rkt is a modern container runtime, built for security, efficiency, and composability. Kubernetes is a modern cluster orchestration system allowing users. Kubernetes doesn't directly execute application containers but instead delegate to a container runtime, which is integrated at the kubelet (node) level. When Kubernetes first launched, the only supported container runtime was Docker - but in recent months, we've been hard at work integrating rkt as an alternative container runtime, aka "rktnetes". The goal of "rktnetes" is to have first-class integration between rkt and the kubelet, and allow Kubernetes users to take advantage of some of rkt's unique features.
This talk will describe how rkt works, some of the features that make it unique as a container runtime, and some of the process of integrating an alternative container runtime with Kubernetes, as well as the latest state of "rktnetes."Introduction to rkt, including special/unique features.
Sched Link: http://sched.co/6BY7
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeAcademy
Kurma is a open source container runtime that is based on the container instrumentation built into the Apcera Platform. Kurma, and its accompanied "KurmaOS" is our vision of a lightweight, fully containerized operating system.
This presentation will cover Apcera's journey in its container
instrumentation. Beginning with the pre-Docker landscape, how it grew over the course of 3+ years, and the "next-gen" adaption of it, where the base container instrumentation has been adapted to stand as its own open source project, and growing it to be used beyond just Apcera's own usage.
Kurma incorporates a lot of lessons learned with both development and operations of a container platform, including building modular vs monolith, extensibility being built in vs built on, and managing a cluster of hosts and containers.
We'll also cover our experiences with introducing it to Kubernetes as another first class runtime provider. Taking how Kurma works and have it work with Kubernetes, and how we'd like to see Kubernetes grow in some of the areas we see Kurma growing.
Sched Link: http://sched.co/6BlW
KubeCon EU 2016: Killing containers to make weather beautifulKubeAcademy
The Met Office Informatics Lab includes scientists, developers and designers. We build prototypes exploring new technologies to make environmental data useful. Here we describe a recent project to process multi-dimensional weather data to create a fully interactive 4D browser application. We used long-running containers to serve data and web pages and short-running processes to ingest and compress the data. Forecast data is issued every three hours so our data ingestion goes through regular and predictable bursts (i.e. perfect for autoscaling).
We built a Kubernetes cluster in an AWS group which auto-scales based on load. We used replication controllers to process the data. Every three hours ingestion jobs are added to a queue and the number of ingestion containers are set in proportion to the queue length. Each worker completes exactly one ingestion job from the queue and then exits, at which point Kubernetes creates a new one to process the next message. This has allowed us to remove the lifespan logic from the containers and keep them light, fast and massively scalable. We are now in the process of using this in our production systems.
Sched Link: http://sched.co/6BWQ
Docker Engine Evolution: From Monolith to Discrete ComponentsPhil Estes
A talk given on Tuesday and Wednesday the 27th and 28th of February 2018 at the Docker Mountain View and Docker SF meetup groups. In this talk, Docker Captain Phil Estes provides a history of the Docker engine from its early days as a single statically linked binary providing all the Docker engine functions to today's Moby and Docker CE projects comprising multiple projects and layers, including the Open Container Initiative (OCI) specifications and runC implementation, and the Cloud Native Computing Foundation (CNCF) containerd project. This talk also describes how these lower layer components spun out from Docker are being used to enhance other projects and offerings in the container ecosystem.
In-Cluster Continuous Testing Framework for Docker ContainersNeil Gehani
Just like a tugboat brings containers safely to port, “Tugbot” will do the same for running quality Docker containers in production . Tugbot makes Continuous Testing REAL. Any kind of test (including performance, chaos, and security) can be run with 5 lines in a “Test Container” Dockerfile. Leveraging the Docker LABEL and Docker Remote API, we will show how this simplifies testing for services running in docker containers while standardizing results collected for analytics to continuously improve the quality of software. We believe that this will be the first step in “social testing” for containers like github has done for social coding.
It's 2018. Are My Containers Secure Yet!?Phil Estes
A talk given at DevOps Pro Vilnius on March 15, 2018 about container security. In this talk we discussed the core topics around the container ecosystem (host, runtime, image) applicable to both Docker and Kubernetes, as well as discussing usable security/secure by default, and defense in depth principles. Also discussed were security futures like Project Grafeas, libentitlement, LinuxKit concepts, and trusted/untrusted container runtimes in Kubernetes.
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
These slides are from a talk presented at the Docker Athens meetup on Thursday, May 31, 2018. They start by covering the evolution of the Docker engine of 2014/2015 into the separate components of OCI runc, (now) CNCF containerd, and the Docker client and daemon projects. Finally, various use cases for the CNCF containerd "core container runtime" project are detailed, from the Docker engine itself to serverless frameworks like OpenWhisk, to the container runtime interface (CRI) within Kubernetes.
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesPhil Estes
A talk given at Cloud Native London meetup, February 6, 2018 on the role of container runtimes in Kubernetes, the introduction of the Container Runtime Interface (CRI), and the history of containerd and it's use as a CRI implementing container runtime for Kubernetes.
KubeCon EU 2016: Bringing an open source Containerized Container Platform to ...KubeAcademy
Kurma is a open source container runtime that is based on the container instrumentation built into the Apcera Platform. Kurma, and its accompanied "KurmaOS" is our vision of a lightweight, fully containerized operating system.
This presentation will cover Apcera's journey in its container
instrumentation. Beginning with the pre-Docker landscape, how it grew over the course of 3+ years, and the "next-gen" adaption of it, where the base container instrumentation has been adapted to stand as its own open source project, and growing it to be used beyond just Apcera's own usage.
Kurma incorporates a lot of lessons learned with both development and operations of a container platform, including building modular vs monolith, extensibility being built in vs built on, and managing a cluster of hosts and containers.
We'll also cover our experiences with introducing it to Kubernetes as another first class runtime provider. Taking how Kurma works and have it work with Kubernetes, and how we'd like to see Kubernetes grow in some of the areas we see Kurma growing.
