A talk presented in the "Black Belt" track at DockerCon Seattle 2016; Tuesday, June 21st. Phil Estes gave a brief introduction to the Open Container Initiative (OCI) and runC and then demonstrated capabilities and tools for converting Docker containers to OCI specifications and root filesystem bundles.
Rooting Out Root: User namespaces in DockerPhil Estes
This talk on the progress to bring user namespace support into Docker was presented by Phil Estes at LinuxCon/ContainerCon 2015 on Wednesday, Aug. 19th, 2015
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
A Docker security talk that Salman Baset and Phil Estes presented at the Tokyo OpenStack Summit on October 29th, 2015. In this talk we provided an overview of the security constraints available to Docker cloud operators and users and then walked through a "lessons learned" from experiences operating IBM's public Bluemix container cloud based on Docker container technology.
Container Security: How We Got Here and Where We're GoingPhil Estes
A talk given on Wednesday, Nov. 16th at DefragCon (DefragX) on a historical perspective on container security with a look to where we're going in the future.
Devoxx 2016: A Developer's Guide to OCI and runCPhil Estes
A talk given at Devoxx 2016 in Antwerp, Belgium on November 7th, 2016. This talk covers the OCI (Open Container Initiative), status of the runtime and image specifications, and tools like runC and ocitools, as well as components like "riddler" and "netns" for using the OCI components as an application developer.
How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes
A conference talk at ContainerCon Europe in Berlin, Germany, given on October 5th, 2016. This is a slightly modified version of my talk first used at Docker London in July 2016.
Rooting Out Root: User namespaces in DockerPhil Estes
This talk on the progress to bring user namespace support into Docker was presented by Phil Estes at LinuxCon/ContainerCon 2015 on Wednesday, Aug. 19th, 2015
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
A Docker security talk that Salman Baset and Phil Estes presented at the Tokyo OpenStack Summit on October 29th, 2015. In this talk we provided an overview of the security constraints available to Docker cloud operators and users and then walked through a "lessons learned" from experiences operating IBM's public Bluemix container cloud based on Docker container technology.
Container Security: How We Got Here and Where We're GoingPhil Estes
A talk given on Wednesday, Nov. 16th at DefragCon (DefragX) on a historical perspective on container security with a look to where we're going in the future.
Devoxx 2016: A Developer's Guide to OCI and runCPhil Estes
A talk given at Devoxx 2016 in Antwerp, Belgium on November 7th, 2016. This talk covers the OCI (Open Container Initiative), status of the runtime and image specifications, and tools like runC and ocitools, as well as components like "riddler" and "netns" for using the OCI components as an application developer.
How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes
A conference talk at ContainerCon Europe in Berlin, Germany, given on October 5th, 2016. This is a slightly modified version of my talk first used at Docker London in July 2016.
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Michelle Antebi
In this talk, Michal Crosby will present on runC and Containerd, the internals and how they work together to start and manage containers in Docker. Afterwards, Arnaud Porterie will touch on about what was shipped in 1.11 and how it will enable some of the things we are working on for 1.12.
Christian Kniep from Docker Inc. gave this talk at the Stanford HPC Conference.
"This talk will recap the history of and what constitutes Linux Containers, before laying out how the technology is employed by various engines and what problems these engines have to solve. Afterward, Christian will elaborate on why the advent of standards for images and runtimes moved the discussion from building and distributing containers to orchestrating containerized applications at scale. In conclusion, attendees will get an update on what problems still hinder the adoption of containers for distributed high performance workloads and how Docker is addressing these issues."
Christian Kniep is a Technical Account Manager at Docker, Inc. With a 10 year journey rooted in the HPC parts of the german automotive industry, Christian Kniep started to support CAE applications and VR installations. When told at a conference that HPC can not learn anything from the emerging Cloud and BigData companies, he became curious and was leading the containerization effort of the cloud-stack at Playstation Now. Christian joined Docker Inc in 2017 to help push the adoption forward and be part of the innovation instead of an external bystander. During the day he helps Docker customers in the EMEA region to fully utilize the power of containers; at night he likes to explore new emerging trends by containerizing them first and seek application in the nebulous world of DevOps.
