Also discussed were security futures like Project Grafeas, libentitlement, LinuxKit concepts, and trusted/untrusted container runtimes in Kubernetes.
Docker Engine Evolution: From Monolith to Discrete ComponentsPhil Estes
A talk given on Tuesday and Wednesday the 27th and 28th of February 2018 at the Docker Mountain View and Docker SF meetup groups. In this talk, Docker Captain Phil Estes provides a history of the Docker engine from its early days as a single statically linked binary providing all the Docker engine functions to today's Moby and Docker CE projects comprising multiple projects and layers, including the Open Container Initiative (OCI) specifications and runC implementation, and the Cloud Native Computing Foundation (CNCF) containerd project. This talk also describes how these lower layer components spun out from Docker are being used to enhance other projects and offerings in the container ecosystem.
Containerd Internals: Building a Core Container RuntimePhil Estes
A talk given at OpenSource Summit, North America in Los Angeles, CA on September 11th, 2017. Stephen Day (Docker) and Phil Estes (IBM) presented the history, design, architecture, and use cases for the containerd 1.0 core container runtime open source CNCF project.
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
These slides are from a talk presented at the Docker Athens meetup on Thursday, May 31, 2018. They start by covering the evolution of the Docker engine of 2014/2015 into the separate components of OCI runc, (now) CNCF containerd, and the Docker client and daemon projects. Finally, various use cases for the CNCF containerd "core container runtime" project are detailed, from the Docker engine itself to serverless frameworks like OpenWhisk, to the container runtime interface (CRI) within Kubernetes.
Presentation given on Sunday, February 4th, 2018 in the containers devroom at FOSDEM 2018. This presentation covers the containerd project background, history, architecture, and current status as a CNCF project used by Docker, Kubernetes, and other projects requiring a stable, performant core container runtime.
CRI Runtimes Deep-Dive: Who's Running My Pod!?Phil Estes
A talk given at QCon NYC on Wednesday, June 27, 2018 in the Container track, focused on helping developers understand the inner workings of pluggable container runtimes in the Kubernetes world. The second half of this talk is not available in slide form, but should be available via QCon video. The non-slide talk content included hands-on-keyboard demonstrations of various tools which can be used to investigate and introspect kubelet and pod -> container runtime boundaries and details, all shown in IBM Cloud using the containerd runtime underneath a Kubernetes 1.11 cluster.
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeAcademy
rkt is a modern container runtime, built for security, efficiency, and composability. Kubernetes is a modern cluster orchestration system allowing users. Kubernetes doesn't directly execute application containers but instead delegate to a container runtime, which is integrated at the kubelet (node) level. When Kubernetes first launched, the only supported container runtime was Docker - but in recent months, we've been hard at work integrating rkt as an alternative container runtime, aka "rktnetes". The goal of "rktnetes" is to have first-class integration between rkt and the kubelet, and allow Kubernetes users to take advantage of some of rkt's unique features.
This talk will describe how rkt works, some of the features that make it unique as a container runtime, and some of the process of integrating an alternative container runtime with Kubernetes, as well as the latest state of "rktnetes."Introduction to rkt, including special/unique features.
Sched Link: http://sched.co/6BY7
Docker & GitLab as a Continuous Integration platform. In this talk we describe how we use gitlab and docker as a platform to implement Continuous Integration in a simple and effective weay.
A talk given on December 6, 2017 at KubeCon/CloudNativeCon in Austin, Texas. In this talk, Phil talked briefly about containerd history and design, but the bulk of the talk was a live coding demo of creating a simple client for containerd to learn about the clean and simple API design for the client library and gRPC services. The GitHub project https://github.com/estesp/examplectr has the code and sample LinuxKit assembly used for the code and example client demo.
containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.
containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users.
Docker orchestration using core os and ansible - Ansible IL 2015Leonid Mirsky
The last couple of years have seen an increasing interest in Docker and related technologies. One of these technologies is CoreOS, a new operating system built from the ground up for running Docker containers at scale.
In this talk we will learn about CoreOS main concepts and tools. We will get our hands dirty as we work together toward a goal of running a CoreOS cluster on AWS (using Ansible) and running docker containers on it.
The talk will conclude with a discussion on the place of Ansible (and configuration management tools in general) in the "next-generation" stack.
