Docker is an open platform for developers and sysadmins to
build, ship, and run distributed applications, whether on
laptops,data center VMs, or the cloud.
Azure Day Rome Reloaded 2019 - Deconstructing Kubernetes using AKSazuredayit
This document provides an overview of Kubernetes and containers by beginning with an introduction to containers and their benefits over virtual machines. It then discusses microservices architectures and introduces key Kubernetes concepts like pods, deployments, and services. It explains the Kubernetes architecture by describing the main components like the master node, API server, etcd, workers and kubelet. Finally, it compares Kubernetes to the Azure Kubernetes Service.
Christian Kniep from Docker Inc. gave this talk at the Stanford HPC Conference.
"This talk will recap the history of and what constitutes Linux Containers, before laying out how the technology is employed by various engines and what problems these engines have to solve. Afterward, Christian will elaborate on why the advent of standards for images and runtimes moved the discussion from building and distributing containers to orchestrating containerized applications at scale. In conclusion, attendees will get an update on what problems still hinder the adoption of containers for distributed high performance workloads and how Docker is addressing these issues."
Christian Kniep is a Technical Account Manager at Docker, Inc. With a 10 year journey rooted in the HPC parts of the german automotive industry, Christian Kniep started to support CAE applications and VR installations. When told at a conference that HPC can not learn anything from the emerging Cloud and BigData companies, he became curious and was leading the containerization effort of the cloud-stack at Playstation Now. Christian joined Docker Inc in 2017 to help push the adoption forward and be part of the innovation instead of an external bystander. During the day he helps Docker customers in the EMEA region to fully utilize the power of containers; at night he likes to explore new emerging trends by containerizing them first and seek application in the nebulous world of DevOps.
Watch the video: https://wp.me/p3RLHQ-i4X
Learn more: http://docker.com
and
http://hpcadvisorycouncil.com
Sign up for our insideHPC Newsletter: http://insidehpc.com
Linux Container Technology inside Docker with RHEL7Etsuji Nakai
Linux Container Technology inside Docker with RHEL7 discusses Docker containers and how they utilize Linux container technologies like namespaces and control groups. It provides an overview of how Docker images work and how processes are isolated in containers using process and filesystem namespaces. It also describes how networks are isolated using network namespaces and bridged to the host system. Finally, it briefly introduces Kubernetes and how it can manage Docker containers across multiple nodes.
GlusterFS Update and OpenStack IntegrationEtsuji Nakai
GlusterFS is an open source distributed file system that aggregates storage from multiple servers into a single logical volume. It uses a distributed hash table architecture to distribute files across storage nodes. The document discusses GlusterFS integration with OpenStack, including using GlusterFS as the backend storage for Glance images, Cinder volumes, and Nova instance disks. It provides an overview of the libgfapi application programming interface that allows direct access to GlusterFS volumes without using FUSE.
Kata Container & gVisor provide approaches to securely isolate containers by keeping them out of the direct kernel space. Kata Container uses virtual machines with lightweight kernels to isolate containers, while gVisor uses a userspace kernel implemented in Go to provide isolation. Both aim to protect the host kernel by preventing containers from accessing kernel resources directly. Kata Container has a larger memory footprint than gVisor due to its use of virtual machines, but provides stronger isolation of containers.
The document discusses Docker and Linux containers. It begins with an overview of traditional server virtualization compared to containers. Containers provide isolation at the process level using kernel namespaces for resources like filesystem, network, users and CPUs. Docker uses device mapper thin provisioning to manage disk images for container filesystems and the networking and cgroups APIs to isolate other resources.
Low fat virtualization for embedded systemsJacques Supcik
This document discusses different types of lightweight virtualization technologies including chroot, BSD Jails, OpenVZ, LXC Linux Containers, and Docker. It provides information on when each technology became available, how they work, and their advantages and limitations. For example, it notes that chroot provides file system isolation only and roots users can still escape, while LXC relies on Linux kernel cgroups and provides full file system and root privilege isolation since version 1.0. It also recommends trying Docker on DigitalOcean Droplets.
