SlideShare uma empresa Scribd logo

Virtualized Containers - How Good is it - Ananth - Siemens - CC18

CodeOps Technologies LLP
CodeOps Technologies LLP

This presentation was made as part of Container Conference 2018 : www.containerconf.in "Typically enterprise applications are deployed as processes on Virtual Machines or as Containers. For example, applications can be deployed on Amazon EC2 instances or as Docker containers in on-premise Kubernetes cluster. Both the strategies have their own pros and cons. While VMs are portable and secure, they are also bulky and time consuming to bring up. Containers on the other hand are lightweight, portable and can be launched very quickly, but their security concerns remain. Even though traditional containers (such as Docker) isolate the application process namespace from other containers, they share the host OS kernel. Considering the number of un-trusted applications that are run as containers, the entire host OS can be compromised. Even though the community has come up with a variety of tools for scanning vulnerabilities (such as Clair) and modules for enhancing the security (such as AppArmor & SELinux), the onus is on the administrator to use these tools and make the environment secure. In this presentation we explore Virtualized Containers, an evolving container technology which inherently provides security by design without compromising on speed and flexibility."

Software
1 de 17
Baixar para ler offline
VIRTUALIZED CONTAINERS Ananth, Himanshu, Rajaram, Sandeep, Siva, Sanjay
AGENDA • VMs vs containers • Virtualized containers • Kata containers • Container security • Kata containers & Docker • Kata containers & K8s • Summary
VM VS CONTAINERS Ref: https://katacontainers.io
VM VS CONTAINERS • VMs are abstraction of the hardware, allowing multiple servers to run on the same hardware • Containers are abstraction at the application layer, that packages app code and dependencies together • Each VM has its own operating system, all necessary binaries and libraries, making it heavy • Containers share the host OS kernel and has only those packages necessary to run the application, therefore very light • VMs take time to boot-up and the images are large in size • The USP for containers is speed and portability
VIRTUALIZED CONTAINERS • Speed of containers • Security of VMs • Otherwise called hypervisor based containers Image Ref Image Ref Image refImage Ref
VIRTUALIZED CONTAINERS CONTD… Traditional containers such as Docker Virtualized containers Ref: http://katacontainers.io Shared kernel Dedicated kernel
VIRTUALIZED CONTAINERS CONTD… • Traditional containers share the underlying OS kernel. • We run a lot of unknown un-trusted applications on containers in our datacenter. • If a malicious user gains access to the host OS kernel, rest of the containers and the entire system can be compromised. • Kata-runtime boots each containers as a light weight VM, using hardware virtualization. • Provides double isolation without compromising on performance • Reduces the attacking surface, thereby improving security
CONTAINER SECURITY • Docker itself is built with security and isolation in mind. It provides lot of inherent features and hooks to make your system more secure. • However, it does not prevent you from “Running random code downloaded from the Internet and running it as root” • We need not worry if proper security measures are taken and best practices are adhered to
CONTAINER SECURITY CONTD… • Host and kernel security • Denial-of-service attacks • Container breakout • Credentials and secrets • Authenticity of images • Static image vulnerabilities • Runtime security
KATA CONTAINERS Ref: http://Katacontainers.io
KATA CONTAINERS WITH DOCKER Ref: http://katacontainers.io
CONFIGURATION STEPS • Enable virtualization (Intel VT / AMD-V) on the docker host • Create a config file inside docker.service.d • Restart docker • Spin up kata containers using docker run command and docker images [root@tt2aio docker-host]# cd /etc/systemd/system/docker.service.d [root@tt2aio docker-host]# cat <<EOF | sudo tee kata-containers.conf [Service] ExecStart= ExecStart=/usr/bin/dockerd -D --add-runtime kata- runtime=/usr/bin/kata-runtime --default-runtime=kata-runtime EOF [root@tt2aio docker-host]# systemctl daemon-reload [root@tt2aio docker-host]# systemctl restart docker
K8S – CRI - OCI Ref: https://katacontainers.io/posts/why-kata-containers-doesnt-replace- kubernetes
KATA CONTAINERS AND KUBERNETES Kubelet cri-containerd Kata Runtime CRI OCI cri-o VM Pod Container
SUMMARY • Kata-containers are new, exciting, evolving • More secure by design without much impact on performance • Has limited support for various hypervisors to begin with • Does not replace Docker and Kubernetes, rather complements them.
WHAT’S IN STORE • Support hypervisor based runtime called fracti. • Fracti can schedule pods and containers directly inside a hypervisor via runV. • Enable runV to kata-runtime migrations • Provide “official” support for Kubernetes Contribute to https://github.com/kata-containers
REFERENCES • https://docs.docker.com/ • https://katacontainers.io/ • Docker runtime execution options • Why Kata containers cannot replaces K8S • Container security vulnerabilities and threats • Securing containers • Running kata with Docker • Running kata with K8s

