Why you need a private container image registry SCALE 2019Steve Wong
This document discusses using Harbor as a private container registry to manage container images across development, testing, staging and production environments. It recommends pushing images to Harbor from development and pulling those authenticated, signed images into subsequent environments to ensure consistency. Harbor also enables content trust, access control and image vulnerability scanning. The document provides examples of configuring Kubernetes to pull private images from Harbor using imagePullSecrets.
OSS Japan 2019 service mesh bridging Kubernetes and legacySteve Wong
how to join legacy VMs and bare metal machines to a Kubernetes service mesh so that VMs can consume Kubernetes services AND publish services used by Kubernetes hosted applications
DockerCon EU 2015: The Latest in Docker EngineDocker, Inc.
This document summarizes the latest developments in Docker Engine. It discusses the activity and releases since the previous DockerCon, highlights of the new Docker Engine 1.9.0 release including improvements to networking and volume management, and outlines the future plans including additional platform support, security enhancements, and continued decoupling of Engine components. It also includes a demonstration of Linux namespaces and how containers leverage them to provide isolation.
Configuration Management and Transforming Legacy Applications in the Enterpri...Docker, Inc.
Share the continuity of Société Générale's journey with Docker Enterprise from different points of view, from executives to devops, with CD platform as an enabler. Creating a Dockerfile that runs a container on a developer's laptop is pretty straightforward. But extending that to stacks of containers running on a dozen environments (development, integration, testing, staging, production, etc.) with different configuration and topologies can be a challenge. This talk will cover aspects of our journey to Docker Enterprise:
What configuration should go in an image?
Where to put different types of configuration? Images, environment variables, entrypoint, ...?
How to store assets for building images and configuration for deployment in version control.
We will discuss how Société Générale has implemented these, and what we plan next for Docker Enterprise deployment.
DCSF 19 Kubernetes and Container Storage Interface UpdateDocker, Inc.
This document summarizes an update on Kubernetes and the Container Storage Interface (CSI). It provides background on CSI and its benefits for vendors and users. It outlines new features in Kubernetes 1.13 and 1.14, including full CSI support and new alpha features. Future plans are discussed for Kubernetes 1.15 and beyond. The document encourages involvement in the Kubernetes SIG-Storage community.
Why you need a private container image registry SCALE 2019Steve Wong
This document discusses using Harbor as a private container registry to manage container images across development, testing, staging and production environments. It recommends pushing images to Harbor from development and pulling those authenticated, signed images into subsequent environments to ensure consistency. Harbor also enables content trust, access control and image vulnerability scanning. The document provides examples of configuring Kubernetes to pull private images from Harbor using imagePullSecrets.
OSS Japan 2019 service mesh bridging Kubernetes and legacySteve Wong
how to join legacy VMs and bare metal machines to a Kubernetes service mesh so that VMs can consume Kubernetes services AND publish services used by Kubernetes hosted applications
DockerCon EU 2015: The Latest in Docker EngineDocker, Inc.
This document summarizes the latest developments in Docker Engine. It discusses the activity and releases since the previous DockerCon, highlights of the new Docker Engine 1.9.0 release including improvements to networking and volume management, and outlines the future plans including additional platform support, security enhancements, and continued decoupling of Engine components. It also includes a demonstration of Linux namespaces and how containers leverage them to provide isolation.
Configuration Management and Transforming Legacy Applications in the Enterpri...Docker, Inc.
Share the continuity of Société Générale's journey with Docker Enterprise from different points of view, from executives to devops, with CD platform as an enabler. Creating a Dockerfile that runs a container on a developer's laptop is pretty straightforward. But extending that to stacks of containers running on a dozen environments (development, integration, testing, staging, production, etc.) with different configuration and topologies can be a challenge. This talk will cover aspects of our journey to Docker Enterprise:
What configuration should go in an image?
Where to put different types of configuration? Images, environment variables, entrypoint, ...?
How to store assets for building images and configuration for deployment in version control.
We will discuss how Société Générale has implemented these, and what we plan next for Docker Enterprise deployment.
DCSF 19 Kubernetes and Container Storage Interface UpdateDocker, Inc.
This document summarizes an update on Kubernetes and the Container Storage Interface (CSI). It provides background on CSI and its benefits for vendors and users. It outlines new features in Kubernetes 1.13 and 1.14, including full CSI support and new alpha features. Future plans are discussed for Kubernetes 1.15 and beyond. The document encourages involvement in the Kubernetes SIG-Storage community.
Effective Data Pipelines with Docker & Jenkins - Brian DonaldsonDocker, Inc.
Ever find yourself needing data pipelines to feed a hungry data-driven culture, but not sure where to start, or what features are essential? In this talk, I will demonstrate a baseline data pipeline infrastructure built with Jenkins and Docker EE that checks all the boxes. Data pipelines often exist as that mysterious plumbing buried underground: occasionally inspected, but largely prone to silent failures and the ensuing hot fixes. Join the quest to daylight the infrastructure and benefit!
Docker for any type of workload and any IT InfrastructureDocker, Inc.
