Deploying Windows Containers on Windows Server 2016Ben Hall
Introduction into the new Windows Containers and Windows Hyper-V Containers coming in Windows Server 2016.
Presented at WinOps Meetup #5 on Wednesday 20th April 2016. http://www.meetup.com/WinOps/events/229065341/
Deploying Windows Containers on Windows Server 2016Ben Hall
Introduction into the new Windows Containers and Windows Hyper-V Containers coming in Windows Server 2016.
Presented at WinOps Meetup #5 on Wednesday 20th April 2016. http://www.meetup.com/WinOps/events/229065341/
Cette présentation vous montrera comment utiliser et profiter rapidement de Docker, quelles commandes utiliser et quelles fonctionnalités sont disponibles.
sfPot de Lille - Le 15 janvier 2015
The perl on most linux distros is a mess. Docker makes it easier to build and packge a local perl and applications. Problem is that Docker's manuals produce a mess of their own.
Distributing perl on top of Gentoo's stage3 distro, busybox, or nothing at all made good alternatives. This talk includes basics of setting up docker, building a local perl for it, and packaging perl or applications into images for use in containers.
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachPROIDEA
This session covers a bunch of tips and tricks for getting the most out of Docker. The tips were inspired by suggestions, blogs, and presentations and everyday challenges encountered by other Docker Captains but also the members of the Docker community. Come and see the unobvious and unexpected in terms of orchestration, image creation and management, also networking and volumes!
Deploying applications to Windows Server 2016 and Windows ContainersBen Hall
Deploying applications to Windows Server 2016 and Windows Containers.
Delivered at NDC London 2017 on 20th January.
Sponsored by Katacoda.com, interactive learning platform for Docker and Cloud Native platforms.
While there have been many improvements around securing containers, there is still a large gap in monitoring the behaviour of containers in production. Sysdig Falco is an open source behavioural activity monitor for containerized environments.
Sysdig Falco can detect and alert on anomalous behaviour at the application, file, system, and network level. In this session get a deep dive into Falco: How does behavioural security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor? What can Sysdig Falco detect? Building and customizing rules for your Docker and Kubernetes apps. Forensics analysis with Sysdig Inspect even when the container doesn't exist anymore!
Read more on:
https://sysdig.com/blog/docker-runtime-security/
https://sysdig.com/blog/runtime-security-kubernetes-sysdig-falco/
Docker - from development to production (PHPNW 2017-09-05)Toby Griffiths
Whether you've heard about Docker or not, it's recent explosion into the development community makes it something that's difficult to ignore.
In this talk I'll cover how to get up and running with Docker for development.
Docker Practice for beginner.
- docker install on ubuntu 18.04 LTS
- docker pull/push
- making docker-compose file which serving spring-boot+ mySql application
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-)
In this session I'd like to share our experience, including but not limited to:
- advanced vagrantfile configuration
- vm configuration tips for dev environment: performance, debug, tuning
- our wtf moments
- puphet/phansilbe: hot or not?
- tips for sharing a box
Raphaël Pinson's talk on "Configuration surgery with Augeas" at PuppetCamp Geneva '12. Video at http://youtu.be/H0MJaIv4bgk
Learn more: www.puppetlabs.com
Preparation study for Docker Event
Mulodo Open Study Group (MOSG) @Ho chi minh, Vietnam
http://www.meetup.com/Open-Study-Group-Saigon/events/229781420/
Cette présentation vous montrera comment utiliser et profiter rapidement de Docker, quelles commandes utiliser et quelles fonctionnalités sont disponibles.
sfPot de Lille - Le 15 janvier 2015
The perl on most linux distros is a mess. Docker makes it easier to build and packge a local perl and applications. Problem is that Docker's manuals produce a mess of their own.
Distributing perl on top of Gentoo's stage3 distro, busybox, or nothing at all made good alternatives. This talk includes basics of setting up docker, building a local perl for it, and packaging perl or applications into images for use in containers.
JDO 2019: Tips and Tricks from Docker Captain - Łukasz LachPROIDEA
This session covers a bunch of tips and tricks for getting the most out of Docker. The tips were inspired by suggestions, blogs, and presentations and everyday challenges encountered by other Docker Captains but also the members of the Docker community. Come and see the unobvious and unexpected in terms of orchestration, image creation and management, also networking and volumes!
Deploying applications to Windows Server 2016 and Windows ContainersBen Hall
Deploying applications to Windows Server 2016 and Windows Containers.