LinuxKit, a toolkit for building custom minimal, immutable Linux distributions.
Secure defaults without compromising usability
Everything is replaceable and customisable
Immutable infrastructure applied to building Linux distributions
Completely stateless, but persistent storage can be attached
Easy tooling, with easy iteration
Built with containers, for running containers
Designed for building and running clustered applications, including but not limited to container orchestration such as Docker or Kubernetes
Designed from the experience of building Docker Editions, but redesigned as a general-purpose toolkit
Designed to be managed by external tooling, such as Infrakit or similar tools
Includes a set of longer-term collaborative projects in various stages of development to innovate on kernel and userspace changes, particularly around security
In this talk, Michal Crosby will present on runC and Containerd, the internals and how they work together to start and manage containers in Docker. Afterwards, Arnaud Porterie will touch on about what was shipped in 1.11 and how it will enable some of the things we are working on for 1.12.
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesPhil Estes
A talk given at Cloud Native London meetup, February 6, 2018 on the role of container runtimes in Kubernetes, the introduction of the Container Runtime Interface (CRI), and the history of containerd and it's use as a CRI implementing container runtime for Kubernetes.
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeAcademy
Kurma is a open source container runtime that is based on the container instrumentation built into the Apcera Platform. Kurma, and its accompanied "KurmaOS" is our vision of a lightweight, fully containerized operating system.
This presentation will cover Apcera's journey in its container
instrumentation. Beginning with the pre-Docker landscape, how it grew over the course of 3+ years, and the "next-gen" adaption of it, where the base container instrumentation has been adapted to stand as its own open source project, and growing it to be used beyond just Apcera's own usage.
Kurma incorporates a lot of lessons learned with both development and operations of a container platform, including building modular vs monolith, extensibility being built in vs built on, and managing a cluster of hosts and containers.
We'll also cover our experiences with introducing it to Kubernetes as another first class runtime provider. Taking how Kurma works and have it work with Kubernetes, and how we'd like to see Kubernetes grow in some of the areas we see Kurma growing.
Sched Link: http://sched.co/6BlW
Container-relevant Upstream Kernel DevelopmentsDocker, Inc.
There is a lot of work going on in upstream Linux by a number of different entities focused on making containers more featureful. For example, namespaced file capabilities, LSM stacking, namespaced integrity management, user-id shifting filesystems, and perhaps even a `struct container` definition in the kernel proper.
In this talk, I'll cover several of these sorts of container-relevant patchsets that have been proposed in the kernel, including motivating why they are interesting, as well as discussing where the patchsets need to go before being merged to mainline.
An Open Source Story: Open Containers & Open CommunitiesPhil Estes
A talk given at All Thing Open's Open Source 101 event at NC State University, Raleigh, North Carolina on Saturday, 17th February, 2018.
This talk covered some interesting history lessons of the Docker open source project and inter-vendor tensions. If you were not at this talk do not read intent into these slides as this was truly an attempt at a "blame-free" post-mortem of the important topics of open source, governance, and foundations as it related to the extremely popular Docker open source project.
Meetup - Red Hat - Techtalks Copenhagen
What are containers, how do they work. and some details about RHEL Atomic
http://www.meetup.com/Red-Hat-Tech-Talks-DK/
KubeCon EU 2016: "rktnetes": what's new with container runtimes and KubernetesKubeAcademy
rkt is a modern container runtime, built for security, efficiency, and composability. Kubernetes is a modern cluster orchestration system allowing users. Kubernetes doesn't directly execute application containers but instead delegate to a container runtime, which is integrated at the kubelet (node) level. When Kubernetes first launched, the only supported container runtime was Docker - but in recent months, we've been hard at work integrating rkt as an alternative container runtime, aka "rktnetes". The goal of "rktnetes" is to have first-class integration between rkt and the kubelet, and allow Kubernetes users to take advantage of some of rkt's unique features.
This talk will describe how rkt works, some of the features that make it unique as a container runtime, and some of the process of integrating an alternative container runtime with Kubernetes, as well as the latest state of "rktnetes."Introduction to rkt, including special/unique features.
Sched Link: http://sched.co/6BY7
Docker & GitLab as a Continuous Integration platform. In this talk we describe how we use gitlab and docker as a platform to implement Continuous Integration in a simple and effective weay.