Sched Link: http://sched.co/6BlW
KubeCon EU 2016: Killing containers to make weather beautifulKubeAcademy
The Met Office Informatics Lab includes scientists, developers and designers. We build prototypes exploring new technologies to make environmental data useful. Here we describe a recent project to process multi-dimensional weather data to create a fully interactive 4D browser application. We used long-running containers to serve data and web pages and short-running processes to ingest and compress the data. Forecast data is issued every three hours so our data ingestion goes through regular and predictable bursts (i.e. perfect for autoscaling).
We built a Kubernetes cluster in an AWS group which auto-scales based on load. We used replication controllers to process the data. Every three hours ingestion jobs are added to a queue and the number of ingestion containers are set in proportion to the queue length. Each worker completes exactly one ingestion job from the queue and then exits, at which point Kubernetes creates a new one to process the next message. This has allowed us to remove the lifespan logic from the containers and keep them light, fast and massively scalable. We are now in the process of using this in our production systems.
Sched Link: http://sched.co/6BWQ
Docker Engine Evolution: From Monolith to Discrete ComponentsPhil Estes
A talk given on Tuesday and Wednesday the 27th and 28th of February 2018 at the Docker Mountain View and Docker SF meetup groups. In this talk, Docker Captain Phil Estes provides a history of the Docker engine from its early days as a single statically linked binary providing all the Docker engine functions to today's Moby and Docker CE projects comprising multiple projects and layers, including the Open Container Initiative (OCI) specifications and runC implementation, and the Cloud Native Computing Foundation (CNCF) containerd project. This talk also describes how these lower layer components spun out from Docker are being used to enhance other projects and offerings in the container ecosystem.
In-Cluster Continuous Testing Framework for Docker ContainersNeil Gehani
Just like a tugboat brings containers safely to port, “Tugbot” will do the same for running quality Docker containers in production . Tugbot makes Continuous Testing REAL. Any kind of test (including performance, chaos, and security) can be run with 5 lines in a “Test Container” Dockerfile. Leveraging the Docker LABEL and Docker Remote API, we will show how this simplifies testing for services running in docker containers while standardizing results collected for analytics to continuously improve the quality of software. We believe that this will be the first step in “social testing” for containers like github has done for social coding.
It's 2018. Are My Containers Secure Yet!?Phil Estes
A talk given at DevOps Pro Vilnius on March 15, 2018 about container security. In this talk we discussed the core topics around the container ecosystem (host, runtime, image) applicable to both Docker and Kubernetes, as well as discussing usable security/secure by default, and defense in depth principles. Also discussed were security futures like Project Grafeas, libentitlement, LinuxKit concepts, and trusted/untrusted container runtimes in Kubernetes.
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
These slides are from a talk presented at the Docker Athens meetup on Thursday, May 31, 2018. They start by covering the evolution of the Docker engine of 2014/2015 into the separate components of OCI runc, (now) CNCF containerd, and the Docker client and daemon projects. Finally, various use cases for the CNCF containerd "core container runtime" project are detailed, from the Docker engine itself to serverless frameworks like OpenWhisk, to the container runtime interface (CRI) within Kubernetes.
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesPhil Estes
A talk given at Cloud Native London meetup, February 6, 2018 on the role of container runtimes in Kubernetes, the introduction of the Container Runtime Interface (CRI), and the history of containerd and it's use as a CRI implementing container runtime for Kubernetes.
Docker for Java Developers - Fabiane Nardon and Arun guptaDocker, Inc.
Docker provides PODA (Package Once Deploy Anywhere) and complements WORA (Write Once Run Anywhere) provided by Java. It also helps you reduce the impedance mismatch between dev, test, and production environment and simplifies Java application deployment. In this talk, Arun Gupta, Java Champion and Docker Captain and Fabiane Nardon, Java Champion, will explain how to run and package your Java application with Docker including sharing your Java application using Docker Hub. In addition, they will cover: * Deploying your Java application using Maven * Deploying your application using Docker for AWS * Scaling Java services with Docker Engine swarm mode * Packaging your multi-container application and use service discovery * Monitoring your Docker + Java applications * Building a deployment pipeline using common tools.
Leveraging the Power of containerd Events - Evan HazlettDocker, Inc.
containerd provides the low-level functionality that enables the Docker Engine to run containers. containerd events provide a simple, yet powerful mechanism to integrate with virtually any other system with minimal effort. This talk will cover what containerd events are and how to use them for integration with systems ranging from monitoring and logging to container networking using CNI (Container Network Interface) plugins.
CRI Runtimes Deep-Dive: Who's Running My Pod!?Phil Estes
A talk given at QCon NYC on Wednesday, June 27, 2018 in the Container track, focused on helping developers understand the inner workings of pluggable container runtimes in the Kubernetes world. The second half of this talk is not available in slide form, but should be available via QCon video. The non-slide talk content included hands-on-keyboard demonstrations of various tools which can be used to investigate and introspect kubelet and pod -> container runtime boundaries and details, all shown in IBM Cloud using the containerd runtime underneath a Kubernetes 1.11 cluster.
Kubernetes has been a key component for many companies to reduce technical debt in infrastructure by:
• Fostering the Adoption of Docker
• Simplifying Container Management
• Onboarding Developers On Infrastructure
• Unlocking Continuous Integration and Delivery
During this meetup we are going to discuss the following topics and share some best practices
• What's new with Kubernetes 1.3
• Generate Cluster Configuration using CloudFormation
• Deploy Kubernetes Clusters on AWS
• Scaling the Cluster
• Integrating Ingress with Elastic Load Balancer
• Using Internal ELB's as Kubernetes' Service
• Using EBS for persistent volumes
• Integrating Route53
Docker & GitLab as a Continuous Integration platform. In this talk we describe how we use gitlab and docker as a platform to implement Continuous Integration in a simple and effective weay.
Nowadays we cannot imagine development without Continuous Integration, the advance level of software engineering is Continuous Delivery. There are a lot of noise around this topic however successful implementations are still rare.
