This slide deck introduces several container patterns for building modular and scalable container-based applications. It defines the concept of a modular container and describes pods as a group of closely related containers. It then outlines some common composite patterns including sidecars, ambassadors, adapters, and chains. The document is a work in progress seeking feedback to improve the defined patterns.
Rust is a system programming language focused on safety, speed, and concurrency. It's standard library provides API for dealing with I/O, but for now in a synchronous way. In this talk we'll dive into the ecosystem of asynchronous libraries published so far on crates.io and how to use them in order to build robust, scalable, and production ready network clients and servers.
Rust is a system programming language focused on safety, speed, and concurrency. It's standard library provides API for dealing with I/O, but for now in a synchronous way. In this talk we'll dive into the ecosystem of asynchronous libraries published so far on crates.io and how to use them in order to build robust, scalable, and production ready network clients and servers.
ZeroMQ is a good tool to know, because it provides a huge variety of socket and messaging patterns that you can leverage in your infrastructure to solve specific problems without using heavyweight message queues to do the same job. This talk illustrates 4 basic sockets provided by zeromq and the many ways you can use them.
Rust is a emerging system language with the speed of C/C++, the ergonomics of a functional language and the safety of a modern dynamic language. In this presentation I’ll expose the main feature of the language which make it distinctive and a good choice for fats and reliable software
No locked doors, no windows barred: hacking OpenAM infrastructureAndrew Petukhov
One of the main functional components of enterprise applications and Internet portals is an authentication and access control system (AuthC/Z). In this presentation, we describe a popular access control system called ForgeRock OpenAM from the external security point of view. We show the scenarios of full enterprise application compromise through complex attacks which employ both LFI and SSRF.
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000CTruncer
This talk will initially cover Device Guard, and how it works. After discussing high level methods of attacking Device Guard, we will go into detail on WMImplant, a tool which can be used to operate on Device Guard protected systems.
This is the talk given at NullCon 2017. This talk give s history of the Veil Framework, and showcases the differences between 2.0 and the newly released 3.0. Veil 3.0 is released in this talk
Kotlin is a fairly new programming language from JetBrains, the people behind InteliJ. It's draws on the best bits of languages like Java, C#, Groovy, to provide us with an easy-to-learn powerful tool for writing great software
This talk is about why I believe having the ability to write tools and/or scripts can help elevate a Pen Testers game to the next level.
The talk is case study driven by the different scenarios I've encountered on assessments and the scripts or tools that have been developed as a result.
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/28XnVtb.
Felix Klock describe the core concepts of the Rust language (ownership, borrowing, and lifetimes), as well as the tools beyond the compiler for open source software component distribution (cargo, crates.io). Filmed at qconlondon.com.
Felix Klock is a research engineer at Mozilla, where he works on the Rust compiler, runtime libraries, and language design. He previously worked on the ActionScript Virtual Machine for the Adobe Flash runtime. Klock is one of the developers of the Larceny Scheme language runtime.
ZeroMQ is a good tool to know, because it provides a huge variety of socket and messaging patterns that you can leverage in your infrastructure to solve specific problems without using heavyweight message queues to do the same job. This talk illustrates 4 basic sockets provided by zeromq and the many ways you can use them.
Rust is a emerging system language with the speed of C/C++, the ergonomics of a functional language and the safety of a modern dynamic language. In this presentation I’ll expose the main feature of the language which make it distinctive and a good choice for fats and reliable software
No locked doors, no windows barred: hacking OpenAM infrastructureAndrew Petukhov
One of the main functional components of enterprise applications and Internet portals is an authentication and access control system (AuthC/Z). In this presentation, we describe a popular access control system called ForgeRock OpenAM from the external security point of view. We show the scenarios of full enterprise application compromise through complex attacks which employ both LFI and SSRF.
Windows 10 - Endpoint Security Improvements and the Implant Since Windows 2000CTruncer
This talk will initially cover Device Guard, and how it works. After discussing high level methods of attacking Device Guard, we will go into detail on WMImplant, a tool which can be used to operate on Device Guard protected systems.
This is the talk given at NullCon 2017. This talk give s history of the Veil Framework, and showcases the differences between 2.0 and the newly released 3.0. Veil 3.0 is released in this talk
Kotlin is a fairly new programming language from JetBrains, the people behind InteliJ. It's draws on the best bits of languages like Java, C#, Groovy, to provide us with an easy-to-learn powerful tool for writing great software
This talk is about why I believe having the ability to write tools and/or scripts can help elevate a Pen Testers game to the next level.