This presentation discusses the different types of workloads typical enterprises are required to run, which use cases exist for containerizing them and how leading-edge workload orchestration can be used to deploy, run and manage the containerized workloads or various types or scale-out infrastructures, such as on-premise clusters, public clouds or hybrid clouds.
How to be successful running Docker in ProductionDocker, Inc.
John’s presentation will cover his lessons learned from running Docker in Production @ SalesforceIQ. Learn how to scale your registry using AWS and S3. Should you use Device Mapper or AUFS? Why run Swarm, Mesos, Kubernetes, or neither. Finally, know how persistent storage (Kafka, Cassandra, or SQL) can be run successfully with Docker in Production
His team focuses on Docker based solutions to power their SaaS infrastructure and developer operations.
Containers are everywhere these days. Many of us are containerizing our applications to take advantage of the ease of a single artifact, but what can we do to make deploying these containers to a fleet of servers easier? Kubernetes is arguably the most popular container orchestration system to date. Kubernetes was born out of a decade of research at Google and has seen success; by itself as a fantastic way to orchestrate containers across multiple machines and as a component in other platforms.
This talk will begin with the anatomy and setup of a Kubernetes cluster. We'll demonstrate (live) taking a container containing a simple web service and launch our application into a small Kubernetes cluster. Next we'll perform a rolling update to deploy a new container version with zero downtime. Also, we'll check out some cool debugging features Kubernetes provides over the course of our demo.
Production Ready Containers from IBM and DockerDocker, Inc.
Containers are quickly becoming the default foundation for modern applications. As a public cloud provider, IBM has been an early champion of containers in the cloud and has built an enterprise ready container service as part of IBM Bluemix. IBM has a long heritage of supporting, contributing to, and building offerings on top of open technologies and IBM carries this commitment to the open development of container solutions by being an active/founding member of the Open Containers Initiative and Cloud Native Computing Foundation. In this session, we will explore the enduring commitment to open technology as well as the advantages of using a pure containers service where the user has access to total solution life cycle management through integration of lessons learned, cutting edge enhancements/development and end-to-end support on the user's underlying infrastructure.
We will explore topics such as exploiting bare metal servers, applying overlay networking to containers, ensuring isolation and security in a truly multi-tenant container environment and managing a global service deployment.
Net core, mssql, container und kubernetesThomas Fricke
This document discusses Google Cloud Platform and related technologies like .NET Core, SQL Server, containers, and Kubernetes. It provides an agenda for a user group meeting that will cover containers, Kubernetes, CoreOS, creating and running a .NET application in a Docker container, container registries, setting up a local Kubernetes cluster, and using pods and services. There is also information about Endocode, a company that provides software solutions and open source projects using technologies like these.
Continuous delivery of microservices with kubernetes - Quintor 27-2-2017Arjen Wassink
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes can deploy containerized applications as microservices and provide mechanisms to update them without downtime using techniques like rolling updates. It also provides tools for service discovery, load balancing, storage orchestration, auto-scaling, self-healing, and more.
DCSF19 How Docker Simplifies Kubernetes for the Masses Docker, Inc.
Jean Rouge & David Yu, Docker
Kubernetes has taken the technology industry by storm these last few years. It delivers powerful orchestration and container management capabilities that have been leveraged by cloud-scale companies and small startups alike. But for many organizations, the learning curve for Kubernetes can be steep and organizations can't build up their skills fast enough. Luckily Docker has always had a history of making the complex easy - first with Linux containers and now with Kubernetes - both in our Desktop and Enterprise platform. In this session, we'll highlight some of the innovation Docker has added to Kubernetes to simplify configuration and ongoing operations while still providing a fully conformant Kubernetes environment. We'll cover areas like deploying applications on Kubernetes, managing access controls and multi-tenancy, end-to-end security and improved troubleshooting. Demos will highlight key comparisons to show you that you don't have to build it yourself.
Compare Docker deployment options in the public cloudSreenivas Makam
The document compares different options for deploying Docker containers in public clouds, including Docker Machine, Docker's custom cloud solutions, cloud provider container-as-a-service (CaaS) offerings, and Docker's own CaaS solutions. It outlines various parameters for comparing the options such as orchestration, management, networking, storage, registry integration, cloud integration, application definition format, Docker version/upgrades, enterprise features, and cost. The document provides architectures for some of the solutions and recommends which options may be best for different use cases based on factors like production use, VM/container mix, hybrid/multi-cloud, and Kubernetes preference.
In-Cluster Continuous Testing Framework for Docker ContainersNeil Gehani
1. Tugbot is an open source in-cluster continuous testing framework for Docker containers that allows running tests inside containers in any environment.
2. It monitors Docker events like image updates and new containers to trigger automated tests. Test results are collected, stored in Elasticsearch, and visualized in Kibana.
3. Tugbot aims to simplify and standardize testing in continuous integration/delivery pipelines to improve software quality and catch issues early.
This presentation discusses using Docker, Jenkins, and Tutum for continuous integration and continuous delivery (CI/CD). Jenkins provides a complete CI/CD workflow and integrates well with Docker. Using Docker plugins, Jenkins can run build jobs within Docker containers for isolation and consistency. Tutum is a container platform that can also be used to build, deploy, and manage containers in a CI/CD pipeline. The presentation includes a demo of using these tools together and references additional resources.
