This session offers techniques for securing Docker containers and hosts using open source network virtualization technologies to implement microsegmentation. Come learn real tips and tricks that you can apply to keep your production environment secure.
Containers require a new approach to networking. How are your containers communicating with each other? This talk will go through the different network topologies of Kubernetes. How Kubernetes addresses networking compared to traditional physical networking concepts. What are your options for networking using Kubernetes. What is the CNI (Container Network Interface) and how it affects Kubernetes networking.
Slides for the OpenStack Newton Summit in Austin that cover the changes done during the Mitaka cycle and the direction we will take for Neutron. Swarm and Kubernetes integrations explained
Tech Talk by Gal Sagie: Kuryr - Connecting containers networking to OpenStack...nvirters
These are slides from the Tech Talk at http://www.meetup.com/openvswitch/events/226518209/
Synopsis
Kuryr is a new project under Neutron's big tent that makes Neutron networking available to Docker containers by means of a Docker plugin.
In this session Gal will introduce Kuryr and show how it provides networking for containers in plain Docker environments and in mixed Docker, OpenStack environments. He will also present Kuryr's roadmap and integration with networking models in other orchestration engines like Kubernetes and Docker
About Gal Sagie
Gal Sagie is an open source software architect at Huawei European Research Centre, focusing work on OpenStack networking and containers networking. Working on various projects in the community like Dragonflow, OVN, Kuryr, and Multisite/Hybrid clouds in OpenStack. Blogging for anything SDN/NFV/OpenStack related at http://galsagie.github.io
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Cloud Native Day Tel Aviv
The Kuryr project offers an interesting approach to network cloud native workloads, by enabling container orchestration engines to consume network services from OpenStack Neutron.With pod-in-VM support, Kuryr-Kubernetes enables a whole slew of new hybrid workloads, like bare metal or in-VM pods accessing services that run on VMs, multiple COEs (e.g. Docker Swarm to Kubernetes), and more. Unified networking simplifies deployment, configuration and provides single pane of glass into management and troubleshooting.
Let’s dive into Kuryr Kubernetes and learn how different open source technologies can complement each other in order to enable number of complicated deployment scenarios.
Continuous Delivery the hard way with KubernetesLuke Marsden
This talk shows three increasingly advanced levels of continuous delivery with Kubernetes and GitLab (as an example), arguing for a continuous delivery architecture which has an explicit _Release Manager_ component. We then propose Flux, the open source project which powers the _Deploy_ feature of Weave Cloud, as an implementation of that idea. This approach is the precursor to GitOps.
Containers require a new approach to networking. How are your containers communicating with each other? This talk will go through the different network topologies of Kubernetes. How Kubernetes addresses networking compared to traditional physical networking concepts. What are your options for networking using Kubernetes. What is the CNI (Container Network Interface) and how it affects Kubernetes networking.
Slides for the OpenStack Newton Summit in Austin that cover the changes done during the Mitaka cycle and the direction we will take for Neutron. Swarm and Kubernetes integrations explained
Tech Talk by Gal Sagie: Kuryr - Connecting containers networking to OpenStack...nvirters
These are slides from the Tech Talk at http://www.meetup.com/openvswitch/events/226518209/
Synopsis
Kuryr is a new project under Neutron's big tent that makes Neutron networking available to Docker containers by means of a Docker plugin.
In this session Gal will introduce Kuryr and show how it provides networking for containers in plain Docker environments and in mixed Docker, OpenStack environments. He will also present Kuryr's roadmap and integration with networking models in other orchestration engines like Kubernetes and Docker
About Gal Sagie
Gal Sagie is an open source software architect at Huawei European Research Centre, focusing work on OpenStack networking and containers networking. Working on various projects in the community like Dragonflow, OVN, Kuryr, and Multisite/Hybrid clouds in OpenStack. Blogging for anything SDN/NFV/OpenStack related at http://galsagie.github.io
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Cloud Native Day Tel Aviv
The Kuryr project offers an interesting approach to network cloud native workloads, by enabling container orchestration engines to consume network services from OpenStack Neutron.With pod-in-VM support, Kuryr-Kubernetes enables a whole slew of new hybrid workloads, like bare metal or in-VM pods accessing services that run on VMs, multiple COEs (e.g. Docker Swarm to Kubernetes), and more. Unified networking simplifies deployment, configuration and provides single pane of glass into management and troubleshooting.
Let’s dive into Kuryr Kubernetes and learn how different open source technologies can complement each other in order to enable number of complicated deployment scenarios.
Continuous Delivery the hard way with KubernetesLuke Marsden
This talk shows three increasingly advanced levels of continuous delivery with Kubernetes and GitLab (as an example), arguing for a continuous delivery architecture which has an explicit _Release Manager_ component. We then propose Flux, the open source project which powers the _Deploy_ feature of Weave Cloud, as an implementation of that idea. This approach is the precursor to GitOps.
Moby is an open source project providing a "LEGO set" of dozens of components, the framework to assemble them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
One of these assemblies is Docker CE, an open source product that lets you build, ship, and run containers.
This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios.
