Container Torture: Run any binary, in any container

•Download as PPTX, PDF•

4 likes•5,145 views

Running a container app in the container is easy, attaching a custom app to a running container is a bit trickier. But, what if I wanted to run any arbitrary binary in any arbitrary running container? Common wisdom says it's impossible. Is it ? This talk dives into containers internals, just above the kernel surface and demonstrates that this is, indeed possible. With a bit of C magic and ptrace.

Technology

Container Torture
Run any binary, in any container
Jean-Tiare Le Bigot
System Developer

Sailabove
2
R&D project
Goal: understand the Challenges
what are the at-scale issues?
what are the multi-tenancy challenges?
how does it work?

Inspection / Introspection
3
How do you inspect /proc?
How do you inspect files?
How do you inject files?

Inspection / Introspection
4
You don’t trust the container
You can’t make asumptions
You can’t alter the container

Goal / Scope
Inspect any container FS
it includes you, /proc
with standard, unpatched tools
sftp access for all

The road ahead
What is a container?
How (not) to enter a container?
Run a static host binary in a container
Run a dyn host binary in a container
Run a TUI host binary in a container
Stretch goal: sftp (and we'll stretch)

Anatomy of a container
A container is a group of processes
Sharing the same namespaces.

Introducing namespaces
Introduced with Linux 2.4.19 (2002)
Allow processes to have dedicated
Mountpoints
Network stack
PIDs
…

Anatomy of a container « / »
DONE
umount()
pivot_root()
mount()
clone()  Host
/bin
/container
/dev
/etc
/usr
 Container
/bin
/container
/dev
/etc
/usr

Anatomy of a container « / »
DONE
umount()
pivot_root()
mount()
clone()  Host
/bin
/container
/dev
/etc
/usr
 Container
/bin
/container
/bin
/dev
/etc
/host
/usr
/dev
/etc
/usr

Anatomy of a container « / »
DONE
umount()
pivot_root()
mount()
clone()  Host
/bin
/container
/dev
/etc
/usr
 Container
/bin
/dev
/etc
/host
/bin
/container
/dev
/etc
/usr
/usr

Anatomy of a container « / »
DONE
umount()
pivot_root()
mount()
clone()  Host
/bin
/container
/dev
/etc
/usr
 Container
/bin
/dev
/etc
/host
/usr

Anatomy of a container « / »
DONE
umount()
pivot_root()
mount()
clone()
Independent FS

Introducing setns
Introduced in Linux 3.0
Join an existing Namespace
Building block for: nsenter, docker exec
int fd = open(“/proc/<target pid>/ns/<ns name>”)
setns(fd, <ns type>)

setns pattern #1 – custom binary
Host Container
setns()

setns pattern #2 – container binary
Host Container
setns()

What about host binaries
Only the 2 previous patterns
Independant FS
This is impossible
This is were the fun begins

What about host binaries
Easy  patch
Hard  automatic code rewrite
Ambitious  at runtime

Introducing ptrace
Introduced in Linux 1.0 / SVr4 (1983)
Building block for: strace/gdb/…
Features:
Trace processes
Mess with processes (easy)
Interract with processes (trickier)

What we’ll do
Inject setns() syscall
At the right time
Assume Linux >= 2.14
Assume X86_64

Anatomy of a syscall
process kernel tracer

Anatomy of a syscall
process kernel tracer
handle_call()
handle_ret()

Anatomy of a syscall
process kernel tracer
handle_call()
handle_ret()
What if we…
 Alter orig_rax?
 Alter rip?
 Alter rax?
inject_syscall()

Injecting setns
1. Open each Namespace fd
2. Leak them in the target process
3. Start ptrace-ing
4. Wait until exec
5. Inject each setns calls
6. Clean your room

$// Wait until exec syscall is done do { wait_for_syscall(child, NULL); wait_for_syscall(child, &regs); } while(regs.orig_rax != SYS_execve); Show me the code! OVH group/Sailabove: booth 17 sailabove.com$

$// Enter namespaces + cleanup for(ns=namespaces; ns->proc_name; ns++) { inject_setns(child, ns->fd, 0); inject_close(child, ns->fd); } Show me the code! OVH group/Sailabove: booth 17 sailabove.com$

Thank you!
Jean-Tiare Le Bigot
@oyadutaf
Jean-tiare.le-bigot@corp.ovh.com

Agenda
Section Three
Title
Title
Title
Section Four
Title
Title
Title
Section One
Title
Title
Title
Section Two
Title
Title
Title

