This document discusses containers and their history in Cloud Foundry. It describes the evolution from Warden to Garden container managers, and Garden's modular architecture and Linux-based backends like Aufs and Docker. It also mentions other backends for Garden like Greenhouse (Windows) and Guardian (supporting additional technologies like Docker, LXC, etc). Finally, it discusses the Open Containers Initiative standards and provides some debugging tips.
OpenShift is Red Hat's Platform-as-a-Service (PaaS) that lets developers quickly develop, host, and scale Docker container-based applications. OpenShift enables a uniform and standardised approach to container management across all hosting options including AWS/EC2 and other private/public cloud and on/off-premise variants. At this session, you will learn how Red Hat's enterprise clients are using OpenShift to enable their digital transformation initiatives. Examples will cover how realising a hybrid cloud strategy can simplify and reduce the risk of migrating and transitioning application workloads to containers in the cloud.
Alex Smith, Solutions Architect, Amazon Web Services, ASEAN
Stephen Bylo, Senior Solution Architect, Red Hat Asia Pacific Pte Ltd
OpenShift is Red Hat's Platform-as-a-Service (PaaS) that lets developers quickly develop, host, and scale Docker container-based applications. OpenShift enables a uniform and standardised approach to container management across all hosting options including AWS/EC2 and other private/public cloud and on/off-premise variants. At this session, you will learn how Red Hat's enterprise clients are using OpenShift to enable their digital transformation initiatives. Examples will cover how realising a hybrid cloud strategy can simplify and reduce the risk of migrating and transitioning application workloads to containers in the cloud.
Alex Smith, Solutions Architect, Amazon Web Services, ASEAN
Stephen Bylo, Senior Solution Architect, Red Hat Asia Pacific Pte Ltd
Cloud is a style of computing where scalable and elastic IT-related capabilities are provided as a service using Internet technologies. WSO2 delivers one of the best Public Cloud, Managed Cloud and Private Cloud offerings with world renowned WSO2 middleware platform. WSO2 middleware stack is built from ground up with an open architecture for supporting cloud native features such as multi-tenancy, cluster discovery, artifact distribution, dynamic load balancing, autoscaling & monitoring to be able to run on any PaaS. WSO2 is now innovating on delivering a lightweight, ultra fast Gateway and a Microservices Framework for providing unprecedented agility and scalability in the cloud with Docker and Kubernetes.
In this session Imesh will walk you through WSO2 Cloud strategy on delivering heterogeneous PaaS offerings, managed and public cloud platforms for building on-premise, public and hybrid cloud solutions.
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftDevOps.com
Administrators and developers are increasingly seeking ways to improve application time to market and improve maintainability. Containers and Red Hat® OpenShift® have quickly become the de facto solution for agile development and application deployment.
Red Hat Training has developed a course that provides the gateway to container adoption by understanding the potential of DevOps using a container-based architecture. Orchestrating a container-based architecture with Kubernetes and Red Hat® OpenShift® improves application reliability and scalability, decreases developer overhead, and facilitates continuous integration and continuous deployment.
In this webinar, our expert will cover:
An overview of container and OpenShift architecture.
How to manage containers and container images.
Deploying containerized applications with Red Hat OpenShift.
An outline of Red Hat OpenShift training offerings.
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...NETWAYS
Apache Mesos is a distributed system for running other distributed systems, often described as a distributed kernel. It’s in use at massive scale at some of the worlds largest companies like Netflix, Uber and Yelp, abstracting entire data centres of hardware to allow for workloads to be distributed efficiently. DC/OS is an open source distribution of Mesos, which adds all the functionality to run Mesos in production across any substrate, both on-premise and in the cloud. In this talk, I’ll introduce both Mesos and DC/OS and talk about how they work under the hood, and what the benefits are of running these new kinds of systems for emerging cloud native workloads.
There are a variety of options for standing up an OpenStack private cloud platform. In this webinar, we will discuss existing design patterns for deploying OpenStack and their relative strengths and weaknesses.
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Sanjeev Rampal
Introduction to the architecture of Cisco Container Platform. This is a new offering from Cisco and is an enterprise grade Multi-Cloud Kubernetes based Container platform.. The presentation covers overall architecture, internal details on networking storage, operations and automation as well as multi-cloud features including the use of this platform alongwith hosted Kubernetes offerings from AWS (EKS) and Google (GKE)
Enhancing Kubernetes with Autoscaling & Hybrid Cloud IaaSMatt Baldwin
Enhancing Kubernetes with OpenStack for bursting capacity from private cloud to public cloud. This presentation is from our February 18, 2016 San Francisco Kubernetes meetup. It was presented by Craig Peters and Bhasker Nallapothula.