We will cover Moby itself, the framework, and tooling around the project, as well as many of it’s components: LinuxKit, InfraKit, containerd, SwarmKit, Notary.
Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.
Video at https://www.youtube.com/watch?v=kDp22YkD6WY
A basic introductory slide set on Kubernetes: What does Kubernetes do, what does Kubernetes not do, which terms are used (Containers, Pods, Services, Replica Sets, Deployments, etc...) and how basic interaction with a Kubernetes cluster is done.
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationFawad Khaliq
In the OpenStack ecosystem, containers were introduced as first class citizens recently with the project Magnum and the networking for containers has also evolved since then. Project Kuryr makes networking available to containers through Neutron. This all brings together how Neutron networking benefits containers like it does virtual machines. However, to make Neutron, Kuryr and Magnum cover all the use cases for containers, nested containers inside Nova VMs require networking to work as seamlessly as it works for virtual machines or bare metal containers. In this session, we will talk about Magnum, Kuryr, Neutron integration and how the problem of nested container networking has been solved in the OpenStack community, it's architecture, the design, current status and next steps.
Software Defined networking - An overview
OpenStack Neutron Overview
OpenVswitch - Overview
Neutron-VXLAN-GRE-OVS : behind the scenes
neutron Packet flow to external network
neutron Packet flow from VM to VM
A quick introduction to Openstack Network Features, an overview of the Open vSwitch plugin with logical-2-physical mappins
3rd meetup Openstack User Group Italy
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Cloud Native Day Tel Aviv
As OpenStack matures, more users move from “dipping a toe” to deploying at large scale, with 1000's of nodes.
OpenStack networking has long been a limiting factor in scaling beyond a few hundreds of nodes, forcing users to turn to cell splitting, or to complete offloading of the networking to the underlay systems and forfeit the overlay network altogether.
Dragonflow is a fully distributed, open source, SDN implementation of Neutron, that handles large scale deployments without splitting to cells.
In testing we've conducted, we were able to scale to 4000+ controllers (each controller is typically deployed on a compute node), while maintaining the same performance we had on a small 30 node environment.
Gaetano Borgione's presentation from the 2017 Open Networking Summit.
Networking is vital for cloud-native apps where distributed computing and development models require speed, simplicity, and scale for massive number of ephemeral containers. Two of the most prevalent container networking models are CNI and CNM for developers using Docker, Mesos, or Kubernetes. This session will present an overview of distributed development, how CNI and CNM models work, and how container frameworks use these models for networking. Gaetano will also discuss the additional functions users need to consider in the control plane and data plane to achieve operational scale and efficiency.
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...Daniel Krook
Presentation at the OpenStack Summit in Tokyo, Japan on October 27, 2015.
http://sched.co/49x0
The technology industry has been abuzz about cloud workload containerization since the open source Docker project became a phenomenon in early 2014.
Meanwhile, an OpenStack Containers Team was formed and the Magnum project launched to provide users with a convenient Containers-as-a-Service solution for OpenStack environments.
As the potential of both technologies emerged, many wanted to see shared governance over the baseline container specification and runtime technology to ensure an open cloud ecosystem.
This past June, a new group was formed with a goal of creating open, industry standards around container formats and runtimes, called the Open Container Initiative (http://www.opencontainers.org).
So how will OpenStack Magnum influence - and be influenced by - the new OCI group? Why is the OCI under the stewardship of the Linux Foundation? What is the scope of the OCI effort? What project goals and/or principles will guide their work?
Attend this session to learn the following:
* A brief history of the open container ecosystem and the major benefits that containerization provides
* An overview of the Magnum CaaS plugin architecture and design goals
* Insider details on the the progress of the Linux Foundation Open Container Initiative (and the related Cloud Native Computing Foundation)
* What it all means for deploying container orchestration engines on your cloud with OpenStack Magnum
Megan Kostick - Software Engineer, Cloud and Open Source Technologies, IBM
Daniel Krook - Senior Software Engineer, Cloud and Open Source Technologies, IBM
Jeffrey Borek - WW Program Director, Open Technologies and Partnerships, Cloud Computing
Designed for IT professionals looking to expand their OpenStack Networking knowledge, “Navigating OpenStack Networking” is a comprehensive and fast-paced session which provides an overview of OpenStack Networking, its history, its predecessor (Nova Networks), its components and then dives deep into the architecture, its features and plugin model and its role in building an OpenStack Cloud.
Overview of OpenStack nova-networking evolution towards Neutron. Architecture overview of OVS plugin, ML2, and MidoNet Overlay product. Overview and example of Heat templates, along with automation of physical switches using Cumulus
Optimising nfv service chains on open stack using dockerAnanth Padmanabhan
Uploading slides presented in the OpenStack summit, at Austin in April, 2016. Here is the link to the video,
https://www.openstack.org/videos/video/optimising-nfv-service-chains-on-openstack-using-docker
- Introduction to Kubernetes features
- A look at Kubernetes Networking and Service Discovery
- New features in Kubernetes 1.6
- Kubernetes Installation options
To know more about our Kubernetes expertise, visit our center of excellence at: http://www.opcito.com/kubernetes/
Universidade unYleYa
Trabalho de contextualização do grupo de graduação dos alunos
Alisson de Oliveira Soares
Fátima Ventura de Araújo
Jorge Luiz Prazeres dos Santos
Luciano Silva de Medeiros
Roberto Bastos Coutinho Marques
Tânia Maria Lima Pigatti
Moby is an open source project providing a "LEGO set" of dozens of components, the framework to assemble them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
One of these assemblies is Docker CE, an open source product that lets you build, ship, and run containers.