In this topic I'm going to share how to implement CI/CD in simple and efficient way using Fabric8.
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDocker, Inc.
Presented by Evan Krall, Site Reliability Engineer, Yelp
Docker is an amazing technology. In particular, its build-once-run-anywhere model unlocks the world of cluster schedulers like Mesos and Kubernetes. These solve many of the problems of running high-scale websites, but introduce new challenges that need addressing.
In this talk, Evan will describe PaaSTA, a PaaS built on top of open source tools including Docker, Mesos, Marathon, and Chronos. PaaSTA provides tooling for developers to quickly turn their microservice into a monitored, highly available application spanning multiple datacenters and cloud regions. Evan will give an overview of the open-source technologies that power PaaSTA, discuss how Yelp has glued these together to give developers control without burdening them with the complexities of the infrastructure, and show the workflow used by developers to update and maintain their services on PaaSTA.
Docker Platform Internals: Taking runtimes and image creation to the next lev...Docker, Inc.
In this session, we'll go into details about the latest developments around some of the components behind the core features of the Docker Platform. We'll cover the containerd runtime that was built to serve as an underlying daemon for Docker and Kubernetes, and BuildKit, a toolkit that builds on containerd to provide next-generation capabilities for building software with the help of containers. You will learn about the architecture and design choices of these projects, for example, the power of containerd's rich client library and BuildKit's frontend model that allows introducing new build languages or Dockerfile features. You can discover how you can use these projects directly and how they are being integrated into the Docker Platform.
Cloud native applications are popular these days – applications that run in the cloud reliably und scale almost arbitrarily. They follow three key principles: they are built and composed as micro services. They are packaged and distributed in containers. The containers are executed dynamically in the cloud. Kubernetes is an open-source cluster manager for the automated deployment, scaling and management of cloud native applications. In this hands-on session we will introduce the core concepts of Kubernetes and then show how to build, package and operate a cloud native showcase application on top of Kubernetes step-by-step. Throughout this session we will be using an off-the-shelf MIDI controller to demonstrate and visualize the concepts and to remote control Kubernetes. This session has been presented at the ContainerCon Europe 2016 in Berlin. #qaware #cloudnativenerd #LinuxCon #ContainerCon
An Open Source Story: Open Containers & Open CommunitiesPhil Estes
A talk given at All Thing Open's Open Source 101 event at NC State University, Raleigh, North Carolina on Saturday, 17th February, 2018.
This talk covered some interesting history lessons of the Docker open source project and inter-vendor tensions. If you were not at this talk do not read intent into these slides as this was truly an attempt at a "blame-free" post-mortem of the important topics of open source, governance, and foundations as it related to the extremely popular Docker open source project.
Monitoring, Logging and Tracing on KubernetesMartin Etmajer
In this presentation, I'll describe a variety of tools, like the Kubernetes Dashboard, Heapster, Grafana, Fluentd, Elasticsearch, Kibana, Jolokia and OpenTracing to bring Monitoring, Logging and Tracing to the Kubernetes container platform.
Presentation given on Sunday, February 4th, 2018 in the containers devroom at FOSDEM 2018. This presentation covers the containerd project background, history, architecture, and current status as a CNCF project used by Docker, Kubernetes, and other projects requiring a stable, performant core container runtime.
Configuration Management and Transforming Legacy Applications in the Enterpri...Docker, Inc.
Share the continuity of Société Générale's journey with Docker Enterprise from different points of view, from executives to devops, with CD platform as an enabler. Creating a Dockerfile that runs a container on a developer's laptop is pretty straightforward. But extending that to stacks of containers running on a dozen environments (development, integration, testing, staging, production, etc.) with different configuration and topologies can be a challenge. This talk will cover aspects of our journey to Docker Enterprise:
What configuration should go in an image?
Where to put different types of configuration? Images, environment variables, entrypoint, ...?
How to store assets for building images and configuration for deployment in version control.
We will discuss how Société Générale has implemented these, and what we plan next for Docker Enterprise deployment.
OSDC 2016 - rkt and Kubernentes what's new with Container Runtimes and Orches...NETWAYS
Application containers are changing some of the fundamentals of how Linux is used in the server environment. rkt is a daemon-free container runtime with a focus on security. rkt is also an implementation of the App Container (appc) runtime specification, which defines the concept of a pod: a grouping of multiple containerized applications in a single execution unit. Pods are also used as the abstraction within Kubernetes, and having rkt work natively with pods makes it uniquely suited as a Kubernetes container runtime engine. With different application container runtimes on Linux to choose from (including Docker, kurma and rkt) this session will cover the differences. It will also dive into use cases for rkt under Kubernetes.
OSDC 2016 | rkt and Kubernetes: What’s new with Container Runtimes and Orches...NETWAYS
Application containers are changing some of the fundamentals of how Linux is used in the server environment. rkt is a daemon-free container runtime with a focus on security. rkt is also an implementation of the App Container (appc) runtime specification, which defines the concept of a pod: a grouping of multiple containerized applications in a single execution unit. Pods are also used as the abstraction within Kubernetes, and having rkt work natively with pods makes it uniquely suited as a Kubernetes container runtime engine. With different application container runtimes on Linux to choose from (including Docker, kurma and rkt) this session will cover the differences. It will also dive into use cases for rkt under Kubernetes.
Docker for Java Developers - Fabiane Nardon and Arun guptaDocker, Inc.
Docker provides PODA (Package Once Deploy Anywhere) and complements WORA (Write Once Run Anywhere) provided by Java. It also helps you reduce the impedance mismatch between dev, test, and production environment and simplifies Java application deployment. In this talk, Arun Gupta, Java Champion and Docker Captain and Fabiane Nardon, Java Champion, will explain how to run and package your Java application with Docker including sharing your Java application using Docker Hub. In addition, they will cover: * Deploying your Java application using Maven * Deploying your application using Docker for AWS * Scaling Java services with Docker Engine swarm mode * Packaging your multi-container application and use service discovery * Monitoring your Docker + Java applications * Building a deployment pipeline using common tools.