What’s New in Docker - Victor Vieux, DockerDocker, Inc.
It’s the first breakout after the keynote and you need to know more about all the latest and greatest Docker announcements. We've got you covered! In this session, Victor Vieux, will go deeper looking into what's new with Docker, demo the latest features and answer your questions.
Security best practices for kubernetes deploymentMichael Cherny
This document provides best practices for securing a Kubernetes deployment. It recommends integrating security into the CI/CD pipeline by only using vetted code for builds, scanning images for vulnerabilities, and using private registries to store and push only approved images. It also suggests limiting direct access to Kubernetes nodes, implementing fine-grained role-based access control and quotas, securely managing secrets, implementing network segmentation and "least privilege" controls. Finally, it stresses the importance of logging all activity and integrating logs with monitoring systems for visibility.
Platform as a Service with Kubernetes and Mesos Miguel Zuniga
Platform as a Service with Kubernetes and Mesos on top of openstack
Go through the design, architecture, HA, security and how to design and roll services.
containerd the universal container runtimeDocker, Inc.
containerd is a widely used container runtime that is now a CNCF project. It is designed to be embedded in larger systems rather than used directly by developers. containerd provides core primitives for managing containers on a host, such as container execution, image distribution, and storage. It focuses on simplicity, robustness, and portability. containerd will serve as a core container runtime for the CNCF ecosystem and is being integrated with projects like Kubernetes.
This document discusses Docker and how it powers the Eclipse Che IDE platform. It provides an overview of Docker concepts like containers, images, and orchestration. It also demonstrates how to build a sample Spring Boot app as a Docker image and run it as a container. Finally, it outlines the agenda for the CheConf2016 conference, including sessions on deploying Che on OpenShift and building an IoT IDE with Che.
DCSF19 CMD and Conquer: Containerizing the Monolith Docker, Inc.
Tony Lee & Nelson Wang, Splunk
Modern microservice-oriented software architectures evangelize the principles of infrastructure-as-code and declarative directives to manage and run applications. At Splunk, we wanted to marry these ideals with the majestic monolith, Splunk Enterprise, to simplify the use of our product through containerization. Without rearchitecting the entire product from the ground-up, which can be a costly investment, we focused on incorporating a flexible configuration management layer on top of the core application. This has enabled us to make running Splunk in Docker act and behave as a true microservice, greatly reducing the friction of migrating towards more container-native software.
We not only concentrated on making our open-source Docker image initiative user-friendly and production-ready, but we also wanted to seamlessly integrate it back into our internal engineering process. Join us for this session as we discuss migrating a traditional application into a microservice ecosystem, developing a containerization strategy for both external customer usage and internal development, as well as learning about our internal container platform at scale.
This talk will focus on a brief overview of Kubernetes, with a brief demo, and then more of an in-depth focus on issues we've faced moving PHP projects into Docker and Kubernetes like signal propagation, init systems, and logging.
Talk from Cape Town PHP meetup on Feb. 7, 2016:
https://www.meetup.com/Cape-Town-PHP-Group/events/237226310/
Code: https://github.com/zoidbergwill/kubernetes-php-examples
Slides as markdown: http://www.zoidbergwill.com/presentations/2017/kubernetes-php/index.md
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov Docker, Inc.
The document discusses how modern hardware has become more complex with multi-core, multi-socket CPUs and deep cache hierarchies. This complexity introduces latency and performance issues for software. The author describes their service that processes millions of requests per second spending a large amount of time on garbage collection, context switching, and CPU stalls. They developed a tool called Tesson that analyzes hardware topology and shards containerized applications across CPU cores, pinning linked components closer together to improve locality and performance. Tesson integrates with a local load balancer to distribute workloads efficiently utilizing the system resources.
LinuxKit is an open source project that provides the components to build secure, portable, and lean container-based operating systems. It produces minimal and immutable images defined through a YAML configuration file. The project emphasizes security through limiting components, modern kernels, and container isolation with minimal privileges. It is maintained by Anthropic and supported on various platforms through integration with tools like Docker, Kubernetes, and InfraKit for managing clusters. Future work includes porting to more platforms and architectures while improving security and reliability.
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherNETWAYS
This document discusses running Cloud Foundry on Kubernetes to provide highly available cloud platforms. It begins with an overview of cloud computing models and introduces Cloud Foundry. It then discusses deploying Cloud Foundry using Kubernetes primitives like pods, services, and stateful sets for high availability. The document demonstrates how to install Cloud Foundry on Kubernetes using Helm charts and configure for high availability. It shows the components have been made highly available to prevent downtime during failures or upgrades. Finally, it provides a demo of deploying a sample application on Cloud Foundry on Kubernetes under chaotic conditions to showcase the high availability.