This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios.
We will cover Moby itself, the framework, and tooling around the project, as well as many of it’s components: LinuxKit, InfraKit, containerd, SwarmKit, Notary.
Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.
Video at https://www.youtube.com/watch?v=kDp22YkD6WY
A basic introductory slide set on Kubernetes: What does Kubernetes do, what does Kubernetes not do, which terms are used (Containers, Pods, Services, Replica Sets, Deployments, etc...) and how basic interaction with a Kubernetes cluster is done.
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationFawad Khaliq
In the OpenStack ecosystem, containers were introduced as first class citizens recently with the project Magnum and the networking for containers has also evolved since then. Project Kuryr makes networking available to containers through Neutron. This all brings together how Neutron networking benefits containers like it does virtual machines. However, to make Neutron, Kuryr and Magnum cover all the use cases for containers, nested containers inside Nova VMs require networking to work as seamlessly as it works for virtual machines or bare metal containers. In this session, we will talk about Magnum, Kuryr, Neutron integration and how the problem of nested container networking has been solved in the OpenStack community, it's architecture, the design, current status and next steps.
Software Defined networking - An overview
OpenStack Neutron Overview
OpenVswitch - Overview
Neutron-VXLAN-GRE-OVS : behind the scenes
neutron Packet flow to external network
neutron Packet flow from VM to VM
A quick introduction to Openstack Network Features, an overview of the Open vSwitch plugin with logical-2-physical mappins
3rd meetup Openstack User Group Italy
Scaling OpenStack Networking Beyond 4000 Nodes with Dragonflow - Eshed Gal-Or...Cloud Native Day Tel Aviv
As OpenStack matures, more users move from “dipping a toe” to deploying at large scale, with 1000's of nodes.
OpenStack networking has long been a limiting factor in scaling beyond a few hundreds of nodes, forcing users to turn to cell splitting, or to complete offloading of the networking to the underlay systems and forfeit the overlay network altogether.
Dragonflow is a fully distributed, open source, SDN implementation of Neutron, that handles large scale deployments without splitting to cells.
In testing we've conducted, we were able to scale to 4000+ controllers (each controller is typically deployed on a compute node), while maintaining the same performance we had on a small 30 node environment.
Gaetano Borgione's presentation from the 2017 Open Networking Summit.
Networking is vital for cloud-native apps where distributed computing and development models require speed, simplicity, and scale for massive number of ephemeral containers. Two of the most prevalent container networking models are CNI and CNM for developers using Docker, Mesos, or Kubernetes. This session will present an overview of distributed development, how CNI and CNM models work, and how container frameworks use these models for networking. Gaetano will also discuss the additional functions users need to consider in the control plane and data plane to achieve operational scale and efficiency.
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container In...Daniel Krook
Presentation at the OpenStack Summit in Tokyo, Japan on October 27, 2015.
http://sched.co/49x0
The technology industry has been abuzz about cloud workload containerization since the open source Docker project became a phenomenon in early 2014.
Meanwhile, an OpenStack Containers Team was formed and the Magnum project launched to provide users with a convenient Containers-as-a-Service solution for OpenStack environments.
As the potential of both technologies emerged, many wanted to see shared governance over the baseline container specification and runtime technology to ensure an open cloud ecosystem.
This past June, a new group was formed with a goal of creating open, industry standards around container formats and runtimes, called the Open Container Initiative (http://www.opencontainers.org).
So how will OpenStack Magnum influence - and be influenced by - the new OCI group? Why is the OCI under the stewardship of the Linux Foundation? What is the scope of the OCI effort? What project goals and/or principles will guide their work?
Attend this session to learn the following:
* A brief history of the open container ecosystem and the major benefits that containerization provides
* An overview of the Magnum CaaS plugin architecture and design goals
* Insider details on the the progress of the Linux Foundation Open Container Initiative (and the related Cloud Native Computing Foundation)
* What it all means for deploying container orchestration engines on your cloud with OpenStack Magnum
Megan Kostick - Software Engineer, Cloud and Open Source Technologies, IBM
Daniel Krook - Senior Software Engineer, Cloud and Open Source Technologies, IBM
Jeffrey Borek - WW Program Director, Open Technologies and Partnerships, Cloud Computing
Designed for IT professionals looking to expand their OpenStack Networking knowledge, “Navigating OpenStack Networking” is a comprehensive and fast-paced session which provides an overview of OpenStack Networking, its history, its predecessor (Nova Networks), its components and then dives deep into the architecture, its features and plugin model and its role in building an OpenStack Cloud.
