SlideShare a Scribd company logo
Docker and
Container Security
@gianarb
Hello!
I am Gianluca Arbezzano
Site Reliability Engineer at InfluxDB
oss maintainer and Docker Captain
You can find me:
@gianarb on Twitter and GitHub
Play Safe - a free ebook about Container Security.
What?
I wrote an ebook ~55 pages
about Docker and Container
Security. It comes from my
daily experience deploying and
making containers secure.
CoreOS Clair, Apparmor,
SwarmKit, Notary, Cilium and a
lot more...
Get it http://scaledocker.com
Leave your email and you will receive the ebook.
Make it
easy to do
the secure
things
Otherwise your colleagues
will be the perfect
vulnerability.
Least Privileged
It’s valid for Orchestration and
anything else.
1.
Runtime
Apparmor, Seccomp, SELinux
2.
Static
Image Scan, CoreOS Clair
3.
Update
Injection new code in the system.
There is always more.
Port :80 / :443
Anything else..
Services, libraries,
Kernel, Operations,
continuous delivery
and so on..
VPN is not that complicated anymore.
https://community.openvpn.net/openvpn/wiki/BridgingAndRouting
SELinux
1. Everything inside a system has labels
2. By default everything is denied
3. You can write policy to allow only what you
need.
AppArmor
#include <tunables/global>
profile sample-one
flags=(attach_disconnected,mediate_deleted)
{
#include <abstractions/base>
network,
capability,
file,
umount,
deny /etc/** w,
}
AppArmor
docker run 
--security-opt=”apparmor:sample-one” 
--rm -it alpine /bin/sh
deny /etc/** w
touch /tmp/hello.txt
touch /etc/bad.txt
touch: /etc/ciao: Permission denied
“
AppArmor profile pull requests is
the bane of my existence
Cit. Jess Frazelle
https://github.com/jessfraz/bane
It’s easy if you run one process for
every container!
And if you know
what you are running.
Cilium - github.com/cilium/cilium
Cilium - github.com/cilium/cilium
docker network create 
--ipv6 
--subnet ::1/112 
--ipam-driver cilium 
--driver cilium cilium
Cilium - github.com/cilium/cilium
docker run -d --name server --net cilium 
--label io.cilium.service.server 
alpine sleep 30000
docker run -d --name client --net cilium 
--label io.cilium.service.client 
alpine sleep 30000
Cilium - github.com/cilium/cilium
docker run -d --name server --net cilium 
--label io.cilium.service.server 
alpine sleep 30000
docker run -d --name client --net cilium 
--label io.cilium.service.client 
alpine sleep 30000
Cilium - github.com/cilium/cilium
$ cilium endpoint list
docker exec -it client ping server
sudo cilium monitor
Cilium - github.com/cilium/cilium
cilium policy allowed -s cilium:io.cilium.service.client 
-d cilium:io.cilium.service.server
Resolving policy for context &{Trace:1
Logging:0xc42177b590
From:[cilium:io.cilium.service.client]
To:[cilium:io.cilium.service.server]}
Root rules decision: undecided
No matching children in io.cilium
Root children decision: undecided
Final tree decision: deny
Cilium - github.com/cilium/cilium
"name": "service",
"children": {
"client": { "name": "client"},
"server": {
"name": "server",
"rules": [{
"allow": [{
"action": "accept",
"label": {
"key": "host",
"source": "reserved"
}
}, {
"action": "accept",