Watch the video: https://wp.me/p3RLHQ-i4X
Learn more: http://docker.com
and
http://hpcadvisorycouncil.com
Sign up for our insideHPC Newsletter: http://insidehpc.com
Presentation on the Linux namespaces and system calls used to provide container isolation with Docker. Presented in March 2015 at http://www.meetup.com/Docker-Phoenix/ in Tempe, Arizona.
DockerCon EU 2015: Docker and PCI-DSS - Lessons learned in a security sensiti...Docker, Inc.
Presented by Udo Seidel, Chief Architect and Digital Evangelist, Amadeus
In the recent past there were quite some discussions about security in the context of introducing or using Docker. It is true that there are some gaps to be closed but the whole story does not start from square one either. At Amadeus we are using Docker to build our future-oriented services and to introduce devops culture. Due to the nature of our business we have to deal with Security certifications like PCI-DSS, SSAE 16 and ISO 27001. This talks described the challenges we were facing in that context and how we mastered them. The story has technical and non-technical aspects.
Docker is a relatively new technology, but it is based on solid underpinnings of the Linux Kernel. It can provision instances in a fraction of the time versus a traditional virtual machine. This makes it a great candidate for development teams to create consistent test benches for their developers. To set up your own disposable Docker environments bring a laptop and make your development a pleasurable experience.
Docker Understanding, What is Docker? Why Docker? How do I containerize somet...Yogesh Wadile
The Docker daemon is a service that runs on your host operating system. It currently only runs on Linux because it depends on a number of Linux kernel features, but there are a few ways to run Docker on MacOS and Windows too. TheDocker daemon itself exposes a REST API.
Docker container is an open source software development platform. Its main benefit is to package applications in “containers,” allowing them to be portable among any system running the Linux operating system (OS).
Docker Hub is a cloud-based registry service which allows you to link to code repositories, build your images and test them, stores manually pushed images, and links to Docker Cloud so you can deploy images to your hosts.
Overview of how containers are implemented with cgroups, namespaces and UnionFS, how images are created, how images and containers are related to one another, and how to build effective images
Adrian Otto from Rackspace will present his perspective of "Docker 101", for Docker novices. Learn the difference between Dockerfiles, containers, running containers, terminated containers, container images, Docker Registry, and a demo of the Docker CLI that goes beyond what you learn from the online simulator.
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
It’s almost been a year since the Open Container Initiative (OCI) and its reference OCI-compliant runtime for containers, runC, were announced last June. runC is now the container execution engine used both by Docker and Cloud Foundry’s Garden-Linux project. As the OCI community expands, and runC is used as an OCI spec compliant runtime in more container systems, innovation around container features and evolution of its capabilities are increasing all the time. It turns out that runC is a great lightweight container executor that makes for an easy playground for trying out new OS-level features around containers. In the past year, many features from higher-level environments like the Docker ecosystem—including seccomp, user namespaces, PID cgroups, and checkpoint/restore—all appeared in runC or its container library, libcontainer, first. Phil Estes explains how easy it is to utilize runC for testing new container capabilities or trying out different configurations in a much more lightweight model than running a complete container orchestration engine or even a Docker daemon and why runC and the OCI community are great places to innovate and develop new OS-level features for container execution environments. Phil demonstrates some of these capabilities live and compares using runC with an OCI configuration (based on the OCI spec) and running containers with higher-level tools.
Discussion and demo (available via video) of Open Container Initiative (OCI) status and the runc reference implementation. Given at Open Container Day during OSCON 2016 in Austin, TX.
Docker 1.11 Meetup: Containerd and runc, by Arnaud Porterie and Michael Crosby Michelle Antebi
In this talk, Michal Crosby will present on runC and Containerd, the internals and how they work together to start and manage containers in Docker. Afterwards, Arnaud Porterie will touch on about what was shipped in 1.11 and how it will enable some of the things we are working on for 1.12.
Christian Kniep from Docker Inc. gave this talk at the Stanford HPC Conference.
"This talk will recap the history of and what constitutes Linux Containers, before laying out how the technology is employed by various engines and what problems these engines have to solve. Afterward, Christian will elaborate on why the advent of standards for images and runtimes moved the discussion from building and distributing containers to orchestrating containerized applications at scale. In conclusion, attendees will get an update on what problems still hinder the adoption of containers for distributed high performance workloads and how Docker is addressing these issues."