Overview of OpenStack nova-networking evolution towards Neutron. Architecture overview of OVS plugin, ML2, and MidoNet Overlay product. Overview and example of Heat templates, along with automation of physical switches using Cumulus
Optimising nfv service chains on open stack using dockerAnanth Padmanabhan
Uploading slides presented in the OpenStack summit, at Austin in April, 2016. Here is the link to the video,
https://www.openstack.org/videos/video/optimising-nfv-service-chains-on-openstack-using-docker
- Introduction to Kubernetes features
- A look at Kubernetes Networking and Service Discovery
- New features in Kubernetes 1.6
- Kubernetes Installation options
To know more about our Kubernetes expertise, visit our center of excellence at: http://www.opcito.com/kubernetes/
Universidade unYleYa
Trabalho de contextualização do grupo de graduação dos alunos
Alisson de Oliveira Soares
Fátima Ventura de Araújo
Jorge Luiz Prazeres dos Santos
Luciano Silva de Medeiros
Roberto Bastos Coutinho Marques
Tânia Maria Lima Pigatti
Branding is a general term to promote any business or product using various promotional items. Clothes are very common items used for banding purposes. There are 3 major techniques for branding on clothes which include Embroidery, Screen Printing and Heat Transfer. To know more, visit: http://www.simplyuniforms.com.au/branding/
Provided an overview about Hybrid Networking including Containers and VM. It also touches upon opensource solutions like Openstack Kuryr, Opendaylight.
Oscon 2017: Build your own container-based system with the Moby projectPatrick Chanezon
Build your own container-based system
with the Moby project
Docker Community Edition—an open source product that lets you build, ship, and run containers—is an assembly of modular components built from an upstream open source project called Moby. Moby provides a “Lego set” of dozens of components, the framework for assembling them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
Patrick Chanezon and Mindy Preston explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud, or bare-metal scenarios. Patrick and Mindy explore Moby’s framework, components, and tooling, focusing on two components: LinuxKit, a toolkit to build container-based Linux subsystems that are secure, lean, and portable, and InfraKit, a toolkit for creating and managing declarative, self-healing infrastructure. Along the way, they demo how to use Moby, LinuxKit, InfraKit, and other components to quickly assemble full-blown container-based systems for several use cases and deploy them on various infrastructures.
Building specialized container-based systems with Moby: a few use cases
This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios. We will cover Moby itself, the framework, and tooling around the project, as well as many of it’s components: LinuxKit, InfraKit, containerd, SwarmKit, Notary. Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.
Why Kubernetes as a container orchestrator is a right choice for running spar...DataWorks Summit
Building and deploying an analytic service on Cloud is a challenge. A bigger challenge is to maintain the service. In a world where users are gravitating towards a model where cluster instances are to be provisioned on the fly, in order for these to be used for analytics or other purposes, and then to have these cluster instances shut down when the jobs get done, the relevance of containers and container orchestration is more important than ever.
Container orchestrators like Kubernetes can be used to deploy and distribute modules quickly, easily, and reliably. The intent of this talk is to share the experience of building such a service and deploying it on a Kubernetes cluster. In this talk, we will discuss all the requirements which an enterprise grade Hadoop/Spark cluster running on containers bring in for a container orchestrator.
This talk will cover in details how Kubernetes orchestrator can be used to meet all our needs of resource management, scheduling, networking, and network isolation, volume management, etc. We will discuss how we have replaced our home grown container orchestrator with Kubernetes which used to manage the container lifecycle and manage resources in accordance to our requirements. We will also discuss the feature list as container orchestrator which is helping us deploy and patch 1000s of containers and also a list which we believe need improvement or can be enhanced in a container orchestrator.
Speaker
Rachit Arora, SSE, IBM
Containers are changing the compute landscape and for NFVi support of Containers is key. Kubernetes is a well known Container Cluster Management software and this is slide deck from a talk given in Opendaylight Summit 2016. This slide gives an insight about Microservice architecture, Kuberentes and how it can be integrated with ODL. Session Video can be found at https://www.youtube.com/watch?v=a4_pkp2qiX8&list=PL8F5jrwEpGAiRCzJIyboA8Di3_TAjTT-2
Centralizing Kubernetes and Container OperationsKublr
While developers see and realize the benefits of Kubernetes, how it improves efficiencies, saves time, and enables focus on the unique business requirements of each project; InfoSec, infrastructure, and software operations teams still face challenges when managing a new set of tools and technologies, and integrating them into an existing enterprise infrastructure.
These meetup slides go over what’s needed for a general architecture of a centralized Kubernetes operations layer based on open source components such as Prometheus, Grafana, ELK Stack, Keycloak, etc., and how to set up reliable clusters and multi-master configuration without a load balancer. It also outlines how these components should be combined into an operations-friendly enterprise Kubernetes management platform with centralized monitoring and log collection, identity and access management, backup and disaster recovery, and infrastructure management capabilities. This presentation will show real-world open source projects use cases to implement an ops-friendly environment.
Check out this and more webinars in our BrightTalk channel: https://goo.gl/QPE5rZ
Containers, OCI, CNCF, Magnum, Kuryr, and You!Daniel Krook
Presentation at the OpenStack Summit in Austin, Texas on April 28, 2016.
http://bit.ly/os-oci-cncf-ses
The technology industry has been abuzz about cloud workload containerization since the open source Docker project became a phenomenon in early 2014.