RGB
0–149–203
RGB
0–167–224
RGB
20–175–229
RGB
41–183–234
RGB
51–193–241
RGB
66–198–243
RGB
117–209–243
RGB
209–173–43
RGB
238–201–49
RGB
244–214–98
RGB
203–86-86
RGB
240-100-101
RGB
244–142–142
RGB
57–77–85
RGB
216–222–223
39

40
Photo Caption
Insert photo, then send to back in order to show the
rounded border. DELETE this text box

—Author Name
“Here’s the space
for an awesome quote.”
41

Containers are everywhere. But what exactly is a container? What are they made from? What's the difference between LXC, butts-nspawn, Docker, and the other container systems out there? And why should we bother about specific filesystems? In this talk, Jérôme will show the individual roles and behaviors of the components making up a container: namespaces, control groups, and copy-on-write systems. Then, he will use them to assemble a container from scratch, and highlight the differences (and likelinesses) with existing container systems.

LXC

Wu Fan-Cheng

Docker: the road ahead

shykes

LXC, Docker, security: is it safe to run applications in Linux Containers?

Jérôme Petazzoni

Containers: The What, Why, and How

Sneha Inguva

Passive benchmarking with docker LXC and KVM using OpenStack hosted in SoftLayer. These results provide initial incite as to why LXC as a technology choice offers benefits over traditional VMs and seek to provide answers as to the typical initial LXC question -- "why would I consider Linux Containers over VMs" from a performance perspective. Results here provide insight as to: - Cloudy ops times (start, stop, reboot) using OpenStack. - Guest micro benchmark performance (I/O, network, memory, CPU). - Guest micro benchmark performance of MySQL; OLTP read, read / write complex and indexed insertion. - Compute node resource consumption; VM / Container density factors. - Lessons learned during benchmarking. The tests here were performed using OpenStack Rally to drive the OpenStack cloudy tests and various other linux tools to test the guest performance on a "micro level". The nova docker virt driver was used in the Cloud scenario to realize VMs as docker LXC containers and compared to the nova virt driver for libvirt KVM. Please read the disclaimers in the presentation as this is only intended to be the "chip of the ice burg".

Introduction to Docker and deployment and Azure

Jérôme Petazzoni

If you're not familiar with Docker yet, here is your chance to catch up: a quick overview of the Open Source Docker Engine, and its associated services delivered through the Docker Hub. It also includes Jérôme will also discuss the new features of Docker 1.0, and briefly explain how you can run and maintain Docker on Azure. In addition, an Azure team member will demonstrate how deploy docker to Azure. The presentation will be followed by a Q&A session!

Containerization is more than the new Virtualization: enabling separation of ...

Jérôme Petazzoni

Docker offers a new, lightweight approach to application portability. Applications are shipped using a common container format, and managed with a high-level API. Their processes run within isolated namespaces which abstract the operating environment, independently of the distribution, versions, network setup, and other details of this environment. This "containerization" has often been nicknamed "the new virtualization". But containers are more than lightweight virtual machines. Beyond their smaller footprint, shorter boot times, and higher consolidation factors, they also bring a lot of new features and use cases which were not possible with classical virtual machines. We will focus on one of those features: separation of operational concerns. Specifically, we will demonstrate how some fundamental tasks like logging, remote access, backups, and troubleshooting can be entirely decoupled from the deployment of applications and services. This decoupling results in independent, smaller, simpler moving parts; just like microservice architectures break down large monolithic apps in more manageable components.

Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition

Jérôme Petazzoni

Docker, the Open Source container Engine, lets you build, ship and run, any app, anywhere. This is the presentation which was shown in December 2014 for the last stop of the "Tour de France" in Bordeaux. It is slightly different from the presentation which was shown in the other cities (http://www.slideshare.net/jpetazzo/introduction-to-docker-december-2014-tour-de-france-edition), and includes a detailed history of dotCloud and Docker and a few other differences. Special thanks to https://twitter.com/LilliJane and https://twitter.com/zirkome, who gave me the necessary motivation to put together this slightly different presentation, since they had already seen the other presentation in Paris :-)

Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy

Boden Russell

Docker - container and lightweight virtualization

Sim Janghoon

Docker storage drivers by Jérôme Petazzoni

Docker, Inc.