The talk is case study driven by the different scenarios I've encountered on assessments and the scripts or tools that have been developed as a result.
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/28XnVtb.
Felix Klock describe the core concepts of the Rust language (ownership, borrowing, and lifetimes), as well as the tools beyond the compiler for open source software component distribution (cargo, crates.io). Filmed at qconlondon.com.
Felix Klock is a research engineer at Mozilla, where he works on the Rust compiler, runtime libraries, and language design. He previously worked on the ActionScript Virtual Machine for the Adobe Flash runtime. Klock is one of the developers of the Larceny Scheme language runtime.
Anwendung von agilen / lean Praktiken bei About YouAlexander Fedtke
Talk vom Dev Camp HH 2016
1. About Us
2. Die Bedeutung der Start-up-Größe für dich als Mitarbeiter
3. Welche agilen / lean Pratiken helfen uns schnell zu bleiben?
How to Use a Webinar to Launch Your Digital ProductLeslie Samuel
Discover the exact steps you need to take to launch your digital product using a webinar. Leslie shares everything from planning to execution and beyond.
How to Build a Membership Site: a Comprehensive GuideLeslie Samuel
Have you ever wondered how to build a membership site? Not just any membership site - a successful one? This is the post that will help you do just that.
Questions? Comments? Suggestions? Call the hotline @
(888) 835 - 2414
The Guide to Kickstarter and CrowdfundingDashBurst
Have you ever had a dream you’ve always wanted to work on but couldn’t ever dedicate enough time to do it? Kickstarter is a great crowdfunding site that can help turn your favorite hobby into a profession. So how can you create a successful Kickstarter campaign for your next big project?
http://dashburst.com/infographic/how-to-create-a-successful-kickstarter/
Containers: from development to production at DevNation 2015Jérôme Petazzoni
In Docker, applications are shipped using a lightweight format, managed with a high-level API, and run within software containers which abstract the host environment. Operating details like distributions, versions, and network setup no longer matter to the application developer.
Thanks to this abstraction level, we can use the same container across all steps of the life cycle of an application, from development to production. This eliminates problems stemming from discrepancies between those environments.
Even so, these environments will always have different requirements. If our quality assurance (QA) and production systems use different logging systems, how can we still ship the same container to both? How can we satisfy the backup and security requirements of our production stack without bloating our development stack?
In this sess, you will learn about the unique features in containers that allow you to cleanly decouple system administrator tasks from the core of your application. We’ll show you how this decoupling results in smaller, simpler containers, and gives you more flexibility when building, managing, and evolving your application stacks.
Patterns in a Containerized World (Matthias Luebken Technology Stream)IT Arena
Lviv IT Arena is a conference specially designed for programmers, designers, developers, top managers, inverstors, entrepreneurs and startuppers. Annually it takes place at the beginning of October in Lviv at Arena Lviv stadium. In 2016 the conference gathered more than 1800 participants and over 100 speakers from companies like Microsoft, Philips, Twitter, UBER and IBM. More details about the conference at itarena.lviv.ua.
Presentation given during Virginia Alliance for Secure Computing and Networking (VASCAN). Covers what containers actually are, as well as how they change the way we secure, patch, and run apps and infrastructure.
Introducing containers and docker, answering questions like: What are software containers? What is Docker? Who and why should I use Docker?
Slides also discuss the role of dev-ops and Docker and walk you through some examples.
By Aram Yegenian — System Administrator
A survey of problems involved in building containers and build tools such as:
buildah
nixos-container
ansible-container
Smith
Distroless
Buildkit
Source to Image (s2i)
Habitat
"In the beginning there was RPM, and it was good." Certainly, Linux packaging has solved many of the problems involved in shipping software, from creation to consumption and maintenance. As software development and deployment have evolved, however, new pain points have cropped up that have not been solved by traditional packaging tools.
Are containers the answer? They may be able to solve many of the current problems, but they also introduce a new set of issues and ignore important lessons from the evolution of distribution-level packaging.
This presentation looks deep into the concept of containerization. What is containerization, how is it different from VMs, how containerization is achieved using Linux containers (LXC), control groups (cgroups) and copy on write file systems and current trends in containerization/docker are described.