Azure Day Rome Reloaded 2019 - Deconstructing Kubernetes using AKSazuredayit
This document provides an overview of Kubernetes and containers by beginning with an introduction to containers and their benefits over virtual machines. It then discusses microservices architectures and introduces key Kubernetes concepts like pods, deployments, and services. It explains the Kubernetes architecture by describing the main components like the master node, API server, etcd, workers and kubelet. Finally, it compares Kubernetes to the Azure Kubernetes Service.
Christian Kniep from Docker Inc. gave this talk at the Stanford HPC Conference.
"This talk will recap the history of and what constitutes Linux Containers, before laying out how the technology is employed by various engines and what problems these engines have to solve. Afterward, Christian will elaborate on why the advent of standards for images and runtimes moved the discussion from building and distributing containers to orchestrating containerized applications at scale. In conclusion, attendees will get an update on what problems still hinder the adoption of containers for distributed high performance workloads and how Docker is addressing these issues."
Christian Kniep is a Technical Account Manager at Docker, Inc. With a 10 year journey rooted in the HPC parts of the german automotive industry, Christian Kniep started to support CAE applications and VR installations. When told at a conference that HPC can not learn anything from the emerging Cloud and BigData companies, he became curious and was leading the containerization effort of the cloud-stack at Playstation Now. Christian joined Docker Inc in 2017 to help push the adoption forward and be part of the innovation instead of an external bystander. During the day he helps Docker customers in the EMEA region to fully utilize the power of containers; at night he likes to explore new emerging trends by containerizing them first and seek application in the nebulous world of DevOps.
Watch the video: https://wp.me/p3RLHQ-i4X
Learn more: http://docker.com
and
http://hpcadvisorycouncil.com
Sign up for our insideHPC Newsletter: http://insidehpc.com
Linux Container Technology inside Docker with RHEL7Etsuji Nakai
Linux Container Technology inside Docker with RHEL7 discusses Docker containers and how they utilize Linux container technologies like namespaces and control groups. It provides an overview of how Docker images work and how processes are isolated in containers using process and filesystem namespaces. It also describes how networks are isolated using network namespaces and bridged to the host system. Finally, it briefly introduces Kubernetes and how it can manage Docker containers across multiple nodes.
GlusterFS Update and OpenStack IntegrationEtsuji Nakai
GlusterFS is an open source distributed file system that aggregates storage from multiple servers into a single logical volume. It uses a distributed hash table architecture to distribute files across storage nodes. The document discusses GlusterFS integration with OpenStack, including using GlusterFS as the backend storage for Glance images, Cinder volumes, and Nova instance disks. It provides an overview of the libgfapi application programming interface that allows direct access to GlusterFS volumes without using FUSE.
Kata Container & gVisor provide approaches to securely isolate containers by keeping them out of the direct kernel space. Kata Container uses virtual machines with lightweight kernels to isolate containers, while gVisor uses a userspace kernel implemented in Go to provide isolation. Both aim to protect the host kernel by preventing containers from accessing kernel resources directly. Kata Container has a larger memory footprint than gVisor due to its use of virtual machines, but provides stronger isolation of containers.
The document discusses Docker and Linux containers. It begins with an overview of traditional server virtualization compared to containers. Containers provide isolation at the process level using kernel namespaces for resources like filesystem, network, users and CPUs. Docker uses device mapper thin provisioning to manage disk images for container filesystems and the networking and cgroups APIs to isolate other resources.
Low fat virtualization for embedded systemsJacques Supcik
This document discusses different types of lightweight virtualization technologies including chroot, BSD Jails, OpenVZ, LXC Linux Containers, and Docker. It provides information on when each technology became available, how they work, and their advantages and limitations. For example, it notes that chroot provides file system isolation only and roots users can still escape, while LXC relies on Linux kernel cgroups and provides full file system and root privilege isolation since version 1.0. It also recommends trying Docker on DigitalOcean Droplets.
This document discusses container technologies including App Container (appc) and rkt. It provides an overview of appc components like the image format, discovery, and executor. It then discusses rkt, an implementation of appc, describing its modular architecture with stages 0-2 and use of systemd and cgroups for isolation. It also touches on rkt security, networking, and integration with systemd and user namespaces.