Meanwhile, an OpenStack Containers Team was formed and the Magnum project launched to provide users with a convenient Containers-as-a-Service solution for OpenStack environments.
As the potential of both technologies emerged, many wanted to see shared governance over the baseline container specification and runtime technology to ensure an open cloud ecosystem.
This past December, two new groups were launched with a goal of creating open, industry standards. The first called the Open Container Initiative (http://www.opencontainers.org), and the second called the Cloud Native Computing Foundation (http://cncf.io)
Jeffrey Borek - Program Director, Open Tech, IBM - @JeffBorek
Daniel Krook - Senior Software Engineer, IBM - @DanielKrook
Val Bercovici - Global Cloud CTO, NetApp/SolidFire - @valb00
The slides give the brief idea of the current situation of the container orchestration integration in OpenStack and how OpenStack Kuryr can improve the situation.
Kubernetes: від знайомства до використання у CI/CDStfalcon Meetups
Kubernetes: від знайомства до використання у CI/CD
Олександр Занічковський
Technical Lead у компанії SoftServe
14+ років досвіду розробки різноманітного програмного забезпечення, як для десктопа, так і для веб
Працював фріланс-програмістом та в команді
Цікавиться архітектурою ПЗ, автоматизацією процесів інтеграції та доставки нових версій продукту, хмарними технологіями
Віднедавна займається менторінгом майбутніх техлідів
У вільний від роботи час грає на гітарі і мріє про велику сцену
Олександр поділиться власним досвідом роботи з Kubernetes:
ознайомить з базовими поняттями та примітивами K8S
опише можливі сценарії використання Kubernetes для CI/CD на прикладі GitLab
покаже, як можна використовувати постійне сховище, збирати метрики контейнерів, використовувати Ingress для роутинга запитів за певними правилами
покаже, як можна самому встановити K8S для ознайомлення чи локальної роботи
OSDC 2017: Automating Kubernetes Cluster Operations with Operators by Timo De...NETWAYS
At Giant Swarm, we manage Kubernetes clusters for customers 24/7, both on-premises and in the cloud. That means we do not just set something up and hand it over, but we actually take care that it’s operational and up-to-date at all times.
In this talk Timo explains how Giant Swarm are using Operators to codify all operational tasks of managing Kubernetes cluster and distributed applications on top. The operators manage PKI infrastructures, networks, VMs and storage both on-premises and in the cloud. There have been a lots of challenges and learnings in the past year and Timo would like to share them with you.
OSDC 2017 - Timo Derstappen - Automating kubernetes cluster operations with o...NETWAYS
At Giant Swarm, we manage Kubernetes clusters for customers 24/7, both on-premises and in the cloud. That means we do not just set something up and hand it over, but we actually take care that it’s operational and up-to-date at all times.
In this talk Timo explains how Giant Swarm are using Operators to codify all operational tasks of managing Kubernetes cluster and distributed applications on top. The operators manage PKI infrastructures, networks, VMs and storage both on-premises and in the cloud. There have been a lots of challenges and learnings in the past year and Timo would like to share them with you.
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...Amazon Web Services
Customers from over all over the world streamed forty-two billion hours of Netflix content last year. Various Netflix batch jobs and an increasing number of service applications use containers for their processing. In this session, Netflix presents a deep dive on the motivations and the technology powering container deployment on top of Amazon Web Services. The session covers our approach to resource management and scheduling with the open source Fenzo library, along with details of how we integrate Docker and Netflix container scheduling running on AWS. We cover the approach we have taken to deliver AWS platform features to containers such as IAM roles, VPCs, security groups, metadata proxies, and user data. We want to take advantage of native AWS container resource management using Amazon ECS to reduce operational responsibilities. We are delivering these integrations in collaboration with the Amazon ECS engineering team. The session also shares some of the results so far, and lessons learned throughout our implementation and operations.
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Patrick Chanezon
Docker Desktop and Enterprise Edition now both include Kubernetes as an optional orchestration component. This talk will explain how to use Docker Desktop (Mac or Windows) to develop and debug a cloud native application, then how Docker Enterprise Edition helps you deploy it to Kubernetes in production.
What's Running My Containers? A review of runtimes and standards.Phil Estes
A talk given at Open Source Leadership Summit (OSLS) on Thursday, March 14th in Half Moon Bay, CA. In this talk the current status of the Open Container Initiative (OCI) standards as well as the Kubernetes Container Runtime Interface (CRI) were presented, with a view towards how these components have provided a level playing field with significant choice when it comes to container runtimes for use in Kubernetes, as well as interoperability per the OCI standards.