Christian Kniep is a Technical Account Manager at Docker, Inc. With a 10 year journey rooted in the HPC parts of the german automotive industry, Christian Kniep started to support CAE applications and VR installations. When told at a conference that HPC can not learn anything from the emerging Cloud and BigData companies, he became curious and was leading the containerization effort of the cloud-stack at Playstation Now. Christian joined Docker Inc in 2017 to help push the adoption forward and be part of the innovation instead of an external bystander. During the day he helps Docker customers in the EMEA region to fully utilize the power of containers; at night he likes to explore new emerging trends by containerizing them first and seek application in the nebulous world of DevOps.
Watch the video: https://wp.me/p3RLHQ-i4X
Learn more: http://docker.com
and
http://hpcadvisorycouncil.com
Sign up for our insideHPC Newsletter: http://insidehpc.com
Presentation on the Linux namespaces and system calls used to provide container isolation with Docker. Presented in March 2015 at http://www.meetup.com/Docker-Phoenix/ in Tempe, Arizona.
DockerCon EU 2015: Docker and PCI-DSS - Lessons learned in a security sensiti...Docker, Inc.
Presented by Udo Seidel, Chief Architect and Digital Evangelist, Amadeus
In the recent past there were quite some discussions about security in the context of introducing or using Docker. It is true that there are some gaps to be closed but the whole story does not start from square one either. At Amadeus we are using Docker to build our future-oriented services and to introduce devops culture. Due to the nature of our business we have to deal with Security certifications like PCI-DSS, SSAE 16 and ISO 27001. This talks described the challenges we were facing in that context and how we mastered them. The story has technical and non-technical aspects.
Docker is a relatively new technology, but it is based on solid underpinnings of the Linux Kernel. It can provision instances in a fraction of the time versus a traditional virtual machine. This makes it a great candidate for development teams to create consistent test benches for their developers. To set up your own disposable Docker environments bring a laptop and make your development a pleasurable experience.
Docker Understanding, What is Docker? Why Docker? How do I containerize somet...Yogesh Wadile
The Docker daemon is a service that runs on your host operating system. It currently only runs on Linux because it depends on a number of Linux kernel features, but there are a few ways to run Docker on MacOS and Windows too. TheDocker daemon itself exposes a REST API.
Docker container is an open source software development platform. Its main benefit is to package applications in “containers,” allowing them to be portable among any system running the Linux operating system (OS).
Docker Hub is a cloud-based registry service which allows you to link to code repositories, build your images and test them, stores manually pushed images, and links to Docker Cloud so you can deploy images to your hosts.
Overview of how containers are implemented with cgroups, namespaces and UnionFS, how images are created, how images and containers are related to one another, and how to build effective images
Adrian Otto from Rackspace will present his perspective of "Docker 101", for Docker novices. Learn the difference between Dockerfiles, containers, running containers, terminated containers, container images, Docker Registry, and a demo of the Docker CLI that goes beyond what you learn from the online simulator.
Traditional virtualization technologies have been used by cloud infrastructure providers for many years in providing isolated environments for hosting applications. These technologies make use of full-blown operating system images for creating virtual machines (VMs). According to this architecture, each VM needs its own guest operating system to run application processes. More recently, with the introduction of the Docker project, the Linux Container (LXC) virtualization technology became popular and attracted the attention. Unlike VMs, containers do not need a dedicated guest operating system for providing OS-level isolation, rather they can provide the same level of isolation on top of a single operating system instance.
An enterprise application may need to run a server cluster to handle high request volumes. Running an entire server cluster on Docker containers, on a single Docker host could introduce the risk of single point of failure. Google started a project called Kubernetes to solve this problem. Kubernetes provides a cluster of Docker hosts for managing Docker containers in a clustered environment. It provides an API on top of Docker API for managing docker containers on multiple Docker hosts with many more features.