Lxc – next gen virtualization for cloud intro (cloudexpo)Boden Russell
This document provides an introduction and overview of Linux containers as next-generation virtualization for cloud computing. It discusses how Linux containers provide better performance and flexibility than traditional virtual machines through the use of cgroups and namespaces. It also covers how containerization is gaining industry momentum and provides lower total cost of ownership through integration with modern Linux kernels and open source tooling. Finally, it defines key Linux container technologies, compares containers to hypervisors, and discusses building and securing Linux containers.
The document discusses container security, providing advantages and disadvantages of containers as well as threats. It outlines different approaches to container security including host-based methods using namespaces, control groups, and capabilities as well as container-based scanning and digital signatures. Third-party security tools are also mentioned. The document concludes with examples of using containers for microservices and network policies for protection.
Introduction to Project atomic (CentOS Dojo Bangalore)Lalatendu Mohanty
The talk was given in CentOS Dojo Bangalore on 29th April 2015
http://wiki.centos.org/Events/Dojo/Bangalore2015
This slides contains introduction to Project Atomic and CentOS Atomic SIG.
LXC (Linux Containers) are lightweight virtual machines created using kernel-level virtualization rather than a hypervisor. The document discusses LXC, including that it provides operational system-level virtualization allowing multiple isolated systems to run on a single host. It also covers main LXC implementations like LXC, Docker, and OpenVZ which are written in C or Go and have stable codebases. Basic usage of LXC like creating, starting, and stopping containers is demonstrated.
Presentation on the Linux namespaces and system calls used to provide container isolation with Docker. Presented in March 2015 at http://www.meetup.com/Docker-Phoenix/ in Tempe, Arizona.
OpenStack is an open source cloud computing platform that can be used to build an IaaS cloud. It consists of microservices that can be assembled together. Cloud applications can be defined using orchestration templates. OpenStack provides modular REST APIs for service access and communication. The document discusses architectural considerations and the ecosystem for using OpenStack for telco cloud environments.
CloudNative Days Spring 2021 ONLINE キーノートでの発表資料です。
https://event.cloudnativedays.jp/cndo2021/talks/1071
本セッションでは、DockerとKubernetesのもつ基本的な機能の概要を、コンテナの仕組みをふまえつつイラストを用いて紹介していきます。一般にあまり焦点をあてて取り上げられることは多くありませんが、コンテナの作成や管理を担う低レベルなソフトウェア「コンテナランタイム」も本セッションの中心的なトピックのひとつです。
本セッションは、拙著「イラストで分かるDockerとKubernetes」(技術評論社)の内容を参考にしています。
https://www.amazon.co.jp/dp/4297118378
DockerVC is a Docker-based volunteer computing platform that aims to make volunteer computing easier and more accessible. It allows researchers to define computing tasks as Docker containers for easy deployment across different platforms. Using Docker provides benefits like high portability, isolated execution for security, and no pollution of volunteer computers. The platform handles project and work unit management as well as consensus validation of results.
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
Talked at FOSDEM 2022 about IPFS-based P2P image distribution with containerd and nerdctl (Feburary 6, 2022).
https://fosdem.org/2022/schedule/event/container_ipfs_image/
nerdctl is a Docker-compatible CLI of containerd, developed as a subproject of containerd. nerdctl recently added support of P2P image distribution on IPFS. This enables to share container images among hosts without hosting or relying on the registry.
In this session, Kohei, one of the maintainers of nerdctl, will introduce IPFS-based P2P image distribution with containerd and nerdctl. This session will also show the combination of IPFS-based distribution with the existing image distribution techniques, focusing on lazy pulling (eStargz) and image encryption (OCIcrypt). The status of integration work with other tools including Kubernetes will also be shared.