Kubernetes – An open platform for container orchestrationinovex GmbH
Datum: 30.08.2017
Event: GridKA School 2017
Speaker: Johannes M. Scheuermann
Mehr Tech-Vorträge: https://www.inovex.de/de/content-pool/vortraege/
Mehr Tech-Artikel: https://www.inovex.de/blog/
Similar to Secure Your Containers: What Network Admins Should Know When Moving Into Production (20)
KubeCon NA'22 Lightning Talk: Where did all my IPs go?Cynthia Thomas
Kubernetes cluster planning requires quite a few things to get started. What about IPs? Common IP management hurdles with Kubernetes clusters include IP assignments when building a cluster and challenges faced when deploying in a multi-faceted environment. Kubernetes Admins often need to use IP addressing handed out by Network Admins juggling other non-k8s workload IP assignments and IP exhaustion. In this talk, Cynthia will discuss new and existing KEPs that SIG-network has implemented to help mitigate IP challenges. Such features include discontiguous cluster CIDRs and the journey to IPv6. Cynthia will also discuss how the best practices for Kubernetes IP management are changing with these new capabilities to help scale and grow instead of rebuild.
https://sched.co/184sj
Kernel advantages for Istio realized with CiliumCynthia Thomas
Istio brings a myriad of options to provide routing rules, encryption, and monitoring for microservices, typically in container environments. Cilium provides accelerated network security using a modern kernel technology called BPF. Put the two together and what do you get? A distributed security solution enabling microservices traffic management, security, and monitoring while enforcing policy as close to the microservices as possible.
Cynthia Thomas and Romain Lenglet discuss the architectural and performance benefits of using Cilium with Istio and provide a demo of this BPF-based, Linux kernel technology. Cilium provides an API-aware security solution that can make a decision on every single microservice flow, with the ability to enforce protocols such as HTTP, Kafka, and gRPC. By addressing security policy at the API layer, you can enforce policy efficiently with kernel capabilities while reducing the attack surface in a microservices deployment.
Cilium:: Application-Aware Microservices via BPFCynthia Thomas
Intro to Cilium Microservices Security with Kubernetes Integration
Open Source Cilium website: cilium.io
GH: github.com/cilium/cilium
Join our Slack! cilium.herokuapp.com
Follow us on Twitter!
@ciliumproject
@_techcet_
Cilium: Seattle Kubernetes MeetUp Dec 2017Cynthia Thomas
BPF (Berkeley Packet Filter) is becoming the fastest growing technology in the Linux kernel and is revolutionizing networking, security and tracing. At the same time, the rise of container-based orchestration platforms such as Kubernetes is creating demand for routing, load-balancing & security infrastructure that is highly scalable, application-aware, and resilient.
This talk introduces the open source project Cilium - a modern networking and security platform for microservices. Cilium is built on top of BPF and provides Linux native networking and security services with application protocol awareness. Cilium works hand in hand with application proxies such as Envoy and the services management orchestration layer Istio to provide infrastructure services in a transparent manner and with minimal overhead. This talk will discuss the challenges of exposing services via APIs and the solution that Cilium provides to enforce least privilege security.
Cilium – Kernel Native Security & DDOS Mitigation for Microservices with BPFCynthia Thomas
We have introduced Cilium at DockerCon US 2017 this year. Cilium provides application-aware network connectivity, security, and load-balancing for containers. This talk will follow up on the introduction and deep dive into recent kernel developments that address two fundamental questions: How can I provide application-aware security and routing efficiently without overhead embedded into every service? How can container hosts protect themselves from internal and external DDoS attacks? The solutions include:
kproxy: a kernel-based socket proxy which allows for application-aware routing and security enforcement with minimal overhead.
XDP: A lightning-fast packet processing datapath using BPF. The technology is intended for DDoS mitigation, load-balancing, and forwarding.
This talk will deep dive into these exciting technologies and show how Cilium makes BPF and these kernel features available on Linux for your Docker containers.
A look at the project’s progression from Nova-Network to Neutron and Beyond. We will recall the early stages of Nova-Networking and how the functionality evolved to what is Neutron networking today. We will discuss previous default Neutron plugin implementation issues and current solutions with the now open-source SDN solution, MidoNet.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Secure Your Containers: What Network Admins Should Know When Moving Into Production
1. Secure Your Containers!
What Network Admins
Should Know When Moving
Into Production Cynthia Thomas
Systems Engineer
@_techcet_
2. { Why is networking an afterthought?
Containers, Containers,
Containers!
3. Why Containers?
• Much lighter weight and less overhead than virtual
machines
• Don’t need to copy entire OS or libraries – keep track of deltas
• More efficient unit of work for cloud-native aps
• Crucial tools for rapid-scale application development
• Increase density on a physical host
• Portable container image for moving/migrating resources
4. Containers: Old and New
• LXC: operating system-level virtualization through a virtual
environment that has its own process and network space
• 8 year old technology
• Leverages Linux kernel cgroup
• Also other namespaces for isolation
• Focus on System Containers
• Security:
• Previously possible to run code on Host systems as root on guest system
• LXC 1.0 brought “unprivileged containers” for HW accessibility restrictions
• Ecosystem:
• Vendor neutral, Evolving LXD, CGManager, LXCFS
5. Containers: Old and New
• Explosive growth: Docker created a de-facto standard image format and API for
defining and interacting with containers
• Docker: also operating system-level virtualization through a virtual environment
• 3 year old technology
• Application-centric API
• Also leverages Linux kernel cgroups and kernal namespaces
• Moved from LXC to libcontainer implementation
• Portable deployment across machines
• Brings image management and more seamless updates through versioning
• Security:
• Networking: linuxbridge, IPtables
• Ecosystem:
• CoreOS, Rancher, Kubernetes
6. Container Orchestration Engines
• Step forth the management of containers for application
deployment!