"label": {
"key": "../client",
"source": "cilium"
}
BPF - github.com/cilium/cilium
BPF is a highly flexible and efficient virtual
machine-like construct in the Linux kernel allowing to
execute bytecode at various hook points in a safe
manner. It is used in a number of Linux kernel
subsystems, most prominently networking, tracing and
security
http://cilium.readthedocs.io/en/latest/bpf/
Images.
There are a lot of
good practices
and mistake
to make.
FROM debian
Oh this seems too much...
FROM scratch
Yes. I will make debugging with my
magic wand.
FROM centos
Yum let’s go for lunch! I am hungry
This decision
requires strong
opinions...
Let’s keep in mind about some
concerns
1.
Size
Unused files, libraries, packages
makes your image bigger.
2.
Security
Unrequired code and files are a
good way to get free
vulnerabilities!
3.
Debugging
At some point you will be happy to
run `ping google.com`.
LinuxKit can help
But maintaining your distro is not
very common yet.
Docker Scan
COREOS Clair
1. In regular intervals, Clair ingests vulnerability
metadata from a configured set of sources and
stores it in the database.
2. Clients use the Clair API to index their container
images; this parses a list of installed source
packages and stores them in the database.
3. Clients use the Clair API to query the database;
correlating data is done in real time, rather than a
cached result that needs re-scanning.
4. When updates to vulnerability metadata occur, a
webhook containing the affected images can be
configured to page or block deployments.
The update can be
a problem
sometime...
Docker content
trust.
The world behind the pull.
GPG, TLS, SHA
What I need more?
SHA1 - First collision
https://security.googleblog.com/2017/02/
announcing-first-sha1-collision.html
GPG limitation
● Is it coming from the place
where I hope?
● Between the sender and the
receiver what happen?
● Are the signatures too old?
TUF - The update
framework
https://theupdateframework.github.io
The framework is inspired by
Thandy the Tor’s secure updating
system
Main principles:
◎ Responsibility Separation to decrease the
scope of a specific role.
◎ Survivable key compromise and scoped
keys.
◎ Multi-Signature thresholding
It doesn’t manage
your packages
It only manage identity and signatures in
a separate location.
Roles:
● Root
● Targets
● Shanpshot
● Timestamp
● Delegation
Notary
https://github.com/docker/notary
dockerd -H fd:// -H tcp://10.7.5.22 --label kind=private
echo ’{"username":"root", "password": "root"}’ >
~/secret-test.json
docker secret create myapp -f ~/secret-test.json
docker service create 
--name backend 
--secret myapp 
--image gianarb/micro:1.2.0
Secret available at /run/secret/myapp
Distributed Secret
docker network --opt encrypted 
--driver overlay tick-net
Network Encryption
$ docker swarm init 
--advertise-addr 10.0.0.1 
--datapath-addr 192.168.0.1
Separate interface for
control and data traffic
Immutability
$ docker diff ciccio
C /var
A /var/www
A /var/www/index.html
A /var/www/spy.html
Analysis post running
Containers are not
magic.
Bad code stays
bad.
Write good code
Thanks!
Any questions?
@gianarb