Related blog post: "P2P Container Image Distribution on IPFS With Containerd" . https://medium.com/nttlabs/nerdctl-ipfs-975569520e3d
Understanding the container landscape and it associated projectsAnthony Chow
The document discusses containers and container technologies. It provides an overview of the history and key components of containers like Docker, including namespaces, control groups, AUFS, Docker images, registries, networking solutions, security concerns and orchestration tools. It also discusses how OpenStack projects are embracing containers to provide container orchestration platforms and run OpenStack services as containers to make them more scalable and efficient. The document encourages learning more about containers to stay relevant in today's technologies.
Networking in Docker EE 2.0 with Kubernetes and SwarmAbhinandan P.b
The presentation is about the operator goal from networking perspective and how it is influenced by both swarm and kubernetes on the Docker EE platform
The document discusses Kata Containers, which provide additional isolation for containers beyond what is available with traditional containers by running each container within its own lightweight virtual machine (VM) and individual Linux kernel. This adds security benefits similar to VMs while maintaining the performance and portability of containers. Kata Containers can be used on various platforms including Linux distributions, public clouds, and hardware architectures. Users can choose between running containers with the default runc runtime or with the Kata runtime for extra isolation in a VM-like environment.
Linux containers provide isolation between applications using namespaces and cgroups. While containers appear similar to VMs, they do not fully isolate applications and some security risks remain. To improve container security, Docker recommends: 1) not running containers as root, 2) dropping capabilities like CAP_SYS_ADMIN, 3) enabling user namespaces, and 4) using security modules like SELinux. However, containers cannot fully isolate applications that need full hardware or kernel access, so virtual machines may be needed in some cases.
FreeBSD 9.0 introduces many new security, compiler, filesystem, networking, and other features. Key additions include the Capsicum security framework, LLVM/Clang compilers, ZFSv28 with deduplication and triple parity RAIDZ, resource accounting and limits, IPv6 support improvements, and performance enhancements to SSH, USB 3.0, and NFS.
This document discusses Linux containers and the App Container specification (APPC). It provides a history of container technologies and describes key aspects of APPC including the ACI image format, runtime environment, and discovery protocol. It introduces Rocket (rkt) as a container runtime that works with APPC and can run applications packaged in ACIs. The document concludes by mentioning how to install rkt and build a simple ACI image for demonstration purposes.
Security best practices for kubernetes deploymentMichael Cherny
This document provides best practices for securing a Kubernetes deployment. It recommends integrating security into the CI/CD pipeline by only using vetted code for builds, scanning images for vulnerabilities, and using private registries to store and push only approved images. It also suggests limiting direct access to Kubernetes nodes, implementing fine-grained role-based access control and quotas, securely managing secrets, implementing network segmentation and "least privilege" controls. Finally, it stresses the importance of logging all activity and integrating logs with monitoring systems for visibility.
This presentation provides an overview of BSD operating systems for Linux users. It discusses what BSD is, how it differs from Linux, aspects of BSD release engineering, and unique features of BSD systems. The presentation aims to explain the context and focus of different BSD projects like FreeBSD, NetBSD, OpenBSD, and PC-BSD. It highlights differences compared to Linux like package and device management, and recommends books for further reading.
Christian Kniep presented this deck at the 2016 HPC Advisory Council Switzerland Conference.
"With Docker v1.9 a new networking system was introduced, which allows multi-host network- ing to work out-of-the-box in any Docker environment. This talk provides an introduction on what Docker networking provides, followed by a demo that spins up a full SLURM cluster across multiple machines. The demo is based on QNIBTerminal, a Consul backed set of Docker Images to spin up a broad set of software stacks."
Watch the video presentation:
http://wp.me/p3RLHQ-f7G
See more talks in the Swiss Conference Video Gallery:
http://insidehpc.com/2016-swiss-hpc-conference/
Sign up for our insideHPC Newsletter:
http://insidehpc.com/newsletter
This presentation covers how app deployment model evolved from bare metal servers to Kubernetes World.
In addition to theoretical information, you will find free KATACODA workshops url to perform practices to understand the details of the each topics.
This document discusses container technologies including App Container (appc) and rkt. It provides an overview of appc components like the image format, discovery, and executor. It then discusses rkt, an implementation of appc, describing its modular architecture with stages 0-2 and use of systemd and cgroups for isolation. It also touches on rkt security, networking, and integration with systemd and user namespaces.