Recomendados

Production ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesProduction ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesChandresh Pancholi
 
Power of Choice in Docker EE 2.0 - Anoop - Docker - CC18
Power of Choice in Docker EE 2.0 - Anoop - Docker - CC18Power of Choice in Docker EE 2.0 - Anoop - Docker - CC18
Power of Choice in Docker EE 2.0 - Anoop - Docker - CC18CodeOps Technologies LLP
 
Stateless and Stateful Services in Kubernetes - Mohit Saxena - Citrix - CC18
Stateless and Stateful Services in Kubernetes - Mohit Saxena - Citrix - CC18Stateless and Stateful Services in Kubernetes - Mohit Saxena - Citrix - CC18
Stateless and Stateful Services in Kubernetes - Mohit Saxena - Citrix - CC18CodeOps Technologies LLP
 
Containers and workload security an overview
Containers and workload security an overview Containers and workload security an overview
Containers and workload security an overview Krishna-Kumar
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18CodeOps Technologies LLP
 
Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18CodeOps Technologies LLP
 
Evolve or Fall Behind: Driving Transformation with Containers - Sai Vennam - ...
Evolve or Fall Behind: Driving Transformation with Containers - Sai Vennam - ...Evolve or Fall Behind: Driving Transformation with Containers - Sai Vennam - ...
Evolve or Fall Behind: Driving Transformation with Containers - Sai Vennam - ...CodeOps Technologies LLP
 
Best Practices with Azure Kubernetes Services
Best Practices with Azure Kubernetes ServicesBest Practices with Azure Kubernetes Services
Best Practices with Azure Kubernetes ServicesQAware GmbH
 

Recomendados

Production ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesProduction ready tooling for microservices on kubernetes
Production ready tooling for microservices on kubernetesChandresh Pancholi
 
Power of Choice in Docker EE 2.0 - Anoop - Docker - CC18
Power of Choice in Docker EE 2.0 - Anoop - Docker - CC18Power of Choice in Docker EE 2.0 - Anoop - Docker - CC18
Power of Choice in Docker EE 2.0 - Anoop - Docker - CC18CodeOps Technologies LLP
 
Stateless and Stateful Services in Kubernetes - Mohit Saxena - Citrix - CC18
Stateless and Stateful Services in Kubernetes - Mohit Saxena - Citrix - CC18Stateless and Stateful Services in Kubernetes - Mohit Saxena - Citrix - CC18
Stateless and Stateful Services in Kubernetes - Mohit Saxena - Citrix - CC18CodeOps Technologies LLP
 
Containers and workload security an overview
Containers and workload security an overview Containers and workload security an overview
Containers and workload security an overview Krishna-Kumar
 
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18
Make Java Microservices Resilient with Istio - Mangesh - IBM - CC18CodeOps Technologies LLP
 
Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18Kubernetes Networking - Sreenivas Makam - Google - CC18
Kubernetes Networking - Sreenivas Makam - Google - CC18CodeOps Technologies LLP
 
Evolve or Fall Behind: Driving Transformation with Containers - Sai Vennam - ...
Evolve or Fall Behind: Driving Transformation with Containers - Sai Vennam - ...Evolve or Fall Behind: Driving Transformation with Containers - Sai Vennam - ...
Evolve or Fall Behind: Driving Transformation with Containers - Sai Vennam - ...CodeOps Technologies LLP
 
Best Practices with Azure Kubernetes Services
Best Practices with Azure Kubernetes ServicesBest Practices with Azure Kubernetes Services
Best Practices with Azure Kubernetes ServicesQAware GmbH
 
Making sense of containers, docker and Kubernetes on Azure.
Making sense of containers, docker and Kubernetes on Azure.Making sense of containers, docker and Kubernetes on Azure.
Making sense of containers, docker and Kubernetes on Azure.Nills Franssens
 
Kubernetes And Istio and Azure AKS DevOps
Kubernetes And Istio and Azure AKS DevOpsKubernetes And Istio and Azure AKS DevOps
Kubernetes And Istio and Azure AKS DevOpsOfir Makmal
 
Containers and OpenStack - A Happy Marriage - Madhuri - Intel - CC18
Containers and OpenStack - A Happy Marriage - Madhuri - Intel - CC18Containers and OpenStack - A Happy Marriage - Madhuri - Intel - CC18
Containers and OpenStack - A Happy Marriage - Madhuri - Intel - CC18CodeOps Technologies LLP
 
Autoscaling in Kubernetes
Autoscaling in KubernetesAutoscaling in Kubernetes
Autoscaling in KubernetesHrishikesh Deodhar
 
Moving Applications into Azure Kubernetes
Moving Applications into Azure KubernetesMoving Applications into Azure Kubernetes
Moving Applications into Azure KubernetesHussein Salman
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
 
NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013aspyker
 
Building Cloud Native Applications Using Spring Boot and Spring Cloud
Building Cloud Native Applications Using Spring Boot and Spring CloudBuilding Cloud Native Applications Using Spring Boot and Spring Cloud
Building Cloud Native Applications Using Spring Boot and Spring CloudGeekNightHyderabad
 
RBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKSRBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKSEmad Alashi
 
Multitenancy on EKS
Multitenancy on EKSMultitenancy on EKS
Multitenancy on EKSIan Crosby
 
Why Kubernetes on Azure
Why Kubernetes on AzureWhy Kubernetes on Azure
Why Kubernetes on AzureMicrosoft Tech Community
 
The container ecosystem @ Microsoft A story of developer productivity
The container ecosystem @ Microsoft A story of developer productivityThe container ecosystem @ Microsoft A story of developer productivity
The container ecosystem @ Microsoft A story of developer productivityNills Franssens
 
AKS
AKSAKS
AKSgirish goudar
 
Container orchestration overview
Container orchestration overviewContainer orchestration overview
Container orchestration overviewWyn B. Van Devanter
 
Kubernetes in Azure
Kubernetes in AzureKubernetes in Azure
Kubernetes in AzureKarl Ots
 
Google Cloud Container Security Quick Overview
Google Cloud Container Security Quick OverviewGoogle Cloud Container Security Quick Overview
Google Cloud Container Security Quick OverviewKrishna-Kumar
 
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...Docker, Inc.
 
Introduction to container mangement
Introduction to container mangementIntroduction to container mangement
Introduction to container mangementMartin Marcher
 
Aks pimarox from zero to hero
Aks pimarox from zero to heroAks pimarox from zero to hero
Aks pimarox from zero to heroJohan Biere
 
Kubernetes One-Click Deployment: Hands-on Workshop (Munich)
Kubernetes One-Click Deployment: Hands-on Workshop (Munich)Kubernetes One-Click Deployment: Hands-on Workshop (Munich)
Kubernetes One-Click Deployment: Hands-on Workshop (Munich)QAware GmbH
 
Virtualized containers
Virtualized containersVirtualized containers
Virtualized containersAnanth Padmanabhan
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

Making sense of containers, docker and Kubernetes on Azure.
Making sense of containers, docker and Kubernetes on Azure.Making sense of containers, docker and Kubernetes on Azure.
Making sense of containers, docker and Kubernetes on Azure.Nills Franssens
 
Kubernetes And Istio and Azure AKS DevOps
Kubernetes And Istio and Azure AKS DevOpsKubernetes And Istio and Azure AKS DevOps
Kubernetes And Istio and Azure AKS DevOpsOfir Makmal
 
Containers and OpenStack - A Happy Marriage - Madhuri - Intel - CC18
Containers and OpenStack - A Happy Marriage - Madhuri - Intel - CC18Containers and OpenStack - A Happy Marriage - Madhuri - Intel - CC18
Containers and OpenStack - A Happy Marriage - Madhuri - Intel - CC18CodeOps Technologies LLP
 
Moving Applications into Azure Kubernetes
Moving Applications into Azure KubernetesMoving Applications into Azure Kubernetes
Moving Applications into Azure KubernetesHussein Salman
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesSlideTeam
 
NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013aspyker
 
Building Cloud Native Applications Using Spring Boot and Spring Cloud
Building Cloud Native Applications Using Spring Boot and Spring CloudBuilding Cloud Native Applications Using Spring Boot and Spring Cloud
Building Cloud Native Applications Using Spring Boot and Spring CloudGeekNightHyderabad
 
RBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKSRBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKSEmad Alashi
 
Multitenancy on EKS
Multitenancy on EKSMultitenancy on EKS
Multitenancy on EKSIan Crosby
 
The container ecosystem @ Microsoft A story of developer productivity
The container ecosystem @ Microsoft A story of developer productivityThe container ecosystem @ Microsoft A story of developer productivity
The container ecosystem @ Microsoft A story of developer productivityNills Franssens
 
Container orchestration overview
Container orchestration overviewContainer orchestration overview
Container orchestration overviewWyn B. Van Devanter
 
Kubernetes in Azure
Kubernetes in AzureKubernetes in Azure
Kubernetes in AzureKarl Ots
 
Google Cloud Container Security Quick Overview
Google Cloud Container Security Quick OverviewGoogle Cloud Container Security Quick Overview
Google Cloud Container Security Quick OverviewKrishna-Kumar
 
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...Docker, Inc.
 