More Related Content

What's hot

MongoDB.local Austin 2018: MongoDB Ops Manager + Kubernetes
MongoDB.local Austin 2018: MongoDB Ops Manager + KubernetesMongoDB.local Austin 2018: MongoDB Ops Manager + Kubernetes
MongoDB.local Austin 2018: MongoDB Ops Manager + Kubernetes
MongoDB
 
Nginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressNginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes Ingress
Knoldus Inc.
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
Docker, Inc.
 
Kubernetes meetup geneva june 2021
Kubernetes meetup geneva   june 2021Kubernetes meetup geneva   june 2021
Kubernetes meetup geneva june 2021
SebastienSEYMARC
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
Thomas Fricke
 
Kubescape single pane of glass
Kubescape   single pane of glassKubescape   single pane of glass
Kubescape single pane of glass
LibbySchulze1
 
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINXNGINX 101: Web Traffic Encryption with SSL/TLS and NGINX
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX
NGINX, Inc.
 
Interconnecting containers at scale #Dockercon
Interconnecting containers at scale #Dockercon Interconnecting containers at scale #Dockercon
Interconnecting containers at scale #Dockercon
sarahnovotny
 
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
NGINX, Inc.
 
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Sanjeev Rampal
 
NGINX ADC: Basics and Best Practices – EMEA
NGINX ADC: Basics and Best Practices – EMEANGINX ADC: Basics and Best Practices – EMEA
NGINX ADC: Basics and Best Practices – EMEA
NGINX, Inc.
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
Ben Hall
 
DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller
Docker, Inc.
 
NGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX: Basics and Best Practices
NGINX: Basics and Best Practices
NGINX, Inc.
 
Kubernetes for Beginners
Kubernetes for BeginnersKubernetes for Beginners
Kubernetes for Beginners
DigitalOcean
 
Go for Operations
Go for OperationsGo for Operations
Go for Operations
QAware GmbH
 
Kubernetes - security you need to know about it
Kubernetes - security you need to know about itKubernetes - security you need to know about it
Kubernetes - security you need to know about it
Haydn Johnson
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2
LibbySchulze
 
Container Runtime Security with Falco, by Néstor Salceda
Container Runtime Security with Falco, by Néstor SalcedaContainer Runtime Security with Falco, by Néstor Salceda
Container Runtime Security with Falco, by Néstor Salceda
Cloud Native Day Tel Aviv
 
Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop
Cisco Canada
 

What's hot (20)

MongoDB.local Austin 2018: MongoDB Ops Manager + Kubernetes
MongoDB.local Austin 2018: MongoDB Ops Manager + KubernetesMongoDB.local Austin 2018: MongoDB Ops Manager + Kubernetes
MongoDB.local Austin 2018: MongoDB Ops Manager + Kubernetes
 
Nginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes IngressNginx Deep Dive Kubernetes Ingress
Nginx Deep Dive Kubernetes Ingress
 
DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA DCSF19 Kubernetes Security with OPA
DCSF19 Kubernetes Security with OPA
 
Kubernetes meetup geneva june 2021
Kubernetes meetup geneva   june 2021Kubernetes meetup geneva   june 2021
Kubernetes meetup geneva june 2021
 
Kubernetes security
Kubernetes securityKubernetes security
Kubernetes security
 
Kubescape single pane of glass
Kubescape   single pane of glassKubescape   single pane of glass
Kubescape single pane of glass
 
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINXNGINX 101: Web Traffic Encryption with SSL/TLS and NGINX
NGINX 101: Web Traffic Encryption with SSL/TLS and NGINX
 
Interconnecting containers at scale #Dockercon
Interconnecting containers at scale #Dockercon Interconnecting containers at scale #Dockercon
Interconnecting containers at scale #Dockercon
 
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
What’s New in NGINX Ingress Controller for Kubernetes Release 1.5.0
 
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
Cisco Live 2017: Container networking deep dive with Docker Enterprise Editio...
 
NGINX ADC: Basics and Best Practices – EMEA
NGINX ADC: Basics and Best Practices – EMEANGINX ADC: Basics and Best Practices – EMEA
NGINX ADC: Basics and Best Practices – EMEA
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
 
DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller
 
NGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX: Basics and Best Practices
NGINX: Basics and Best Practices
 
Kubernetes for Beginners
Kubernetes for BeginnersKubernetes for Beginners
Kubernetes for Beginners
 
Go for Operations
Go for OperationsGo for Operations
Go for Operations
 
Kubernetes - security you need to know about it
Kubernetes - security you need to know about itKubernetes - security you need to know about it
Kubernetes - security you need to know about it
 
Whats new in brigade 2
Whats new in brigade 2Whats new in brigade 2
Whats new in brigade 2
 
Container Runtime Security with Falco, by Néstor Salceda
Container Runtime Security with Falco, by Néstor SalcedaContainer Runtime Security with Falco, by Néstor Salceda
Container Runtime Security with Falco, by Néstor Salceda
 
Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop Cisco Cloud Networking Workshop
Cisco Cloud Networking Workshop
 