The document discusses data protection and disaster recovery. It describes traditional backups that can take days for recovery versus new technologies that enable recovery in hours. It discusses three components of business continuity: high availability, continuous operations, and disaster recovery. The key goals of business continuity planning are outlined. Traditional backup architectures and recovery metrics are depicted. Emerging technologies like snapshots, replication, and automation are discussed which improve recovery point objectives (RPO) and recovery time objectives (RTO). The document emphasizes that disaster recovery requires a holistic business solution approach involving people, processes, and technologies.
Effective Data Pipelines with Docker & Jenkins - Brian DonaldsonDocker, Inc.
Ever find yourself needing data pipelines to feed a hungry data-driven culture, but not sure where to start, or what features are essential? In this talk, I will demonstrate a baseline data pipeline infrastructure built with Jenkins and Docker EE that checks all the boxes. Data pipelines often exist as that mysterious plumbing buried underground: occasionally inspected, but largely prone to silent failures and the ensuing hot fixes. Join the quest to daylight the infrastructure and benefit!
Docker for any type of workload and any IT InfrastructureDocker, Inc.
This presentation discusses the different types of workloads typical enterprises are required to run, which use cases exist for containerizing them and how leading-edge workload orchestration can be used to deploy, run and manage the containerized workloads or various types or scale-out infrastructures, such as on-premise clusters, public clouds or hybrid clouds.
How to be successful running Docker in ProductionDocker, Inc.
John’s presentation will cover his lessons learned from running Docker in Production @ SalesforceIQ. Learn how to scale your registry using AWS and S3. Should you use Device Mapper or AUFS? Why run Swarm, Mesos, Kubernetes, or neither. Finally, know how persistent storage (Kafka, Cassandra, or SQL) can be run successfully with Docker in Production
His team focuses on Docker based solutions to power their SaaS infrastructure and developer operations.
Containers are everywhere these days. Many of us are containerizing our applications to take advantage of the ease of a single artifact, but what can we do to make deploying these containers to a fleet of servers easier? Kubernetes is arguably the most popular container orchestration system to date. Kubernetes was born out of a decade of research at Google and has seen success; by itself as a fantastic way to orchestrate containers across multiple machines and as a component in other platforms.
This talk will begin with the anatomy and setup of a Kubernetes cluster. We'll demonstrate (live) taking a container containing a simple web service and launch our application into a small Kubernetes cluster. Next we'll perform a rolling update to deploy a new container version with zero downtime. Also, we'll check out some cool debugging features Kubernetes provides over the course of our demo.
Production Ready Containers from IBM and DockerDocker, Inc.
Containers are quickly becoming the default foundation for modern applications. As a public cloud provider, IBM has been an early champion of containers in the cloud and has built an enterprise ready container service as part of IBM Bluemix. IBM has a long heritage of supporting, contributing to, and building offerings on top of open technologies and IBM carries this commitment to the open development of container solutions by being an active/founding member of the Open Containers Initiative and Cloud Native Computing Foundation. In this session, we will explore the enduring commitment to open technology as well as the advantages of using a pure containers service where the user has access to total solution life cycle management through integration of lessons learned, cutting edge enhancements/development and end-to-end support on the user's underlying infrastructure.
We will explore topics such as exploiting bare metal servers, applying overlay networking to containers, ensuring isolation and security in a truly multi-tenant container environment and managing a global service deployment.
Net core, mssql, container und kubernetesThomas Fricke
This document discusses Google Cloud Platform and related technologies like .NET Core, SQL Server, containers, and Kubernetes. It provides an agenda for a user group meeting that will cover containers, Kubernetes, CoreOS, creating and running a .NET application in a Docker container, container registries, setting up a local Kubernetes cluster, and using pods and services. There is also information about Endocode, a company that provides software solutions and open source projects using technologies like these.
Continuous delivery of microservices with kubernetes - Quintor 27-2-2017Arjen Wassink
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes can deploy containerized applications as microservices and provide mechanisms to update them without downtime using techniques like rolling updates. It also provides tools for service discovery, load balancing, storage orchestration, auto-scaling, self-healing, and more.
DCSF19 How Docker Simplifies Kubernetes for the Masses Docker, Inc.
Jean Rouge & David Yu, Docker
Kubernetes has taken the technology industry by storm these last few years. It delivers powerful orchestration and container management capabilities that have been leveraged by cloud-scale companies and small startups alike. But for many organizations, the learning curve for Kubernetes can be steep and organizations can't build up their skills fast enough. Luckily Docker has always had a history of making the complex easy - first with Linux containers and now with Kubernetes - both in our Desktop and Enterprise platform. In this session, we'll highlight some of the innovation Docker has added to Kubernetes to simplify configuration and ongoing operations while still providing a fully conformant Kubernetes environment. We'll cover areas like deploying applications on Kubernetes, managing access controls and multi-tenancy, end-to-end security and improved troubleshooting. Demos will highlight key comparisons to show you that you don't have to build it yourself.
Compare Docker deployment options in the public cloudSreenivas Makam
The document compares different options for deploying Docker containers in public clouds, including Docker Machine, Docker's custom cloud solutions, cloud provider container-as-a-service (CaaS) offerings, and Docker's own CaaS solutions. It outlines various parameters for comparing the options such as orchestration, management, networking, storage, registry integration, cloud integration, application definition format, Docker version/upgrades, enterprise features, and cost. The document provides architectures for some of the solutions and recommends which options may be best for different use cases based on factors like production use, VM/container mix, hybrid/multi-cloud, and Kubernetes preference.