Introduction to container mangement
Introduction to container mangementIntroduction to container mangement
Introduction to container mangementMartin Marcher
 
Aks pimarox from zero to hero
Aks pimarox from zero to heroAks pimarox from zero to hero
Aks pimarox from zero to heroJohan Biere
 
Kubernetes One-Click Deployment: Hands-on Workshop (Munich)
Kubernetes One-Click Deployment: Hands-on Workshop (Munich)Kubernetes One-Click Deployment: Hands-on Workshop (Munich)
Kubernetes One-Click Deployment: Hands-on Workshop (Munich)QAware GmbH
 

Mais procurados (20)

Making sense of containers, docker and Kubernetes on Azure.
Making sense of containers, docker and Kubernetes on Azure.Making sense of containers, docker and Kubernetes on Azure.
Making sense of containers, docker and Kubernetes on Azure.
 
Kubernetes And Istio and Azure AKS DevOps
Kubernetes And Istio and Azure AKS DevOpsKubernetes And Istio and Azure AKS DevOps
Kubernetes And Istio and Azure AKS DevOps
 
Containers and OpenStack - A Happy Marriage - Madhuri - Intel - CC18
Containers and OpenStack - A Happy Marriage - Madhuri - Intel - CC18Containers and OpenStack - A Happy Marriage - Madhuri - Intel - CC18
Containers and OpenStack - A Happy Marriage - Madhuri - Intel - CC18
 
Autoscaling in Kubernetes
Autoscaling in KubernetesAutoscaling in Kubernetes
Autoscaling in Kubernetes
 
Moving Applications into Azure Kubernetes
Moving Applications into Azure KubernetesMoving Applications into Azure Kubernetes
Moving Applications into Azure Kubernetes
 
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation SlidesKubernetes Concepts And Architecture Powerpoint Presentation Slides
Kubernetes Concepts And Architecture Powerpoint Presentation Slides
 
NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013NetflixOSS for Triangle Devops Oct 2013
NetflixOSS for Triangle Devops Oct 2013
 
Building Cloud Native Applications Using Spring Boot and Spring Cloud
Building Cloud Native Applications Using Spring Boot and Spring CloudBuilding Cloud Native Applications Using Spring Boot and Spring Cloud
Building Cloud Native Applications Using Spring Boot and Spring Cloud
 
RBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKSRBAC in Azure Kubernetes Service AKS
RBAC in Azure Kubernetes Service AKS
 
Multitenancy on EKS
Multitenancy on EKSMultitenancy on EKS
Multitenancy on EKS
 
Why Kubernetes on Azure
Why Kubernetes on AzureWhy Kubernetes on Azure
Why Kubernetes on Azure
 
The container ecosystem @ Microsoft A story of developer productivity
The container ecosystem @ Microsoft A story of developer productivityThe container ecosystem @ Microsoft A story of developer productivity
The container ecosystem @ Microsoft A story of developer productivity
 
AKS
AKSAKS
AKS
 
Container orchestration overview
Container orchestration overviewContainer orchestration overview
Container orchestration overview
 
Kubernetes in Azure
Kubernetes in AzureKubernetes in Azure
Kubernetes in Azure
 
Google Cloud Container Security Quick Overview
Google Cloud Container Security Quick OverviewGoogle Cloud Container Security Quick Overview
Google Cloud Container Security Quick Overview
 
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
Microservices + Events + Docker = A Perfect Trio by Docker Captain Chris Rich...
 
Introduction to container mangement
Introduction to container mangementIntroduction to container mangement
Introduction to container mangement
 
Aks pimarox from zero to hero
Aks pimarox from zero to heroAks pimarox from zero to hero
Aks pimarox from zero to hero
 
Kubernetes One-Click Deployment: Hands-on Workshop (Munich)
Kubernetes One-Click Deployment: Hands-on Workshop (Munich)Kubernetes One-Click Deployment: Hands-on Workshop (Munich)
Kubernetes One-Click Deployment: Hands-on Workshop (Munich)
 

Semelhante a Virtualized Containers - How Good is it - Ananth - Siemens - CC18

AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)Amazon Web Services
 
Rami Sayar - Node microservices with Docker
Rami Sayar - Node microservices with DockerRami Sayar - Node microservices with Docker
Rami Sayar - Node microservices with DockerWeb à Québec
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...NETWAYS
 
Containers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aciContainers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aciRajesh Kolla
 
DevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container EngineDevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container EngineKit Merker
 
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...Amazon Web Services
 
Re:invent 2016 Container Scheduling, Execution and AWS Integration
Re:invent 2016 Container Scheduling, Execution and AWS IntegrationRe:invent 2016 Container Scheduling, Execution and AWS Integration
Re:invent 2016 Container Scheduling, Execution and AWS Integrationaspyker
 
Introduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and DockerIntroduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and DockerChris Taylor
 
Container and Cloud Native Application: What is VMware doing in this space? -...
Container and Cloud Native Application: What is VMware doing in this space? -...Container and Cloud Native Application: What is VMware doing in this space? -...
Container and Cloud Native Application: What is VMware doing in this space? -...gguglie
 
A curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & KubernetesA curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & KuberneteszekeLabs Technologies
 
DockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaDockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaRoman Dembitsky
 
DCEU 18: Docker Container Security
DCEU 18: Docker Container SecurityDCEU 18: Docker Container Security
DCEU 18: Docker Container SecurityDocker, Inc.
 
