Faster Container Image Distribution on a Variety of Tools with Lazy PullingKohei Tokunaga
Talked at KubeCon + CloudNativeCon North America 2021 Virtual about lazy pulling of container images with eStargz and nydus (October 14, 2021).
https://kccncna2021.sched.com/event/lV2a
Container Security Deep Dive & Kubernetes Aqua Security
Container Security Deep Dive & Kubernetes by Tsvi Korren, Director of Technical Services at Aqua.
Container security best practices and implications in a Kubernetes environment. Tsvi will cover security for your containerized applications from development, through build, ship, and run, and as a result, how to make your entire Kubernetes deployment more secure.
Docker Online Meetup #22: Docker NetworkingDocker, Inc.
Building on top of his talk at DockerCon 2015, Jana Radhakrishnan, Lead Software Engineer at Docker, does a deep dive into Docker Networking with additional demos and insights on the product roadmap.
A talk given at Docker London on Wednesday, July 20th, 2016. This talk is a fast-paced overview of the potential threats faced when containerizing applications, married to a quick run-through of the "security toolbox" available in the Docker engine via Linux kernel capabilities and features enabled by OCI's libcontainer/runc and Docker.
A video recording of this talk is available here: https://skillsmatter.com/skillscasts/8551-container-security
Faster Container Image Distribution on a Variety of Tools with Lazy PullingKohei Tokunaga
Talked at KubeCon + CloudNativeCon North America 2021 Virtual about lazy pulling of container images with eStargz and nydus (October 14, 2021).
https://kccncna2021.sched.com/event/lV2a
Container Security Deep Dive & Kubernetes Aqua Security
Container Security Deep Dive & Kubernetes by Tsvi Korren, Director of Technical Services at Aqua.
Container security best practices and implications in a Kubernetes environment. Tsvi will cover security for your containerized applications from development, through build, ship, and run, and as a result, how to make your entire Kubernetes deployment more secure.
Docker Online Meetup #22: Docker NetworkingDocker, Inc.
Building on top of his talk at DockerCon 2015, Jana Radhakrishnan, Lead Software Engineer at Docker, does a deep dive into Docker Networking with additional demos and insights on the product roadmap.
A talk given at Docker London on Wednesday, July 20th, 2016. This talk is a fast-paced overview of the potential threats faced when containerizing applications, married to a quick run-through of the "security toolbox" available in the Docker engine via Linux kernel capabilities and features enabled by OCI's libcontainer/runc and Docker.
A video recording of this talk is available here: https://skillsmatter.com/skillscasts/8551-container-security
Author: Oleg Chunikhin, www.eastbanctech.com
Kubernetes is a portable open source system for managing and orchestrating containerized cluster applications. Kubernetes solves a number of DevOps related problems out of the box in a simple and unified way – rolling updates and update rollback, canary deployment and other complicated deployment scenarios, scaling, load balancing, service discovery, logging, monitoring, persistent storage management, and much more. You will learn how in less than 30 minutes a reliable self-healing production-ready Kubernetes cluster may be deployed on AWS and used to host and operate multiple environments and applications.
Containerd Internals: Building a Core Container RuntimePhil Estes
A talk given at OpenSource Summit, North America in Los Angeles, CA on September 11th, 2017. Stephen Day (Docker) and Phil Estes (IBM) presented the history, design, architecture, and use cases for the containerd 1.0 core container runtime open source CNCF project.
We are on the cusp of a new era of application development software: instead of bolting on operations as an after-thought to the software development process, Kubernetes promises to bring development and operations together by design.
- Archeology: before and without Kubernetes
- Deployment: kube-up, DCOS, GKE
- Core Architecture: the apiserver, the kubelet and the scheduler
- Compute Model: the pod, the service and the controller
Kubernetes Architecture - beyond a black box - Part 1Hao H. Zhang
This is part 1 of my Kubernetes architecture deep-dive slide series.
I have been working with Kubernetes for more than a year, from v1.3.6 to v1.6.7, and I am a CNCF certified Kubernetes administrator. Before I move on to something else, I would like to summarize and share my knowledges and take-aways about Kubernetes, from a software engineer perspective.