The first release of Docker only supported AUFS, and AUFS was available (out of the box) only on Debian and Ubuntu kernel. Then Red Hat wanted Docker to run on its distros, and contributed the Device Mapper driver, and later the BTRFS driver, and recently the overlayfs driver. Jérôme presents how those drivers compare from a high-level perspective, explaining their pros and cons. Then he showed each driver in action, and look at low-level implementation details. We won't dive into the golang implementation code itself, but we will explain the concepts of each driver. This will help to better understand how they work, and give some hints when it comes to troubleshoot their behaviour.

Techtalks: taking docker to production

muayyad alsadi

Linux Container Brief for IEEE WG P2302

Boden Russell

A brief into to Linux Containers presented to IEEE working group P2302 (InterCloud standards and portability). This deck covers: - Definitions and motivations for containers - Container technology stack - Containers vs Hypervisor VMs - Cgroups - Namespaces - Pivot root vs chroot - Linux Container image basics - Linux Container security topics - Overview of Linux Container tooling functionality - Thoughts on container portability and runtime configuration - Container tooling in the industry - Container gaps - Sample use cases for traditional VMs Overall, a bulk of this deck is covered in other material I have posted here. However there are a few new slides in this deck, most notability some thoughts on container portability and runtime config.

Docker Tips And Tricks at the Docker Beijing Meetup

Jérôme Petazzoni

Introduction to Docker at Glidewell Laboratories in Orange County

Jérôme Petazzoni

Tokyo OpenStack Summit 2015: Unraveling Docker Security

Phil Estes

Docker 101 - Intro to Docker

Adrian Otto

Inside Docker for Fedora20/RHEL7Etsuji Nakai

Head First to Container&Kubernetes

HungWei Chiu

Seven problems of Linux Containers

Kirill Kolyshkin

Drone your Ansible

Dennis Rowe

Developer WeekDocker, Inc.

What's hot

Demystifying kubernetes

Works Applications

Docker: Aspects of Container Isolation

allingeek

Docker introduction

dotCloud

Docker 原理與實作

kao kuo-tung

KVM and docker LXC Benchmarking with OpenStack

Boden Russell

Introduction to Docker and deployment and Azure

Jérôme Petazzoni

Containerization is more than the new Virtualization: enabling separation of ...

Jérôme Petazzoni

Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition

Jérôme Petazzoni

Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy

Boden Russell

Docker - container and lightweight virtualization

Sim Janghoon

Docker storage drivers by Jérôme Petazzoni

Docker, Inc.

Techtalks: taking docker to production

muayyad alsadi

Linux Container Brief for IEEE WG P2302

Boden Russell

Docker Tips And Tricks at the Docker Beijing Meetup

Jérôme Petazzoni

Introduction to Docker at Glidewell Laboratories in Orange County

Jérôme Petazzoni

Tokyo OpenStack Summit 2015: Unraveling Docker Security

Phil Estes

Docker 101 - Intro to Docker

Adrian Otto

Inside Docker for Fedora20/RHEL7Etsuji Nakai

Head First to Container&Kubernetes

HungWei Chiu

Seven problems of Linux Containers

Kirill Kolyshkin

What's hot (20)

Demystifying kubernetes

Docker: Aspects of Container Isolation

Docker introduction

Docker 原理與實作

KVM and docker LXC Benchmarking with OpenStack

Introduction to Docker and deployment and Azure

Containerization is more than the new Virtualization: enabling separation of ...

Introduction to Docker, December 2014 "Tour de France" Bordeaux Special Edition

Linux containers – next gen virtualization for cloud (atl summit) ar4 3 - copy

Docker - container and lightweight virtualization

Docker storage drivers by Jérôme Petazzoni

Techtalks: taking docker to production

Linux Container Brief for IEEE WG P2302

Docker Tips And Tricks at the Docker Beijing Meetup

Introduction to Docker at Glidewell Laboratories in Orange County

Tokyo OpenStack Summit 2015: Unraveling Docker Security

Docker 101 - Intro to Docker

Inside Docker for Fedora20/RHEL7

Head First to Container&Kubernetes

Seven problems of Linux Containers

Viewers also liked

Drone your Ansible

Dennis Rowe

Developer WeekDocker, Inc.

The Mushroom Cloud Effect or What Happens When Containers Fail? by Alois Mayr...

Docker, Inc.

Micro service architectures result in up to 20 times larger environments than their monolithic counterparts. In such big and interconnected environments container metrics will tell you about infrastructure health but not service health. Even if you have implemented service health checks to quickly react on service failures, in a resilient system you will see intermediary mushroom cloud effects of a large number of services being affected temporarily. How do you find out what really caused the problem and how to distinguish effect vs. cause? In this session we will do post-mortem analysis by walking through different cases of failures we've observed in a real-world large e-commerce production environment and show you how to figure out what actually caused the failures.