Delivered at NDC London 2017 on 20th January.
Sponsored by Katacoda.com, interactive learning platform for Docker and Cloud Native platforms.
While there have been many improvements around securing containers, there is still a large gap in monitoring the behaviour of containers in production. Sysdig Falco is an open source behavioural activity monitor for containerized environments.
Sysdig Falco can detect and alert on anomalous behaviour at the application, file, system, and network level. In this session get a deep dive into Falco: How does behavioural security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor? What can Sysdig Falco detect? Building and customizing rules for your Docker and Kubernetes apps. Forensics analysis with Sysdig Inspect even when the container doesn't exist anymore!
Read more on:
https://sysdig.com/blog/docker-runtime-security/
https://sysdig.com/blog/runtime-security-kubernetes-sysdig-falco/
Docker - from development to production (PHPNW 2017-09-05)Toby Griffiths
Whether you've heard about Docker or not, it's recent explosion into the development community makes it something that's difficult to ignore.
In this talk I'll cover how to get up and running with Docker for development.
Docker Practice for beginner.
- docker install on ubuntu 18.04 LTS
- docker pull/push
- making docker-compose file which serving spring-boot+ mySql application
Vagrant is a well-known tool for creating development environments in a simple and consistent way. Since we adopted in our organization we experienced several benefits: lower project setup times, better shared knowledge among team members, less wtf moments ;-)
In this session I'd like to share our experience, including but not limited to:
- advanced vagrantfile configuration
- vm configuration tips for dev environment: performance, debug, tuning
- our wtf moments
- puphet/phansilbe: hot or not?
- tips for sharing a box
Raphaël Pinson's talk on "Configuration surgery with Augeas" at PuppetCamp Geneva '12. Video at http://youtu.be/H0MJaIv4bgk
Learn more: www.puppetlabs.com
Preparation study for Docker Event
Mulodo Open Study Group (MOSG) @Ho chi minh, Vietnam
http://www.meetup.com/Open-Study-Group-Saigon/events/229781420/
Implementing Google's Material Design GuidelinesBen Hall
Implementing Google's Material Design Guidelines. Presented on 6th November 2015 at Oredev.
Dropbox link with working Gifs - https://www.dropbox.com/s/m7ug6m6139hpsd9/Material%20Design%20-%20Oredev.pptx?dl=0
Tips on solving E_TOO_MANY_THINGS_TO_LEARN with KubernetesBen Hall
Presented at Skills Matter, 8th February 2017.
Discusses the Kubernetes community and tools such as Minikube, Kubeadm, Helm and Weave Flux. Demos driven by katacoda.com
Shipping Applications to Production in Containers with DockerJérôme Petazzoni
Docker is an Open Source engine to build, run, and manage Linux Containers. Containers use less resources than virtual machines, they boot faster, but they have similar guarantees of portability and repeatability for Linux applications. Those features made Docker and Linux Containers extremely popular for development and testing environments. But what does it take to use Docker and Containers for production workloads?
Title: Introduction to Docker
Abstract:
During the year since it’s inception, Docker have changed our perception of the OS-level Virtualization also called Containers.
At this workshop we will introduce the concept of Linux containers in general and Docker specifically. We will guide the participants through a practical exercise that will include use of various Docker commands and a setting up a functional Wordpress/MySQL system running in two containers and communication with each other using Serf
Topics:
Docker Installation (in case is missing)
Boot2Docker
Docker commands
- basic commands
- different types of containers
- Dockerfiles
Serf
Wordpress Exercise
- setting up Serf cluster
- deploying MySQL
- deploying Wordpress and connecting to MySQL
Prerequisites:
Working installation of Docker
On Mac - https://docs.docker.com/installation/mac/
On Windows - https://docs.docker.com/installation/windows/
Other Platforms - https://docs.docker.com/installation/#installation
Get hands-on with security features and best practices to protect your containerized services. Learn to push and verify signed images with Docker Content Trust, and collaborate with delegation roles. Intermediate to advanced level Docker experience recommended, participants will be building and pushing with Docker during the workshop.
Led By Docker Security Experts:
Riyaz Faizullabhoy
David Lawrence
Viktor Stanchev
Experience Level: Intermediate to advanced level Docker experience recommended
Plug-ins: Building, Shipping, Storing, and Running - Nandhini Santhanam and T...Docker, Inc.