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Cloud Native Day Tel Aviv
The Kuryr project offers an interesting approach to network cloud native workloads, by enabling container orchestration engines to consume network services from OpenStack Neutron.With pod-in-VM support, Kuryr-Kubernetes enables a whole slew of new hybrid workloads, like bare metal or in-VM pods accessing services that run on VMs, multiple COEs (e.g. Docker Swarm to Kubernetes), and more. Unified networking simplifies deployment, configuration and provides single pane of glass into management and troubleshooting.
Let’s dive into Kuryr Kubernetes and learn how different open source technologies can complement each other in order to enable number of complicated deployment scenarios.
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Odinot Stanislas
(FR)
Introduction très sympathique autour des environnements Cloud avec un focus particulier sur la virtualisation et les containers (Docker)
(ENG)
Friendly presentation about Cloud solutions with a focus on virtualization and containers (Docker).
Author: Nicholas Weaver – Principal Architect, Intel Corporation
Containers and Nutanix - Acropolis Container ServicesNEXTtour
This presentation was given at the London Nutanix user group (NUG) on Oct 26 by Denis Guyadeen. If you would like to join a NUG, you can find more information here http://bit.ly/NTNXUG - Hope to see you at a community meeting!
Cloud is a style of computing where scalable and elastic IT-related capabilities are provided as a service using Internet technologies. WSO2 delivers one of the best Public Cloud, Managed Cloud and Private Cloud offerings with world renowned WSO2 middleware platform. WSO2 middleware stack is built from ground up with an open architecture for supporting cloud native features such as multi-tenancy, cluster discovery, artifact distribution, dynamic load balancing, autoscaling & monitoring to be able to run on any PaaS. WSO2 is now innovating on delivering a lightweight, ultra fast Gateway and a Microservices Framework for providing unprecedented agility and scalability in the cloud with Docker and Kubernetes.
In this session Imesh will walk you through WSO2 Cloud strategy on delivering heterogeneous PaaS offerings, managed and public cloud platforms for building on-premise, public and hybrid cloud solutions.
Kubernetes 101 - an Introduction to Containers, Kubernetes, and OpenShiftDevOps.com
Administrators and developers are increasingly seeking ways to improve application time to market and improve maintainability. Containers and Red Hat® OpenShift® have quickly become the de facto solution for agile development and application deployment.
Red Hat Training has developed a course that provides the gateway to container adoption by understanding the potential of DevOps using a container-based architecture. Orchestrating a container-based architecture with Kubernetes and Red Hat® OpenShift® improves application reliability and scalability, decreases developer overhead, and facilitates continuous integration and continuous deployment.
In this webinar, our expert will cover:
An overview of container and OpenShift architecture.
How to manage containers and container images.
Deploying containerized applications with Red Hat OpenShift.
An outline of Red Hat OpenShift training offerings.
OSDC 2018 | From batch to pipelines – why Apache Mesos and DC/OS are a soluti...NETWAYS
Apache Mesos is a distributed system for running other distributed systems, often described as a distributed kernel. It’s in use at massive scale at some of the worlds largest companies like Netflix, Uber and Yelp, abstracting entire data centres of hardware to allow for workloads to be distributed efficiently. DC/OS is an open source distribution of Mesos, which adds all the functionality to run Mesos in production across any substrate, both on-premise and in the cloud. In this talk, I’ll introduce both Mesos and DC/OS and talk about how they work under the hood, and what the benefits are of running these new kinds of systems for emerging cloud native workloads.
There are a variety of options for standing up an OpenStack private cloud platform. In this webinar, we will discuss existing design patterns for deploying OpenStack and their relative strengths and weaknesses.
Architecture of Cisco Container Platform: A new Enterprise Multi-Cloud Kubern...Sanjeev Rampal
Introduction to the architecture of Cisco Container Platform. This is a new offering from Cisco and is an enterprise grade Multi-Cloud Kubernetes based Container platform.. The presentation covers overall architecture, internal details on networking storage, operations and automation as well as multi-cloud features including the use of this platform alongwith hosted Kubernetes offerings from AWS (EKS) and Google (GKE)
Enhancing Kubernetes with Autoscaling & Hybrid Cloud IaaSMatt Baldwin
Enhancing Kubernetes with OpenStack for bursting capacity from private cloud to public cloud. This presentation is from our February 18, 2016 San Francisco Kubernetes meetup. It was presented by Craig Peters and Bhasker Nallapothula.