Leveraging the Power of containerd Events - Evan HazlettDocker, Inc.
containerd provides the low-level functionality that enables the Docker Engine to run containers. containerd events provide a simple, yet powerful mechanism to integrate with virtually any other system with minimal effort. This talk will cover what containerd events are and how to use them for integration with systems ranging from monitoring and logging to container networking using CNI (Container Network Interface) plugins.
CRI Runtimes Deep-Dive: Who's Running My Pod!?Phil Estes
A talk given at QCon NYC on Wednesday, June 27, 2018 in the Container track, focused on helping developers understand the inner workings of pluggable container runtimes in the Kubernetes world. The second half of this talk is not available in slide form, but should be available via QCon video. The non-slide talk content included hands-on-keyboard demonstrations of various tools which can be used to investigate and introspect kubelet and pod -> container runtime boundaries and details, all shown in IBM Cloud using the containerd runtime underneath a Kubernetes 1.11 cluster.
Kubernetes has been a key component for many companies to reduce technical debt in infrastructure by:
• Fostering the Adoption of Docker
• Simplifying Container Management
• Onboarding Developers On Infrastructure
• Unlocking Continuous Integration and Delivery
During this meetup we are going to discuss the following topics and share some best practices
• What's new with Kubernetes 1.3
• Generate Cluster Configuration using CloudFormation
• Deploy Kubernetes Clusters on AWS
• Scaling the Cluster
• Integrating Ingress with Elastic Load Balancer
• Using Internal ELB's as Kubernetes' Service
• Using EBS for persistent volumes
• Integrating Route53
Docker & GitLab as a Continuous Integration platform. In this talk we describe how we use gitlab and docker as a platform to implement Continuous Integration in a simple and effective weay.
Nowadays we cannot imagine development without Continuous Integration, the advance level of software engineering is Continuous Delivery. There are a lot of noise around this topic however successful implementations are still rare.
In this topic I'm going to share how to implement CI/CD in simple and efficient way using Fabric8.
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDocker, Inc.
Presented by Evan Krall, Site Reliability Engineer, Yelp
Docker is an amazing technology. In particular, its build-once-run-anywhere model unlocks the world of cluster schedulers like Mesos and Kubernetes. These solve many of the problems of running high-scale websites, but introduce new challenges that need addressing.
In this talk, Evan will describe PaaSTA, a PaaS built on top of open source tools including Docker, Mesos, Marathon, and Chronos. PaaSTA provides tooling for developers to quickly turn their microservice into a monitored, highly available application spanning multiple datacenters and cloud regions. Evan will give an overview of the open-source technologies that power PaaSTA, discuss how Yelp has glued these together to give developers control without burdening them with the complexities of the infrastructure, and show the workflow used by developers to update and maintain their services on PaaSTA.
Docker Platform Internals: Taking runtimes and image creation to the next lev...Docker, Inc.
In this session, we'll go into details about the latest developments around some of the components behind the core features of the Docker Platform. We'll cover the containerd runtime that was built to serve as an underlying daemon for Docker and Kubernetes, and BuildKit, a toolkit that builds on containerd to provide next-generation capabilities for building software with the help of containers. You will learn about the architecture and design choices of these projects, for example, the power of containerd's rich client library and BuildKit's frontend model that allows introducing new build languages or Dockerfile features. You can discover how you can use these projects directly and how they are being integrated into the Docker Platform.
Cloud native applications are popular these days – applications that run in the cloud reliably und scale almost arbitrarily. They follow three key principles: they are built and composed as micro services. They are packaged and distributed in containers. The containers are executed dynamically in the cloud. Kubernetes is an open-source cluster manager for the automated deployment, scaling and management of cloud native applications. In this hands-on session we will introduce the core concepts of Kubernetes and then show how to build, package and operate a cloud native showcase application on top of Kubernetes step-by-step. Throughout this session we will be using an off-the-shelf MIDI controller to demonstrate and visualize the concepts and to remote control Kubernetes. This session has been presented at the ContainerCon Europe 2016 in Berlin. #qaware #cloudnativenerd #LinuxCon #ContainerCon
An Open Source Story: Open Containers & Open CommunitiesPhil Estes
A talk given at All Thing Open's Open Source 101 event at NC State University, Raleigh, North Carolina on Saturday, 17th February, 2018.
This talk covered some interesting history lessons of the Docker open source project and inter-vendor tensions. If you were not at this talk do not read intent into these slides as this was truly an attempt at a "blame-free" post-mortem of the important topics of open source, governance, and foundations as it related to the extremely popular Docker open source project.
Monitoring, Logging and Tracing on KubernetesMartin Etmajer
In this presentation, I'll describe a variety of tools, like the Kubernetes Dashboard, Heapster, Grafana, Fluentd, Elasticsearch, Kibana, Jolokia and OpenTracing to bring Monitoring, Logging and Tracing to the Kubernetes container platform.
Presentation given on Sunday, February 4th, 2018 in the containers devroom at FOSDEM 2018. This presentation covers the containerd project background, history, architecture, and current status as a CNCF project used by Docker, Kubernetes, and other projects requiring a stable, performant core container runtime.
Configuration Management and Transforming Legacy Applications in the Enterpri...Docker, Inc.
Share the continuity of Société Générale's journey with Docker Enterprise from different points of view, from executives to devops, with CD platform as an enabler. Creating a Dockerfile that runs a container on a developer's laptop is pretty straightforward. But extending that to stacks of containers running on a dozen environments (development, integration, testing, staging, production, etc.) with different configuration and topologies can be a challenge. This talk will cover aspects of our journey to Docker Enterprise:
What configuration should go in an image?
Where to put different types of configuration? Images, environment variables, entrypoint, ...?
How to store assets for building images and configuration for deployment in version control.
We will discuss how Société Générale has implemented these, and what we plan next for Docker Enterprise deployment.