In-Cluster Continuous Testing Framework for Docker ContainersNeil Gehani
1. Tugbot is an open source in-cluster continuous testing framework for Docker containers that allows running tests inside containers in any environment.
2. It monitors Docker events like image updates and new containers to trigger automated tests. Test results are collected, stored in Elasticsearch, and visualized in Kibana.
3. Tugbot aims to simplify and standardize testing in continuous integration/delivery pipelines to improve software quality and catch issues early.
This presentation discusses using Docker, Jenkins, and Tutum for continuous integration and continuous delivery (CI/CD). Jenkins provides a complete CI/CD workflow and integrates well with Docker. Using Docker plugins, Jenkins can run build jobs within Docker containers for isolation and consistency. Tutum is a container platform that can also be used to build, deploy, and manage containers in a CI/CD pipeline. The presentation includes a demo of using these tools together and references additional resources.
What’s New in Docker - Victor Vieux, DockerDocker, Inc.
It’s the first breakout after the keynote and you need to know more about all the latest and greatest Docker announcements. We've got you covered! In this session, Victor Vieux, will go deeper looking into what's new with Docker, demo the latest features and answer your questions.
Security best practices for kubernetes deploymentMichael Cherny
This document provides best practices for securing a Kubernetes deployment. It recommends integrating security into the CI/CD pipeline by only using vetted code for builds, scanning images for vulnerabilities, and using private registries to store and push only approved images. It also suggests limiting direct access to Kubernetes nodes, implementing fine-grained role-based access control and quotas, securely managing secrets, implementing network segmentation and "least privilege" controls. Finally, it stresses the importance of logging all activity and integrating logs with monitoring systems for visibility.
Platform as a Service with Kubernetes and Mesos Miguel Zuniga
Platform as a Service with Kubernetes and Mesos on top of openstack
Go through the design, architecture, HA, security and how to design and roll services.
containerd the universal container runtimeDocker, Inc.
containerd is a widely used container runtime that is now a CNCF project. It is designed to be embedded in larger systems rather than used directly by developers. containerd provides core primitives for managing containers on a host, such as container execution, image distribution, and storage. It focuses on simplicity, robustness, and portability. containerd will serve as a core container runtime for the CNCF ecosystem and is being integrated with projects like Kubernetes.
This document discusses Docker and how it powers the Eclipse Che IDE platform. It provides an overview of Docker concepts like containers, images, and orchestration. It also demonstrates how to build a sample Spring Boot app as a Docker image and run it as a container. Finally, it outlines the agenda for the CheConf2016 conference, including sessions on deploying Che on OpenShift and building an IoT IDE with Che.
DCSF19 CMD and Conquer: Containerizing the Monolith Docker, Inc.
Tony Lee & Nelson Wang, Splunk
Modern microservice-oriented software architectures evangelize the principles of infrastructure-as-code and declarative directives to manage and run applications. At Splunk, we wanted to marry these ideals with the majestic monolith, Splunk Enterprise, to simplify the use of our product through containerization. Without rearchitecting the entire product from the ground-up, which can be a costly investment, we focused on incorporating a flexible configuration management layer on top of the core application. This has enabled us to make running Splunk in Docker act and behave as a true microservice, greatly reducing the friction of migrating towards more container-native software.
We not only concentrated on making our open-source Docker image initiative user-friendly and production-ready, but we also wanted to seamlessly integrate it back into our internal engineering process. Join us for this session as we discuss migrating a traditional application into a microservice ecosystem, developing a containerization strategy for both external customer usage and internal development, as well as learning about our internal container platform at scale.
This talk will focus on a brief overview of Kubernetes, with a brief demo, and then more of an in-depth focus on issues we've faced moving PHP projects into Docker and Kubernetes like signal propagation, init systems, and logging.
Talk from Cape Town PHP meetup on Feb. 7, 2016:
https://www.meetup.com/Cape-Town-PHP-Group/events/237226310/
Code: https://github.com/zoidbergwill/kubernetes-php-examples
Slides as markdown: http://www.zoidbergwill.com/presentations/2017/kubernetes-php/index.md
Sharding Containers: Make Go Apps Computer-Friendly Again by Andrey Sibiryov Docker, Inc.
The document discusses how modern hardware has become more complex with multi-core, multi-socket CPUs and deep cache hierarchies. This complexity introduces latency and performance issues for software. The author describes their service that processes millions of requests per second spending a large amount of time on garbage collection, context switching, and CPU stalls. They developed a tool called Tesson that analyzes hardware topology and shards containerized applications across CPU cores, pinning linked components closer together to improve locality and performance. Tesson integrates with a local load balancer to distribute workloads efficiently utilizing the system resources.