A talk given on December 6, 2017 at KubeCon/CloudNativeCon in Austin, Texas. In this talk, Phil talked briefly about containerd history and design, but the bulk of the talk was a live coding demo of creating a simple client for containerd to learn about the clean and simple API design for the client library and gRPC services. The GitHub project https://github.com/estesp/examplectr has the code and sample LinuxKit assembly used for the code and example client demo.
containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.
containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users.
Docker orchestration using core os and ansible - Ansible IL 2015Leonid Mirsky
The last couple of years have seen an increasing interest in Docker and related technologies. One of these technologies is CoreOS, a new operating system built from the ground up for running Docker containers at scale.
In this talk we will learn about CoreOS main concepts and tools. We will get our hands dirty as we work together toward a goal of running a CoreOS cluster on AWS (using Ansible) and running docker containers on it.
The talk will conclude with a discussion on the place of Ansible (and configuration management tools in general) in the "next-generation" stack.
LinuxKit, a toolkit for building custom minimal, immutable Linux distributions.
Secure defaults without compromising usability
Everything is replaceable and customisable
Immutable infrastructure applied to building Linux distributions
Completely stateless, but persistent storage can be attached
Easy tooling, with easy iteration
Built with containers, for running containers
Designed for building and running clustered applications, including but not limited to container orchestration such as Docker or Kubernetes
Designed from the experience of building Docker Editions, but redesigned as a general-purpose toolkit
Designed to be managed by external tooling, such as Infrakit or similar tools
Includes a set of longer-term collaborative projects in various stages of development to innovate on kernel and userspace changes, particularly around security
In this talk, Michal Crosby will present on runC and Containerd, the internals and how they work together to start and manage containers in Docker. Afterwards, Arnaud Porterie will touch on about what was shipped in 1.11 and how it will enable some of the things we are working on for 1.12.
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesPhil Estes
A talk given at Cloud Native London meetup, February 6, 2018 on the role of container runtimes in Kubernetes, the introduction of the Container Runtime Interface (CRI), and the history of containerd and it's use as a CRI implementing container runtime for Kubernetes.
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeAcademy
Kurma is a open source container runtime that is based on the container instrumentation built into the Apcera Platform. Kurma, and its accompanied "KurmaOS" is our vision of a lightweight, fully containerized operating system.
This presentation will cover Apcera's journey in its container
instrumentation. Beginning with the pre-Docker landscape, how it grew over the course of 3+ years, and the "next-gen" adaption of it, where the base container instrumentation has been adapted to stand as its own open source project, and growing it to be used beyond just Apcera's own usage.
Kurma incorporates a lot of lessons learned with both development and operations of a container platform, including building modular vs monolith, extensibility being built in vs built on, and managing a cluster of hosts and containers.
We'll also cover our experiences with introducing it to Kubernetes as another first class runtime provider. Taking how Kurma works and have it work with Kubernetes, and how we'd like to see Kubernetes grow in some of the areas we see Kurma growing.
Sched Link: http://sched.co/6BlW
Container-relevant Upstream Kernel DevelopmentsDocker, Inc.
There is a lot of work going on in upstream Linux by a number of different entities focused on making containers more featureful. For example, namespaced file capabilities, LSM stacking, namespaced integrity management, user-id shifting filesystems, and perhaps even a `struct container` definition in the kernel proper.
In this talk, I'll cover several of these sorts of container-relevant patchsets that have been proposed in the kernel, including motivating why they are interesting, as well as discussing where the patchsets need to go before being merged to mainline.
An Open Source Story: Open Containers & Open CommunitiesPhil Estes
A talk given at All Thing Open's Open Source 101 event at NC State University, Raleigh, North Carolina on Saturday, 17th February, 2018.
This talk covered some interesting history lessons of the Docker open source project and inter-vendor tensions. If you were not at this talk do not read intent into these slides as this was truly an attempt at a "blame-free" post-mortem of the important topics of open source, governance, and foundations as it related to the extremely popular Docker open source project.
Meetup - Red Hat - Techtalks Copenhagen
What are containers, how do they work. and some details about RHEL Atomic
http://www.meetup.com/Red-Hat-Tech-Talks-DK/
The presentation delivered on "Containers in the Enterprise" as a part of the Australia & New Zealand Technical event series.