OSDC 2016 - rkt and Kubernentes what's new with Container Runtimes and Orches...NETWAYS
Application containers are changing some of the fundamentals of how Linux is used in the server environment. rkt is a daemon-free container runtime with a focus on security. rkt is also an implementation of the App Container (appc) runtime specification, which defines the concept of a pod: a grouping of multiple containerized applications in a single execution unit. Pods are also used as the abstraction within Kubernetes, and having rkt work natively with pods makes it uniquely suited as a Kubernetes container runtime engine. With different application container runtimes on Linux to choose from (including Docker, kurma and rkt) this session will cover the differences. It will also dive into use cases for rkt under Kubernetes.
OSDC 2016 | rkt and Kubernetes: What’s new with Container Runtimes and Orches...NETWAYS
Application containers are changing some of the fundamentals of how Linux is used in the server environment. rkt is a daemon-free container runtime with a focus on security. rkt is also an implementation of the App Container (appc) runtime specification, which defines the concept of a pod: a grouping of multiple containerized applications in a single execution unit. Pods are also used as the abstraction within Kubernetes, and having rkt work natively with pods makes it uniquely suited as a Kubernetes container runtime engine. With different application container runtimes on Linux to choose from (including Docker, kurma and rkt) this session will cover the differences. It will also dive into use cases for rkt under Kubernetes.
As we move to our application units to containers most people are asking themselves the question about orchestrator choice. That is not the only choice that’s important, what about the underlying container runtime? In this talk, we will look at why you would use containerD with runC with both Swarm and Kubernetes, but other uses for ContainerD like container OS’s to ship immutable infrastructure.
Enabling Security via Container RuntimesPhil Estes
A talk given at the Google-hosted Container Security Summit on Wednesday, February 12th, 2020 in Seattle, Washington. This talk covered the impact of work done at the lower-level runtimes layer and up through layers like cri-o, containerd, and Docker to bring specific security features to overall platforms like Kubernetes.
For this info-packed and hands-on workshop we cover:
📍 Introduction to Kubernetes & GitOps talk:
We cover the most popular path that has brought success to many users already - GitOps as a natural evolution of Kubernetes. We'll give an overview of how you can benefit from Kubernetes and GitOps: greater security, reliability, velocity and more. Importantly, we cover definitions and principles standardized by the CNCF's OpenGitOps group and what it means for you.
📍 Get Started with GitOps:
You'll have GitOps up and running in about 30 mins using our free and open source tools! We'll give a brief vision of where you want to be with those security, reliability, and velocity benefits, and then we'll support you while go through the getting started steps. During the workshop, you'll also experience in action and see demos for:
- an opinionated repo structure to minimize decision fatigue
- disaster recovery using GitOps
- Helm charts example
- Multi-cluster example
- all with free and open source tools mostly in the CNCF (eg. Flux and Helm).
If you have questions before or after the workshop, talk to us at #weave-gitops http://bit.ly/WeaveGitOpsSlack (If you need to invite yourself to the Slack, visit https://slack.weave.works/)
Internal presentation of Docker, Lightweight Virtualization, and linux Containers; at Spotify NYC offices, featuring engineers from Yandex, LinkedIn, Criteo, and NASA!
Method of NUMA-Aware Resource Management for Kubernetes 5G NFV Clusterbyonggon chun
Introduce the container runtime environment which is set up with Kubernetes and various CRI runtimes(Docker, Containerd, CRI-O) and the method of NUMA-aware resource management(CPU Manager, Topology Manager, Etc) for CNF(Containerized Network Function) within Kubernetes and related issues.
Introduction to Docker, December 2014 "Tour de France" EditionJérôme Petazzoni
Docker, the Open Source container Engine, lets you build, ship and run, any app, anywhere.
This is the presentation which was shown in December 2014 for the "Tour de France" in Paris, Lille, Lyon, Nice...
Docker is an open platform for developers and system administrators to build, ship and run distributed applications. Using Docker, companies in Jordan have been able to build powerful system architectures that allow speeding up delivery, easing deployment processes and at the same time cutting major hosting costs.
George Khoury shares his experience at Salalem in building flexible and cost effective architectures using Docker and other tools for infrastructure orchestration. The result allows them to easily and quickly move between different cloud providers.
LCU14 310- Cisco ODP
---------------------------------------------------
Speaker: Robbie King
Date: September 17, 2014
---------------------------------------------------
★ Session Summary ★
Cisco to present their experience using ODP to provide portable accelerated access to crypto functions on various SoCs.
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137757
Google Event: https://plus.google.com/u/0/events/ckmld1hll5jjijq11frbqmptet8
Video: https://www.youtube.com/watch?v=eFlTmslVK-Y&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-310
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Poďme sa porozprávať prečo sú najväčší poskytovatelia webových služieb tak úspešný, aké technológie používajú, čo sú to tie mikroservisy a ako do toho všetkého zapadá nový OpenShift 3.
Jakub je vývojár OpenShift platformy, open-source nadšenec, ktorý okrem programovania v rozličných jayzkoch ako Go, Ruby, JavaScript nemá problém ani s grafikou a designom.
KubeCon EU 2016: Distributed containers in the physical worldKubeAcademy
The building industry in the world today is at large, far behind the rest of the world, technically. Alongside this, it is at threat of being dominated by a small selection of software vendors. These vendors push specific software solutions to the technically unskilled consumers in the AEC industry. The software they provide however is monolithic, native and heavy. Containers, distributed computing, and open source microservices and applications offer a solution to turn the construction industries future on its head. When computing is ubiquitous in our buildings with the internet of things, the whole way we think about building design has to change. We need to think in advance about how our applications which will run our buildings are developed. Each building is bespoke and the offers currently on the software market simply wont fit the bill in the near future. We are trying to develop a kubernetes based platform to lay the foundations for the future of lightweight bespoke apps developed for our built environment.
Sched Link:
KubeCon EU 2016: ChatOps and Automatic Deployment on KubernetesKubeAcademy
ChatOps is a term often credited to GitHub, and it is all about putting the tools in the middle of the conversations. At Unacast, most of our conversations go through Slack. When we integrated ChatOps into our workflow, we got the tools closer to the conversation.