Introduction to Docker, December 2014 "Tour de France" Bordeaux Special EditionJérôme Petazzoni
Docker, the Open Source container Engine, lets you build, ship and run, any app, anywhere.
This is the presentation which was shown in December 2014 for the last stop of the "Tour de France" in Bordeaux. It is slightly different from the presentation which was shown in the other cities (http://www.slideshare.net/jpetazzo/introduction-to-docker-december-2014-tour-de-france-edition), and includes a detailed history of dotCloud and Docker and a few other differences.
Special thanks to https://twitter.com/LilliJane and https://twitter.com/zirkome, who gave me the necessary motivation to put together this slightly different presentation, since they had already seen the other presentation in Paris :-)
Introduction to Docker at Glidewell Laboratories in Orange CountyJérôme Petazzoni
In this presentation we will introduce Docker, and how you can use it to build, ship, and run any application, anywhere. The presentation included short demos, links to further material, and of course Q&As. If you are already a seasoned Docker user, this presentation will probably be redundant; but if you started to use Docker and are still struggling with some of his facets, you'll learn some!
The internals and the latest trends of container runtimesAkihiro Suda
Containers are a set of various lightweight methods to isolate filesystems, CPU resources, memory resources, system permissions, etc. Containers are similar to virtual machines in many senses, but they are more efficient and often less secure. This talk roughly consists of the following three parts:
1. Introduction to containers and how they spread in the last decade
2. Internals of container runtimes: namespaces, cgroups, capabilities, seccomp, etc.
3. Latest trends: Non-Docker containers, User Namespaces, Rootless Containers, Kata Containers, gVisor, WebAssembly, etc.
http://www.cce.i.kyoto-u.ac.jp/danwa23.html
Docker is an open platform for developers and system administrators to build, ship and run distributed applications. Using Docker, companies in Jordan have been able to build powerful system architectures that allow speeding up delivery, easing deployment processes and at the same time cutting major hosting costs.
George Khoury shares his experience at Salalem in building flexible and cost effective architectures using Docker and other tools for infrastructure orchestration. The result allows them to easily and quickly move between different cloud providers.
Introduction to Docker at the Azure Meet-up in New YorkJérôme Petazzoni
This is the presentation given at the Azure New York Meet-Up group, September 3rd.
It includes a quick overview of the Open Source Docker Engine and its associated services delivered through the Docker Hub. It also covers the new features of Docker 1.0, and briefly explains how to get started with Docker on Azure.
Docker is definitely one of the hottest technologies at the moment and one that is already dramatically changing the way we build, package and deploy applications. In this session we’ll have a look at how a project got into a quest for containerizing most of their components and services while increasing the value delivered.
This presentation was delivered at Wildcard Conference 2015, on 16th of May 2015 in Riga
Webinar container management in OpenStackCREATE-NET
This webinar covers the topics of Containers in OpenStack and, in particular it offers an overview of what containers are, LXC, Docker and Kubernetes. It also includes the topic of Containers in OpenStack and the specific examples of Nova docker, Murano and Magnum. In the final part there are live Demos about the elements covered earlier.
Similar to Dennis Benkert & Matthias Lübken - Patterns in a containerized world? - code.talks 2015 (20)
Retention Strategies in Mobile E-CommerceAboutYouGmbH
The app is the fastest growing product at ABOUT YOU and already generates a large portion of its sales. New app users to win over different marketing channels is not exactly cheap.
It is thus all the more important to keep the commitment and the retention of the won users high.
E-commerce is a fast-growing market, but most online shops lag behind the conceptual and technical possibilities. Inspiring online experiences are rare and all customers usually see the same, non-personalized, online shop.
By integrating external content from Influencers, Fashion and Consumer Brands as well as users themselves, ABOUTYOU makes online shopping more inspiring and ventures into the field of Discovery Commerce. In addition, ABOUTYOU consistently focuses on personalization and distinguished itself from the competition by an individually tailored shopping experience for its users.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
1.Wireless Communication System_Wireless communication is a broad term that i...