Similar to Security Tips to run Docker in Production

Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
Velocidex Enterprises
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
Docker, Inc.
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes ClusterKubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
smalltown
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
Volodymyr Shynkar
 
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileAppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security Agile
Oleg Gryb
 
Three Years of Lessons Running Potentially Malicious Code Inside Containers
Three Years of Lessons Running Potentially Malicious Code Inside ContainersThree Years of Lessons Running Potentially Malicious Code Inside Containers
Three Years of Lessons Running Potentially Malicious Code Inside Containers
Ben Hall
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration
Amazon Web Services
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline  DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
Docker, Inc.
 
Stups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWS
Jan Löffler
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
Michael Ducy
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development Pipeline
Docker, Inc.
 
Container BoM Inspection with TERN
Container BoM Inspection with TERNContainer BoM Inspection with TERN
Container BoM Inspection with TERN
Open Source Technology Center MeetUps
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbai
n|u - The Open Security Community
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimes
Ravishankar Somasundaram
 
CloudNativeTurkey - Lines of Defence.pdf
CloudNativeTurkey - Lines of Defence.pdfCloudNativeTurkey - Lines of Defence.pdf
CloudNativeTurkey - Lines of Defence.pdf
Koray Oksay
 
Symfony finally swiped right on envvars
Symfony finally swiped right on envvarsSymfony finally swiped right on envvars
Symfony finally swiped right on envvars
Sam Marley-Jarrett
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
Jimmy Mesta
 
No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!
Anthony Dahanne
 
TIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by stepTIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by step
The Incredible Automation Day
 
Operating Docker
Operating DockerOperating Docker
Operating Docker
Jen Andre
 

Similar to Security Tips to run Docker in Production (20)

Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3Digital Forensics and Incident Response in The Cloud Part 3
Digital Forensics and Incident Response in The Cloud Part 3
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes ClusterKubernetes Summit 2019 - Harden Your Kubernetes Cluster
Kubernetes Summit 2019 - Harden Your Kubernetes Cluster
 
Kubernetes and container security
Kubernetes and container securityKubernetes and container security
Kubernetes and container security
 
AppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security AgileAppSec California 2016 - Making Security Agile
AppSec California 2016 - Making Security Agile
 
Three Years of Lessons Running Potentially Malicious Code Inside Containers
Three Years of Lessons Running Potentially Malicious Code Inside ContainersThree Years of Lessons Running Potentially Malicious Code Inside Containers
Three Years of Lessons Running Potentially Malicious Code Inside Containers
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline  DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
 
Stups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWSStups.io - an Open Source Cloud Framework for AWS
Stups.io - an Open Source Cloud Framework for AWS
 
Open source security tools for Kubernetes.
Open source security tools for Kubernetes.Open source security tools for Kubernetes.
Open source security tools for Kubernetes.
 
DCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development PipelineDCEU 18: Building Your Development Pipeline
DCEU 18: Building Your Development Pipeline
 
Container BoM Inspection with TERN
Container BoM Inspection with TERNContainer BoM Inspection with TERN
Container BoM Inspection with TERN
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbai
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimes
 
CloudNativeTurkey - Lines of Defence.pdf
CloudNativeTurkey - Lines of Defence.pdfCloudNativeTurkey - Lines of Defence.pdf
CloudNativeTurkey - Lines of Defence.pdf
 
Symfony finally swiped right on envvars
Symfony finally swiped right on envvarsSymfony finally swiped right on envvars
Symfony finally swiped right on envvars
 
Containerizing your Security Operations Center
Containerizing your Security Operations CenterContainerizing your Security Operations Center
Containerizing your Security Operations Center
 
No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!
 
TIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by stepTIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by step
 
Operating Docker
Operating DockerOperating Docker
Operating Docker
 

More from Gianluca Arbezzano

Kubernetes debug like a pro
Kubernetes debug like a proKubernetes debug like a pro
Kubernetes debug like a pro
Gianluca Arbezzano
 
OSDC 2018 - Distributed monitoring
OSDC 2018 - Distributed monitoringOSDC 2018 - Distributed monitoring
OSDC 2018 - Distributed monitoring
Gianluca Arbezzano
 
Value of your metrics: goodbye monitoring, welcome observability
Value of your metrics: goodbye monitoring, welcome observabilityValue of your metrics: goodbye monitoring, welcome observability
Value of your metrics: goodbye monitoring, welcome observability
Gianluca Arbezzano
 
InfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestratorInfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestrator
Gianluca Arbezzano
 
Orbiter and how to extend Docker Swarm
Orbiter and how to extend Docker SwarmOrbiter and how to extend Docker Swarm
Orbiter and how to extend Docker Swarm
Gianluca Arbezzano
 
Overview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca ArbezzanoOverview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca Arbezzano
Gianluca Arbezzano
 
Monitoring Pull vs Push, InfluxDB and Prometheus
Monitoring Pull vs Push, InfluxDB and PrometheusMonitoring Pull vs Push, InfluxDB and Prometheus
Monitoring Pull vs Push, InfluxDB and Prometheus
Gianluca Arbezzano
 
Open Tracing, to order and understand your mess. - ApiConf 2017
Open Tracing, to order and understand your mess. - ApiConf 2017Open Tracing, to order and understand your mess. - ApiConf 2017
Open Tracing, to order and understand your mess. - ApiConf 2017
Gianluca Arbezzano
 
Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017
Gianluca Arbezzano
 
Monitor your application and sleep
Monitor your application and sleepMonitor your application and sleep
Monitor your application and sleep
Gianluca Arbezzano
 
Tick Stack - Listen your infrastructure and please sleep
Tick Stack - Listen your infrastructure and please sleepTick Stack - Listen your infrastructure and please sleep
Tick Stack - Listen your infrastructure and please sleep
Gianluca Arbezzano
 
Docker Novosibirsk Meetup #3 - Docker in Production
Docker Novosibirsk Meetup #3 - Docker in ProductionDocker Novosibirsk Meetup #3 - Docker in Production
Docker Novosibirsk Meetup #3 - Docker in Production
Gianluca Arbezzano
 
DockerDublin Meetup - News about Docker 1.13
DockerDublin Meetup -  News about Docker 1.13DockerDublin Meetup -  News about Docker 1.13
DockerDublin Meetup - News about Docker 1.13
Gianluca Arbezzano
 
Docker 1.12 and SwarmKit
Docker 1.12 and SwarmKitDocker 1.12 and SwarmKit
Docker 1.12 and SwarmKit
Gianluca Arbezzano
 
Time Series Database and Tick Stack
Time Series Database and Tick StackTime Series Database and Tick Stack
Time Series Database and Tick Stack
Gianluca Arbezzano
 
Queue System and Zend\Queue implementation
Queue System and Zend\Queue implementationQueue System and Zend\Queue implementation
Queue System and Zend\Queue implementation
Gianluca Arbezzano
 
ZfDayIt 2014 - There is a module for everything
ZfDayIt 2014 - There is a module for everythingZfDayIt 2014 - There is a module for everything
ZfDayIt 2014 - There is a module for everything
Gianluca Arbezzano
 
Vagrant - PugMI
Vagrant - PugMIVagrant - PugMI
Vagrant - PugMI
Gianluca Arbezzano
 
Silex, iniziamo
Silex, iniziamoSilex, iniziamo
Silex, iniziamo
Gianluca Arbezzano
 

More from Gianluca Arbezzano (19)

Kubernetes debug like a pro
Kubernetes debug like a proKubernetes debug like a pro
Kubernetes debug like a pro
 
OSDC 2018 - Distributed monitoring
OSDC 2018 - Distributed monitoringOSDC 2018 - Distributed monitoring
OSDC 2018 - Distributed monitoring
 