Lxc – next gen virtualization for cloud intro (cloudexpo)Boden Russell
This document provides an introduction and overview of Linux containers as next-generation virtualization for cloud computing. It discusses how Linux containers provide better performance and flexibility than traditional virtual machines through the use of cgroups and namespaces. It also covers how containerization is gaining industry momentum and provides lower total cost of ownership through integration with modern Linux kernels and open source tooling. Finally, it defines key Linux container technologies, compares containers to hypervisors, and discusses building and securing Linux containers.
The document discusses container security, providing advantages and disadvantages of containers as well as threats. It outlines different approaches to container security including host-based methods using namespaces, control groups, and capabilities as well as container-based scanning and digital signatures. Third-party security tools are also mentioned. The document concludes with examples of using containers for microservices and network policies for protection.
Introduction to Project atomic (CentOS Dojo Bangalore)Lalatendu Mohanty
The talk was given in CentOS Dojo Bangalore on 29th April 2015
http://wiki.centos.org/Events/Dojo/Bangalore2015
This slides contains introduction to Project Atomic and CentOS Atomic SIG.
LXC (Linux Containers) are lightweight virtual machines created using kernel-level virtualization rather than a hypervisor. The document discusses LXC, including that it provides operational system-level virtualization allowing multiple isolated systems to run on a single host. It also covers main LXC implementations like LXC, Docker, and OpenVZ which are written in C or Go and have stable codebases. Basic usage of LXC like creating, starting, and stopping containers is demonstrated.
Presentation on the Linux namespaces and system calls used to provide container isolation with Docker. Presented in March 2015 at http://www.meetup.com/Docker-Phoenix/ in Tempe, Arizona.
OpenStack is an open source cloud computing platform that can be used to build an IaaS cloud. It consists of microservices that can be assembled together. Cloud applications can be defined using orchestration templates. OpenStack provides modular REST APIs for service access and communication. The document discusses architectural considerations and the ecosystem for using OpenStack for telco cloud environments.
CloudNative Days Spring 2021 ONLINE キーノートでの発表資料です。
https://event.cloudnativedays.jp/cndo2021/talks/1071
本セッションでは、DockerとKubernetesのもつ基本的な機能の概要を、コンテナの仕組みをふまえつつイラストを用いて紹介していきます。一般にあまり焦点をあてて取り上げられることは多くありませんが、コンテナの作成や管理を担う低レベルなソフトウェア「コンテナランタイム」も本セッションの中心的なトピックのひとつです。
本セッションは、拙著「イラストで分かるDockerとKubernetes」(技術評論社)の内容を参考にしています。
https://www.amazon.co.jp/dp/4297118378
DockerVC is a Docker-based volunteer computing platform that aims to make volunteer computing easier and more accessible. It allows researchers to define computing tasks as Docker containers for easy deployment across different platforms. Using Docker provides benefits like high portability, isolated execution for security, and no pollution of volunteer computers. The platform handles project and work unit management as well as consensus validation of results.
P2P Container Image Distribution on IPFS With containerd and nerdctlKohei Tokunaga
Talked at FOSDEM 2022 about IPFS-based P2P image distribution with containerd and nerdctl (Feburary 6, 2022).
https://fosdem.org/2022/schedule/event/container_ipfs_image/
nerdctl is a Docker-compatible CLI of containerd, developed as a subproject of containerd. nerdctl recently added support of P2P image distribution on IPFS. This enables to share container images among hosts without hosting or relying on the registry.
In this session, Kohei, one of the maintainers of nerdctl, will introduce IPFS-based P2P image distribution with containerd and nerdctl. This session will also show the combination of IPFS-based distribution with the existing image distribution techniques, focusing on lazy pulling (eStargz) and image encryption (OCIcrypt). The status of integration work with other tools including Kubernetes will also be shared.