Dennis Benkert & Matthias Lübken - Patterns in a containerized world? - code.talks 2015
1. Container Patterns?
Matthias Lübken @luebken, Dennis Benkert @denderello
@giantswarm
This slide deck and the patterns are very much work in progress. Looking forward to your
feedback. Please make use of the comments feature in this slide deck and give us a short
feedback in this
Feedback Form
You can also contact us directly via matthias@giantswarm.io or dennis@giantswarm.io
Presentation / version history:
● 0.6: 05.11.2015 – Munich: WJAX
● 0.5: 22.10.2015 – Munich: Architecture Gathering
● 0.4: 29.09.2015 – Hamburg: Codetalks
● 0.3: 14.09.2015 – London: CoreOS and London DevOps Meetup
● 0.2: 10.09.2015 – Cologne: Docker Meetup
● 0.1: 01.09.2015 – Soltau: Socrates
7. Some reasons
● Independently releasable
● Separate processing types
● Different loads
● Different teams
● Reuse of containers
● Crash isolation
● Different release cycles
● Use different languages / versions / libraries
8. Patterns?
● Describe general applicable patterns
● Container runtime agnostic
● With concrete examples and best-practices
9. Related work
● 12-Factor apps
● Cloud-native application architectures
● Microservices
● Continuous Delivery
13. Modular Container
We define a modular container as the collection of
these 6 properties:
1. Proper Linux process
2. Explicit interfaces
3. Disposable
4. Immutable
5. Self-contained
6. Small
14. 1. Proper Linux Process
Containers should behave as a proper Linux process and be
nice to their init process.
● React to signals
● Return proper exit codes
● Use standard streams
15. Best practices (Proper Linux Process)
● React to signals:
○ React on e.g. SIGINT, SIGTERM, etc.
○ Don’t daemonize your processes
○ Make your process foreground (e.g. use exec)
● Return proper exit codes:
○ 0 (OK), 1 (General error) …
● Use stdin, stdout, stderr:
○ Log to stdout. Don’t concern with routing and storage
16. 2. Explicit interfaces
Dependencies to other containers should be made explicit
by defining it’s interfaces.
● CLI arguments
● Environment variables
● Network / Port
17. Best practices (Explicit interfaces)
● CLI arguments
○ Use a lib for parsing / validating
● Environment variables
○ Set defaults in the image
○ Overwrite with `docker -e`
● Network / Ports
○ Expose port via EXPOSE in Dockerfile
18. 3. Disposable Containers
Containers should be treated as disposable artefacts. The
application shouldn’t rely on a particular container instance
to be running.
Pets vs. Cattle:
Treat your container as part of a cattle. You number them
and when get sick you shoot them.
19. Best practices (Disposable Containers)
● Only keep ephemeral state
○ Don’t assume this state between two requests
● Robust against sudden death
○ If the container gets interrupted pass on your current job.
● Minimal setup
○ If more setup needed let the scheduler know
● Acknowledge the fallacies of distributed computing
20. 4. Immutable
Once a container image is build it shouldn’t be changed.
State should be extracted and changes to the container
should be applied by rebuilding.
21. Best practices (Immutable)
● Strive for dev / prod parity
● Extract runtime state in volumes
● Anti-pattern: docker exec
22. 5. Self-contained
The container should only rely on the Linux kernel. All other
dependencies should be made explicit and added
dynamically.
23. Best practices (Self-contained)
● Strive for zero-config deployment
● Add dependencies at build time
○ Build Uber-Jar and include webserver
● Generate dynamic config files on the fly
● Anti-Patterns:
○ Put config into a volume
○ Put code into a volume *
24. 6. Small
A container should have the least amount of code possible
to fulfill its job.
25. Best practices (Small)
● Build from scratch
● Use small base-image
○ busybox, alpine
● Reuse custom base image
● Anti-Pattern: VM Container
26. Modular Container
We define a modular container as the collection of
these 6 properties:
1. Proper Linux process
2. Explicit interfaces
3. Disposable
4. Immutable
5. Self-contained
6. Small
30. Pods
● Group closely related containers
● A single deployable unit
● Share all available namespaces
● The pod as a whole and the individual containers can be
limited
31. Share namespace
● Sharing the same network namespace and access to the same IP
and port namespace
● Sharing the IPC namespace for communicating e.g. Unix sockets,
shared memory, system message queues
● Share the same hostname via the UTS namespace
● Share the PID namespace and can see each others processes
(not supported by docker)
● Sharing the same volumes
46. Container chains
Defined order of starting and stopping sidecar container.
A Node
Backend
MAIN CONTAINER
Storage
Config
SIDECAR
Discovery
SIDECAR
Network
Config
SIDECAR
(Pod)