It’s almost been a year since the Open Container Initiative (OCI) and its reference OCI-compliant runtime for containers, runC, were announced last June. runC is now the container execution engine used both by Docker and Cloud Foundry’s Garden-Linux project. As the OCI community expands, and runC is used as an OCI spec compliant runtime in more container systems, innovation around container features and evolution of its capabilities are increasing all the time. It turns out that runC is a great lightweight container executor that makes for an easy playground for trying out new OS-level features around containers. In the past year, many features from higher-level environments like the Docker ecosystem—including seccomp, user namespaces, PID cgroups, and checkpoint/restore—all appeared in runC or its container library, libcontainer, first. Phil Estes explains how easy it is to utilize runC for testing new container capabilities or trying out different configurations in a much more lightweight model than running a complete container orchestration engine or even a Docker daemon and why runC and the OCI community are great places to innovate and develop new OS-level features for container execution environments. Phil demonstrates some of these capabilities live and compares using runC with an OCI configuration (based on the OCI spec) and running containers with higher-level tools.
Discussion and demo (available via video) of Open Container Initiative (OCI) status and the runc reference implementation. Given at Open Container Day during OSCON 2016 in Austin, TX.
Diving Through The Layers: Investigating runc, containerd, and the Docker eng...Phil Estes
A presentation given on Thursday, January 19th, 2017 at the Devops Remote Conf 2017. This talk details the history of the Docker engine architecture, focusing on the split in April 2016 into the containerd and runc layers, and talking through the December 2016 announcement of the *new containerd project and what it will bring for the Docker engine and other consumers.
Building Distributed Systems without Docker, Using Docker Plumbing Projects -...Patrick Chanezon
Docker provides an integrated and opinionated toolset to build, ship and run distributed applications. Over the past year, the Docker codebase has been refactored extensively to extract infrastructure plumbing components that can be used independently, following the UNIX philosophy of small tools doing one thing well: runC, containerd, swarmkit, hyperkit, vpnkit, datakit and the newly introduced InfraKit.
This talk will give an overview of these tools and how you can use them to build your own distributed systems without Docker.
Patrick Chanezon & David Chung, Docker & Phil Estes, IBM
Container Runtimes: Comparing and Contrasting Today's EnginesPhil Estes
A webinar presented for the {code} Community on August 30, 2017. In this talk, we looked at the sphere of modern container runtimes that start with Docker's emergence in 2013/2014 to today's additions of rkt, OCI's runc, containerd, cri-o, and Cloud Foundry's garden-runc project, many of them consolidating around the OCI standard for container runtime and image specifications.
Docker London Meetup: Docker Engine EvolutionPhil Estes
A meetup talk on the evolution of the Docker engine from 2014-2019, including the refactoring and spin out of OCI runc and CNCF containerd codebases. This talk was given at the Docker London meetup group on Thursday, 31st January, 2019.
Containerize All the Multi-Platform Things! - DockerCon Seattle 2016Phil Estes
Community Theater presentation given on Monday, June 20th, 2016 at DockerCon Seattle 2016, describing the current status of multi-platform image support in the Docker engine and registry implementations.
Containerize All the (Multi-Platform) Things! by Phil EstesDocker, Inc.
There are literally tens of thousands of images available today in the public DockerHub repository. These images cover almost every possible distro and common open source tool, server, or application that exists today. But there has been one drawback--all of these images assume you are on the most commonly used platform: 64-bit Intel Linux. In late 2015 and 2016 the Docker development community and Docker distribution team have enabled a new registry image specification that supports packaging multiple architecture and OS layer images within the same repository name and tag. This allows a common image, say "mysql:latest", to contain references to images for all supported OS and architectures that the packager determines to make available. Now a `docker run` or `docker pull` of "mysql:latest" will work seamlessly across all supported architectures. In this talk we will demonstrate the packaging and running of a multi-architecture containerized application on several different supported Docker platforms like ARM, POWER, and System z.
Docker Engine Evolution: From Monolith to Discrete ComponentsPhil Estes
A talk given on Tuesday and Wednesday the 27th and 28th of February 2018 at the Docker Mountain View and Docker SF meetup groups. In this talk, Docker Captain Phil Estes provides a history of the Docker engine from its early days as a single statically linked binary providing all the Docker engine functions to today's Moby and Docker CE projects comprising multiple projects and layers, including the Open Container Initiative (OCI) specifications and runC implementation, and the Cloud Native Computing Foundation (CNCF) containerd project. This talk also describes how these lower layer components spun out from Docker are being used to enhance other projects and offerings in the container ecosystem.