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Cloud Native Day Tel Aviv
The Kuryr project offers an interesting approach to network cloud native workloads, by enabling container orchestration engines to consume network services from OpenStack Neutron.With pod-in-VM support, Kuryr-Kubernetes enables a whole slew of new hybrid workloads, like bare metal or in-VM pods accessing services that run on VMs, multiple COEs (e.g. Docker Swarm to Kubernetes), and more. Unified networking simplifies deployment, configuration and provides single pane of glass into management and troubleshooting.
Let’s dive into Kuryr Kubernetes and learn how different open source technologies can complement each other in order to enable number of complicated deployment scenarios.
Bare-metal, Docker Containers, and Virtualization: The Growing Choices for Cl...Odinot Stanislas
(FR)
Introduction très sympathique autour des environnements Cloud avec un focus particulier sur la virtualisation et les containers (Docker)
(ENG)
Friendly presentation about Cloud solutions with a focus on virtualization and containers (Docker).
Author: Nicholas Weaver – Principal Architect, Intel Corporation
Containers and Nutanix - Acropolis Container ServicesNEXTtour
This presentation was given at the London Nutanix user group (NUG) on Oct 26 by Denis Guyadeen. If you would like to join a NUG, you can find more information here http://bit.ly/NTNXUG - Hope to see you at a community meeting!
WSO2Con USA 2015: Revolutionizing WSO2 PaaS with Kubernetes & App FactoryWSO2
Containerization is now becoming the most efficient way of developing and deploying software solutions in the cloud. It provides means of running applications with less resource usage, fast startup times, portability across machines, lightweight & layered container images, container image registries, multi-tenancy and many more additional advantages. Docker embraced this space by fulfilling the above requirements and attracting the industry within a very short period of time. Google solved container cluster management features by initiating the Kubernetes project over a decade of experience on running container technologies at scale. Now Kubernetes is in the process of adding more advanced PaaS features such as autoscaling, multicloud or region deployments and composite application model with best of breed ideas and practices from the community.
WSO2 App Factory and WSO2 App Cloud are application Platform as a Service (aPaaS) that provide application development and hosting deployed through these technologies. In this tutorial we will demonstrate how WSO2 products can be run on Kubernetes and the latest WSO2 App Cloud features.
These slides accompanied a live install of Triton Elastic Container Infrastructure as described in the following blog post:
https://www.joyent.com/blog/spin-up-a-docker-dev-test-environment-in-60-minutes-or-less
Presentation abstract:
Hardware hypervisors were a first generation approach to the challenges of resource and security isolation, but they’re unnecessarily shackling operations and developers with limitations that are no longer relevant to containerized deployments.
We need bare metal performance, but how can we get the security isolation and elasticity that we need without VMs? Container -- truly secure, bare metal containers -- offer an alternative that improve performance while reducing costs (and CO2 emissions too!).
What are they, how do they work, and how does containerization affect my apps??
These slides were presented at:
http://www.meetup.com/austin-devops/events/223284754/
http://www.meetup.com/PhillyDevOps/events/223197735/
http://www.meetup.com/DevOpsandAutomationNJ/events/223432942/
Remix of two other open source presentations along with my own content, 40 slides set to play at 20 seconds auto-timed (similar to Pecha-Kucha style timing). This was delivered via Caribbean Tech Dev forum's monthly Google Hangout in November 2015, and video can be viewed at https://www.youtube.com/watch?v=xANrsSin_-0
Docker is a tool designed to make it easier to create, deploy, and run applications
by using containers. Containers allow a developer to package up
an application with all of the parts it needs, such as libraries and other dependencies,
and ship it all out as one package. By doing so, thanks to the
container, the developer can rest assured that the application will run on
any other Linux machine regardless of any customized settings that machine
might have that could differ from the machine used for writing and testing
the code.
In a way, Docker is a bit like a virtual machine. But unlike a virtual
machine, rather than creating a whole virtual operating system, Docker allows
applications to use the same Linux kernel as the system that they’re
running on and only requires applications be shipped with things not already
running on the host computer. This gives a significant performance boost
and reduces the size of the application.