• Scale applications with clusters where the underlying
deployment unit is a container
• Examples include Docker Swarm, Kubernetes, Apache Mesos
8. What’s the problem?
Why are containers insecure?
• They weren’t designed with full isolation like VMs
• Not everything in Linux is namespaced
• What do they do to the network?
9. COEs help container orchestration!
…but what about networking?
• Scaling Issues for ad-hoc security
implementation with Security/Policy
complexity
• Which networking model to choose? CNM? CNI?
• Why is network security always seemingly considered last?
10. { Your Network Security team!
And you should too.
Who’s going to care?
11. Containers add network complexity!!!
• More components
= more endpoints
• Network Scaling
Issues
• Security/Policy
complexity
12. Perimeter Security approach is not enough
• Legacy architectures
tended to put higher layer
services like Security and
FWs at the core
• Perimeter protection is
useful for north-south
flows, but what about
east-west?
• More = better? How to
manage more pinch
points?
13. #ThrowbackThursday
What did OpenStack do?
• Started in 2010 as an open source community for cloud compute
• Gained a huge following and became production ready
• Enabled collaboration amongst engineers for technology advancement
14. #ThrowbackThursday
Neutron came late in the game!
• Took 3 years before dedicated project formed
• Neutron enabled third party plugin solutions
• Formed advanced networking framework via community
15. What is Neutron?
• Production-grade open framework for Networking:
Multi-tenancy
Scalable, fault-tolerant devices (or device-
agnostic network services).
L2 isolation
L3 routing isolation
• VPC
• Like VRF (virtual routing and fwd-ing)
Scalable Gateways
Scalable control plane
• ARP, DHCP, ICMP
Floating/Elastic Ips
Decoupled from Physical Network
Stateful NAT
• Port masquerading
• DNAT
ACLs
Stateful (L4) Firewalls
• Security Groups
Load Balancing with health checks
Single Pane of Glass (API, CLI, GUI)
Integration with COEs & management platforms
• Docker Swarm, K8S
• OpenStack, CloudStack
• vSphere, RHEV, System Center
19. What is Kuryr?
Kuryr has become a collection of projects
and repositories:
- kuryr-lib: common libraries (neutron-client,
keystone-client)
- kuryr-libnetwork: docker networking plugin
- kuryr-kubernetes: k8s api watcher and CNI driver
- fuxi: docker cinder driver
20. Project Kuryr Contributions
As of Oct. 18th, 2016: http://stackalytics.com/?release=all&module=kuryr-
group&metric=commits
21. Some previous* networking options with
Docker
STOP
IPtables maybe?
IPtables maybe?
Done with Neutron? Tell me more,
please!
• libnetwork:
• Null (with nothing in its networking namespace)
• Bridge
• Overlay
• Remote
22. Kuryr: Docker (1.9+)’s remote driver
for Neutron networking
Kuryr implements a libnetwork remote network
driver and maps its calls to OpenStack Neutron.
It translates between libnetwork's Container
Network Model (CNM) and Neutron's networking
model.
Kuryr also acts as a libnetwork IPAM driver.
24. Kuryr translation please!
• Docker uses PUSH model to call a service for libnetwork
• Kuryr maps the 3 main CNM components to Neutron
networking constructs
• Ability to attach to existing Neutron networks with host
isolation (container cannot see host network)
libnetwork neutron
Network Network
Sandbox Subnet, Ports, netns
Endpoint Port
25. Networking services from Neutron, for containers!
Distributed Layer 2 Switching
Distributed Layer 3 Gateways
Floating IPs
Service Insertion
Layer 4 Distributed Stateful NAT
Distributed Firewall
VTEP Gateways
Distributed DHCP
Layer 4 Load Balancer-as-a-
Service (with Health Checks)
Policy without the need for IP tables
Distributed Metadata
TAP-as-a-Service
27. { It’s an enabler for existing, well-defined
networking plugins for containers
Kuryr delivers for CNM,
but what about CNI?
28. Kubernetes Presence in Container Orchestration
• Open sourced from production-grade, scalable technology used by
Borg & Omega at Google for over 10 years
• Explosive use over the last 12 months, including users like eBay and
Lithium Technologies
• Portable, extensible, self-healing
Impressive automated rollouts & rollbacks with one command
• Growing ecosystem supporting Kubernetes:
• CoreOS, RH OpenShift, Platform9, Weaveworks, Midokura!