The presentation agenda:
● What are Linux Containers?
● Enterprise Challenges for Container Adoption and
How Red Hat Solves These
● Kubernetes Architecture in OpenShift 3
● Real World Container Adoption
● Red Hat's Container Roadmap
Containers have the potential to improve the security of typical deployments, but for many the argument has not yet been made convincingly. This talk will describe the existing security technologies around containers, and show how their use can make container-based systems more secure than the alternatives. It will then go further, describing new technologies that allow admins to have even greater confidence in the security of their systems, beyond anything possible with traditional deployment techniques.
This was a talk I did in Dublin at an event called Redefining the Enterprise OS Breakfast Briefing - How to meet next-generation IT demands for Linux Containers, Docker, Performance & Systems Management
http://techxperts.eu/events/redefining-the-enterprise-os-breakfast-briefing/
From the Amazon Web Services Singapore & Malaysia Summits 2015 Track 2 Breakout, 'Containerized Cloud Computing' Presented by Sivaram Shunmugam Manager, Infrastructure Practice - Redhat
Is Red Hat / Fedora / Centos ready for lightweight Docker containers? Is Docker secure enough? How about SELinux? How could we deploy Jboss or Django within Docker / RHEL?
I gave this talk at DevOPS meetup in Krakow at 2014-02-26.
Introduction to Project atomic (CentOS Dojo Bangalore)Lalatendu Mohanty
The talk was given in CentOS Dojo Bangalore on 29th April 2015
http://wiki.centos.org/Events/Dojo/Bangalore2015
This slides contains introduction to Project Atomic and CentOS Atomic SIG.
Introduction to Docker at SF Peninsula Software Development Meetup @GuidewiredotCloud
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
Containers: from development to production at DevNation 2015Jérôme Petazzoni
In Docker, applications are shipped using a lightweight format, managed with a high-level API, and run within software containers which abstract the host environment. Operating details like distributions, versions, and network setup no longer matter to the application developer.
Thanks to this abstraction level, we can use the same container across all steps of the life cycle of an application, from development to production. This eliminates problems stemming from discrepancies between those environments.
Even so, these environments will always have different requirements. If our quality assurance (QA) and production systems use different logging systems, how can we still ship the same container to both? How can we satisfy the backup and security requirements of our production stack without bloating our development stack?
In this sess, you will learn about the unique features in containers that allow you to cleanly decouple system administrator tasks from the core of your application. We’ll show you how this decoupling results in smaller, simpler containers, and gives you more flexibility when building, managing, and evolving your application stacks.
A Gentle Introduction To Docker And All Things ContainersJérôme Petazzoni
Docker is a runtime for Linux Containers. It enables "separation of concern" between devs and ops, and solves the "matrix from hell" of software deployment. This presentation explains it all! It also explains the role of the storage backend and compares the various backends available. It gives multiple recipes to build Docker images, including integration with configuration management software like Chef, Puppet, Salt, Ansible. If you already watched other Docker presentations, this is an actualized version (as of mid-November 2013) of the thing!
Introduction to Docker and all things containers, Docker Meetup at RelateIQdotCloud
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
Introduction to Docker, December 2014 "Tour de France" EditionJérôme Petazzoni
Docker, the Open Source container Engine, lets you build, ship and run, any app, anywhere.
This is the presentation which was shown in December 2014 for the "Tour de France" in Paris, Lille, Lyon, Nice...
Red Hat Cloud Infrastructure Conference 2013 - Presentation about OpenStack ...Elos Technologies s.r.o.
Konference Red Hat Cloud Infrastructure 2013 ze dne 20.9. 2013 a prezentace od product managera pro cloud ze společnosti Red Hat. Všechna práva vyhrazena.
Let's Try Every CRI Runtime Available for KubernetesPhil Estes
A talk given at KubeCon/CloudNativeCon EU in Barcelona, Spain on May 23, 2019. In this talk Phil presented the explosion of OCI-compliant CRI-enabled runtimes that can be used underneath Kubernetes, and demonstrated several of them live.