This set of slides is a humble dig into one level below your running application in production, revealing how different components of Kubernetes work together to orchestrate containers and present your applications to the rest of the world.
The slides contains 80+ external links to Kubernetes documentations, blog posts, Github issues, discussions, design proposals, pull requests, papers, source code files I went through when I was working with Kubernetes - which I think are valuable for people to understand how Kubernetes works, Kubernetes design philosophies and why these design came into places.
KCD Italy 2022 - Application driven infrastructure with Crossplanesparkfabrik
Crossplane allows users to extend their Kubernetes clusters using CRDs. The CRDs map any infrastructure or managed service, ensuring that the creation process for the users is as simple as the Kubernetes resources creation. Using a collection of YAML manifests, the development teams can assemble the needed cloud services for their applications removing this duty from the operation teams: this is "shift left" at its best. All this powerfulness comes with a cost in terms of security, governance, cognitive load and maintenance. In this talk we'll discuss strategies and techniques to better map the complexity of this infrastructure.
Jessica Deen, Microsoft -
Helm 3 is here; let's go hands-on! In this demo-fueled session, I'll walk you through the differences between Helm 2 and Helm 3. I'll offer tips for a successful rollout or upgrade, go over how to easily use charts created for Helm 2 with Helm 3 (without changing your syntax), and review opportunities where you can participate in the project's future.
- What is Kubernetes
- Why we need Kubernetes
- Demo how to deploy application on Kubernetes
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Facebook Record: https://www.facebook.com/ThaiProgrammerSociety/videos/1908659749331066
Coder Live with Thai Programmer Association
June 6, 2022
The myths of deprecating docker in kubernetesJo Hoon
Don’t be surprise. It is very natural movement from monolithic style to MSA. And it is not sooner issue. Just happen to late 2021 as a plan. And most of customer doesn’t impact your system. Due to many of service provider (GCP, AWS, AZURE, OpenShift, RKE and so on) already change their Container Runtime from (a little noisy?) old version of docker to light Container Runtime. I.e. new version of docker or others. And also it is no no no impact to your current image because you already use containerD monstly and what if you use old version of docker and also k8s said support old dockershim with there supportive method.
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
With the announcement of the OCI by Solomon Hykes at last summer's DockerCon, a Docker-contributed reference implementation of the OCI spec, called runC, was born. While some of you may have tried runC or have a history of poking at the OS layer integration library to Linux namespaces, cgroups and the like (known as libcontainer), many of you may not know what runC offers. In this talk Phil Estes, Docker engine maintainer who has also contributed to libcontainer and runC, will show what's possible using runC as a lightweight and fast runtime environment to experiment with lower-level features of the container runtime. Phil will introduce a conversion tool called "riddler", which can inspect and convert container configurations from Docker into the proper OCI configuration bundle for easy conversion between the two environments. He'll also demonstrate how to make custom configurations for trying out security features like user namespaces and seccomp profiles.
Runc: The Little Engine That Could (Run Docker Containers)Phil Estes
A talk presented in the "Black Belt" track at DockerCon Seattle 2016; Tuesday, June 21st. Phil Estes gave a brief introduction to the Open Container Initiative (OCI) and runC and then demonstrated capabilities and tools for converting Docker containers to OCI specifications and root filesystem bundles.
Author: Oleg Chunikhin, www.eastbanctech.com
Kubernetes is a portable open source system for managing and orchestrating containerized cluster applications. Kubernetes solves a number of DevOps related problems out of the box in a simple and unified way – rolling updates and update rollback, canary deployment and other complicated deployment scenarios, scaling, load balancing, service discovery, logging, monitoring, persistent storage management, and much more. You will learn how in less than 30 minutes a reliable self-healing production-ready Kubernetes cluster may be deployed on AWS and used to host and operate multiple environments and applications.
Containerd Internals: Building a Core Container RuntimePhil Estes
A talk given at OpenSource Summit, North America in Los Angeles, CA on September 11th, 2017. Stephen Day (Docker) and Phil Estes (IBM) presented the history, design, architecture, and use cases for the containerd 1.0 core container runtime open source CNCF project.