Docker Plugin for Heat IIDocker, Inc.

Building a Smarter Application StackDocker, Inc.

Cost Control Across Cloud, On-Premise and VM Computers by Mark Lavi, Calm.io

Docker, Inc.

Anecdotal numbers suggest that more than 40% compute resources are under utilized -- from unused cloud instances to virtual machines running on bare-metal. Hundreds of QA & Dev nodes to thousands of production instances could be shutdown, and brought back to the same state on demand. That's what cloud is about -- agility and efficiency, but our on-premise datacenter habits have migrated to the cloud as well. Calm's DevOps automation platform helps fix our old habits. Calm provides a single pane of glass across cloud and on-premise, integrating with Chef, Puppet and Docker ecosystems. The single pane of glass enables orchestration, cost-control and on-demand provisioning.

DockerCon SF 2015: Maintaining the official node.js docker imageDocker, Inc.

DockerCon SF 2015: How to talk to humans

Docker, Inc.

Slides from Sharon Steed's talk at DockerCon SF 2015 Talk Description: Developers are trained to communicate to things with a goal in mind. When you're talking to a computer, you type in your code and it responds by giving you back what you want. Simple and straight forward. When talking to people? Not always the case. Why? Because talking to people requires a special set of skills - namely, empathy and a little bit of storytelling. In an industry filled with brilliant minds, great ideas and mass disruption, so few of the best and brightest know how to tell their compelling story. This talk teaches you how.

Intro to Docker November 2013Docker, Inc.

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...

Docker, Inc.

Presentation by Dr. Marius Millea, Cosmologist and Postdoctoral Fellow at the Institut Lagrange de Paris Cosmology@Home is a project which uses volunteer computing to analyze cosmological data and answer questions about our universe such as "how much dark matter is there?" and "under what conditions did the Big Bang occur?" We recently began using Docker by taking each job which we would normally send to our volunteer computers, and packaging it up inside a Docker container. The volunteer computers themselves come from interested users all over the world who download and run the software allowing them to become volunteers (called BOINC). The system is working exceedingly well and using Docker has made it massively easier for us to develop and run it. I will explain some of the technical details of the implementation, which involves a customized boot2docker ISO, as well give a brief summary of the scientific questions we are trying to answer and how these results made possible by Docker are helping analyze data from, e.g. the European Space Agency's Planck satellite.

DockerCon SF 2015: MomOps in DevOps w/ Mukta Aphale

Docker, Inc.

Talk Description: Some can deliver code while some can deliver humans. But there are very few who can deliver both! Lets accept that being a mother in the technology world is not an easy game. The speaker, a DevOps Architect, wants to talk about how you can manage a wonderful motherhood with an awesome career. She is a mother of two and is but an ordinary woman who has been able to manage being both: MomOps and DevOps! She wants to encourage more women to pursue their passion for technology even after having kids.

DockerCon EU 2015: From Local Development to Production Deployments using Ama...

Docker, Inc.

DockerCon14 John EngatesDocker, Inc.

DockerCon14 eBayDocker, Inc.

Docker Online Meetup #30: Docker Trusted Registry 1.4.1

Docker, Inc.

In this Docker Online Meetup, Docker Software Engineer Tony Holdstock-Brown discusses the latest features in Docker Trusted Registry 1.4.1 including: - Image deletion and garbage collection - Set up, and manage user accounts, teams, organizations, and repositories from either APIs or through the Trusted Registry user interface - Search, browse, and discover images created by other users through either APIs or through the Trusted Registry UI - New APIs for accessing repositories, account management, indexing, searching, and reindexing - New experimental feature: Docker Trusted Registry now integrates with Docker Content Trust using Notary

How to Successfully Build a Local Docker Community by Mathias Renner

Docker, Inc.

A community is one of the key components of an open source software project. The success of an open source project like Docker is highly dependent on a large and active community. The speakers will share their experience of how to successfully build a local community by the example of how they raised a Docker community at their University (Univ. of Bamberg, Germany). They summon their best practices as a result of the mistakes they made, illustrated by story telling. This is a talk from me as a student, which is an underrepresented group at DockerCon.

WOT Cloud Computing Architect SummitDocker, Inc.

DockerCon SF 2015: From Months to Minutes

Docker, Inc.