We are using a version of GitHub Flow for our development process. That means all new features goes in a branch, someone opens a pull request and we merge continuously from master into the feature branch. When we have something that is ready to deploy to a server we trigger a deploy of the branch to a test environment. When the new feature gets verified it gets deployed to production, gets verified again, and then merged back into master. This workflow enables us to maintain a clean master branch so we can roll back in case something fails.
Sched Link: http://sched.co/67c1
KubeCon EU 2016: A Practical Guide to Container SchedulingKubeAcademy
Containers are at the forefront of a new wave of technology innovation but the methods for scheduling and managing them are still new to most developers. In this talk we'll look at the kind of problems that container scheduling solves and at how maximising efficiency and maiximising QoS don't have to be exclusive goals. We'll take a behind the scenes look at the Kubernetes scheduler: How does it prioritize? What about node selection and external dependencies? How do you schedule based on your own specific needs? How does it scale and what’s in it both for developers already using containers and for those that aren't? We’ll use a combination of slides, code, demos to answer all these questions and hopefully all of yours.
Sched Link: http://sched.co/6BZa
We will present the latest iteration of our sample trading application, Reactive Trader (previous iteration - http://adaptiveconsulting.github.io/ReactiveTraderJS). This is built on Google Cloud Platform, Kubernetes and Docker and has a Microservices architecture.
Sched Link: http://sched.co/6BUp
KubeCon EU 2016: Integrated trusted computing in KubernetesKubeAcademy
Being able to trust your containers requires that you be able to trust the systems your containers are running on. Trusted computing makes it possible for computers to prove what they’ve booted, making it practical for clusters to verify that systems haven’t been compromised, but up until now it’s been a heroic task to deploy a trusted computing environment.
This presentation will describe the integration of trusted computing technologies into Kubernetes, making it possible to define policies that provide fine-grained access control to cluster resources and distribute secrets in a secure manner. It will then introduce functionality added to the rkt runtime, making it possible to extend trusted computing from initial system state to validation of individual containers.
Sched Link: http://sched.co/67eX
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeAcademy
One of the most underrated features of Kubernetes is namespaces. In the market, instead of using this feature, people are still stuck with having different clusters for their environments. This talk will try to break this approach, and will introduce how we end up using ephemeral namespaces within our CI/CD pipeline. It will cover the architecture of our system for running the user acceptance tests on isolated ephemeral namespaces with every bits and pieces running within pods. While doing this, we will set up our CI/CD pipeline on top of TravisCI, GoCD, and Selenium that is controlled by Nightwatch.js.
Sched Link: http://sched.co/6Bcb
KubeCon EU 2016: Secure, Cloud-Native Networking with Project CalicoKubeAcademy
Why does the network matter and why does it need to be simple (the 3am test)? Why should we build networks that scale to the extremes and how can we do that with proven technologies? Finally, how can we secure microservices, why should we bother, and what does this mean for developers and operators?
Sched Link: http://sched.co/6BUR
Arkena's video-on-demand platform is used as backend by major european channels (TF1 / beIN SPORTS / Elisa) to propose a non-linear experience to their customers.
Previously hosted on Heroku, the number of our users is increasing constantly. In order to optimize resources we decided to move on a bare metal infrastructure powered by Kubernetes.
We'll share thoughts, feedbacks and technical details about this successful transition.
Sched Link:
KubeCon EU 2016: Transforming the Government KubeAcademy
This talk is documents the UK Home Office's cloud-native journey, changing how we did devops forever!
At the UK Home Office, we run Kubernetes in production. This talk is about how we got there, where we came from, where we are right now and where do we want to go from here. We will also cover what things worked out and which things didn't.
From on-boarding projects into Kubernetes to continous delivery, this talk will give you a good understanding of what lies ahead if you decided to take the road to schedule containers in production.
Sched Link: http://sched.co/68xS
KubeCon EU 2016: Getting the Jobs Done With KubernetesKubeAcademy
When you hear words such as Kubernetes or OpenShift you immediately start thinking
about long running processes you can easily scale at will. However, Kubernetes includes a lesser known feature which allows you to run pretty much anything from simple tasks up to highly-complicated ones.
During this presentation, the author of the Job resource in Kubernetes will guide you through several techniques for performing anything ranging from simple Pi calculations to rendering a movie. No matter if you're a data scientist running large scale calculations across several data centers or a hobby programmer running simple day-to-day tasks, this presentation is to teach you how to efficiently use Kubernetes Jobs on their own or as the building blocks of something
bigger.
This presentation will feature a number of live demos to help illustrate the various ways that you can put Jobs to work. Don’t miss out on learning about one of the coolest features of Kubernetes!
Sched Link: http://sched.co/6BUw
KubeCon EU 2016: Kubernetes Storage 101KubeAcademy
You have deployed your application on Kube and now you want to actually do something permanent with it?? You will need STORAGE.
This talk will be a good introduction to using storage in Kubernetes. It will cover the use of EmptyDir, HostPath and Persistent Storage options. How to configure and use each type. This talk will also discuss the security features for storage in the open source OpenShift project.
Sched Link: http://sched.co/6BcS
KubeCon EU 2016: Using Traffic Control to Test Apps in KubernetesKubeAcademy
Testing applications is important, as shown by the rise of continuous integration and automated testing. In this talk, I will focus on one area of testing that is difficult to automate: poor network connectivity. Developers usually work within reliable networking conditions so they might not notice issues that arise in other networking conditions. I will give examples of software that would benefit from test scenarios with varying connectivity. I will explain how traffic control on Linux can help to simulate various network connectivity. Finally, I will run a demo showing how an application running in Kubernetes behaves when changing network parameters.
Sched Link: http://sched.co/6Bb3
KubeCon EU 2016: Kubernetes in Production in The New York Times newsroomKubeAcademy
The New York Times’ is a US media company serves digital journalism to millions of visitors every day. The format of our stories is constantly experimented with; for example we publish graphics based on election data ingested from APIs, question and answer led discussions, breaking news live coverage, and quizzes. This leads to a lot of applications.