"The majority of the container security discussion revolves around containers on Linux while the security of containers in Windows is left as a mystical black box. In this talk we'll peel back the curtain and dive in to how Windows containers are secured.
Does Windows have namespaces? How does it compose the layers of a container's filesystem? How does it limit resource usage of containers? I heard there's a Hyper-V isolation thing, what's that about?
We'll answer all these questions and more!"
Dev opsec dockerimage_patch_n_lifecyclemanagement_kanedafromparis
Lors de cette présentation, nous allons dans un premier temps rappeler la spécificité de docker par rapport à une VM (PID, cgroups, etc) parler du système de layer et de la différence entre images et instances puis nous présenterons succinctement kubernetes.
Ensuite, nous présenterons un processus « standard » de propagation d’une version CI/CD (développement, préproduction, production) à travers les tags docker.
Enfin, nous parlerons des différents composants constituant une application docker (base-image, tooling, librairie, code).
Une fois cette introduction réalisée, nous parlerons du cycle de vie d’une application à travers ses phases de développement, BAU pour mettre en avant que les failles de sécurité en période de développement sont rapidement corrigées par de nouvelles releases, mais pas nécessairement en BAU où les releases sont plus rares. Nous parlerons des diverses solutions (jfrog Xray, clair, …) pour le suivie des automatique des CVE et l’automatisation des mises à jour. Enfin, nous ferons un bref retour d’expérience pour parler des difficultés rencontrées et des propositions d’organisation mises en oeuvre.
Cette présentation bien qu’illustrée par des implémentations techniques est principalement organisationnelle.
Rooting Out Root: User namespaces in DockerPhil Estes
This talk on the progress to bring user namespace support into Docker was presented by Phil Estes at LinuxCon/ContainerCon 2015 on Wednesday, Aug. 19th, 2015
Dojo given at ESEI, Uvigo.
The slides include a set of great slides from a presentation made by Elvin Sindrilaru at CERN.
Docker is an open platform for building, shipping and running distributed applications. It gives programmers, development teams and operations engineers the common toolbox they need to take advantage of the distributed and networked nature of modern applications.
In this webinar we will discuss:
- The profile of an organization that is Expert at Kubernetes on Azure and AKS
- How to get to Expert status
- The challenges along the way and how embracing Azure services can help
- A demo of deploying applications with velocity on AKS
Journey Through Four Stages of Kubernetes Deployment MaturityAltoros
In this webinar we will discuss a crawl, walk, run approach to continuous delivery (CD) for applications, point by point:
Where to start, how to advance, and how to reach the level of maximum automation.
How to orchestrate CI/CD processes along with routing and business continuity.
When the automation level is sufficient.
GitOps principles and their benefits.
What tools should be used to automate CI, CD, GitOps, Container Registry, Secrets management, etc
SGX: Improving Privacy, Security, and Trust Across Blockchain NetworksAltoros
These slides explain how to use Intel Software Garden Extensions (SGX) to improve privacy, security, trust, and transparency across blockchain networks that store sensitive data.
Using the Cloud Foundry and Kubernetes Stack as a Part of a Blockchain CI/CD ...Altoros
These slides exemplify how to employ the tools available through Cloud Foundry and Kubernetes to enable a continuous integration and continuous delivery pipeline on blockchain.
The combination of StackPointCloud with NetApp creates NetApp Kubernetes Service, the industry’s first complete Kubernetes platform for multi-cloud deployments and a complete cloud-based stack for Azure, Google Cloud, AWS, and NetApp HCI. Further, Trident is a fully supported open source project maintained by NetApp, designed from the ground up to help meet the sophisticated persistence demands of containerized applications.
With no built-in solutions for managing user accounts, Kubernetes has to rely on external systems for this. Can we use one UAA solution for both Cloud Foundry and Kubernetes authentication while building a hybrid deployment?
Troubleshooting .NET Applications on Cloud FoundryAltoros
These slides overview how logs can be employed to troubleshoot .NET app on Cloud Foundry, as well as how to use metrics to enable preventive maintenance.
Continuous Integration and Deployment with Jenkins for PCFAltoros
Jenkins has been the preferred tool for continuous integration and deployment for many years already due to it's smooth user experience, easy configuration, abundance of available plugins and integrations. During the talk we will tell about best practices on using Jenkins together with Cloud Foundry installations, accelerating cloud-native application delivery and packaging using combination of Docker and Jenkins and thoughtful configuration of CI/CD pipelines and keeping apps up-to-date on all CF environments.