How GE Appliances Brought Docker Into the Enterprise - Talk Description: In a traditional enterprise IT shop, it’s common to find a plethora of aging technologies. From COBOL running on mainframes, to huge Java applications spread across both physical and virtual hardware, the enterprise can sometimes resemble a living museum of IT. For application owners, bureaucracy, lack of business priority, and complex infrastructure can slow innovation, and make it difficult to stay current. At GE, we leveraged Docker/Mesos to create an internal application platform that brings speed, simplicity, and cutting edge deployment processes to our enterprise, empowering developers to go from concept to production in minutes, rather than months.

Tyrion Cannister Neural Styles by Dora Korpar and Siphan Bou

Docker, Inc.

DockerCon14 Contributing to Docker by TianonDocker, Inc.

Viewers also liked (20)

Drone your Ansible

Developer Week

The Mushroom Cloud Effect or What Happens When Containers Fail? by Alois Mayr...

Docker Plugin for Heat II

Building a Smarter Application Stack

Cost Control Across Cloud, On-Premise and VM Computers by Mark Lavi, Calm.io

DockerCon SF 2015: Maintaining the official node.js docker image

DockerCon SF 2015: How to talk to humans

Intro to Docker November 2013

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...

DockerCon SF 2015: MomOps in DevOps w/ Mukta Aphale

DockerCon EU 2015: From Local Development to Production Deployments using Ama...

DockerCon14 John Engates

DockerCon14 eBay

Docker Online Meetup #30: Docker Trusted Registry 1.4.1

How to Successfully Build a Local Docker Community by Mathias Renner

WOT Cloud Computing Architect Summit

DockerCon SF 2015: From Months to Minutes

Tyrion Cannister Neural Styles by Dora Korpar and Siphan Bou

DockerCon14 Contributing to Docker by Tianon

Similar to Container Torture: Run any binary, in any container

Patching Windows Executables with the Backdoor Factory | DerbyCon 2013

midnite_runr

Talk 160920 @ Cat System Workshop

Quey-Liang Kao

A tour on Spur for non-VM experts

ESUG

Mon, August 22, 2:00pm – 2:30pm Youtube: https://youtu.be/OlJZMHLTfuc Description Abstract: Spur is the new memory manager for the Cog virtual machine used by Pharo, Newspeak and Squeak. It features a two generation scavenger garbage collector with an adaptative tenuring policy, lazy become, (transparent) segmented memory, a new 64bit-compatible object-format, ephemerons, pinned objects, a class table, among others. If you're high-level application developer, or a programming amateur, but not a VM expert, but you're interested in understanding these concepts and what is their impact on your day to day development this talk is for you. Bio: Guille Polito is research engineer at CNRS, France. Pharoer since 2010, he participates actively in the Pharo open source community since several years. He currently works on the modularization of Pharo where he does software archeology, refactoring, library rewriting and participates in the Virtual Machine development.

Scale11x lxc talkdotCloud

Daniel Krasner - High Performance Text Processing with Rosetta

PyData

This talk covers rapid prototyping of a high performance scalable text processing pipeline development in Python. We demonstrate how Python modules, in particular from the Rosetta library, can be used to analyze, clean, extract features, and finally perform machine learning tasks such as classification or topic modeling on millions of documents. Our style is to build small and simple modules (each with command line interfaces) that use very little memory and are parallelized with the multiprocessing library.

[Kiwicon 2011] Post Memory Corruption Memory Analysis

Moabi.com

[HITB Malaysia 2011] Exploit Automation

Moabi.com

[Ruxcon 2011] Post Memory Corruption Memory Analysis

Moabi.com

Exploring .NET memory management - JetBrains webinar

Maarten Balliauw

The .NET Garbage Collector (GC) is really cool. It helps providing our applications with virtually unlimited memory, so we can focus on writing code instead of manually freeing up memory. But how does .NET manage that memory? What are hidden allocations? Are strings evil? It still matters to understand when and where memory is allocated. In this talk, we’ll go over the base concepts of .NET memory management and explore how .NET helps us and how we can help .NET – making our apps better. Expect profiling, Intermediate Language (IL), ClrMD and more!

Dock ir incident response in a containerized, immutable, continually deploy...

Shakacon

Incident response is generally predicated on the ability to examine a system post-breach, pull memory dumps, file system artifacts, system logs, etc. But what happens when that system was part of a fleet of containers? How do you pull a memory dump from an ephemeral container? How do you do forensics when the container and the host that ran the container have been gone for days? Even assuming you catch an intrusion while it's ongoing, how do you respond effectively if you can't access the systems in question because they are read-only, no SSH access? Coinbase has spent the last year attacking these challenges in a AWS-based, immutable and fully containerized infrastructure that stores over a billion dollars of digital currency. Come see how we do it.