In this talk, Phil and Michael will talk about how Docker was extended from x86 Linux to Windows, ARM and IBM’s z Systems mainframe and Power platforms. They will cover the work and architecture that makes it possible to run Docker on different CPU architectures and operating systems; How porting Docker to a new OS is different from porting it to new hardware; What it means for a Docker image to be multi-arch (and how are multi-arch images built and maintained); How does Docker correctly deploy and schedule apps on heterogeneous swarms.
Phil and Michael will also demo some of the new features that let Docker Enterprise Edition manage swarms with both x86 Linux and Windows nodes as well as mainframes.
Learn how to package the HPCC Systems Platform in a Docker container and deploy it locally, and build an HPCC Systems Platform AMI followed by an AWS deployment.
History and Basics of containers, LXC, Docker and Kubernetes. This presentation is given to Engineering colleage students at VIT DevFest 2018. Beginner to Intermediate level.
Similar to Runc: The Little Engine That Could (Run Docker Containers) (20)
Enabling Security via Container RuntimesPhil Estes
A talk given at the Google-hosted Container Security Summit on Wednesday, February 12th, 2020 in Seattle, Washington. This talk covered the impact of work done at the lower-level runtimes layer and up through layers like cri-o, containerd, and Docker to bring specific security features to overall platforms like Kubernetes.
Extended and embedding: containerd update & project use casesPhil Estes
A talk given at FOSDEM 2020 in the containers devroom on the current status of the CNCF containerd project as well as a dive into the ways users are extending and embedding containerd in other platforms and projects.
Cloud Native TLV Meetup: Securing Containerized Applications PrimerPhil Estes
A talk give on Tuesday, January 28th, 2020 at the Tel Aviv, Israel Cloud Native meetup covering the core concepts of how to secure containerized applications in a Kubernetes context.
Securing Containerized Applications: A PrimerPhil Estes
A talk given at Devoxx Morocco on Wednesday, November 13, 2019. In this talk a very insecure sample (demo) application is used to explain the various security principles application developers can apply when using containers and Kubernetes--from image sourcing, content, scanning to resource controls, attack surface mitigation, and reducing privilege for containers.
Securing Containerized Applications: A PrimerPhil Estes
A talk given at Open Source Summit Europe in Lyon, France on Tuesday, October 29th, 2019. In this talk we try and focus on the key areas that an application developer can influence with regards to image and runtime security, focused on using Kubernetes as the orchestrator for a containerized application.
Let's Try Every CRI Runtime Available for KubernetesPhil Estes
A talk given at KubeCon/CloudNativeCon EU in Barcelona, Spain on May 23, 2019. In this talk Phil presented the explosion of OCI-compliant CRI-enabled runtimes that can be used underneath Kubernetes, and demonstrated several of them live.
CraftConf 2019: CRI Runtimes Deep Dive: Who Is Running My Pod?Phil Estes
A talk given at Craft Conf in Budapest, Hungary on May 10th, 2019. In this talk, Phil walked through the history of the need for a Container Runtime Interface (CRI) in Kubernetes, followed by an overview of all available CRI implementations, focusing on containerd, the CNCF core container runtime used in many clouds and projects. Phil demonstrated the "layers" of interaction from Kubernetes API, to CRI API to a container runtime's native API using an IBM Cloud Kubernetes cluster using containerd 1.2.6.
JAX Con 2019: Containers. Microservices. Cloud. Open Source. Fantasy or Reali...Phil Estes
A keynote given at JAX Con 2019 on May 7th in Mainz, Germany. In this keynote address, Phil presented four "buzzwords": containers, cloud, microservices, and open source and compared those technology areas against three main needs--speed, security, and efficiency--which seem to be common among enterprises today. Phil gives real world examples from IBM Cloud customers as well as detailing IBM's own transformation to a cloud native, container first approach to our own service delivery.
Giving Back to Upstream | DockerCon 2019Phil Estes
Giving Back to Upstream: An open source beginner's primer is a talk presented at DockerCon 2019 in San Francisco on April 30, 2019. In this talk, Phil Estes presented his story of getting involved in the container open source ecosystem, and provides a set of "open source 101" tips and guidance for those wanting to participate in open source contribution.