Preparing your dockerised application for production deployment
Preparing your dockerised application for production deploymentPreparing your dockerised application for production deployment
Preparing your dockerised application for production deploymentDave Ward
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Docker, Inc.
 

Semelhante a Virtualized Containers - How Good is it - Ananth - Siemens - CC18 (20)

Virtualized containers
Virtualized containersVirtualized containers
Virtualized containers
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
 
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)AWS re:Invent 2016: Securing Container-Based Applications (CON402)
AWS re:Invent 2016: Securing Container-Based Applications (CON402)
 
Containers 101
Containers 101Containers 101
Containers 101
 
Rami Sayar - Node microservices with Docker
Rami Sayar - Node microservices with DockerRami Sayar - Node microservices with Docker
Rami Sayar - Node microservices with Docker
 
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
stackconf 2020 | Replace your Docker based Containers with Cri-o Kata Contain...
 
Containers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aciContainers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aci
 
DevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container EngineDevNexus 2015: Kubernetes & Container Engine
DevNexus 2015: Kubernetes & Container Engine
 
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
AWS re:Invent 2016: Netflix: Container Scheduling, Execution, and Integration...
 
Re:invent 2016 Container Scheduling, Execution and AWS Integration
Re:invent 2016 Container Scheduling, Execution and AWS IntegrationRe:invent 2016 Container Scheduling, Execution and AWS Integration
Re:invent 2016 Container Scheduling, Execution and AWS Integration
 
Docker Basics
Docker BasicsDocker Basics
Docker Basics
 
Introduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and DockerIntroduction to Containers - SQL Server and Docker
Introduction to Containers - SQL Server and Docker
 
Container and Cloud Native Application: What is VMware doing in this space? -...
Container and Cloud Native Application: What is VMware doing in this space? -...Container and Cloud Native Application: What is VMware doing in this space? -...
Container and Cloud Native Application: What is VMware doing in this space? -...
 
A curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & KubernetesA curtain-raiser to the container world Docker & Kubernetes
A curtain-raiser to the container world Docker & Kubernetes
 
DockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaDockerCon EU 2015 Barcelona
DockerCon EU 2015 Barcelona
 
DCEU 18: Docker Container Security
DCEU 18: Docker Container SecurityDCEU 18: Docker Container Security
DCEU 18: Docker Container Security
 
Preparing your dockerised application for production deployment
Preparing your dockerised application for production deploymentPreparing your dockerised application for production deployment
Preparing your dockerised application for production deployment
 
ExpoQA 2017 Docker and CI
ExpoQA 2017 Docker and CIExpoQA 2017 Docker and CI
ExpoQA 2017 Docker and CI
 
Docker & ci
Docker & ciDocker & ci
Docker & ci
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
 

Mais de CodeOps Technologies LLP

AWS Serverless Event-driven Architecture - in lastminute.com meetup
AWS Serverless Event-driven Architecture - in lastminute.com meetupAWS Serverless Event-driven Architecture - in lastminute.com meetup
AWS Serverless Event-driven Architecture - in lastminute.com meetupCodeOps Technologies LLP
 
BUILDING SERVERLESS SOLUTIONS WITH AZURE FUNCTIONS
BUILDING SERVERLESS SOLUTIONS WITH AZURE FUNCTIONSBUILDING SERVERLESS SOLUTIONS WITH AZURE FUNCTIONS
BUILDING SERVERLESS SOLUTIONS WITH AZURE FUNCTIONSCodeOps Technologies LLP
 
APPLYING DEVOPS STRATEGIES ON SCALE USING AZURE DEVOPS SERVICES
APPLYING DEVOPS STRATEGIES ON SCALE USING AZURE DEVOPS SERVICESAPPLYING DEVOPS STRATEGIES ON SCALE USING AZURE DEVOPS SERVICES
APPLYING DEVOPS STRATEGIES ON SCALE USING AZURE DEVOPS SERVICESCodeOps Technologies LLP
 
BUILD, TEST & DEPLOY .NET CORE APPS IN AZURE DEVOPS
BUILD, TEST & DEPLOY .NET CORE APPS IN AZURE DEVOPSBUILD, TEST & DEPLOY .NET CORE APPS IN AZURE DEVOPS
BUILD, TEST & DEPLOY .NET CORE APPS IN AZURE DEVOPSCodeOps Technologies LLP
 