Docker is an open platform for developers and system administrators to build, ship and run distributed applications. Using Docker, companies in Jordan have been able to build powerful system architectures that allow speeding up delivery, easing deployment processes and at the same time cutting major hosting costs.
George Khoury shares his experience at Salalem in building flexible and cost effective architectures using Docker and other tools for infrastructure orchestration. The result allows them to easily and quickly move between different cloud providers.
Docker Introduction, and what's new in 0.9 — Docker Palo Alto at RelateIQJérôme Petazzoni
Docker is the Open Source container engine. This is an introduction to Docker, what it is, how it works, and some material presenting the new features in versions 0.8 and 0.9.
Como creamos QuestDB Cloud, un SaaS basado en Kubernetes alrededor de QuestDB...javier ramirez
QuestDB es una base de datos open source de alto rendimiento. Mucha gente nos comentaba que les gustaría usarla como servicio, sin tener que gestionar las máquinas. Así que nos pusimos manos a la obra para desarrollar una solución que nos permitiese lanzar instancias de QuestDB con provisionado, monitorización, seguridad o actualizaciones totalmente gestionadas.
Unos cuantos clusters de Kubernetes más tarde, conseguimos lanzar nuestra oferta de QuestDB Cloud. Esta charla es la historia de cómo llegamos ahí. Hablaré de herramientas como Calico, Karpenter, CoreDNS, Telegraf, Prometheus, Loki o Grafana, pero también de retos como autenticación, facturación, multi-nube, o de a qué tienes que decir que no para poder sobrevivir en la nube.
"In the beginning there was RPM, and it was good." Certainly, Linux packaging has solved many of the problems involved in shipping software, from creation to consumption and maintenance. As software development and deployment have evolved, however, new pain points have cropped up that have not been solved by traditional packaging tools.
Are containers the answer? They may be able to solve many of the current problems, but they also introduce a new set of issues and ignore important lessons from the evolution of distribution-level packaging.
In the beginning there was RPM (and Debian packages) and it was good. Certainly, Linux packaging has solved many problems and pain points for system admins and developers over the years -- but as software development and deployment have evolved, new pain points have cropped up that have not been solved by traditional packaging.
In this talk, Joe Brockmeier will run through some of the problems that admins and developers have run into, and some of the solutions that organizations should be looking at to solve their issues with developing and deploying software. This includes Software Collections, Docker containers, OStree and rpm-ostree, Platform-as-a-Service, and more.
Deploying Apache CloudStack from API to UIJoe Brockmeier
For most organizations with a large computing footprint, it's not a matter of if you'll need a private cloud - it's when, and what kind. One of the most mature and widely deployed options is Apache CloudStack, a robust, turnkey cloud that includes everything you need to set up a private, public, or hybrid cloud. We'll cover Apache CloudStack from API to UI, and a little of everything in between.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Leading Change strategies and insights for effective change management pdf 1.pdf
Introduction to Atomic: Tailoring a Trusted OS for Containers
1. Introduction toIntroduction to AtomicAtomic::
Tailoring a Trusted OS for ContainersTailoring a Trusted OS for Containers
Joe Brockmeier
jzb@redhat.com
@jzb
5. Project Atomic 101
●
Upstream community for developing tools and
patterns for developing Atomic hosts.
●
Umbrella project for Red Hat's efforts around
developing, building, running, and managing
containers.
●
Not a new distribution – Atomic Hosts are built from
CentOS, Fedora, or Red Hat Enterprise Linux.
6. Why Atomic?
●
We can run Linux containers on CentOS, Fedora,
and RHEL already!
●
Provide a streamlined host optimized for running
and managing containers.
●
All applications should be deployed as containers,
rather than installing on the host.
●
Host should be “cattle” and updates should be easy
to deploy and manage.
7. What Atomic Hosts Provide
●
Streamlined host based on CentOS, Fedora, or
RHEL packages + container stack.
●
rpm-ostree
●
/usr/bin/atomic
●
Docker
●
Kubernetes
●
Cockpit
●
Super Privileged Containers (SPC)
8. What Atomic Hosts Won't Provide
●
Atomic hosts are “immutable” – don't expect to
install packages on running systems
●
Official images are minimal – that means your
favorite tool probably won't be added
– Aside from Atomic development or troubleshooting, you should
never be logged into an Atomic Host
●
More than necessary
9. CentOS, Fedora, or RHEL?
●
Aside from rpm-ostree, all of the components that
make up an Atomic Host are shared w/the parent
distribution.