[CCC-28c3] Post Memory Corruption Memory Analysis

Moabi.com

Lions, Tigers and Deers: What building zoos can teach us about securing micro...

Sysdig

Interview questions

xavier john

Docker interview Questions-3.pdf

Yogeshwaran R

Black ops of tcp2005 japanDan Kaminsky

Debugging With Idguest215c4e

LXC Containers and AUFsDocker, Inc.

Lpi 101 study_guideousman1

Introduction to NetBSD kernelMahendra M

From Problem to Solution: Enumerating Windows Firewall-Hook Drivers

Ollie Whitehouse

Similar to Container Torture: Run any binary, in any container (20)

Patching Windows Executables with the Backdoor Factory | DerbyCon 2013

Talk 160920 @ Cat System Workshop

A tour on Spur for non-VM experts

Scale11x lxc talk

Daniel Krasner - High Performance Text Processing with Rosetta

[Kiwicon 2011] Post Memory Corruption Memory Analysis

[HITB Malaysia 2011] Exploit Automation

[Ruxcon 2011] Post Memory Corruption Memory Analysis

Exploring .NET memory management - JetBrains webinar

Dock ir incident response in a containerized, immutable, continually deploy...

[CCC-28c3] Post Memory Corruption Memory Analysis

Lions, Tigers and Deers: What building zoos can teach us about securing micro...

Interview questions

Docker interview Questions-3.pdf

Black ops of tcp2005 japan

Debugging With Id

LXC Containers and AUFs

Lpi 101 study_guide

Introduction to NetBSD kernel

From Problem to Solution: Enumerating Windows Firewall-Hook Drivers

More from Docker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience

Docker, Inc.

Raymond Arifianto, AccelByte and Mark Mandel, Google - We have been deploying containerized micro-services for our Game Backend Services for a while. Now we are tackling the challenge to scale up fleets of game dedicated servers in multiple regions, multiple data centers and multiple providers - some in bare metal, some in Cloud. So we leverage docker containerization to deploy Game Servers to achieve Portability, Fast Deployment and Predictability, enabling us to scale up to thousands of servers, on demand, without a sweat.

How to Improve Your Image Builds Using Advance Docker Build

Docker, Inc.

Nicholas Dille, Haufe-Lexware + Docker Captain - Docker continues to be the standard tool for building container images. For more than a year Docker ships with BuildKit as an alternative image builder, providing advanced features for secret and cache management. These features help to make image builds faster and more secure. In this session, Docker Captain Nicholas Dille will teach you how to use Buildkit features to your advantage.

Build & Deploy Multi-Container Applications to AWS

Docker, Inc.

Lukonde Mwila, Entelect - As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

Securing Your Containerized Applications with NGINX

Docker, Inc.

Kevin Jones, NGNIX - NGINX is one of the most popular images on Docker Hub and has been at the forefront of the web since the early 2000's. In this talk we will discuss how and why NGINX's lightweight and powerful architecture makes it a very popular choice for securing containerized applications as a sidecar reverse proxy within containers. We will highlight important aspects of application security that NGINX can help with, such as TLS, HTTP, AuthN, AuthZ and traffic control.

How To Build and Run Node Apps with Docker and Compose

Docker, Inc.

Kathleen Juell, Digital Ocean - Containers are an essential part of today's microservice ecosystem, as they allow developers and operators to maintain standards of reliability and reproducibility in fast-paced deployment scenarios. And while there are best practices that extend across stacks in containerized environments, there are also things that make each stack distinct, starting with the application image itself. This talk will dive into some of these particularities, both at the image and service level, while also covering general best practices for building and running Node applications with database backends using Docker and Compose.

Hands-on Helm

Docker, Inc.

Distributed Deep Learning with Docker at Salesforce

Docker, Inc.

Jeff Hajewski, Salesforce - There is a wealth of information on building deep learning models with PyTorch or TensorFlow. Anyone interested in building a deep learning model is only a quick search away from a number of clear and well written tutorials that will take them from zero knowledge to having a working image classifier. But what happens when you need to deploy these models in a production setting? At Salesforce, we use TensorFlow models to help us provide customers with insights into their data, and we do this as close to real-time as possible. Designing these systems in a scalable manner requires overcoming a number of design challenges, but the core component is Docker. Docker enables us to design highly scalable systems by allowing us to focus on service interactions, rather than how our services will interact with the hardware. Docker is also at the core of our test infrastructure, allowing developers and data scientists to build and test the system in an end to end manner on their local machines. While some of this may sound complex, the core message is simplicity - Docker allows us to focus on the aspects of the system that matter, greatly simplifying our lives.