Related blog post: "P2P Container Image Distribution on IPFS With Containerd" . https://medium.com/nttlabs/nerdctl-ipfs-975569520e3d
Understanding the container landscape and it associated projectsAnthony Chow
The document discusses containers and container technologies. It provides an overview of the history and key components of containers like Docker, including namespaces, control groups, AUFS, Docker images, registries, networking solutions, security concerns and orchestration tools. It also discusses how OpenStack projects are embracing containers to provide container orchestration platforms and run OpenStack services as containers to make them more scalable and efficient. The document encourages learning more about containers to stay relevant in today's technologies.
Networking in Docker EE 2.0 with Kubernetes and SwarmAbhinandan P.b
The presentation is about the operator goal from networking perspective and how it is influenced by both swarm and kubernetes on the Docker EE platform
The document discusses Kata Containers, which provide additional isolation for containers beyond what is available with traditional containers by running each container within its own lightweight virtual machine (VM) and individual Linux kernel. This adds security benefits similar to VMs while maintaining the performance and portability of containers. Kata Containers can be used on various platforms including Linux distributions, public clouds, and hardware architectures. Users can choose between running containers with the default runc runtime or with the Kata runtime for extra isolation in a VM-like environment.
Linux containers provide isolation between applications using namespaces and cgroups. While containers appear similar to VMs, they do not fully isolate applications and some security risks remain. To improve container security, Docker recommends: 1) not running containers as root, 2) dropping capabilities like CAP_SYS_ADMIN, 3) enabling user namespaces, and 4) using security modules like SELinux. However, containers cannot fully isolate applications that need full hardware or kernel access, so virtual machines may be needed in some cases.
FreeBSD 9.0 introduces many new security, compiler, filesystem, networking, and other features. Key additions include the Capsicum security framework, LLVM/Clang compilers, ZFSv28 with deduplication and triple parity RAIDZ, resource accounting and limits, IPv6 support improvements, and performance enhancements to SSH, USB 3.0, and NFS.
This document discusses Linux containers and the App Container specification (APPC). It provides a history of container technologies and describes key aspects of APPC including the ACI image format, runtime environment, and discovery protocol. It introduces Rocket (rkt) as a container runtime that works with APPC and can run applications packaged in ACIs. The document concludes by mentioning how to install rkt and build a simple ACI image for demonstration purposes.
Security best practices for kubernetes deploymentMichael Cherny
This document provides best practices for securing a Kubernetes deployment. It recommends integrating security into the CI/CD pipeline by only using vetted code for builds, scanning images for vulnerabilities, and using private registries to store and push only approved images. It also suggests limiting direct access to Kubernetes nodes, implementing fine-grained role-based access control and quotas, securely managing secrets, implementing network segmentation and "least privilege" controls. Finally, it stresses the importance of logging all activity and integrating logs with monitoring systems for visibility.
This presentation provides an overview of BSD operating systems for Linux users. It discusses what BSD is, how it differs from Linux, aspects of BSD release engineering, and unique features of BSD systems. The presentation aims to explain the context and focus of different BSD projects like FreeBSD, NetBSD, OpenBSD, and PC-BSD. It highlights differences compared to Linux like package and device management, and recommends books for further reading.
Christian Kniep presented this deck at the 2016 HPC Advisory Council Switzerland Conference.
"With Docker v1.9 a new networking system was introduced, which allows multi-host network- ing to work out-of-the-box in any Docker environment. This talk provides an introduction on what Docker networking provides, followed by a demo that spins up a full SLURM cluster across multiple machines. The demo is based on QNIBTerminal, a Consul backed set of Docker Images to spin up a broad set of software stacks."
Watch the video presentation:
http://wp.me/p3RLHQ-f7G
See more talks in the Swiss Conference Video Gallery:
http://insidehpc.com/2016-swiss-hpc-conference/
Sign up for our insideHPC Newsletter:
http://insidehpc.com/newsletter
This presentation covers how app deployment model evolved from bare metal servers to Kubernetes World.
In addition to theoretical information, you will find free KATACODA workshops url to perform practices to understand the details of the each topics.