We are on the cusp of a new era of application development software: instead of bolting on operations as an after-thought to the software development process, Kubernetes promises to bring development and operations together by design.
- Archeology: before and without Kubernetes
- Deployment: kube-up, DCOS, GKE
- Core Architecture: the apiserver, the kubelet and the scheduler
- Compute Model: the pod, the service and the controller
Kubernetes Architecture - beyond a black box - Part 1Hao H. Zhang
This is part 1 of my Kubernetes architecture deep-dive slide series.
I have been working with Kubernetes for more than a year, from v1.3.6 to v1.6.7, and I am a CNCF certified Kubernetes administrator. Before I move on to something else, I would like to summarize and share my knowledges and take-aways about Kubernetes, from a software engineer perspective.
This set of slides is a humble dig into one level below your running application in production, revealing how different components of Kubernetes work together to orchestrate containers and present your applications to the rest of the world.
The slides contains 80+ external links to Kubernetes documentations, blog posts, Github issues, discussions, design proposals, pull requests, papers, source code files I went through when I was working with Kubernetes - which I think are valuable for people to understand how Kubernetes works, Kubernetes design philosophies and why these design came into places.
KCD Italy 2022 - Application driven infrastructure with Crossplanesparkfabrik
Crossplane allows users to extend their Kubernetes clusters using CRDs. The CRDs map any infrastructure or managed service, ensuring that the creation process for the users is as simple as the Kubernetes resources creation. Using a collection of YAML manifests, the development teams can assemble the needed cloud services for their applications removing this duty from the operation teams: this is "shift left" at its best. All this powerfulness comes with a cost in terms of security, governance, cognitive load and maintenance. In this talk we'll discuss strategies and techniques to better map the complexity of this infrastructure.
Jessica Deen, Microsoft -
Helm 3 is here; let's go hands-on! In this demo-fueled session, I'll walk you through the differences between Helm 2 and Helm 3. I'll offer tips for a successful rollout or upgrade, go over how to easily use charts created for Helm 2 with Helm 3 (without changing your syntax), and review opportunities where you can participate in the project's future.
- What is Kubernetes
- Why we need Kubernetes
- Demo how to deploy application on Kubernetes
Jirayut Nimsaeng
Founder & CEO
Opsta (Thailand) Co., Ltd.
Facebook Record: https://www.facebook.com/ThaiProgrammerSociety/videos/1908659749331066
Coder Live with Thai Programmer Association
June 6, 2022
The myths of deprecating docker in kubernetesJo Hoon
Don’t be surprise. It is very natural movement from monolithic style to MSA. And it is not sooner issue. Just happen to late 2021 as a plan. And most of customer doesn’t impact your system. Due to many of service provider (GCP, AWS, AZURE, OpenShift, RKE and so on) already change their Container Runtime from (a little noisy?) old version of docker to light Container Runtime. I.e. new version of docker or others. And also it is no no no impact to your current image because you already use containerD monstly and what if you use old version of docker and also k8s said support old dockershim with there supportive method.
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
With the announcement of the OCI by Solomon Hykes at last summer's DockerCon, a Docker-contributed reference implementation of the OCI spec, called runC, was born. While some of you may have tried runC or have a history of poking at the OS layer integration library to Linux namespaces, cgroups and the like (known as libcontainer), many of you may not know what runC offers. In this talk Phil Estes, Docker engine maintainer who has also contributed to libcontainer and runC, will show what's possible using runC as a lightweight and fast runtime environment to experiment with lower-level features of the container runtime. Phil will introduce a conversion tool called "riddler", which can inspect and convert container configurations from Docker into the proper OCI configuration bundle for easy conversion between the two environments. He'll also demonstrate how to make custom configurations for trying out security features like user namespaces and seccomp profiles.