CREATE RELIABLE AND LOW-CODE APPLICATION IN SERVERLESS MANNER
CREATE RELIABLE AND LOW-CODE APPLICATION IN SERVERLESS MANNERCREATE RELIABLE AND LOW-CODE APPLICATION IN SERVERLESS MANNER
CREATE RELIABLE AND LOW-CODE APPLICATION IN SERVERLESS MANNERCodeOps Technologies LLP
 
CREATING REAL TIME DASHBOARD WITH BLAZOR, AZURE FUNCTION COSMOS DB AN AZURE S...
CREATING REAL TIME DASHBOARD WITH BLAZOR, AZURE FUNCTION COSMOS DB AN AZURE S...CREATING REAL TIME DASHBOARD WITH BLAZOR, AZURE FUNCTION COSMOS DB AN AZURE S...
CREATING REAL TIME DASHBOARD WITH BLAZOR, AZURE FUNCTION COSMOS DB AN AZURE S...CodeOps Technologies LLP
 
WRITE SCALABLE COMMUNICATION APPLICATION WITH POWER OF SERVERLESS
WRITE SCALABLE COMMUNICATION APPLICATION WITH POWER OF SERVERLESSWRITE SCALABLE COMMUNICATION APPLICATION WITH POWER OF SERVERLESS
WRITE SCALABLE COMMUNICATION APPLICATION WITH POWER OF SERVERLESSCodeOps Technologies LLP
 
Training And Serving ML Model Using Kubeflow by Jayesh Sharma
Training And Serving ML Model Using Kubeflow by Jayesh SharmaTraining And Serving ML Model Using Kubeflow by Jayesh Sharma
Training And Serving ML Model Using Kubeflow by Jayesh SharmaCodeOps Technologies LLP
 
Deploy Microservices To Kubernetes Without Secrets by Reenu Saluja
Deploy Microservices To Kubernetes Without Secrets by Reenu SalujaDeploy Microservices To Kubernetes Without Secrets by Reenu Saluja
Deploy Microservices To Kubernetes Without Secrets by Reenu SalujaCodeOps Technologies LLP
 
Leverage Azure Tech stack for any Kubernetes cluster via Azure Arc by Saiyam ...
Leverage Azure Tech stack for any Kubernetes cluster via Azure Arc by Saiyam ...Leverage Azure Tech stack for any Kubernetes cluster via Azure Arc by Saiyam ...
Leverage Azure Tech stack for any Kubernetes cluster via Azure Arc by Saiyam ...CodeOps Technologies LLP
 
YAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra KhareYAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra KhareCodeOps Technologies LLP
 
Must Know Azure Kubernetes Best Practices And Features For Better Resiliency ...
Must Know Azure Kubernetes Best Practices And Features For Better Resiliency ...Must Know Azure Kubernetes Best Practices And Features For Better Resiliency ...
Must Know Azure Kubernetes Best Practices And Features For Better Resiliency ...CodeOps Technologies LLP
 
Monitor Azure Kubernetes Cluster With Prometheus by Mamta Jha
Monitor Azure Kubernetes Cluster With Prometheus by Mamta JhaMonitor Azure Kubernetes Cluster With Prometheus by Mamta Jha
Monitor Azure Kubernetes Cluster With Prometheus by Mamta JhaCodeOps Technologies LLP
 
Functional Programming in Java 8 - Lambdas and Streams
Functional Programming in Java 8 - Lambdas and StreamsFunctional Programming in Java 8 - Lambdas and Streams
Functional Programming in Java 8 - Lambdas and StreamsCodeOps Technologies LLP
 
Distributed Tracing: New DevOps Foundation
Distributed Tracing: New DevOps FoundationDistributed Tracing: New DevOps Foundation
Distributed Tracing: New DevOps FoundationCodeOps Technologies LLP
 
"Distributed Tracing: New DevOps Foundation" by Jayesh Ahire
"Distributed Tracing: New DevOps Foundation" by Jayesh Ahire "Distributed Tracing: New DevOps Foundation" by Jayesh Ahire
"Distributed Tracing: New DevOps Foundation" by Jayesh Ahire CodeOps Technologies LLP
 

Mais de CodeOps Technologies LLP (20)

AWS Serverless Event-driven Architecture - in lastminute.com meetup
AWS Serverless Event-driven Architecture - in lastminute.com meetupAWS Serverless Event-driven Architecture - in lastminute.com meetup
AWS Serverless Event-driven Architecture - in lastminute.com meetup
 
Understanding azure batch service
Understanding azure batch serviceUnderstanding azure batch service
Understanding azure batch service
 
DEVOPS AND MACHINE LEARNING
DEVOPS AND MACHINE LEARNINGDEVOPS AND MACHINE LEARNING
DEVOPS AND MACHINE LEARNING
 
SERVERLESS MIDDLEWARE IN AZURE FUNCTIONS
SERVERLESS MIDDLEWARE IN AZURE FUNCTIONSSERVERLESS MIDDLEWARE IN AZURE FUNCTIONS
SERVERLESS MIDDLEWARE IN AZURE FUNCTIONS
 