At Docker, we are striving to enable the extensibility of Docker via "Plugins" and make them available for developers and enterprises alike. Come attend this talk to understand what it takes to build, ship, store and run plugins. We will deep dive into plugin lifecycle management on a single engine and across a swarm cluster. We will also demonstrate how you can integrate plugins from other enterprises or developers into your ecosystem. There will be fun demos accompanying this talk! This will be session will be beneficial to you if you: 1) Are an ops team member trying to integrate Docker with your favorite storage or network vendor 2) Are Interested in extending or customizing Docker; or 3) Want to become a Docker partner, and want to make the technology integration seamless.
Be a happier developer with Docker: Tricks of the tradeNicola Paolucci
The talk will teach developers to automate and streamline their development environment setups using Docker, covering awesome tricks to make the experience smooth, fast, powerful and repeatable.The topics covered will be a selection amongst:
- Sharing folders into containers
- Transparent tunnels, dynamic ports for your apps
- Tiny Core Linux - the secret horse to super fast container automation
- Dockerfile caching tricks
- Cheap orchestration tricks
Why everyone is excited about Docker (and you should too...) - Carlo Bonamic...Codemotion
In less than two years Docker went from first line of code to major Open Source project with contributions from all the big names in IT. Everyone is excited, but what's in for me - as a Dev or Ops? In short, Docker makes creating Development, Test and even Production environments an order of magnitude simpler, faster and completely portable across both local and cloud infrastructure. We will start from Docker main concepts: how to create a Linux Container from base images, run your application in it, and version your runtimes as you would with source code, and finish with a concrete example.
A Docker workshop that occured at Tribal nova in march, to introduce the Docker basic concepts: command line, Dockerfiles, and Vagrant provisioning.
Time to complete: 5 hours
In addition to authorization policies that control what a user can do, OpenShift Container Platform gives its administrators the ability to manage a set of security context constraints (SCCs) for limiting pods and securing their cluster.
Default security context may be too restrictive for containers pulled down from DockerHub, thorugh this talk we'll explore the various steps to execute for enabling required permissions on selected OpenShift's pods.
Dockerizing Symfony2 application. Why Docker is so cool And what is Docker? And what are Containers? How they works? What are the ecosystem of Docker? And how to dockerize your web application (can be based on Symfony2 framework)?
Wordpress y Docker, de desarrollo a produccionSysdig
Docker esta revolucionando cómo desplegamos nuestras aplicaciones. Desde el entorno de desarrollo hasta la puesta en producción.
Veremos las ventajas que nos aporta Docker para el desarrollo en WordPress, las herramientas y procesos desde el punto de vista de un desarrollador.
A la hora de mover nuestra aplicación WordPress a producción, presentaremos los retos que presenta y las ventajas que aportan herramientas de orquestación como Kubernetes.
Tanto si eres un desarrollador como si también tienes que gestionar los sistemas que alojan tu WordPress, saldrás de esta charla queriendo poner todos tus WordPress en contenedores.
The Art Of Documentation for Open Source ProjectsBen Hall
Delivered at Kubecon US 2018 by Ben Hall. Watch the recording at https://www.youtube.com/embed/Yjxupg-NKnA
In this talk, Ben uses his expertise of building an Interactive Learning Platform to highlight The Art of Documentation. The aim of the talk is to help open source contributors understand how small changes to their documentation approach can have an enormous impact on how users get started.
Real World Lessons On The Anti-Patterns of Node.JSBen Hall
Talk delivered at London Node User Group on 22nd October 2014. Talk covers my personal pain points, issues I've encountered with Node and some suggested alternatives
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
14. If you can ping it, you can try to hack it
--icc=false
$ cat /etc/hosts
172.17.9.121 st_undefined_x7gd_RrD04w81FSQAANX
172.17.0.220 the-warden.bridge
172.17.9.118 st_nkxqyj_d2d.bridge
172.17.9.119 st_4jm1qk_d2d0
172.17.9.106 angry_blackwell
17. “It also allows the container to access local
network services + like D-bus and is therefore
considered insecure”
$ docker run --net=host -it ubuntu bash
root@ubuntu:/# shutdown now
root@ubuntu:/#
$ docker run --net=host -it ubuntu bash
Post http://docker:4243/v1.20/containers/create: EOF.
* Are you trying to connect to a TLS-enabled daemon without TLS?
* Is your docker daemon up and running?