Runc: The Little Engine That Could (Run Docker Containers)Phil Estes
A talk presented in the "Black Belt" track at DockerCon Seattle 2016; Tuesday, June 21st. Phil Estes gave a brief introduction to the Open Container Initiative (OCI) and runC and then demonstrated capabilities and tools for converting Docker containers to OCI specifications and root filesystem bundles.
Devoxx 2016: A Developer's Guide to OCI and runCPhil Estes
A talk given at Devoxx 2016 in Antwerp, Belgium on November 7th, 2016. This talk covers the OCI (Open Container Initiative), status of the runtime and image specifications, and tools like runC and ocitools, as well as components like "riddler" and "netns" for using the OCI components as an application developer.
It’s almost been a year since the Open Container Initiative (OCI) and its reference OCI-compliant runtime for containers, runC, were announced last June. runC is now the container execution engine used both by Docker and Cloud Foundry’s Garden-Linux project. As the OCI community expands, and runC is used as an OCI spec compliant runtime in more container systems, innovation around container features and evolution of its capabilities are increasing all the time. It turns out that runC is a great lightweight container executor that makes for an easy playground for trying out new OS-level features around containers. In the past year, many features from higher-level environments like the Docker ecosystem—including seccomp, user namespaces, PID cgroups, and checkpoint/restore—all appeared in runC or its container library, libcontainer, first. Phil Estes explains how easy it is to utilize runC for testing new container capabilities or trying out different configurations in a much more lightweight model than running a complete container orchestration engine or even a Docker daemon and why runC and the OCI community are great places to innovate and develop new OS-level features for container execution environments. Phil demonstrates some of these capabilities live and compares using runC with an OCI configuration (based on the OCI spec) and running containers with higher-level tools.
Discussion and demo (available via video) of Open Container Initiative (OCI) status and the runc reference implementation. Given at Open Container Day during OSCON 2016 in Austin, TX.
Dieser Talk greift das Thema "Containers from Scratch" auf und zeigt wie Container Runtimes unseren Alltag erleichtern können und worum es sich hierbei genau handelt. Zudem werden die Unterschiede einiger Container Runtimes dargestellt.
An overview on docker and container technology behind it. Lastly, we discuss few tools that might come handy when dealing with large number of containers management.
Docker London Meetup: Docker Engine EvolutionPhil Estes
A meetup talk on the evolution of the Docker engine from 2014-2019, including the refactoring and spin out of OCI runc and CNCF containerd codebases. This talk was given at the Docker London meetup group on Thursday, 31st January, 2019.
Docker for the new Era: Introducing Docker,its components and toolsRamit Surana
Containers have been evolved from generations behind today.So what's new with Docker ? What has changed during the current scenario ? Find out more on docker and how to implement it in your environments in the above slide show.
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Phil Estes
A presentation given on Thursday, January 19th, 2017 at the Devops Remote Conf 2017. This talk details the history of the Docker engine architecture, focusing on the split in April 2016 into the containerd and runc layers, and talking through the December 2016 announcement of the *new containerd project and what it will bring for the Docker engine and other consumers.
Tell the history of Container/Docker/Kubernetes, and show the key elements of them.
After view this document, you could know the main feature of Container Docker and Kubernetes.
Very basic infomation about how these technique work together.
Kubernetes Story - Day 1: Build and Manage Containers with PodmanMihai Criveti
OpenShift Workshop Day 1: https://www.youtube.com/watch?v=3IuaZu8-fsY - Build and Manage Containers with Podman
In this workshop you'll learn how to build and manage containers, publish images to Quay, then install and deploy containers onto OpenShift.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
runC – Open Container Initiative
1. runC – Open Container Initiative
Jeeva S. Chelladhurai
https://www.linkedin.com/in/jeevachelladhurai/
@Docker Meetup #34
Author of Learning Docker
https://www.packtpub.com/networking-and-servers/learning-docker-second-edition
2.
3. About OCI
• Open Container Initiative
• Open Industry Standard
• Common, minimal, open standards and specification
• Container Format and Runtime
• Linux Foundation Collaborative Project
• Launched June 22 2015
• Docker, CoreOS and etc.