This document discusses Docker and how it powers the Eclipse Che IDE platform. It provides an overview of Docker concepts like containers, images, and orchestration. It also demonstrates how to build a sample Spring Boot app as a Docker image and run it as a container. Finally, it outlines the agenda for the CheConf2016 conference, including sessions on deploying Che on OpenShift and building an IoT IDE with Che.
Docker Azure Friday OSS March 2017 - Developing and deploying Java & Linux on...Patrick Chanezon
This document provides an overview of developing and deploying Java applications on Azure using Docker. It discusses using Docker to build Java applications, running containers, and deploying stacks. It also covers Docker Enterprise Edition, including subscriptions, certifications, and security features. Finally, it demonstrates using Docker on Azure, such as with Azure Container Service, and shows examples of building, running, and deploying Java applications with Docker.
Dev opsec dockerimage_patch_n_lifecyclemanagement_2019kanedafromparis
This document discusses Kubernetes application lifecycle management with a focus on patch management. It begins with a reminder about Docker concepts like namespaces, containers, images and layers. It then provides a brief introduction to Kubernetes, discussing pods, services, deployments and replicasets. The document notes that failures can be quickly fixed during development, but patches are less frequent for production applications. It discusses tools for scanning for Common Vulnerabilities and Exposures (CVEs) and automating updates. Finally, it mentions some difficulties encountered with patching and proposed organizational solutions.
Docker Devoxx UK - Never mind the bollocks here's the Linux ContainersPatrick Chanezon
This document summarizes the history and current state of containerization technologies. It discusses early implementations in mainframes and virtualization in the 1990s. It then covers the rise of Docker in 2013 which enabled "write once, run anywhere" for applications. The document also outlines the Docker platform and tools like Docker Hub, Docker Machine, and Docker Compose. It discusses orchestration technologies like Docker Swarm and Kubernetes. Finally, it briefly mentions other container-focused companies and platforms like Tutum, Flocker, and Weave.
présentation de l'utilisation de Docker, du niveau 0 "je joue avec sur mon poste" au niveau Docker Hero "je tourne en prod".
Ce talk fait suite à l'intro de @dgageot et ne comporte donc pas l'intro "c'est quoi Docker ?".
Revolutionizing the cloud with container virtualizationWSO2
This document discusses container virtualization and key related technologies. It begins with an overview of virtualization and the hypervisor model. It then covers Linux containers and the kernel features they use like namespaces, cgroups, AppArmor, and SELinux. Popular container tools like LXC, Docker, CoreOS, and Kubernetes are introduced. The document argues that containers make it possible to run multiple isolated environments on one host more efficiently than virtual machines, improving cloud deployment.
This document discusses the evolution of Linux container virtualization, including technologies like LXC, Docker, CoreOS, and Kubernetes. It provides an overview of key concepts in virtualization like namespaces, cgroups, AppArmor, SELinux, and seccomp. It also summarizes features of Linux container engines like LXC, and container platforms like Docker, CoreOS, and the Kubernetes container cluster management system.
Docker - Demo on PHP Application deployment Arun prasath
Docker is an open-source project to easily create lightweight, portable, self-sufficient containers from any application. The same container that a developer builds and tests on a laptop can run at scale, in production, on VMs, bare metal, OpenStack clusters, public clouds and more.
In this demo, I will show how to build a Apache image from a Dockerfile and deploy a PHP application which is present in an external folder using custom configuration files.
Docker moves very fast, with an edge channel released every month and a stable release every 3 months. Patrick will talk about how Docker introduced Docker EE and a certification program for containers and plugins with Docker CE and EE 17.03 (from March), the announcements from DockerCon (April), and the many new features planned for Docker CE 17.05 in May.
This talk will be about what's new in Docker and what's next on the roadmap
This document provides an overview of Kubernetes including:
1) Kubernetes is an open-source platform for automating deployment, scaling, and operations of containerized applications. It provides container-centric infrastructure and allows for quickly deploying and scaling applications.
2) The main components of Kubernetes include Pods (groups of containers), Services (abstract access to pods), ReplicationControllers (maintain pod replicas), and a master node running key components like etcd, API server, scheduler, and controller manager.