LinuxKit is an open source project that provides the components to build secure, portable, and lean container-based operating systems. It produces minimal and immutable images defined through a YAML configuration file. The project emphasizes security through limiting components, modern kernels, and container isolation with minimal privileges. It is maintained by Anthropic and supported on various platforms through integration with tools like Docker, Kubernetes, and InfraKit for managing clusters. Future work includes porting to more platforms and architectures while improving security and reliability.
OSDC 2018 | Highly Available Cloud Foundry on Kubernetes by Cornelius SchumacherNETWAYS
This document discusses running Cloud Foundry on Kubernetes to provide highly available cloud platforms. It begins with an overview of cloud computing models and introduces Cloud Foundry. It then discusses deploying Cloud Foundry using Kubernetes primitives like pods, services, and stateful sets for high availability. The document demonstrates how to install Cloud Foundry on Kubernetes using Helm charts and configure for high availability. It shows the components have been made highly available to prevent downtime during failures or upgrades. Finally, it provides a demo of deploying a sample application on Cloud Foundry on Kubernetes under chaotic conditions to showcase the high availability.
The document discusses data protection and disaster recovery. It describes traditional backups that can take days for recovery versus new technologies that enable recovery in hours. It discusses three components of business continuity: high availability, continuous operations, and disaster recovery. The key goals of business continuity planning are outlined. Traditional backup architectures and recovery metrics are depicted. Emerging technologies like snapshots, replication, and automation are discussed which improve recovery point objectives (RPO) and recovery time objectives (RTO). The document emphasizes that disaster recovery requires a holistic business solution approach involving people, processes, and technologies.
Red Hat multi-cluster management & what's new in OpenShiftKangaroot
More and more organisations are not only using container platforms but starting to run multiple clusters of containers. And with that comes new headaches of maintaining, securing, and updating those multiple clusters. In this session we'll look into how Red Hat has solved multi-cluster management, covering cluster lifecycle, app lifecycle, and governance/risk/compliance.
The ultimate Kubernetes Deployment Checklist - Infra to MicroservicesPrakarsh -
These slides offer a holistic exploration of crucial checkpoints vital for successful Kubernetes deployments. Spanning across infrastructure setup, scaling methodologies, security measures, and microservices deployment, the slides will guide readers through essential considerations at each stage. Additionally, it will introduce various best practices imperative for optimizing configurations, managing resources effectively, and achieving seamless microservices deployment. Readers will acquire a comprehensive checklist that streamlines Kubernetes workflows, ensuring a smooth transition from infrastructure setup to finely-tuned microservices orchestration.
This document summarizes a research paper that proposes a privacy-preserving public auditing scheme for regenerating-code-based cloud storage. Existing methods only allow private auditing by the data owner, but the proposed system utilizes a third-party auditor and semi-trusted proxy to check data integrity and repair failures on behalf of the data owner. This allows public auditing while maintaining security and reducing the online burden for data owners. The system takes advantage of the properties of regenerating codes to efficiently compute authenticators.
From Containerized Application to Secure and Scaling With KubernetesShikha Srivastava
Discuss following:
What does it really take to make sure your application is production ready?
With new privacy regulations being added, many aspects need to be taken into account when deciding when to deliver your final application is ready for production.
Can your application handle multiple users with different levels of access?
Can you extend your application to use existing authentication and authorization platforms?
Have you invested in using Mutual TLS for communication between components?
How do you manage the certificates and passwords used within your product?
Is CICD your friend or your enemy when it comes to delivering your product?
Have you considered the availability and scalability of the application?
DockerCon Europe 2018 Monitoring & Logging WorkshopBrian Christner
This is the Docker Logging & Monitoring workshop completed during DockerCon 2018 Europe. We cover how to build native tools in Docker, deploy an ELK stack, and Prometheus with cAdvisor, node-exporter, Prometheus, and Grafana stack
How to accelerate docker adoption with a simple and powerful user experienceDocker, Inc.
1) Societe Generale aims to accelerate Docker adoption by providing a simple and powerful user experience. They plan to increase their container usage from 2000 to 15,000 containers.
2) They aim to achieve this growth while improving security, quality of service, and reducing VM costs. Their challenge is providing these improvements while maintaining a good user experience.
3) Docker Universal Control Plane (UCP) is used to provide a production cluster with logical isolation and central administration. This achieves multi-tenancy, security/compliance checks, and self-service onboarding.
At this year’s annual Design Automation Conference (DAC 2020), Rob Lalonde and Bill Bryce of Univa partnered with representatives from Google and Synopsys to discuss EDA in the Cloud and share best practices related to cloud migration.
This document summarizes Dr. Anita Goel's presentation on cloud computing infrastructure at the Workshop on Big Data and Cloud Computing in India in 2016. The presentation included an introduction to cloud computing concepts like virtualization and software defined networking and storage. It discussed the need for cloud computing to improve processor and energy efficiency. It also defined cloud computing according to NIST and described common cloud service models. The remainder of the presentation outlined research directions in cloud computing architecture and control layers and listed several related publications by Dr. Goel and collaborators.