• Docker donated libcontainer
• https://github.com/opencontainers/runc
5. OCI Scope [1/4]
• Runtime executable reference
• OCI Base Layer
• RunC - reference implementation
• https://github.com/opencontainers/runc
• Runtime Spec
• OCI Base Layer
• https://github.com/opencontainers/runtime-spec
• Defines the parameters needed to run the container
6. OCI Scope [2/4]
• Bundle Format
• OCI Base Layer
• https://github.com/opencontainers/image-spec
• Defines the filesystem layout
• Standardization needed for various runtimes
• Hashing for Content Integrity
• OCI Base Layer
• https://github.com/opencontainers/go-digest
• Ensure content integrity
7. OCI Scope [3/4]
• Content Addressable name
• OCI Base Layer
• Using hash as address for immutable containers
• Early stage of discussion
• Archival Format
• OCI Base Layer
• Serialization of filesystem bundle
• Yet to start
8. OCI Scope [4/4]
• Compliance Test Suite
• OCI Base Layer
• Test cases and tools to ensure the implementations comply with the
specs
• OCI Optional Layers
• Signature
• DNS based naming
9. runC
• Client wrapper around libcontainer
• libcontainer is OS interface
• runC requires
• OCI config (json)
• OCI bundle (filesystem)
10. Environment
• Vagrant https://www.vagrantup.com
• VirtualBox https://www.virtualbox.org
• Vagrant Box used: ubuntu/xenial64
• vagrant flow
create a directory in the host system, and from that directory run below
vagrant commands
vagrant init ubuntu/xenial64
vagrant ssh
11. Installing runC thru docker
• Docker uses runC as its runtime
• It is shipped with docker as docker-runc
ubuntu@ubuntu-xenial:~$ docker --version
Docker version 17.06.0-ce, build 02c1d87
ubuntu@ubuntu-xenial:~$ docker-runc --version
runc version 1.0.0-rc3
commit: 2d41c047c83e09a6d61d464906feb2a2f3c52aa4
spec: 1.0.0-rc5
12. Installing runC from Release
• Release binary can be downloaded from
https://github.com/opencontainers/runc/releases/
13. Installing runC from source
• install go lang 1.8.3 (might work with older versions too)
• set GOROOT & GOPATH path
• also install libseccomp-dev, gcc, make, pkg-config
• cd $GOPATH/src/github.com/opencontainers
• git clone https://github.com/opencontainers/runc
• cd runc && make && sudo make install
ubuntu@ubuntu-xenial:~$ runc --version
runc version 1.0.0-rc4+dev
commit: ae2948042b08ad3d6d13cd09f40a50ffff4fc688
spec: 1.0.0
17. Creating an OCI Bundle
1. Choose a directory
$ cd ${HOME}/myalpine
2. Create rootfs
$ mkdir rootfs
3. Create a docker container
$ docker create --name myalpine alpine
4. Export the container to a tar file
$ docker container export myalpine -o myalpine.tar
5. Untar the file into rootfs
$ tar -C rootfs -xvf myalpine.tar
6. Generate config.json spec
$ runc spec
18. Create a bundle in a single stroke
1. Choose a directory
$ cd ${HOME}/myalpine2
2. Create rootfs
$ mkdir rootfs
3. Create bundle with chain of commands
$ docker export $(docker create alpine) | tar -C rootfs -xvf -
4. Generate config.json spec
$ runc spec
19. Running your first runc container
1. Change to the OCI Bundle directory
$ cd ${HOME}/myalpine
2. Run the alpine bundle as root
$ sudo runc run myalpine
22. runc on host network
config.json https://gist.github.com/sjeeva/903de797838882082af7921bac5fbfd4
23. rootless containers
• Running container as non-root user
• runc binary should be owned by root
• Create a spec for rootless container
• runc spec --rootless
• Launch runc with --root option
• runc --root /tmp/runc run myalpine
24. Mounting host directories
• Edit the config.json spec and added the mount point to the
mounts section
• Example:
25. Hooks
• Supports three hooks to perform specific action
• prestart – before launching the container
• poststart – after launching the user process inside the container
• poststop – after stopping the user process inside the container