At the Cloud Foundry Summit 2017 in Santa Clara, Altoros and GE Digital talked about a sensor-based solution for tracking luggage from registration to claim belt.
Navigating the Ecosystem of Pivotal Cloud Foundry TilesAltoros
For application developers, PCF tiles are arguably the easiest way to run Redis, Elasticsearch, Cassandra, or any other backing service with applications in the cloud.
Integrating AI into IoT networks is becoming a prerequisite for success in today’s data-driven digital ecosystems. The only way to keep up with IoT-generated data and gain the hidden insights it holds is using AI as the catalyst of IoT. Watch this slides to understand how IoT and AI may work together.
Over-Engineering: Causes, Symptoms, and TreatmentAltoros
If your are using Cloud Foundry, you are most obviously into the microservices architecture and cloud-native app development approach. These are definitely best practices in modern application development, but too much of a good thing is good for nothing. Overuse of these principles may lead to over-engineering, when an application is split into too much microservices and, as such, gets hard to maintain and support. This presentation highlights how far overuse of the microservices concept can go, what issues exist, and how these issues can be avoided.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
17. Docker image with garden
/var/vcap/data/garden/aufs_graph/aufs/mnt/… Union mount point
training/webapp
ubuntu:14.04 /var/vcap/data/garden/aufs_graph/aufs/diff/…
/var/vcap/data/garden/aufs_graph/aufs/diff/…
/var/vcap/data/garden/aufs_graph/aufs/diff/… Container file system
Docker image layers
18. Caveats
Only v2 Docker registry API
Does not support private repositories
Source registry should be available on instance create
21. Files ystem isolation – unique user per
container
Disk usage – NTFS quotas
CPU, Memory usage – Windows Job objects
Network isolation – bind apps directly to
external IP
Hello everyone, I’m happy and proud to be here today. Thank you for coming.
My name is Maksim Zhylinski, I work as an engineer in Altoros.
My talk is called “Who lives in garden?” and it’s about containers and precisely CloudFoundry containers.
So what containers actually are? Container is a combination of operating system primitives that allows separate out set of processes and make them pretend like they are in own operating system.
Add:
6-7 years?
Containers offer higher-level isolation, with many applications running under the host operating system, all of them sharing certain operating system libraries and the operating system's kernel.
Since a container doesn't have to load up an operating system and providers almost no overhead, you can create containers in a split-second, rather than minutes for a virtual machine. That makes containers perfect technology to use in different solutions, like running applications in Platform as a service.
Let’s talk about history of containers in CloudFoundry. Containers was first-class citizens from the very beginning of the Cloud Foundry existence.
First implementation of containers in CloudFoundry was called Warden and it was introduced in 2011. It was written mostly in Ruby with bits of C code.
In order to provide processes isolation from host operating system and other processes was used linux namespaces feature, cgroups for resources limiting and management, pivot_root for filesystem isolation.
Let’s see on warden architecture. It was quite monolithic – warden server, which was providing service to the warden clients (DEA) talking to warden by protobuf-based protocol was coupled in a single application with the container manager, which was responsible for container lifecycle routines.
So, in 2014 brand new CloudFoundry runtime was introduced called Diego instead of good old DEA. It has a lot of cool features, but I will not go into details as far as it’s out of scope of my topic. And as a part of new Diego runtime new container manager was introduced – Garden.
What has changed? Garden was rewritten on Go programming language, as many other components of CloudFoundry. Basically, garden stands for “Go warden”. But, what most important garden was designed in a modular way. What does it mean?
Let’s see garden’s architecture. Still, garden clients (Diego cells) talks to Garden server by protocol (protocol is based on protobuf, but garden server also provides HTTP protocol for debugging purpose). But in order to provide flexibility garden server was decoupled from container manager (which now lives in component called “backend”), so that garden server provides unified contract that does not depend on underlying containers implementation.
What backends are available today? It’s a Garden linux – at the moment default linux containers backend, greenhouse – windows containers backend, and one more linux backend called Guardian.
Garden linux is a successor of warden’s containers implementation, it uses same features to provide process isolation: linux namespaces, cgroups, layered filesystems. But there’s killer-feature was added to garden-linux backend in addition to default buildpack-centric lifecycle is a…
ability to run Docker containers! How does it work?