24. Root users can write to it. If you can write to it,
you can fill it.
$ ls /docker/aufs/diff/<container-id>/
$ cat /docker/containers/<container-id>/hosts
33. A lot more…
• Privileged containers open up a world of
pain
• setuid / setgid
• IPTables=false
• docker.sock opens a lot of doors
• Docker Images containing “presents”
34. $ docker run benhall/cute-kittens
Error: Missing docker.sock
Usage: docker run -v /var/run/docker.sock:/var/run/docker.sock
benhall/cute-kittens
$ docker run -v /var/run/docker.sock:/var/run/docker.sock
benhall/cute-kittens
35. if [ -e /var/run/docker.sock ]; then
echo "**** Launching ****”
docker run --privileged busybox ls /dev
echo "**** Cute kittens ****"
else
echo "Error: Missing docker.sock”
fi
41. C /bin
C /bin/netstat
C /bin/ps
C /bin/ss
C /etc
C /etc/init.d
A /etc/init.d/DbSecuritySpt
A /etc/init.d/selinux
C /etc/rc1.d
A /etc/rc1.d/S97DbSecuritySpt
A /etc/rc1.d/S99selinux
C /etc/rc2.d
A /etc/rc2.d/S97DbSecuritySpt
A /etc/rc2.d/S99selinux
C /etc/rc3.d
A /etc/rc3.d/S97DbSecuritySpt
A /etc/rc3.d/S99selinux
C /etc/rc4.d
A /etc/rc4.d/S97DbSecuritySpt
A /etc/rc4.d/S99selinux
C /etc/rc5.d
http://blog.benhall.me.uk/2015/09/what-happens-when-an-elasticsearch-container-is-hacked/
A /etc/rc5.d/S97DbSecuritySpt
A /etc/rc5.d/S99selinux
C /etc/ssh
A /etc/ssh/bfgffa
A /os6
A /safe64
C /tmp
A /tmp/.Mm2
A /tmp/64
A /tmp/6Sxx
A /tmp/6Ubb
A /tmp/DDos99
A /tmp/cmd.n
A /tmp/conf.n
A /tmp/ddos8
A /tmp/dp25
A /tmp/frcc
A /tmp/gates.lod
A /tmp/hkddos
A /tmp/hsperfdata_root
A /tmp/linux32
A /tmp/linux64
A /tmp/manager
A /tmp/moni.lod
A /tmp/nb
A /tmp/o32
A /tmp/oba
A /tmp/okml
A /tmp/oni
A /tmp/yn25
C /usr
C /usr/bin
A /usr/bin/.sshd
A /usr/bin/dpkgd
A /usr/bin/dpkgd/netstat
A /usr/bin/dpkgd/ps
A /usr/bin/dpkgd/ss
42. Is Docker Secure?
• Yes. It’s as secure as your practices are.
• ElasticSearch hack would have taken over
entire box
• I’ve pointed out the bad bits
• New game, new rules to play by.
User namespaces in 1.9 removes net=host
https://github.com/dotcloud/docker/issues/6401
:(){ :|:& };:
\_/| |||| ||\- ... the function ':', initiating a chain-reaction: each ':' will start two more.
| | |||| |\- Definition ends now, to be able to run ...
| | |||| \- End of function-block
| | |||\- disown the functions (make them a background process), so that the children of a parent
| | ||| will not be killed when the parent gets auto-killed
| | ||\- ... another copy of the ':'-function, which has to be loaded into memory.
| | || So, ':|:' simply loads two copies of the function, whenever ':' is called
| | |\- ... and pipe its output to ...
| | \- Load a copy of the function ':' into memory ...
| \- Begin of function-definition
\- Define the function ':' without any parameters '()' as follows:
User namespaces in 1.9 removes net=host
https://github.com/dotcloud/docker/issues/6401
https://github.com/docker/docker/pull/11485
https://github.com/docker/docker/issues/3804
User namespaces in 1.9 removes net=host
https://github.com/dotcloud/docker/issues/6401
Docker & IPTables allows you some restrictions
By-passed via NGrok / reverse proxies.
Any Command & Control approaches
Inbound – Waste bandwidth. Seed files.
Outbound – DDoS, BitTorrent, Tor Relays, VPN… Lots of potential legal issues
Monitors a containers CPU Usage, Disk Space & Bandwidth
Sits on each local server. Means it will have priority thanks to CPU share.
Communicates over unix socket so no bandwidth issues