Our previous experience with infrastructure may be a familiar one: an unruly number of virtual machines, which led us to containers. Containers give our web developers who are not infrastructure engineers the opportunity to configure and launch their applications with little oversight.
Kubernetes offers us an infrastructure for our numerous applications at scale. Leveraging the Kubernetes API, we’ve built a self-service admin interface for developers (not sysadmins) to configure and launch their applications at scale, similar to the Kubernetes Dashboard project, tailored to our development workflow.
Sched Link: http://sched.co/67f2
KubeCon EU 2016: ITNW (If This Now What): Orchestrating an EnterpriseKubeAcademy
With growing demand for containers in the enterprise, build pipelines are a bottleneck to success. Traditional workflows can't release application candidates quickly enough to fulfill demand. With over 400 development teams across many different business units, Pearson had to move away from massive installs of traditional build pipeline tools and rethink the entire concept. In this talk we'll demonstrate how we have built in security compliance, performance testing, quality assurance, abstracted away complexity, reduced overhead, aim to recover 10% of developers time and turned build tools into cattle.
This represents the story to date of an in-flight engineering project to modernise the digital estate of a global enterprise organisation and how scale of the operation is leading us to challenge many established beliefs. Attendees will walk away with everything from workflows to code which they can use to get started in their own endeavors.
Sched Link:
KubeCon EU 2016: SmartCity IoT on KubernetesKubeAcademy
Modern cities are rapidly adopting smart technologies to deliver realtime data about a number of city services. These technologies heavily rely on a high quality network interconnecting all sensors and reactors as lamps with controlling services. Many low level PLC systems solve the automation, but their purpose is limited to narrow areas of usage as these device have limited computational power. On the other hand, the rise of single-board computers as Raspberry Pi with multi-core processors and plenty of memory can serve as a platform for virtualized services based on Kubernetes. The distributed cluster across whole city on public streetlights gives operators the possibility to adapt to rapidly changing conditions. We propose distribution of HA clusters of single-board devices in key topological points of smart city mesh networks connected together by reliable SDN network. These virtualized services fulfill various tasks as data collection, data processing or and all of these services can rely on cloud backends, that provide much more computational and storage capacity. Services can be operated at both locations to serve local as well as foreign users.
We will share whole concept and architecture of SmartCity project, which covers deployment of more than 3000 endpoints[, both sensoric and reactive devices,] and about 30 smart gateways running in HA mode on Kubernetes Nodes.
Sched Link: http://sched.co/6BUM
KubeCon EU 2016: Templatized Application Configuration on OpenShift and Kuber...KubeAcademy
Kubernetes gives developers a platform on which to run images and many configuration objects to control those images, but constructing a cohesive application made up of images and configuration objects is currently a challenge. Reconstructing or sharing that configuration can also be a challenge. This talk will cover the Template feature implemented in OpenShift to simplify the process of defining and repeatably deploying coordinated objects, discuss what is coming to Kubernetes with respect to this capability, and touch on several other existing projects that enable templatizing application definitions.
Sched Link: http://sched.co/6BVH
KubeCon EU 2016 Keynote: Pushing Kubernetes ForwardKubeAcademy
The Kubernetes community has aspirations of becoming the Linux kernel of distributed systems. Together we want to build a scalable, stable, and secure platform for distributed system that is the ubiquitous choice for people building server infrastructure. This talk will discuss the major community efforts made in recent months to deliver this goal and the work we need to do to continue our momentum.
Sched Link: http://sched.co/68lU
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeAcademy
Load balancing is an important part of any resilient web application. Kubernetes supports a few options for external load balancing, but they are limited in features. After a brief discussion of those options and the features they lack, we’ll show how to build an advanced load balancing solution for Kubernetes on top of NGINX, utilizing Kubernetes features including Ingress, Annotations, and ConfigMap. We’ll conclude with a demo of how to use NGINX and NGINX Plus to expose services to the Internet.
Sched Link: http://sched.co/6Bc9
KubeCon EU 2016: Multi-Tenant KubernetesKubeAcademy
Today Kubernetes is mostly employed in single tenant deployment, either private cloud, or as a COE on top of IaaS. By leveraging virtualized container like Hyper, Kubernetes will be the core of multi-tenant Container-as-a-Service. This talk will present Hypernetes, a secure Kubernetes distro focusing on the public container hosting service.
Sched Link: http://sched.co/6BYD
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
4. Why rkt and Kubernetes?
Why container runtimes
and orchestration?
5. CoreOS, Inc (2013 - today)
Mission: "Secure the Internet"
Started at the OS level: CoreOS Linux
● Modern, minimal operating system
● Self-updating (read-only) image
● Updates must be automatic and seamless
6. Automatic and seamless
● If the OS is always updating, what about
applications running on it?
● Classic use case for containers and orchestration
○ containers decouple the application and OS update
lifecycles (update at different cadences)
○ orchestration decouples application and OS uptime
(services can remain unaffected during OS downtime)
28. ● Large incumbent container tool (in CoreOS)
● Common practices, but few best practices
○ unsigned images (curl | sudo sh -)
○ inefficient/insecure images (FROM ubuntu:14.04)
○ PID1 or not to PID1 (zombie reaping problem)
● New platforms emerging, difficult to integrate
○ systemd + dockerd = sad times had by all
2014
29. ● Enter rkt (and appc)
○ Create an alternative container runtime (competition
drives innovation)
○ Emphasise the importance of security and composability
○ Spur conversation around standards in the application
container ecosystem
2014 (December)
30. a modern, secure container runtime
a simple, composable tool
an implementation of an open standard
34. appc spec in a nutshell
● Image Format (ACI)
○ what does an application consist of?
● Image Discovery
○ how can an image be located?
● Pods
○ how can applications be grouped and run?
● Executor (runtime)
○ what does the execution environment look like?