●
You want support? Go RHEL Atomic Host.
●
CentOS Atomic is currently under development, and
hasn't released any “official” images.
●
Fedora 21 released in December – developed by
the Cloud Working Group.
●
A CentOS rebuild of RHELAH is coming soon.
10. rpm-ostree's history
●
OStree initially developed for GNOME continuous
by Colin Walters
●
The rpm-ostree stuff came slightly later
●
“Git for operating systems”
– bootable, immutable, & versioned filesystem trees
– works on top of any *nix filesystem
– support for UID/GID, extended attr, handling bootloader,
and more.
11. Why rpm-ostree?
●
“Atomic” updates make more sense for an
immutable system
●
Preserves the tooling to create packages, allows re-
use of RPMs rather than re-inventing the wheel
●
Easy rollback in the event you need to return to
known-good tree
●
Clean transaction for updates
12. How rpm-ostree works (high level)
●
Filesystem is read-only, except /var and /etc
●
/etc is 3-way merged when you do an update
●
All data (e.g. containers) is unchanged on upgrade
●
Problem with an upgrade? `rpm-ostree rollback`
13. /usr/bin/atomic
●
Coherent entry point to the system: manage host
and containers with the atomic command.
●
Fill gaps in Linux container implementations.
– e.g. “atomic install foo” can install a container with its k8s
configuration and/or systemd unit file.
– “atomic run” grabs the LABEL “run” with its Docker cmd line.
Saves the user much typing.
●
The “atomic host” command can be used for rpm-
ostree updates.
14. Cockpit
●
Cockpit started prior to Atomic
●
Server manager for administering Linux servers via
the Web browser
●
Doesn't interfere with normal admin tools
●
Designed to be multi-server
●
Support for managing containers, Kubernetes
●
http://cockpit-project.org/
15.
16. Changes to 'docker search' & 'docker pull'
●
We mostly ship vanilla Docker
●
Additional registries for 'docker search' & 'docker
pull'
●
We add the RHEL registry to grab official RHEL
content*
●
Docker search lists fully qualified image name
●
Ability to block registries
●
Can warn on “push” to ensure private images aren't
pushed to public registry
17. Super-Privileged Containers (SPC)
●
We mean it when we say “run everything in
containers” on Atomic
●
Usually containers have limited interaction w/the
host
●
SPC containers can be run with `atomic run` which
saves the need for long docker commands to enble
privileges
18. Shipping Super-Privileged Containers (SPC)
●
RHEL Atomic Tools Container Image – debugging
tools like strace, traceroute, man pages, etc. needed
to troubleshoot an image.
●
RHEL Atomic rsyslog Container Image – runs
rsyslogd service to send logs to central server, etc.
(journald collects data either way)
●
RHEL Atomic sadc Container Image – runs sadc
from sysstat to be used w/`sar`
●
More to come!
19. Nulecule (in early development)
●
Specification for multi-container application
w/dependencies (“Atomic App”)
●
Lets developer describe application, sysadmin define
parameters for app at runtime
●
Creates super-orchestration parameters for Kubernetes
●
Defines on-demand scheduling of resource utilization
●
Basis for policy-based orchestration via Mesos
●
Supports Docker, ACI and potentially other container
formats
●
github.com/projectatomic/nulecule
20. Kubernetes
●
Initially used GearD from OpenShift, phased out in
favor of Kubernetes
●
Working with upstream to improve / develop
Kubernetes for container management
22. Fedora Atomic Hosts
●
Work is being done through the Cloud Work Group
& will be part of the Cloud Product
●
First release in Fedora 21
●
Adding new image formats in Fedora 22, updated
Cockpit, etc.
●
Moving to 2-week release cycle based on Rawhide
or -current soon
23. CentOS 7 Atomic Hosts
●
Work is being done through CentOS Atomic SIG
●
CentOS-based Atomic Hosts are still in
development, working out a few details like signing
●
Will be providing a rebuild of RHEL Atomic Host
soon
●
CentOS SIG / Project Atomic will be providing a
faster-moving release with packages in
development soon