BUILDING SERVERLESS SOLUTIONS WITH AZURE FUNCTIONS
BUILDING SERVERLESS SOLUTIONS WITH AZURE FUNCTIONSBUILDING SERVERLESS SOLUTIONS WITH AZURE FUNCTIONS
BUILDING SERVERLESS SOLUTIONS WITH AZURE FUNCTIONS
 
APPLYING DEVOPS STRATEGIES ON SCALE USING AZURE DEVOPS SERVICES
APPLYING DEVOPS STRATEGIES ON SCALE USING AZURE DEVOPS SERVICESAPPLYING DEVOPS STRATEGIES ON SCALE USING AZURE DEVOPS SERVICES
APPLYING DEVOPS STRATEGIES ON SCALE USING AZURE DEVOPS SERVICES
 
BUILD, TEST & DEPLOY .NET CORE APPS IN AZURE DEVOPS
BUILD, TEST & DEPLOY .NET CORE APPS IN AZURE DEVOPSBUILD, TEST & DEPLOY .NET CORE APPS IN AZURE DEVOPS
BUILD, TEST & DEPLOY .NET CORE APPS IN AZURE DEVOPS
 
CREATE RELIABLE AND LOW-CODE APPLICATION IN SERVERLESS MANNER
CREATE RELIABLE AND LOW-CODE APPLICATION IN SERVERLESS MANNERCREATE RELIABLE AND LOW-CODE APPLICATION IN SERVERLESS MANNER
CREATE RELIABLE AND LOW-CODE APPLICATION IN SERVERLESS MANNER
 
CREATING REAL TIME DASHBOARD WITH BLAZOR, AZURE FUNCTION COSMOS DB AN AZURE S...
CREATING REAL TIME DASHBOARD WITH BLAZOR, AZURE FUNCTION COSMOS DB AN AZURE S...CREATING REAL TIME DASHBOARD WITH BLAZOR, AZURE FUNCTION COSMOS DB AN AZURE S...
CREATING REAL TIME DASHBOARD WITH BLAZOR, AZURE FUNCTION COSMOS DB AN AZURE S...
 
WRITE SCALABLE COMMUNICATION APPLICATION WITH POWER OF SERVERLESS
WRITE SCALABLE COMMUNICATION APPLICATION WITH POWER OF SERVERLESSWRITE SCALABLE COMMUNICATION APPLICATION WITH POWER OF SERVERLESS
WRITE SCALABLE COMMUNICATION APPLICATION WITH POWER OF SERVERLESS
 
Training And Serving ML Model Using Kubeflow by Jayesh Sharma
Training And Serving ML Model Using Kubeflow by Jayesh SharmaTraining And Serving ML Model Using Kubeflow by Jayesh Sharma
Training And Serving ML Model Using Kubeflow by Jayesh Sharma
 
Deploy Microservices To Kubernetes Without Secrets by Reenu Saluja
Deploy Microservices To Kubernetes Without Secrets by Reenu SalujaDeploy Microservices To Kubernetes Without Secrets by Reenu Saluja
Deploy Microservices To Kubernetes Without Secrets by Reenu Saluja
 
Leverage Azure Tech stack for any Kubernetes cluster via Azure Arc by Saiyam ...
Leverage Azure Tech stack for any Kubernetes cluster via Azure Arc by Saiyam ...Leverage Azure Tech stack for any Kubernetes cluster via Azure Arc by Saiyam ...
Leverage Azure Tech stack for any Kubernetes cluster via Azure Arc by Saiyam ...
 
YAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra KhareYAML Tips For Kubernetes by Neependra Khare
YAML Tips For Kubernetes by Neependra Khare
 
Must Know Azure Kubernetes Best Practices And Features For Better Resiliency ...
Must Know Azure Kubernetes Best Practices And Features For Better Resiliency ...Must Know Azure Kubernetes Best Practices And Features For Better Resiliency ...
Must Know Azure Kubernetes Best Practices And Features For Better Resiliency ...
 