The First 10M Pulls: Building The Official Curl Image for Docker Hub

Docker, Inc.

James Fuller, webcomposite s.r.o. - Curl is the venerable (yet very modern) 'swiss army knife' command line tool and library for transferring data with URLs. Recently we (the Curl team) decided to build a release for Docker Hub. This talk will outline our current development workflow with respect to the docker image and provide insights on what it takes to build a docker image for mass public consumption. We are also keen to learn from users and other developers how we might improve and enhance the official curl docker image.

Monitoring in a Microservices World

Docker, Inc.

Fabian Stäber, Instana - In recent years, we saw a great paradigm shift in software engineering away from static monolithic applications towards dynamic distributed horizontally scalable architectures. Docker is one of the key technologies enabling this development. This shift poses a lot of new challenges for application monitoring, ranging from practical issues (need for automation) to technical challenges (Docker networking) to organizational topics (blurring line between software engineers and operations) to fundamental questions (define what is an application). In this talk we show how Docker changed the way we do monitoring, how modern application monitoring systems work, and what future developments we expect.

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

Docker, Inc.

Clemente Biondo, Engineering Ingegneria Informatica - When the COVID 19 pandemic started, Engineering Ingegneria Informatica Group (1.25 billion euros of revenues, 65 offices around the world, 12.000 employees) was forced to put their digital transformation to the test in order to maintain operational continuity. In this session, Clemente Biondo, the Tech Lead of the Information Systems Department, will share how his company is reacting to this unforeseeable scenario and how Docker-driven digital transformation had paved the path for work to continue remotely. Clemente will discuss learnings moving from colocated teams, manual approaches, email based-business processes, and a monolithic application to a mature DevOps culture characterized by a distributed autonomous workforce and a continuous deployment process that deploys backward-compatible Docker containerized microservices into hybrid multi cloud datacenters an average of twice a day with zero-downtime. He will detail how they use Docker to unify dev, test and production environments, and as an efficient and automated mechanism for deploying applications. Lastly, Clemente shares how, in our darkest hour, he and others are working to shine their brightest light.

Predicting Space Weather with Docker

Docker, Inc.

Chris Lauer, NOAA Space Weather Prediction Center - This is the story of how adopting a containerized workflow changed the way our small software team works at NOAA’s Space Weather Prediction Center. Our old architecture, a big ball of mud shared-database integration, just wasn’t cutting it - it was killing our agility. Over the past two years, our small team has adopted a microservice style architecture, using Docker with docker-compose and environment files as our deployment strategy for all new development. We’ve discovered the joys of using containers for identical dev, staging, and production environments. We work closely with scientists: much of the code we’re running has complicated and conflicting library dependencies. Docker captures these beautifully - we’ve even had some success teaching our scientists to use it! I’ll share what we’ve learned, some of the persistent challenges we face, and one place we really got it wrong. This talk builds off of a popular hallway track from DockerCon 2019.

Become a Docker Power User With Microsoft Visual Studio Code

Docker, Inc.

Brian Christner, 56k + Docker Captain - In this session, we will unlock the full potential of using Microsoft Visual Studio Code (VS Code) and Docker Desktop to turn you into a Docker Power User. When we expand and utilize the VS Code Docker plugin, we can take our projects and Docker skills to the next level. In addition to using VS Code, we streamline our Docker Desktop development workflow with less context switching and built-in shortcuts. You will learn how to bootstrap new projects, quickly write Dockerfiles utilizing templates, build, run, and interact with containers all from VS Code.

How to Use Mirroring and Caching to Optimize your Container Registry

Docker, Inc.

Monolithic to Microservices + Docker = SDLC on Steroids!

Docker, Inc.

Ashish Sharma, SS&C Eze - SS&C Eze provides various products in the stock market domain. We spent the last couple of years building Eclipse which is an investment suite born in cloud. The journey so far has been very interesting. The very first version of the product were a bunch of monolithic windows services and deployed using Octopus tool. We successfully managed to bring all the monolithic problem to the cloud and created a nightmare for ourselves. We then started applying microservices architecture principles and started breaking the monolithic into small services. Very soon we realized that we need a better packaging/deployment tool. Docker looked like a magical solution to our problem. Since its adoption, It has not only solved the deployment problem for us but has made a deep impact on different aspects of SDLC. It allowed us to use heterogeneous technology stacks, simplified development environment setup, simplified our testing strategy, improved our speed of delivery, and made our developers more productive. In this talk I would like to share our experience of using Docker and its positive impact on our SDLC.