Value of your metrics: goodbye monitoring, welcome observability
Value of your metrics: goodbye monitoring, welcome observabilityValue of your metrics: goodbye monitoring, welcome observability
Value of your metrics: goodbye monitoring, welcome observability
 
InfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestratorInfluxCloudi craft container orchestrator
InfluxCloudi craft container orchestrator
 
Orbiter and how to extend Docker Swarm
Orbiter and how to extend Docker SwarmOrbiter and how to extend Docker Swarm
Orbiter and how to extend Docker Swarm
 
Overview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca ArbezzanoOverview and Opentracing in theory by Gianluca Arbezzano
Overview and Opentracing in theory by Gianluca Arbezzano
 
Monitoring Pull vs Push, InfluxDB and Prometheus
Monitoring Pull vs Push, InfluxDB and PrometheusMonitoring Pull vs Push, InfluxDB and Prometheus
Monitoring Pull vs Push, InfluxDB and Prometheus
 
Open Tracing, to order and understand your mess. - ApiConf 2017
Open Tracing, to order and understand your mess. - ApiConf 2017Open Tracing, to order and understand your mess. - ApiConf 2017
Open Tracing, to order and understand your mess. - ApiConf 2017
 
Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017Jenkins in the real world - DevOpsCon 2017
Jenkins in the real world - DevOpsCon 2017
 
Monitor your application and sleep
Monitor your application and sleepMonitor your application and sleep
Monitor your application and sleep
 
Tick Stack - Listen your infrastructure and please sleep
Tick Stack - Listen your infrastructure and please sleepTick Stack - Listen your infrastructure and please sleep
Tick Stack - Listen your infrastructure and please sleep
 
Docker Novosibirsk Meetup #3 - Docker in Production
Docker Novosibirsk Meetup #3 - Docker in ProductionDocker Novosibirsk Meetup #3 - Docker in Production
Docker Novosibirsk Meetup #3 - Docker in Production
 
DockerDublin Meetup - News about Docker 1.13
DockerDublin Meetup -  News about Docker 1.13DockerDublin Meetup -  News about Docker 1.13
DockerDublin Meetup - News about Docker 1.13
 
Docker 1.12 and SwarmKit
Docker 1.12 and SwarmKitDocker 1.12 and SwarmKit
Docker 1.12 and SwarmKit
 
Time Series Database and Tick Stack
Time Series Database and Tick StackTime Series Database and Tick Stack
Time Series Database and Tick Stack
 
Queue System and Zend\Queue implementation
Queue System and Zend\Queue implementationQueue System and Zend\Queue implementation
Queue System and Zend\Queue implementation
 
ZfDayIt 2014 - There is a module for everything
ZfDayIt 2014 - There is a module for everythingZfDayIt 2014 - There is a module for everything
ZfDayIt 2014 - There is a module for everything
 
Vagrant - PugMI
Vagrant - PugMIVagrant - PugMI
Vagrant - PugMI
 
Silex, iniziamo
Silex, iniziamoSilex, iniziamo
Silex, iniziamo
 

Recently uploaded

TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Wask
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
flufftailshop
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
Hiike
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Tomaz Bratanic
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
Pravash Chandra Das
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 

Recently uploaded (20)

TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Digital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying AheadDigital Marketing Trends in 2024 | Guide for Staying Ahead
Digital Marketing Trends in 2024 | Guide for Staying Ahead
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdfNunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
Nunit vs XUnit vs MSTest Differences Between These Unit Testing Frameworks.pdf
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - HiikeSystem Design Case Study: Building a Scalable E-Commerce Platform - Hiike
System Design Case Study: Building a Scalable E-Commerce Platform - Hiike
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracyGraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Operating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptxOperating System Used by Users in day-to-day life.pptx
Operating System Used by Users in day-to-day life.pptx
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 

Security Tips to run Docker in Production