3) The document demonstrates getting started with Kubernetes by enabling the master on one node and a worker on another node, then deploying and exposing a sample nginx application across the cluster.
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Patrick Chanezon
Docker provides an integrated and opinionated toolset to build, ship and run distributed applications. Over the past year, the Docker codebase has been refactored extensively to extract infrastructure plumbing components that can be used independently, following the UNIX philosophy of small tools doing one thing well: runC, containerd, swarmkit, hyperkit, vpnkit, datakit and the newly introduced InfraKit.
This talk will give an overview of these tools and how you can use them to build your own distributed systems without Docker.
Patrick Chanezon & David Chung, Docker & Phil Estes, IBM
Overview of Docker 1.11 features(Covers Docker release summary till 1.11, runc/containerd, dns load balancing ipv6 service discovery, labels, macvlan/ipvlan)
Networking in docker ee with kubernetes and swarmDocker, Inc.
Now that Docker Enterprise Edition has added Kubernetes there are two models for networking in the platform. In this talk, we will review the pros and cons of each approach and how they co-exist in the Docker container platform. We will then show you how to achieve your application networking design goals under either model in the Docker platform, including segmentation, multi-tenancy, isolation and security. Whether you choose to go with Docker Swarm or Kubernetes (or both) for orchestration, you will walk away from this session knowing what effect that will have on your network design and how to accomplish your desired result.
Linux uses /proc/iomem as a "Rosetta Stone" to establish relationships between software and hardware. /proc/iomem maps physical memory addresses to devices, similar to how the Rosetta Stone helped map Egyptian hieroglyphs to Greek and decode ancient Egyptian texts. This virtual file allows the kernel to interface with devices by providing address translations between physical and virtual memory spaces.
Best Practices for Running Kafka on Docker ContainersBlueData, Inc.
Docker containers provide an ideal foundation for running Kafka-as-a-Service on-premises or in the public cloud. However, using Docker containers in production environments for Big Data workloads using Kafka poses some challenges – including container management, scheduling, network configuration and security, and performance.
In this session at Kafka Summit in August 2017, Nanda Vijyaydev of BlueData shared lessons learned from implementing Kafka-as-a-Service with Docker containers.
https://kafka-summit.org/sessions/kafka-service-docker-containers
This document discusses HTTP and DNS. It explains that DNS is used to resolve domain names like taobao.com to IP addresses like 110.75.115.70. It also lists common HTTP status codes like 200 for OK and 404 for Not Found. HTTP headers are described, including Request headers like method and path, and Response headers like Content-Length. Links are provided for further reading on HTTP, DNS, status codes, and the domain name system.
This document discusses version control and Git. It begins with an introduction to why version control is useful. It then covers setting up Git, basic Git commands like add, commit, diff and log. It discusses checking out different commits, branches, merging, pushing and pulling from remote repositories. It introduces concepts like stash, remote repositories, cloning and the Gitflow branching model.
The document discusses code review and AJAX techniques. It includes links to the author's GitHub page, SlideShare profile, and Twitter account. It also covers HTML, JavaScript, DOM manipulation, making AJAX calls, caching data, and plagiarism.
This document appears to be notes from a product manager tracking multiple projects, issues, and tasks. It includes sections for a website project with various tasks and bugs assigned as "todo", "in progress", "in review", and "done". Another section discusses developing a master tag and task #216 being completed. Overall it provides a high-level overview of a product manager's work tracking projects, tasks, bugs and issues across versions.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
2. What is Docker
Docker is an open platform for developers and sysadmins to
build, ship, and run distributed applications, whether on
laptops,data center VMs, or the cloud.
核心技术=LXC + AUFS
3. How LXC works
Kernel namespaces (ipc, uts, mount, pid, network and user)
Apparmor and SELinux profiles
Seccomp policies
Chroots (using pivot_root)
Kernel capabilities
CGroups (control groups)
11. docker-compose
Compose is a tool for defining and running multi-container
Docker applications. With Compose, you use a Compose file to
configure your application's services. Then, using a single
command, you create and start all the services from your
configuration.
人话版本:命令行太复杂了,把参数配置化,用来大规模应用的编排