By leveraging a hybrid model that encompasses both on-premise resource utilization and cloud computing, organizations can deploy applications to the most appropriate resource pools, making themselves more agile and saving money. In this presentation at AWS Summit San Francisco, RightScale Senior Services Architect Brian Adler describes the factors that organizations must consider when they create a hybrid model that uses AWS services. He shares a detailed reference architecture for hybrid clouds, covers the preferred use cases for the allocation and utilization of on-premise and cloud computing resources, and reviews technologies available to seamlessly manage hybrid IT infrastructure.
Maturing IoT solutions with Microsoft Azure (Sam Vanhoutte & Glenn Colpaert a...Codit
“Internet of Things” is changing our world and today the Internet of Things knows almost as many applications as there are types of devices connected. In this session, Sam and Glenn will give an overview of the latest IoT solutions, the different learnings from the field and explain which key components are instrumental to integrating your solutions to the Azure IoT platform to ensure they are robust, future-proof and secure.
Kubernetes – An open platform for container orchestrationinovex GmbH
Datum: 30.08.2017
Event: GridKA School 2017
Speaker: Johannes M. Scheuermann
Mehr Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
Mehr Tech-Artikel: https://www.inovex.de/blog/
Vietnam Global Azure Bootcamp 2019 - Security on Azure Kubernetes Services wi...Duc Lai Trung Minh
The document provides an overview of security solutions for Azure Kubernetes Services, including:
- Open-source NGINX Ingress Controller and cert-manager for web application firewall, load balancing, and HTTPS configuration.
- Log management using tools like Prometheus + Grafana, ELK stack, or Azure Log Analytics for log storage, visualization and alerts.
- Attack alerting by configuring Azure Logic App to scan logs in Log Analytics and send alerts to Slack when attacks are detected.
Build cloud native solution using open source Nitesh Jadhav
Build cloud native solution using open source. I have tried to give a high level overview on How to build Cloud Native using CNCF graduated software's which are tested, proven and having many reference case studies and partner support for deployment
The document discusses scalability and provides examples of scaling a weather forecast application from 1,000 users to over 1 million users. It describes scaling the application vertically by upgrading server hardware, horizontally by adding more servers, and through distributed architectures like clustering, caching, and moving to a cloud solution. The key aspects covered are performance testing, high availability, and optimizing the application infrastructure as user load increases substantially over time.
Anil Kumar Mullapudi is seeking a challenging role in IT infrastructure management. He has over 3 years of experience as a technical consultant and NOC engineer. His skills include administering Linux, Windows, networks, AWS, monitoring tools like Nagios and Copper Egg. He is Red Hat and Windows Server certified. His experience includes projects with CipherCloud, GSS Infotech, and Euler Hermes involving tasks like installing servers, managing storage, security, monitoring, troubleshooting, documentation.
Similar to Production grade edge computing on Kubernetes OSS EU 2018 (20)
Kubernetes for IoT and Edge - Instrument Society of America MeetingSteve Wong
Introduction to Kubernetes for IoT and Edge applications presented at meeting of Istrument Society of America, Los Angeles Chapter meeting October 15, 2019
SCALE 16x on-prem container orchestrator deploymentSteve Wong
This document discusses running containerized applications in an on-premises datacenter using a container orchestrator. It defines what an orchestrator is and compares types like Kubernetes. Reasons for using an orchestrator on-prem include a cloud-like user experience, low latency requirements, and data governance needs. Choosing an orchestrator also involves considerations for networking, storage, and installation tools. The document outlines differences in on-prem environments compared to public clouds and discusses the Container Storage Interface standard.
Smart Cities and IOT: with opportunity comes riskSteve Wong
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive functioning. Exercise causes chemical changes in the brain that may help alleviate symptoms of mental illness and boost overall mental well-being.
The document discusses The Twelve Factors for building software-as-a-service applications. It lists the twelve factors which are: I) Codebase, II) Dependencies, III) Config, IV) Backing services, V) Build, release, run, VI) Processes, VII) Port binding, VIII) Concurrency, IX) Disposability, X) Dev/prod parity, XI) Logs, and XII) Admin processes. The factors provide principles for building apps that are robust, scalable, and modular.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Production grade edge computing on Kubernetes OSS EU 2018
1. Production Grade Edge Computing
Using Kubernetes
Steve Wong
@cantbewong
Open Source Community Relations Engineer
VMware
Open Source Summit Europe
October 23, 2018
2. 2
Abstract
Some applications benefit from moving closer to data ingest, or the user. Edge reduces local
processing latency, and supports isolated operation. It also has challenges compared to the
pooled resources, and single point of management of centralized clouds.
You won’t achieve the Google Borg experience at an edge location - nor are you likely to need it.
But with planning it is possible to achieve edge deployments that are secure, with predictable
performance and “highly available enough” considering constraints on money, physical space,
power, etc.
Steve will provide specific recommendations related to architecture, networking, storage,
patching, logging, disaster recovery, and remote manageability - based on using Kubernetes,
and other open source tools and technology.
This is a rapidly changing space, and Steve will also touch on some interesting proposals and
work underway in the space.
3. Agenda
3
Production Grade Kubernetes
What Does It Mean?