Kubernetes at Datadog Scale

Docker, Inc.

Ara Pulido, Datadog - Container technologies, although not new, have increased their popularity in the past few years, with container orchestrators allowing companies around the world to adopt these technologies to help them ship and scale microservices with precision and velocity. Kubernetes is currently the most popular container orchestration platform, and while many organizations are migrating their workloads to it, Kubernetes is still relatively immature. New corner cases, errors, and quirks are regularly discovered as users push the boundaries of size and scale. When Datadog adopted Kubernetes we discovered some of these boundaries the hard way, and we continuously challenge and modify our infrastructure decisions in order to fit our use case. Join me in this talk for our story on what we learned while we scaled our Kubernetes clusters, the contributions to Kubernetes we made along the way, and how you can apply those learnings when growing your Kubernetes clusters from a handful to hundreds or thousands of nodes.

Labels, Labels, Labels

Docker, Inc.

Andy Clemenko, StackRox - One underutilized, and amazing, thing about the docker image scheme is labels. Labels are a built in way to document all aspects about the image itself. Think about all the information that the tags inside your clothing carry. If you care to look you can find out everything about the garment. All that information can be very valuable. Now think about how we can leverage labels to carry similar information. We can even use the labels to contain Docker Compose or even Kubernetes Yaml. We can even include labels into the CI/CD process making things more secure and smoother. Come find out some fun techniques on how to leverage labels to do some fun and amazing things.

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Docker, Inc.

Patrick Deloulay, Micro Focus - Micro Focus started their digital transformation 3 years ago, moving the entire portfolio into hundreds of container images. Leveraging Docker Hub as our primary registry service, we will cover how we ended up building a simple but secure push/pull model to publish and deliver our premium assets to our customers and partners to both meet the high agility of our DevOps teams while greatly simplifying the deployment of our applications.

Build & Deploy Multi-Container Applications to AWS

Docker, Inc.

Lukonde Mwila, Entelect As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

Docker, Inc.

Elton Stoneman, Docker Captain + Container Consultant and Trainer How do you provide a SaaS offering when your product is a 10-year old Fortran app, currently built to run on Windows 10? With Docker and Kubernetes of course - and you can do it in a week (... to prototype level at least). In this session I'll walk through the processes and practicalities of taking an older Windows app, making it run in containers with Kubernetes, and then building a simple API wrapper to host the whole stack as a cloud-based SaaS product. There's a lot of technology here from a real world case study, and I'll focus on: - running Windows apps in Docker containers - building a .NET Core API which can run in Linux or Windows containers - running the stack in Kubernetes with Docker Desktop locally and AKS in the cloud - configuring AKS workloads in Azure to burst out to Azure Container Instances And there's a core theme to this session: Docker and Kubernetes are complex technologies, but they're the key to modern development. If you invest time learning them, they make projects like this simple, portable, fast and fun.

Developing with Docker for the Arm Architecture

Docker, Inc.

This virtual meetup introduces the concepts and best practices of using Docker containers for software development for the Arm architecture across a variety of hardware systems. Using Docker Desktop on Windows or Mac, Amazon Web Services (AWS) A1 instances, and embedded Linux, we will demonstrate the latest Docker features to build, share, and run multi-architecture images with transparent support for Arm.

More from Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience

How to Improve Your Image Builds Using Advance Docker Build

Build & Deploy Multi-Container Applications to AWS

Securing Your Containerized Applications with NGINX

How To Build and Run Node Apps with Docker and Compose

Hands-on Helm

Distributed Deep Learning with Docker at Salesforce

The First 10M Pulls: Building The Official Curl Image for Docker Hub

Monitoring in a Microservices World

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

Predicting Space Weather with Docker

Become a Docker Power User With Microsoft Visual Studio Code

How to Use Mirroring and Caching to Optimize your Container Registry

Monolithic to Microservices + Docker = SDLC on Steroids!

Kubernetes at Datadog Scale

Labels, Labels, Labels

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Build & Deploy Multi-Container Applications to AWS

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

Developing with Docker for the Arm Architecture

Recently uploaded

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

Bits & Pixels using AI for Good.........

Alison B. Lowndes

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Knowledge engineering: from people to machines and back

Elena Simperl

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

ODC, Data Fabric and Architecture User Group

CatarinaPereira64715

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Recently uploaded (20)