What's Running My Containers? A review of runtimes and standards.Phil Estes
A talk given at Open Source Leadership Summit (OSLS) on Thursday, March 14th in Half Moon Bay, CA. In this talk the current status of the Open Container Initiative (OCI) standards as well as the Kubernetes Container Runtime Interface (CRI) were presented, with a view towards how these components have provided a level playing field with significant choice when it comes to container runtimes for use in Kubernetes, as well as interoperability per the OCI standards.
CRI Runtimes Deep-Dive: Who's Running My Pod!?Phil Estes
A talk given at QCon NYC on Wednesday, June 27, 2018 in the Container track, focused on helping developers understand the inner workings of pluggable container runtimes in the Kubernetes world. The second half of this talk is not available in slide form, but should be available via QCon video. The non-slide talk content included hands-on-keyboard demonstrations of various tools which can be used to investigate and introspect kubelet and pod -> container runtime boundaries and details, all shown in IBM Cloud using the containerd runtime underneath a Kubernetes 1.11 cluster.
Docker Athens: Docker Engine Evolution & Containerd Use CasesPhil Estes
These slides are from a talk presented at the Docker Athens meetup on Thursday, May 31, 2018. They start by covering the evolution of the Docker engine of 2014/2015 into the separate components of OCI runc, (now) CNCF containerd, and the Docker client and daemon projects. Finally, various use cases for the CNCF containerd "core container runtime" project are detailed, from the Docker engine itself to serverless frameworks like OpenWhisk, to the container runtime interface (CRI) within Kubernetes.
It's 2018. Are My Containers Secure Yet!?Phil Estes
A talk given at DevOps Pro Vilnius on March 15, 2018 about container security. In this talk we discussed the core topics around the container ecosystem (host, runtime, image) applicable to both Docker and Kubernetes, as well as discussing usable security/secure by default, and defense in depth principles. Also discussed were security futures like Project Grafeas, libentitlement, LinuxKit concepts, and trusted/untrusted container runtimes in Kubernetes.
An Open Source Story: Open Containers & Open CommunitiesPhil Estes
A talk given at All Thing Open's Open Source 101 event at NC State University, Raleigh, North Carolina on Saturday, 17th February, 2018.
This talk covered some interesting history lessons of the Docker open source project and inter-vendor tensions. If you were not at this talk do not read intent into these slides as this was truly an attempt at a "blame-free" post-mortem of the important topics of open source, governance, and foundations as it related to the extremely popular Docker open source project.
Whose Job Is It Anyway? Kubernetes, CRI, & Container RuntimesPhil Estes
A talk given at Cloud Native London meetup, February 6, 2018 on the role of container runtimes in Kubernetes, the introduction of the Container Runtime Interface (CRI), and the history of containerd and it's use as a CRI implementing container runtime for Kubernetes.
Presentation given on Sunday, February 4th, 2018 in the containers devroom at FOSDEM 2018. This presentation covers the containerd project background, history, architecture, and current status as a CNCF project used by Docker, Kubernetes, and other projects requiring a stable, performant core container runtime.
A talk given on December 6, 2017 at KubeCon/CloudNativeCon in Austin, Texas. In this talk, Phil talked briefly about containerd history and design, but the bulk of the talk was a live coding demo of creating a simple client for containerd to learn about the clean and simple API design for the client library and gRPC services. The GitHub project https://github.com/estesp/examplectr has the code and sample LinuxKit assembly used for the code and example client demo.
Bucketbench: Benchmarking Container Runtime PerformancePhil Estes
A talk presented at the Moby Summit, Los Angeles (a co-located event with the Open Source Summit North America) on Thursday, September 14, 2017. In this talk, an open source tool, bucketbench, was presented as a way to benchmark container runtimes to compare performance impacts of changes in the runtime or changes to the configuration of Docker, runC, or containerd, the three runtimes currently supported in the bucketbench project.
Containerd Internals: Building a Core Container RuntimePhil Estes
A talk given at OpenSource Summit, North America in Los Angeles, CA on September 11th, 2017. Stephen Day (Docker) and Phil Estes (IBM) presented the history, design, architecture, and use cases for the containerd 1.0 core container runtime open source CNCF project.