30. • etcd
• All persistent master state is
stored in an instance of etcd
• To date, runs as single instance;
HA clusters in future
• Provides a “great” way to store
configuration data reliably
• With watch support,
coordinating components can
be notified very quickly of
changes
Kubernetes Control Plane
31. • K8S API Server
• Serves up the Kubernetes API
• Intended to be a CRUD-y server, with separate components or in plug-ins
for logic implementation
• Processes REST operations, validates them, and updates the corresponding
objects in etcd
• Scheduler
• Binds unscheduled pods to nodes
• Pluggable, for multiple cluster schedulers and even user-provided
schedulers in the future
• K8S Controller Manager Server
• All other cluster-level functions are currently performed by the Controller
Manager
• E.g. Endpoints objects are created and updated by the endpoints
controller; and nodes are discovered, managed, and monitored by the
node controller.
• The replicationcontroller is a mechanism that is layered on top of the
simple pod API
• Planned to be a pluggable mechanism
Kubernetes Control Plane Continued
32. • kubelet
• Manages pods and their
containers, their images, their
volumes, etc
• kube-proxy
• Run on each node to provide
a simple network proxy and
load balancer
• Reflects services as defined in
the Kubernetes API on each
node and can do simple TCP
and UDP stream forwarding
(round robin) across a set of
backends
Kubernetes Worker Node
33. Kubernetes Networking Model
There are 4 distinct networking problems to solve:
1. Highly-coupled container-to-container
communications
2. Pod-to-Pod communications
3. Pod-to-Service communications
4. External-to-internal communications
34. Kubernetes Networking Options
Flannel provides an overlay to enable cross-host communication
- IP per POD
- VXLAN tunneling between hosts
- IPtables for NAT
- Multi-tenancy?
- Host per tenant?
- Cluster per tenant?
- How to share VMs and containers on the same network for the same tenant?
- Security Risk on docker bridge? Shared networking stack
37. Security at the edge
1. vPort1 initiates a packet flow through the virtual network
2. MN Agent fetches the virtual topology/state
3. MN simulates the packet through the virtual network
4. MN installs a flow in the kernel at the ingress host
5. Packet is sent in tunnel to egress host
38. Kubernetes Integration: How with Kuryr?
Kubernetes 1.2+
Two integration components:
CNI driver
• Standard container networking: preferred K8S network extension point
• Can serve rkt, appc, docker
• Uses Kuryr port binding library to bind local pod using metadata
Raven (Part of Kuryr project)
• Python 3
• AsyncIO
• Extensible API watcher
• Drives the K8S API to Neutron API translation
39. Kubernetes Integration: How with Kuryr+MidoNet?
Defaults:
kube-proxy: generates iptables rules which map portal_ips
such that the traffic gets to the local kube-proxy daemon. Does the
equivalent of a NAT to the actual pod address
flannel: default networking integration in CoreOS
Enhanced by:
Kuryr CNI driver: enables the host binding
Raven: process used to proxy K8S API to Neutron API
MidoNet agent: provides higher layer services to the pods
40. Kubernetes Integration: How with Kuryr?
Raven: used to proxy K8S API to Neutron API + IPAM
- focuses only on building the virtual network topology translated
from the events of the internal state changes of K8S through its API
server
Kuryr CNI driver: takes care of binding virtual ports to physical
interfaces on worker nodes for deployed pods
Kubernetes API Neutron API
Namespace Network
Cluster Subnet Subnet
Pod Port
Service LBaaS Pool LBaaS VIP (FIP)
Endpoint LBaaS Pool Member
41. Kubernetes Integration: How with Kuryr+MidoNet?
Raven: used to proxy K8S API to Neutron API
Kuryr CNI driver: takes care of binding virtual ports to physical
interfaces on worker nodes for deployed pods
42. Kubernetes Integration: How with Kuryr+MidoNet?
Raven: used to proxy K8S API to Neutron API
Kuryr CNI driver: takes care of binding virtual
ports to physical interfaces on worker nodes
for deployed pods
43. Completed integration components:
- CNI driver
- Raven
- Namespace Implementation (a mechanism to partition resources created
by users into a logically named group):
- - each namespace gets its own router
- - all pods driven by the RC should be on the same logical network
CoreOS support
- Containerized MidoNet services
Kubernetes Integration: Where are we now with MidoNet?
44. Where will Kuryr go next?
• Bring container and VM networking under one API
• Multi-tenancy
• Advanced networking services/map Network Policies
• QoS
• Adapt implementation to work with other COEs
• kuryr-mesos
• kuryr-cloudfoundry
• kuryr-openshift
• Magnum Support (containers in VMs) in OpenStack
Purpose
Examples of existing ones
What are COE networking models?
Docker: CNM
K8S & Mesos: CNI
Maturity?
Re-inventing wheel, including the political battles, but that’s the fun that open source brings
- Otto’s Magnum webinar compares COEs: (minute 16:30??)
http://blog.midokura.com/2016/05/project-magnum-introduction/
Talk about which are good for what
If 10K nodes, use …
Reference: https://github.com/kubernetes/kubernetes/blob/master/docs/design/architecture.md
Service endpoints are currently found via DNS or through environment variables (both Docker-links-compatible and Kubernetes {FOO}_SERVICE_HOST and {FOO}_SERVICE_PORT variables are supported). These variables resolve to ports managed by the service proxy.
The kubelet ships with built-in support for cAdvisor, which collects, aggregates, processes and exports information about running containers on a given system. cAdvisor includes a built-in web interface available on port 4194