First of all let’s dig a bit how garden works. Garden (as well as Warden was) uses layered filesystems. During the default for CloudFoundry buildpack lifecycle manager takes rootfs – basically linux root filesystem, and mounts it together with the another layer with application bits using aufs (by default) or overlayfs – to create a single filesystem to pivot_root to.
So how docker images are run with garden? Docker images themselves are consist out of layers each containing diff applied on top of the previous layer.
In order to run docker image garden just mount docker image layers instead of built-in rootfs keeping the rest pretty much the same. Garden uses libraries from Docker so contents of container exactly match the contents of the associated Docker image.
So what’s the caveats?
You can use only docker registry of version 2
You can use only public repositories
Diego does caches pulled image globally, so garden needs access to Docker registry even when scaling up already running application. Using standard buildpack lifecycle during staging process CloudFoundry creates droplet, which can be reused later, so you can scale up your application and get exactly the same container. With Docker images – if registry is down, or someone deleted or modified image – you’re in trouble.
Last item actually not strictly related to the topic of my talk, as far as it’s a business of whole runtime, but not a container manager.
I took this three items from a pivotal’s official documentation, but I have to argue points 2 & 3.
There’s a Diego docker cache BOSH release that helps to deal with them. Diego docker cache basically, caches pulled docker images from Docker hub. This helps to break dependency on docker registry availability or images change. But also this cache provides ability to set your credentials during first ‘cf push’. Bad part is that this project is in cloudfoundry-incubator and the feature not yet supported by CloudFoundry CLI, so providing credentials is a bit tricky.
While the Linux is most popular operating system to deploy applications to nowadays, still, it’s not the only one. Dot NET applications are widely spread in enterprise area and it’s mandatory to support them in modern Platform-as-a-Service. Tricky part is that Windows does not support containers, as Linux does. But CloudFoundry runtime team managed to create Greenhouse backend using couple of tricks and techniques.
Filesystem isolation – unique user created per container to utilize native Windows Access Control Lists
Disk usage – NTFS quotas
To manage memory limits Windows Kernel Job Objects are used
… and to isolate network applications launched inside a container bind directly to the external IP of the VM
And the last backend available is called “Guardian”. Why need for another one Linux container backend?
There are plenty of containers implementation novadays:
Famous known Docker
LXC, that has been for a years already
lmctfy made in google
OpenVZ
…and of course Garden
… and many more
Which are…
…not compatible with each other.
So in 2015 Open Containers Initiative appeared to create…
industry standards around containers to build open, portable, platform-, cloud- and hardware-independent containers and runtime format.
The OCI currently provides two specifications: the container Image Specification (runtime-spec) and the container Runtime Specification (image-spec).
Main players of containers market has joined this initiative, so I tend to believe in future of unified containers.
For example less than two weeks ago Kelsey Hightower announced native support for OCI containers in Kubernetes.
So back to CloudFoundry. Garden already supports OCI containers for a while via it’s runc backend called Guardian. It’s not yet default backend for CloudFoundry. Current version is 0.9. And when it will hit 1.0 it’ll become a default backend for CloudFoundry.
Ok, now some debugging tips for those of you who having troubles with your applications in CloudFoundry containers.
Sometimes logs aren’t enough – your application works not as it was supposed to do. You want to get into container to see what’s inside. Maybe some mandatory file is missing, or something with permissions or whatever.
Easiest way is to use CloudFoundry CLI’s built-in SSH command. Each garden container in CF comes with built-in SSH server, which makes it extremely easy.
And you application bit is under root “app” directory.
For those of you who wants to debug container manager itself I recommend to take a look at this tool. It’s basically CLI for garden – you can create and delete containers, shell into it and many other things like Diego does.
And couple of words about security. How secure containers are?
If we’re talking about linux-based containers provided by garden-linux and guardian backends… they are based on namespaces and cgroups—core Linux kernel features that have been around for years and used as the basis for many popular projects. So, I believe that you can trust CF containers as much as you can trust the Linux kernel itself.
But if we talk about Greenhouse backend, windows containers implementation that it is impossible to create completely isolated filesystem, as linux pivot_root does, so greenhouse containers share Program files folder, so you’d better not to keep any secrets there.
firewall
And finally, what projects do use Garden now?
Obviously it’s CloudFoundry
Concourse CI – it’s a Continuos Integration and Continuos Delivery modern tool that support pipelining
And BOSH lite – BOSH deployed in single VM and uses Garden containers to create jobs.