Monitor Azure Kubernetes Cluster With Prometheus by Mamta Jha
Monitor Azure Kubernetes Cluster With Prometheus by Mamta JhaMonitor Azure Kubernetes Cluster With Prometheus by Mamta Jha
Monitor Azure Kubernetes Cluster With Prometheus by Mamta Jha
 
Jet brains space intro presentation
Jet brains space intro presentationJet brains space intro presentation
Jet brains space intro presentation
 
Functional Programming in Java 8 - Lambdas and Streams
Functional Programming in Java 8 - Lambdas and StreamsFunctional Programming in Java 8 - Lambdas and Streams
Functional Programming in Java 8 - Lambdas and Streams
 
Distributed Tracing: New DevOps Foundation
Distributed Tracing: New DevOps FoundationDistributed Tracing: New DevOps Foundation
Distributed Tracing: New DevOps Foundation
 
"Distributed Tracing: New DevOps Foundation" by Jayesh Ahire
"Distributed Tracing: New DevOps Foundation" by Jayesh Ahire "Distributed Tracing: New DevOps Foundation" by Jayesh Ahire
"Distributed Tracing: New DevOps Foundation" by Jayesh Ahire
 

Último

Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commercemanigoyal112
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfIdiosysTechnologies1
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtimeandrehoraa
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 

Último (20)

Cyber security and its impact on E commerce
Cyber security and its impact on E commerceCyber security and its impact on E commerce
Cyber security and its impact on E commerce
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdf
 
What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
SpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at RuntimeSpotFlow: Tracking Method Calls and States at Runtime
SpotFlow: Tracking Method Calls and States at Runtime
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 

Virtualized Containers - How Good is it - Ananth - Siemens - CC18

  • 1. VIRTUALIZED CONTAINERS Ananth, Himanshu, Rajaram, Sandeep, Siva, Sanjay
  • 2. AGENDA • VMs vs containers • Virtualized containers • Kata containers • Container security • Kata containers & Docker • Kata containers & K8s • Summary
  • 3. VM VS CONTAINERS Ref: https://katacontainers.io
  • 4. VM VS CONTAINERS • VMs are abstraction of the hardware, allowing multiple servers to run on the same hardware • Containers are abstraction at the application layer, that packages app code and dependencies together • Each VM has its own operating system, all necessary binaries and libraries, making it heavy • Containers share the host OS kernel and has only those packages necessary to run the application, therefore very light • VMs take time to boot-up and the images are large in size • The USP for containers is speed and portability
  • 5. VIRTUALIZED CONTAINERS • Speed of containers • Security of VMs • Otherwise called hypervisor based containers Image Ref Image Ref Image refImage Ref
  • 6. VIRTUALIZED CONTAINERS CONTD… Traditional containers such as Docker Virtualized containers Ref: http://katacontainers.io Shared kernel Dedicated kernel
  • 7. VIRTUALIZED CONTAINERS CONTD… • Traditional containers share the underlying OS kernel. • We run a lot of unknown un-trusted applications on containers in our datacenter. • If a malicious user gains access to the host OS kernel, rest of the containers and the entire system can be compromised. • Kata-runtime boots each containers as a light weight VM, using hardware virtualization. • Provides double isolation without compromising on performance • Reduces the attacking surface, thereby improving security
  • 8. CONTAINER SECURITY • Docker itself is built with security and isolation in mind. It provides lot of inherent features and hooks to make your system more secure. • However, it does not prevent you from “Running random code downloaded from the Internet and running it as root” • We need not worry if proper security measures are taken and best practices are adhered to
  • 9. CONTAINER SECURITY CONTD… • Host and kernel security • Denial-of-service attacks • Container breakout • Credentials and secrets • Authenticity of images • Static image vulnerabilities • Runtime security
  • 11. KATA CONTAINERS WITH DOCKER Ref: http://katacontainers.io
  • 12. CONFIGURATION STEPS • Enable virtualization (Intel VT / AMD-V) on the docker host • Create a config file inside docker.service.d • Restart docker • Spin up kata containers using docker run command and docker images [root@tt2aio docker-host]# cd /etc/systemd/system/docker.service.d [root@tt2aio docker-host]# cat <<EOF | sudo tee kata-containers.conf [Service] ExecStart= ExecStart=/usr/bin/dockerd -D --add-runtime kata- runtime=/usr/bin/kata-runtime --default-runtime=kata-runtime EOF [root@tt2aio docker-host]# systemctl daemon-reload [root@tt2aio docker-host]# systemctl restart docker
  • 13. K8S – CRI - OCI Ref: https://katacontainers.io/posts/why-kata-containers-doesnt-replace- kubernetes
  • 14. KATA CONTAINERS AND KUBERNETES Kubelet cri-containerd Kata Runtime CRI OCI cri-o VM Pod Container
  • 15. SUMMARY • Kata-containers are new, exciting, evolving • More secure by design without much impact on performance • Has limited support for various hypervisors to begin with • Does not replace Docker and Kubernetes, rather complements them.
  • 16. WHAT’S IN STORE • Support hypervisor based runtime called fracti. • Fracti can schedule pods and containers directly inside a hypervisor via runV. • Enable runV to kata-runtime migrations • Provide “official” support for Kubernetes Contribute to https://github.com/kata-containers
  • 17. REFERENCES • https://docs.docker.com/ • https://katacontainers.io/ • Docker runtime execution options • Why Kata containers cannot replaces K8S • Container security vulnerabilities and threats • Securing containers • Running kata with Docker • Running kata with K8s