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
TROUBLESHOOTING 9 TYPES OF OUTOFMEMORYERRORTier1 app
Even though at surface level ‘java.lang.OutOfMemoryError’ appears as one single error; underlyingly there are 9 types of OutOfMemoryError. Each type of OutOfMemoryError has different causes, diagnosis approaches and solutions. This session equips you with the knowledge, tools, and techniques needed to troubleshoot and conquer OutOfMemoryError in all its forms, ensuring smoother, more efficient Java applications.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Enhancing Research Orchestration Capabilities at ORNL.pdf
Runc: The Little Engine That Could (Run Docker Containers)
1. runC: The little engine that could
(run Docker containers)
Phil Estes
IBM Cloud, Open Technology
2. About Me
2
Phil Estes
Senior Technical Staff Member
IBM Cloud, Open Technology & Strategy
@estesp
> Docker core engine maintainer
> Member of “Docker Captains” program
> 10+ years involved in Linux/OSS
Community accomplishments:
> User namespace support in the
Docker engine
> Helped design v2.2 image spec
with multi-platform support
> Implemented first tool to create
multi-platform images in Docker
v2.3 registry & DockerHub
4. Open Container Initiative (OCI)
4
• A Linux Foundation Collaborative Project
• Free from control by any particular vendor’s specific cloud stack or ecosystem
• Includes:
○ container runtime specification
○ reference runtime*
○ and now, an image format specification
*seeded with runc + libcontainer by Docker
5. > Runtime specification: Release 1.0.0-rc1 / June 2016
https://github.com/opencontainers/runtime-spec/releases/tag/v1.0.0-rc1
Approaching a finalized 1.0 release (waiting on release criteria discussion)
Includes required core for containerization on Linux, Solaris, & Windows
> Image format specification: Milestone 0.3.0 / June 2016
https://github.com/opencontainers/image-spec/milestones/v0.3.0
Seeded with Docker registry v2.2 specification
Cadence of pre-releases underway in the repository:
- 0.2.0 release 3 weeks ago
- 0.3.0 targeted for this week
• Announced June
20th, 2015
• Charter signed on
December 8th, 2015
• 46 current member
companies
• Targeting a 1.0
specification
(runtime) by June
https://opencontainers.org
https://github.com/opencontainers
5
OCI: Specs and Status
7. > runc is a client wrapper around libcontainer
> Libcontainer is the operating system interface
runC requires two pieces of information: a) an
OCI config (JSON) and b) a root filesystem
$ docker run -it --read-only -v /host:/hostpath alpine sh
/#
{
"ociVersion": "0.6.0-dev",
"platform": {
"os": "linux",
"arch": "amd64"
},
"process": {
"terminal": true,
"args": [
"sh"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/bin”
config.json
7
Introduction to `runc`
8. Implement low-level container features
• Operating system level features should be defined in the OCI runtime specification
• New capabilities (PID cgroup controls, checkpoint/restore, seccomp) implemented in runC
INTEREST
INTEREST
INTEREST
1. Docker 2. OpenVZ 3. Huawei 4. Redhat 5. Google 6. IBM 7. SuSE 8. Pivotal 9. Fujitsu 10. Microsoft
Top 10 contributing companies to opencontainers/runc
OCI compliance/pluggable execution engine
• Implement a OS/environment for containers via an OCI spec compliant binary
• Examples: runz (Solaris zones), runv (hypervisor-based), Intel Clear Containers
Iterative container configuration test/debug
• Simple variant of “Docker-like” containers with less friction for quick modifications
• Low bar for dependencies: single binary + physical rootfs bundle + JSON config
8
runC: An open innovation platform
9. Let’s Demo `runc`!
# you’ll see the following tools/projects during the demo:
/usr/bin/runc https://github.com/opencontainers/runc
/usr/bin/ocitools https://github.com/opencontainers/ocitools
/usr/local/bin/riddler https://github.com/jfrazelle/riddler
/usr/local/bin/netns https://github.com/jfrazelle/netns
/usr/local/bin/uidmapshift http://bazaar.launchpad.net/~serge-hallyn/+junk/nsexec/view/head:/uidmapshift.c
9
10. 10
OCI: Futures
• Image Format Specification
– Implementation details under discussion; get involved if an area of
interest for you or your company
• More users/contributed implementations of the OCI spec(s)
• runC innovations moving up the stack
– checkpoint/restore underway (exposed via Docker engine)
– Seccomp, user namespaces, PID limits are prior examples
• What do you plan to do with OCI and/or the runC implementation?