35. appc spec in a nutshell
● Image Format (ACI)
○ what does an application consist of?
● Image Discovery
○ how can an image be located?
● Pods
○ how can applications be grouped and run?
● Executor (runtime)
○ what does the execution environment look like?
36. ● grouping of applications executing in a shared
context (network, namespaces, volumes)
● shared fate
● the only execution primitive: single applications
are modelled as singleton pods
appc pods
37. appc pods ≈ Kubernetes pods
● grouping of applications executing in a shared
context (network, namespaces, volumes)
● shared fate
● the only execution primitive: single applications
are modelled as singleton pods
38. a modern, secure container runtime
a simple, composable tool (CLI)
an implementation of an open standard (appc)
48. ● primary interface to rkt
● discover, fetch, manage application images
● set up pod filesystems
● manage pod lifecycle
○ rkt run
○ rkt image list
○ rkt gc
○ ...
stage0 (rkt binary)
49. ● default implementation
○ based on systemd-nspawn+systemd
○ Linux namespaces + cgroups for isolation
● kvm implementation
○ based on lkvm+systemd
○ hardware virtualisation for isolation
● others?
○ e.g. xhyve (OS X), unc (unprivileged containers)
stage1 (swappable execution engines)
50. ● actual app execution
● independent filesystems (chroot)
● shared namespaces, volumes, IPC, ...
stage2 (inside the pod)
51. ● TPM, Trusted Platform Module
○ physical chip on the motherboard
○ cryptographic keys + processor
● Used to "measure" system state
● Historically just use to verify bootloader/OS (on
proprietary systems)
rkt TPM measurement (new!)
52. ● CoreOS added support to GNU Grub
● rkt can now record information about running
pods in the TPM
● attestable record of what images and pods are
running on a system
rkt TPM measurement (new!)
54. rkt TPM measurement (new!)
● For much, much more on TPM and rkt, see
Matthew Garrett's talk:
"Integrated trusted computing in Kubernetes"
● 11:30am tomorrow
55. ● optional, gRPC-based API daemon
● exposes read-only information on pods/images
● runs as unprivileged user
● easier integration with other projects
rkt API service (new!)
58. rkt + Kubernetes
rkt ♥ k8s in a few ways:
● using rkt as container runtime (aka "rktnetes")
● using rkt to run Kubernetes ("rkt fly")
● integrating with rkt networking (CNI)
59. Kubelet + Container Runtimes
● Kubelet provides a Runtime interface
○ SyncPod()
○ GetPod()
○ KillPod()
○ ...
● in theory, anyone can implement this
● in practise, lots of Docker assumptions
61. Kubelet + Docker (default)
Problems:
● Docker doesn't understand pods
○ kubelet must maintain pod<->container mapping
○ "infra container" to hold namespaces for pod
● dockerd = SPOF for node
○ if Docker goes down, so do all containers
● Docker doesn't interact well with systemd
62. Kubelet + rkt (rktnetes)
Using rkt as the kubelet's container runtime
● A pod-native runtime
● First-class integration with systemd hosts
● self-contained pods process model = no SPOF
● Multi-image compatibility (e.g. docker2aci)
● Transparently swappable
63. Kubelet + rkt (rktnetes - with systemd)
kubelet systemd
rkt rkt rkt
rkt api
service
pods
64. Kubelet + rkt (rktnetes - without systemd)
kubelet
rkt rkt rkt
rkt api
service
pods
65. Nearly complete!
80% of end-to-end tests passing
cAdvisor integration in progress
rktnetes today
66. Using rkt to run Kubernetes
● Kubernetes components are largely self-
hosting, but not entirely
○ Need a way to bootstrap kubelet on the host
○ kubelets can then host control plane components
● On CoreOS, this means in a container..
○ ... but kubelet has some unique requirements
(like mounting volumes on the host)
67. Using rkt to run Kubernetes
● rkt "fly" feature (new in 0.15.0+)
● unlike rkt run, does *not* execute pods
● execute a single application in an unconstrained
environment
● all the other advantages of rkt (image
discovery, signing/verification, management)
68. rkt (stage0) - without fly
pod (stage1)
bash/systemd/... (invoking process)
app1 (stage2)
app2 (stage2)
69. rkt (stage0) - without fly
pod (stage1)
bash/systemd/... (invoking process)
app1 (stage2)
app2 (stage2)
Isolated mount (and PID, ...) namespace
70. rkt (stage0) - with fly
bash/systemd/... (invoking process)
application
71. rkt (stage0) - with fly
bash/systemd/... (invoking process)
application
Host mount (and PID, ...) namespace
72. rkt (stage0) - with fly
bash/systemd/... (invoking process)
kubelet
Host mount (and PID, ...) namespace
75. CNI in a nutshell
● Container can join multiple networks
● Network described by JSON config
● Plugin supports two commands
○ ADD container to the network
○ REMOVE container from the network
● Plugins are responsible for all logic
○ allocating IPs, talking to backend components, ...
87. Kubelet upgrades
- Remember from CoreOS mission:
"updates must be automatic and seamless"
- If kubelet is in OS, must be upgraded in lock-step
- But mixed-version clusters don't always work
(e.g. upgrading from 1.07 - 1.1.1: https://github.
com/kubernetes/kubernetes/issues/16961 )
88. Kubelet upgrades
- Solution: API driven upgrades
- Small agent living on host, invoking kubelet
(using rkt fly)
- Reading annotations from the kubelet API server
- Follow along:
https://github.com/coreos/bugs/issues/1051
89. Graceful kubelet shutdown
● When an update is ready, locksmith signals
kubelet to gracefully shut down
● Kubernetes can then gracefully migrate apps
before shutdown
● https://github.com/coreos/bugs/issues/1112
● https://github.com/kubernetes/kubernetes/issues/7351
90. tl;dr:
● Use rkt
● Use Kubernetes
● Use rkt + Kubernetes (rktnetes)
● Get involved and help define the future of
application containers and Kubernetes