Critical Components in a Kubernetes Cluster
Architecture of the control plane
Impacts of Limited Resources at an Edge location
Making the best of limited budget and facilities
Kubernetes Configuration
Defaults may not be appropriate for edge
Security
Considerations for edge
Disaster Recovery & Backup
Planning checklist
Futures
4. 4
What does it mean to be “Production Grade”?
When you deploy to edge, you own 100% of this
• The installation is secure
• The deployment is managed with a
repeatable and recorded process
• Performance is predictable and consistent
• Updates and configuration changes can be
safely applied
• Logging and monitoring is in place to
detect and diagnose failures and resource
shortages
• Service is “highly available enough”
considering available resources, including
constraints on money, physical space,
power, etc.
• A recovery process is available,
documented, and tested for use in the
event of failures
Photo attribution: By Tony Webster from Portland, Oregon, United States (212 days without recordable incident) [CC BY 2.0
(https://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons
6. 6
Control Plane
Critical components
component role effect of loss
etcd Maintains state for all
Kubernetes objects
Loss of storage catastrophic. Loss of quorum = Kubernetes
loses control plane. Read only API calls might continue to
work. Existing workloads may continue to run.
API server Provides API used internally
and externally
Can’t start, stop, update pods, services, replication
controllers. Scheduler and Controller Manager down.
Workloads continue if not dependent on API calls
(operators, customer controllers, CRDs, etc.)
scheduler Places pods on nodes No pod placements, priority, preemption.
controller manager Runs many controllers Core control loops that regulate state cease
7. 7
Keeping critical components available
Recommendations:
• Use redundancy
• Hardware
• Software
• Enable rapid recovery
• Backups
• DR plans
• Training and documentation
• Security
• Monitoring, Metrics, Logging
• Automate operations
• Installs
• Updates
The Risks:
• Hardware failures
• Software bugs
• Bad updates
• Human errors
• Network outages
• Intentional attacks
• Overloaded systems resulting in
resource exhaustion
• Power, Cooling losses
• Weather
8. 8
On-premises deployments have finite resources
even in public clouds, budget may limit what you choose to consume
Dreams &
Goals
Resources
a tricky balance
Drawing attribution: By Б.Золзаяа [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)], from Wikimedia Commons
9. 9
Kubernetes on a single hardware host
Operating on the edge in more ways than one
Minimum
• Hardware
• Dual disks – mirrored
• Dual fans
• UPS
Recommended
• Hypervisor
• 3 node Kubernetes control
plane
• Resource governance
• Hardware
• Dual Power Supplies
• ECC memory
• 3 disks
10. 10
Kubernetes on dual hardware hosts
etcd quorum must be an odd number
• No real availability advantage to
splitting etcd across 2 nodes - put all
etcd instances on one node
Shared storage is advantageous for availability of
control plane and workloads
• External storage may be expensive
• Software Defined storage will generally require a
witness “2+1”
11. 11
Kubernetes on 3 or more hardware hosts
recommendation Put a control plane instance with etcd on each of 3
nodes
• Loss of a node reduces capacity but does not
bring down Kubernetes, and is recoverable
12. 12
Kubernetes configuration settings
Protect the system from resource overloads
Throttle things like :
• API call rates
• Pods per node
Reserve for system daemons
Recommended for predictable,
repeatable behavior:
• Explicitly state resources on
container specs
• Explicitly configure out of
resource behavior on nodes
• Use namespace quotas
13. 13
Security
Recommendations
• Certificates
• Lock down worker nodes
• Use an image repository with
governance & security features
• Utilize Pod Security Policies
• Use RBAC to drive authorization
decisions and enforcement
• Consider physical security at
edge locations
• Storage encryption
• Protection from attachment
of malicious devices
• Avoid use of plain text credentials
(access key, token, passwords)
• Consider security features when
you choose your network solution
• Logging and monitoring/metrics
can contribute to security
14. 14
Disaster Recovery
Redundancy can help reduce outages but
failures can still occur
DR plan elements:
• Backups
• Availability of
replacements
• A planned process
• People to carry it out
• Training
• Documentation of
the procedure
(runbooks)
• Automation can help
Backup concerns
• etcd
• Stateful workload
storage
• Certificates and keypairs
• DNS records
• IP/subnet assignments
• Config files
• Service accounts and
creds
Photo attribution: US Air Force photo, B-24 in cloud with flak, No. 2 engine smoking
15. 15
Final Thoughts + Roadmap
Kubernetes can be applied to edge – but doing
so requires some care
Join the Kubernetes Edge IoT working group to get involved
• https://groups.google.com/forum/#!forum/kubernetes-wg-iot-edge
Photo attribution: By Matti Blume [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)], from Wikimedia Commons
There is opportunity to improve this
• Issues with scale
• Issues with control plane to worker node connectivity
17. Questions
Deck is here:
More detailed coverage can be found in this blog post:
https://kubernetes.io/blog/2018/08/03/out-of-the-clouds-onto-the-ground-how-to-make-kubernetes-pro
duction-grade-anywhere/
Contact me later:
Twitter: @cantbewong
Kubernetes Slack: steve-wong
References: