Leveraging the Power of containerd Events - Evan Hazlett

•

0 gostou•1,028 visualizações

containerd provides the low-level functionality that enables the Docker Engine to run containers. containerd events provide a simple, yet powerful mechanism to integrate with virtually any other system with minimal effort. This talk will cover what containerd events are and how to use them for integration with systems ranging from monitoring and logging to container networking using CNI (Container Network Interface) plugins.

Tecnologia

Leveraging
Containerd Events
Evan Hazlett
Software Engineer,
Docker

● container executor and supervisor
● image distribution
● local storage
● builtin metrics
● plumbing level API
containerd
what is containerd?

● No build
● No logging
● No volumes
● No networking
containerd
what it is not...

● content
● images
● rootfs
● execution
● shim
containerd: GRPC APIs
containerd/api/services/

service ContainerService {
rpc Create(CreateRequest) returns (CreateResponse);
rpc Start(StartRequest) returns (google.protobuf.Empty);
rpc Delete(DeleteRequest) returns (DeleteResponse);
rpc Info(InfoRequest) returns (containerd.v1.types.Container);
rpc List(ListRequest) returns (ListResponse);
rpc Kill(KillRequest) returns (google.protobuf.Empty);
rpc Events(EventsRequest) returns (stream containerd.v1.types.Event);
rpc Exec(ExecRequest) returns (ExecResponse);
}
containerd: GRPC APIs
execution

● Create
● Start
● Delete
containerd: container lifecycle

$> ctr events
TYPE ID PID EXIT_STATUS
CREATE redis 1402 0
START redis 1402 0
EXIT redis 1402 0
containerd: events

$svc, _ := execution.NewContainerServiceClient(conn) events, _ := svc.Events(context.Background(), &execution.EventsRequest{}) for { e, _ := events.Recv() handleEvent(e) } containerd: events$

$cmdline, err := getProcCommand(int(evt.Pid)) fields := logrus.Fields{ "id": evt.ID, "type": evt.Type.String(), "pid": evt.Pid, "exit_status": evt.ExitStatus, "cmdline": cmdline, } if evt.Type.String() != "EXIT" { utime, stime, threads, vsize, rss, _ := getProcStat(int(evt.Pid)) fields["utime"] = utime fields["stime"] = stime fields["threads"] = threads fields["vsize"] = vsize fields["rss"] = rss } containerd: events$

● Prometheus compatible
● container metrics
● cgroup stats
● oom events
containerd: metrics

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
containerd: networking

CNI is a specification and set of libraries for creating
plugins to configure network interfaces in Linux
containers.
container networking initiative

Builtin
● bridge
● ipvlan
● loopback
● macvlan
● ptp
container networking initiative
available plugins
Third Party
● Project Calico
● Weave
● Contiv
● Infoblox
● ...more

{
"cniVersion": "0.3.0",
"name": "default",
"type": "bridge",
"bridge": "cni0",
"ipMasq": true,
"isGateway": true,
"ipam": {...}
}
containerd: networking with cni

$netconf, _ := libcni.LoadConf(confPath, networkName) cniConf := &libcni.CNIConfig{ Path: cniPluginPath, } runtime := &libcni.RuntimeConf{ ContainerID: containerPid, NetNS: fmt.Sprintf("/proc/%d/ns/net", containerPid), IfName: “eth0”, } // connect r, _ := cniConf.AddNetwork(netconf, runtime) containerd: networking with cni$

● manages cni networks
● standard cli for operations
○ connect, disconnect, view
containerd: networking
cni management via circuit

● receives “START” event
● uses cni to connect container to
network
● upon “EXIT” event, removes container
from network
containerd: networking
automatic container networking with events and circuit

Thank you!
● containerd: github.com/containerd/containerd
● cni: github.com/containernetworking/cni
Demo Source
● ctrd-events: github.com/ehazlett/ctrd-events
● circuit: github.com/ehazlett/circuit
@ehazlett #dockercon

Mais conteúdo relacionado

Mais procurados

As the adoption of Kubernetes continues to grow, so does the need for securing containerized applications and their data. One effective security model that has gained popularity is Zero Trust Networking, which assumes that all resources, devices and users are untrusted, and access to resources is granted only after proper authentication and authorization. However, implementing Zero Trust Networking in Kubernetes can be challenging, given the dynamic nature of containerized workloads and the complexity of network policies. In this presentation, we will explore how to implement Zero Trust Networking in Kubernetes using Cilium, Hubble & Grafana. We will start by setting up Cilium on a Kubernetes cluster, which provides network security by enforcing identity-based access control policies using eBPF. Next, we will export Network Policy Verdict metrics using Hubble, which allows us to visualize network policies and track security events in real-time. Finally, we will use a Grafana dashboard to visualize these metrics and demonstrate how to secure a Kubernetes namespace without affecting existing traffic in the namespace. By the end of this presentation, attendees will have a good understanding of the importance of Zero Trust Networking in Kubernetes and how to implement it using Cilium, Hubble & Grafana. They will also learn how to secure a Kubernetes namespace and monitor network policies using a Grafana dashboard.

Cloud Native Bern 05.2023 — Zero Trust Visibility

Raphaël PINSON

This tutorial on "Getting started With Docker" will help you understand the fundamental concepts in Docker and how it is used for containerization. Below are the topics covered in this tutorial: 1. Challenges With Shipping & Transportation 2. How Does Docker Fit The Bill? 3. What Is Docker? 4. Benefits Of Docker Over Virtual Machines 5. Docker Terminology 6. Architecture Of Docker 7. Hands-On: Running Hello-World Docker Container To take a structured training on Deep Learning, you can check complete details of our Deep Learning with TensorFlow course here: https://goo.gl/WF1RYI

Getting Started With Docker | Docker Tutorial | Docker Training | Edureka

Edureka!

Docker containers

Pau López

Docker 101 : Introduction to Docker and Containers

Yajushi Srivastava

Deploying software and controlling infrastructure quickly and safely is a hard task. In this talk, Brice Fernandes, Customer Success Engineer at Weaveworks, discusses GitOps, an operational model for Kubernetes and beyond to speed up development, while retaining extremely strong security guarantees. Brice describes and shows several open source tools developed at Weaveworks to support this approach. You will have a good idea of how to use the GitOps principles to create software pipelines that are fast, safe, and reproducible, while creating clear and high quality audit trails. Check out the full presentation on YouTube: https://youtu.be/QdCwUUtcj4I

Delivering Quality at Speed with GitOps

Weaveworks

Deploying a 3 tier application using docker

parth2094

Network Service Mesh

Prem Sankar Gopannan

Understanding container security

John Kinsella

Docker Basics

DuckDuckGo

https://sched.co/ytpi It has been very hard to use Mac for developing containerized apps. A typical way is to use Docker for Mac, but it is not FLOSS. Another option is to install Docker and/or Kubernetes into VirtualBox, often via minikube, but it doesn't propagate localhost ports, and VirtualBox also doesn't support the ARM architecture. This session will show how to run containerd and k3s on macOS, using Lima and Rancher Desktop. Lima wraps QEMU in a simple CLI, with neat features for container users, such as filesystem sharing and automatic localhost port forwarding, as well as DNS and proxy propagation for enterprise networks. Rancher Desktop wraps Lima with k3s integration and GUI.

[KubeCon EU 2022] Running containerd and k3s on macOS

Akihiro Suda

Container security

Anthony Chow

Introduction and Deep Dive Into Containerd

Kohei Tokunaga

CloudNativeCon North America 2017, Austin (Texas, USA): Talk by Josef Adersberger (@adersberger, CTO at QAware) Abstract: Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can! We’re facing the challenge of migrating hundreds of JEE legacy applications of a major German insurance company onto a Kubernetes cluster within one year. We're now close to the finish line and it worked pretty well so far. The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way. We'll provide our answers to life, the universe and a cloud native journey like: - What technical constraints of Kubernetes can be obstacles for applications and how to tackle these? - How to architect a landscape of hundreds of containerized applications with their surrounding infrastructure like DBs MQs and IAM and heavy requirements on security? - How to industrialize and govern the migration process? - How to leverage the possibilities of a cloud native platform like Kubernetes without challenging the tight timeline?

Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...

QAware GmbH

Docker Kubernetes Istio

Araf Karsh Hamid

Kubernetes supports several security mechanisms such as Seccomp, Apparmor, SELinux, and runAsUser for protecting the hosts from container-breakout attacks. However, these mechanisms are not sufficient for the security demand because Kubelet and CRI/OCI runtimes require the root privileges on the hosts, and these components are seriously bug-prone. The dependency on the root privileges has been also problematic for promoting Kubernetes to the HPC world, where users are often disallowed to install software as the root. In this talk, Akihiro and Giuseppe will show the community’s ongoing work for making Kubernetes deployable and runnable as a non-root user, by using User Namespaces. The main topics of discussion will be UID/GID mapping, unprivileged Copy-on-Write filesystems, Usermode networking (Slirp), and Cgroups. https://fosdem.org/2019/schedule/event/containers_k8s_rootless/

Rootless Kubernetes

Akihiro Suda

http://sched.co/EaYe Until recently, running `docker build` against Dockerfile had been the only way to build container images. However, lots of opensource software are being proposed as successors/alternatives to `docker build`: - BuildKit (Moby Project / Docker) - img (Jessica Frazelle / Microsoft) - Buildah (Project Atomic / Red Hat) - umoci & Orca (SUSE) - Bazel (Google) - OpenShift S2I (Red Hat) Akihiro Suda compares these new tools' advantages and disadvantages. His evaluation basis would include but not be limited to: - Performance (Cache efficiency, Concurrency, Distributed Execution) - Secret management, e.g. SSH and AWS keys - Support for non-Dockerfile - Non-root execution - UI & UX - Governance of the community He also proposes a unified interface for using these tools with Kubernetes in a vendor-neutral way.

Comparing Next-Generation Container Image Building Tools

Akihiro Suda

Kubernetes 101

Crevise Technologies

Container Security

Jie Liau

Philipp explains the best performing Open Source software-defined storage software available to Apache CloudStack today. It consists of two well-concerted components. LINSTOR and DRBD. Each of them also has its independent use cases, where it is deployed alone. In this presentation, the combination of these two is examined. They form the control plane and the data plane of the SDS. We will touch on: Performance, scalability, hyper-convergence (data-locality for high IO performance), resiliency through data replication (synchronous within a site, 2-way, 3-way, or more), snapshots, backup (to S3), encryption at rest, deduplication, compression, placement policies (regarding failure domains), management CLI and webGUI, monitoring interface, self-healing (restoring redundancy after device/node failure), the federation of multiple sites (async mirroring and repeatedly snapshot difference shipping), QoS control (noisy neighbors limitation) and of course: complete integration with CloudStack for KVM guests. It is Open Source software following the Unix philosophy. Each component solves one task, made for maximal re-usability. The solution leverages the Linux kernel, LVM and/or ZFS, and many Open Source software libraries. Building on these giant Open Source foundations, not only saves LINBIT from re-inventing the wheels, it also empowers your day 2 operation teams since they are already familiar with these technologies. Philipp Reisner is one of the founders and CEO of LINBIT in Vienna/Austria. He holds a Dipl.-Ing. (comparable to MSc) degree in computer science from Technical University in Vienna. His professional career has been dominated by developing DRBD, a storage replication software for Linux. While in the early years (2001) this was writing kernel code, today he leads a company of 30 employees with locations in Austria and the USA. LINBIT is an Open Source company offering enterprise-level support subscriptions for its Open Source technologies. ----------------------------------------- CloudStack Collaboration Conference 2022 took place on 14th-16th November in Sofia, Bulgaria and virtually. The day saw a hybrid get-together of the global CloudStack community hosting 370 attendees. The event hosted 43 sessions from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.

What CloudStackers Need To Know About LINSTOR/DRBD

ShapeBlue

Docker: From Zero to Hero

fazalraja

Mais procurados (20)

Cloud Native Bern 05.2023 — Zero Trust Visibility

Getting Started With Docker | Docker Tutorial | Docker Training | Edureka

Docker containers

Docker 101 : Introduction to Docker and Containers

Delivering Quality at Speed with GitOps

Deploying a 3 tier application using docker

Network Service Mesh

Understanding container security

Docker Basics

[KubeCon EU 2022] Running containerd and k3s on macOS

Container security

Introduction and Deep Dive Into Containerd

Migrating Hundreds of Legacy Applications to Kubernetes - The Good, the Bad, ...

Docker Kubernetes Istio

Rootless Kubernetes

Comparing Next-Generation Container Image Building Tools

Kubernetes 101

Container Security

What CloudStackers Need To Know About LINSTOR/DRBD

Docker: From Zero to Hero

Semelhante a Leveraging the Power of containerd Events - Evan Hazlett

[KubeCon EU 2020] containerd Deep Dive

Akihiro Suda

This talk was presented at SRE NYC Meetup on August 16, 2017 at Squarespace HQ. https://www.youtube.com/watch?v=UJ1QAKprVr4 As the engineering teams at Squarespace grow, we have been building more and more microservices. However, this has added operational strain as we try to shoehorn a growing, complex dynamic environment into our static data center infrastructure. We needed to rethink how we handle deployments, dependency management, resource allocation, monitoring, and alerting. Docker containerization and Kubernetes orchestration helps us tackle many of these problems, but the journey has been challenging. In this talk, we’ll discuss the challenges of running Kubernetes in a datacenter and how we switched to a more SLA-focused alert structure than per instance health with Prometheus and AlertManager.

Kubernetes @ Squarespace: Kubernetes in the Datacenter

Kevin Lynch

Kubernetes @ Squarespace (SRE Portland Meetup October 2017)

Kevin Lynch

The Linux kernel is undergoing the most fundamental architecture evolution in history and is becoming a microkernel. Why is the Linux kernel evolving into a microkernel? The potentially biggest fundamental change ever happening to the Linux kernel. This talk covers how companies like Facebook and Google use BPF to patch 0-day exploits, how BPF will change the way features are added to the kernel forever, and how BPF is introducing a new type of application deployment method for the Linux kernel.

eBPF - Rethinking the Linux Kernel

Thomas Graf

Introduction to kubernetes

Rishabh Indoria

Making your app soar without a container manifest

LibbySchulze

In this demos loaded talk we’ll explore the best practices to create a Docker image for a Java app (it’s 2019 and new comers such as Jib, CNCF buildpacks are interesting alternatives to Docker builds !) - and how to integrate best with the Kubernetes ecosystem : after explaining main Kubernetes objects and notions, we’ll discuss Helm charts and productivity tools such as Skaffold, Draft and Telepresence.

Get you Java application ready for Kubernetes !

Anthony Dahanne

LibOS as a regression test framework for Linux networking #netdev1.1

Hajime Tazaki

Vector Packet Technologies such as DPDK and FD.io/VPP revolutionized software packet processing initially for discrete appliances and then for NFV use cases. Container based VNF deployments and it's supporting NFV infrastructure is now the new frontier in packet processing and has number of strong advocates among both traditional Comms Service Providers and in the Cloud. This presentation will give an overview of how DPDK and FD.io/VPP project are rising to meet the challenges of the Container dataplane. The discussion will provide an overview of the challenges, recent new features and what is coming soon in this exciting new area for the software dataplane, in both DPDK and FD.io/VPP! About the speaker: Ray Kinsella has been working on Linux and various other open source technologies for about twenty years. He is recently active in open source communities such as VPP and DPDK but is a constant lurker in many others. He is interested in the software dataplane and optimization, virtualization, operating system design and implementation, communications and networking.

Scaling the Container Dataplane

Michelle Holley

PGConf.ASIA 2019 Bali - PostgreSQL on K8S at Zalando - Alexander Kukushkin

Equnix Business Solutions

Kubernetes #1 intro

Terry Cho

Introduction to Tekton

Victor Iglesias

Rook - cloud-native storage

Karol Chrapek

Real World Lessons on the Pain Points of Node.JS Application

Ben Hall

Enabling Security via Container Runtimes

Phil Estes

Container & kubernetes

Ted Jung

Extended and embedding: containerd update & project use cases

Phil Estes

containerd is an industry-standard core container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc.. containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users. containerd includes a daemon exposing gRPC API over a local UNIX socket. The API is a low-level one designed for higher layers to wrap and extend. It also includes a barebone CLI (ctr) designed specifically for development and debugging purpose. It uses runC to run containers according to the OCI specification. The code can be found on GitHub, and here are the contribution guidelines. containerd is based on the Docker Engine’s core container runtime to benefit from its maturity and existing contributors.

containerd the universal container runtime

Docker, Inc.

containerd summit - Deep Dive into containerd

Docker, Inc.

Kubernetes Intro

Antonio Ojea Garcia

Semelhante a Leveraging the Power of containerd Events - Evan Hazlett (20)

[KubeCon EU 2020] containerd Deep Dive

Kubernetes @ Squarespace: Kubernetes in the Datacenter

Kubernetes @ Squarespace (SRE Portland Meetup October 2017)

eBPF - Rethinking the Linux Kernel

Introduction to kubernetes

Making your app soar without a container manifest

Get you Java application ready for Kubernetes !

LibOS as a regression test framework for Linux networking #netdev1.1

Scaling the Container Dataplane

PGConf.ASIA 2019 Bali - PostgreSQL on K8S at Zalando - Alexander Kukushkin

Kubernetes #1 intro

Introduction to Tekton

Rook - cloud-native storage

Real World Lessons on the Pain Points of Node.JS Application

Enabling Security via Container Runtimes

Container & kubernetes

Extended and embedding: containerd update & project use cases

containerd the universal container runtime

containerd summit - Deep Dive into containerd

Kubernetes Intro

Mais de Docker, Inc.

Raymond Arifianto, AccelByte and Mark Mandel, Google - We have been deploying containerized micro-services for our Game Backend Services for a while. Now we are tackling the challenge to scale up fleets of game dedicated servers in multiple regions, multiple data centers and multiple providers - some in bare metal, some in Cloud. So we leverage docker containerization to deploy Game Servers to achieve Portability, Fast Deployment and Predictability, enabling us to scale up to thousands of servers, on demand, without a sweat.

Containerize Your Game Server for the Best Multiplayer Experience

Docker, Inc.

Nicholas Dille, Haufe-Lexware + Docker Captain - Docker continues to be the standard tool for building container images. For more than a year Docker ships with BuildKit as an alternative image builder, providing advanced features for secret and cache management. These features help to make image builds faster and more secure. In this session, Docker Captain Nicholas Dille will teach you how to use Buildkit features to your advantage.

How to Improve Your Image Builds Using Advance Docker Build

Docker, Inc.

Lukonde Mwila, Entelect - As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

Build & Deploy Multi-Container Applications to AWS

Docker, Inc.

Kevin Jones, NGNIX - NGINX is one of the most popular images on Docker Hub and has been at the forefront of the web since the early 2000's. In this talk we will discuss how and why NGINX's lightweight and powerful architecture makes it a very popular choice for securing containerized applications as a sidecar reverse proxy within containers. We will highlight important aspects of application security that NGINX can help with, such as TLS, HTTP, AuthN, AuthZ and traffic control.

Securing Your Containerized Applications with NGINX

Docker, Inc.

Kathleen Juell, Digital Ocean - Containers are an essential part of today's microservice ecosystem, as they allow developers and operators to maintain standards of reliability and reproducibility in fast-paced deployment scenarios. And while there are best practices that extend across stacks in containerized environments, there are also things that make each stack distinct, starting with the application image itself. This talk will dive into some of these particularities, both at the image and service level, while also covering general best practices for building and running Node applications with database backends using Docker and Compose.

How To Build and Run Node Apps with Docker and Compose

Docker, Inc.

Hands-on Helm

Docker, Inc.

Jeff Hajewski, Salesforce - There is a wealth of information on building deep learning models with PyTorch or TensorFlow. Anyone interested in building a deep learning model is only a quick search away from a number of clear and well written tutorials that will take them from zero knowledge to having a working image classifier. But what happens when you need to deploy these models in a production setting? At Salesforce, we use TensorFlow models to help us provide customers with insights into their data, and we do this as close to real-time as possible. Designing these systems in a scalable manner requires overcoming a number of design challenges, but the core component is Docker. Docker enables us to design highly scalable systems by allowing us to focus on service interactions, rather than how our services will interact with the hardware. Docker is also at the core of our test infrastructure, allowing developers and data scientists to build and test the system in an end to end manner on their local machines. While some of this may sound complex, the core message is simplicity - Docker allows us to focus on the aspects of the system that matter, greatly simplifying our lives.

Distributed Deep Learning with Docker at Salesforce

Docker, Inc.

James Fuller, webcomposite s.r.o. - Curl is the venerable (yet very modern) 'swiss army knife' command line tool and library for transferring data with URLs. Recently we (the Curl team) decided to build a release for Docker Hub. This talk will outline our current development workflow with respect to the docker image and provide insights on what it takes to build a docker image for mass public consumption. We are also keen to learn from users and other developers how we might improve and enhance the official curl docker image.

The First 10M Pulls: Building The Official Curl Image for Docker Hub

Docker, Inc.

Fabian Stäber, Instana - In recent years, we saw a great paradigm shift in software engineering away from static monolithic applications towards dynamic distributed horizontally scalable architectures. Docker is one of the key technologies enabling this development. This shift poses a lot of new challenges for application monitoring, ranging from practical issues (need for automation) to technical challenges (Docker networking) to organizational topics (blurring line between software engineers and operations) to fundamental questions (define what is an application). In this talk we show how Docker changed the way we do monitoring, how modern application monitoring systems work, and what future developments we expect.

Monitoring in a Microservices World

Docker, Inc.

Clemente Biondo, Engineering Ingegneria Informatica - When the COVID 19 pandemic started, Engineering Ingegneria Informatica Group (1.25 billion euros of revenues, 65 offices around the world, 12.000 employees) was forced to put their digital transformation to the test in order to maintain operational continuity. In this session, Clemente Biondo, the Tech Lead of the Information Systems Department, will share how his company is reacting to this unforeseeable scenario and how Docker-driven digital transformation had paved the path for work to continue remotely. Clemente will discuss learnings moving from colocated teams, manual approaches, email based-business processes, and a monolithic application to a mature DevOps culture characterized by a distributed autonomous workforce and a continuous deployment process that deploys backward-compatible Docker containerized microservices into hybrid multi cloud datacenters an average of twice a day with zero-downtime. He will detail how they use Docker to unify dev, test and production environments, and as an efficient and automated mechanism for deploying applications. Lastly, Clemente shares how, in our darkest hour, he and others are working to shine their brightest light.

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

Docker, Inc.

Chris Lauer, NOAA Space Weather Prediction Center - This is the story of how adopting a containerized workflow changed the way our small software team works at NOAA’s Space Weather Prediction Center. Our old architecture, a big ball of mud shared-database integration, just wasn’t cutting it - it was killing our agility. Over the past two years, our small team has adopted a microservice style architecture, using Docker with docker-compose and environment files as our deployment strategy for all new development. We’ve discovered the joys of using containers for identical dev, staging, and production environments. We work closely with scientists: much of the code we’re running has complicated and conflicting library dependencies. Docker captures these beautifully - we’ve even had some success teaching our scientists to use it! I’ll share what we’ve learned, some of the persistent challenges we face, and one place we really got it wrong. This talk builds off of a popular hallway track from DockerCon 2019.

Predicting Space Weather with Docker

Docker, Inc.

Brian Christner, 56k + Docker Captain - In this session, we will unlock the full potential of using Microsoft Visual Studio Code (VS Code) and Docker Desktop to turn you into a Docker Power User. When we expand and utilize the VS Code Docker plugin, we can take our projects and Docker skills to the next level. In addition to using VS Code, we streamline our Docker Desktop development workflow with less context switching and built-in shortcuts. You will learn how to bootstrap new projects, quickly write Dockerfiles utilizing templates, build, run, and interact with containers all from VS Code.

Become a Docker Power User With Microsoft Visual Studio Code

Docker, Inc.

How to Use Mirroring and Caching to Optimize your Container Registry

Docker, Inc.

Ashish Sharma, SS&C Eze - SS&C Eze provides various products in the stock market domain. We spent the last couple of years building Eclipse which is an investment suite born in cloud. The journey so far has been very interesting. The very first version of the product were a bunch of monolithic windows services and deployed using Octopus tool. We successfully managed to bring all the monolithic problem to the cloud and created a nightmare for ourselves. We then started applying microservices architecture principles and started breaking the monolithic into small services. Very soon we realized that we need a better packaging/deployment tool. Docker looked like a magical solution to our problem. Since its adoption, It has not only solved the deployment problem for us but has made a deep impact on different aspects of SDLC. It allowed us to use heterogeneous technology stacks, simplified development environment setup, simplified our testing strategy, improved our speed of delivery, and made our developers more productive. In this talk I would like to share our experience of using Docker and its positive impact on our SDLC.

Monolithic to Microservices + Docker = SDLC on Steroids!

Docker, Inc.

Ara Pulido, Datadog - Container technologies, although not new, have increased their popularity in the past few years, with container orchestrators allowing companies around the world to adopt these technologies to help them ship and scale microservices with precision and velocity. Kubernetes is currently the most popular container orchestration platform, and while many organizations are migrating their workloads to it, Kubernetes is still relatively immature. New corner cases, errors, and quirks are regularly discovered as users push the boundaries of size and scale. When Datadog adopted Kubernetes we discovered some of these boundaries the hard way, and we continuously challenge and modify our infrastructure decisions in order to fit our use case. Join me in this talk for our story on what we learned while we scaled our Kubernetes clusters, the contributions to Kubernetes we made along the way, and how you can apply those learnings when growing your Kubernetes clusters from a handful to hundreds or thousands of nodes.

Kubernetes at Datadog Scale

Docker, Inc.

Andy Clemenko, StackRox - One underutilized, and amazing, thing about the docker image scheme is labels. Labels are a built in way to document all aspects about the image itself. Think about all the information that the tags inside your clothing carry. If you care to look you can find out everything about the garment. All that information can be very valuable. Now think about how we can leverage labels to carry similar information. We can even use the labels to contain Docker Compose or even Kubernetes Yaml. We can even include labels into the CI/CD process making things more secure and smoother. Come find out some fun techniques on how to leverage labels to do some fun and amazing things.

Labels, Labels, Labels

Docker, Inc.

Patrick Deloulay, Micro Focus - Micro Focus started their digital transformation 3 years ago, moving the entire portfolio into hundreds of container images. Leveraging Docker Hub as our primary registry service, we will cover how we ended up building a simple but secure push/pull model to publish and deliver our premium assets to our customers and partners to both meet the high agility of our DevOps teams while greatly simplifying the deployment of our applications.

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Docker, Inc.

Lukonde Mwila, Entelect As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

Build & Deploy Multi-Container Applications to AWS

Docker, Inc.

Elton Stoneman, Docker Captain + Container Consultant and Trainer How do you provide a SaaS offering when your product is a 10-year old Fortran app, currently built to run on Windows 10? With Docker and Kubernetes of course - and you can do it in a week (... to prototype level at least). In this session I'll walk through the processes and practicalities of taking an older Windows app, making it run in containers with Kubernetes, and then building a simple API wrapper to host the whole stack as a cloud-based SaaS product. There's a lot of technology here from a real world case study, and I'll focus on: - running Windows apps in Docker containers - building a .NET Core API which can run in Linux or Windows containers - running the stack in Kubernetes with Docker Desktop locally and AKS in the cloud - configuring AKS workloads in Azure to burst out to Azure Container Instances And there's a core theme to this session: Docker and Kubernetes are complex technologies, but they're the key to modern development. If you invest time learning them, they make projects like this simple, portable, fast and fun.

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

Docker, Inc.

This virtual meetup introduces the concepts and best practices of using Docker containers for software development for the Arm architecture across a variety of hardware systems. Using Docker Desktop on Windows or Mac, Amazon Web Services (AWS) A1 instances, and embedded Linux, we will demonstrate the latest Docker features to build, share, and run multi-architecture images with transparent support for Arm.

Developing with Docker for the Arm Architecture

Docker, Inc.

Mais de Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience

How to Improve Your Image Builds Using Advance Docker Build

Build & Deploy Multi-Container Applications to AWS

Securing Your Containerized Applications with NGINX

How To Build and Run Node Apps with Docker and Compose

Hands-on Helm

Distributed Deep Learning with Docker at Salesforce

The First 10M Pulls: Building The Official Curl Image for Docker Hub

Monitoring in a Microservices World

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...

Predicting Space Weather with Docker

Become a Docker Power User With Microsoft Visual Studio Code

How to Use Mirroring and Caching to Optimize your Container Registry

Monolithic to Microservices + Docker = SDLC on Steroids!

Kubernetes at Datadog Scale

Labels, Labels, Labels

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model

Build & Deploy Multi-Container Applications to AWS

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...

Developing with Docker for the Arm Architecture

Último

Tech Trends Report 2024 Future Today Institute.pdf

hans926745

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men

Delhi Call girls

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

Imagine a world where information flows as swiftly as thought itself, making decision-making as fluid as the data driving it. Every moment is critical, and the right tools can significantly boost your organization’s performance. The power of real-time data automation through FME can turn this vision into reality. Aimed at professionals eager to leverage real-time data for enhanced decision-making and efficiency, this webinar will cover the essentials of real-time data and its significance. We’ll explore: FME’s role in real-time event processing, from data intake and analysis to transformation and reporting An overview of leveraging streams vs. automations FME’s impact across various industries highlighted by real-life case studies Live demonstrations on setting up FME workflows for real-time data Practical advice on getting started, best practices, and tips for effective implementation Join us to enhance your skills in real-time data automation with FME, and take your operational capabilities to the next level.

From Event to Action: Accelerate Your Decision Making with Real-Time Automation

Safe Software

Scaling API-first – The story of a global engineering organization

Radu Cotescu

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Leveraging the Power of containerd Events - Evan Hazlett

1. Leveraging Containerd Events Evan Hazlett Software Engineer, Docker

2. ● container executor and supervisor ● image distribution ● local storage ● builtin metrics ● plumbing level API containerd what is containerd?

3. ● No build ● No logging ● No volumes ● No networking containerd what it is not...

4. containerd: ecosystem

5. ● content ● images ● rootfs ● execution ● shim containerd: GRPC APIs containerd/api/services/

6. service ContainerService { rpc Create(CreateRequest) returns (CreateResponse); rpc Start(StartRequest) returns (google.protobuf.Empty); rpc Delete(DeleteRequest) returns (DeleteResponse); rpc Info(InfoRequest) returns (containerd.v1.types.Container); rpc List(ListRequest) returns (ListResponse); rpc Kill(KillRequest) returns (google.protobuf.Empty); rpc Events(EventsRequest) returns (stream containerd.v1.types.Event); rpc Exec(ExecRequest) returns (ExecResponse); } containerd: GRPC APIs execution

7. ● Create ● Start ● Delete containerd: container lifecycle

9. $> ctr events TYPE ID PID EXIT_STATUS CREATE redis 1402 0 START redis 1402 0 EXIT redis 1402 0 containerd: events

10. svc, _ := execution.NewContainerServiceClient(conn) events, _ := svc.Events(context.Background(), &execution.EventsRequest{}) for { e, _ := events.Recv() handleEvent(e) } containerd: events

11.

12. cmdline, err := getProcCommand(int(evt.Pid)) fields := logrus.Fields{ "id": evt.ID, "type": evt.Type.String(), "pid": evt.Pid, "exit_status": evt.ExitStatus, "cmdline": cmdline, } if evt.Type.String() != "EXIT" { utime, stime, threads, vsize, rss, _ := getProcStat(int(evt.Pid)) fields["utime"] = utime fields["stime"] = stime fields["threads"] = threads fields["vsize"] = vsize fields["rss"] = rss } containerd: events

13.

14. ● Prometheus compatible ● container metrics ● cgroup stats ● oom events containerd: metrics

15.

16. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever containerd: networking

17. CNI is a specification and set of libraries for creating plugins to configure network interfaces in Linux containers. container networking initiative

18. Builtin ● bridge ● ipvlan ● loopback ● macvlan ● ptp container networking initiative available plugins Third Party ● Project Calico ● Weave ● Contiv ● Infoblox ● ...more

19. { "cniVersion": "0.3.0", "name": "default", "type": "bridge", "bridge": "cni0", "ipMasq": true, "isGateway": true, "ipam": {...} } containerd: networking with cni

20. netconf, _ := libcni.LoadConf(confPath, networkName) cniConf := &libcni.CNIConfig{ Path: cniPluginPath, } runtime := &libcni.RuntimeConf{ ContainerID: containerPid, NetNS: fmt.Sprintf("/proc/%d/ns/net", containerPid), IfName: “eth0”, } // connect r, _ := cniConf.AddNetwork(netconf, runtime) containerd: networking with cni

21. ● manages cni networks ● standard cli for operations ○ connect, disconnect, view containerd: networking cni management via circuit

22.

23. ● receives “START” event ● uses cni to connect container to network ● upon “EXIT” event, removes container from network containerd: networking automatic container networking with events and circuit

24.

25. Thank you! ● containerd: github.com/containerd/containerd ● cni: github.com/containernetworking/cni Demo Source ● ctrd-events: github.com/ehazlett/ctrd-events ● circuit: github.com/ehazlett/circuit @ehazlett #dockercon

Leveraging the Power of containerd Events - Evan Hazlett

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (20)

Semelhante a Leveraging the Power of containerd Events - Evan Hazlett

Semelhante a Leveraging the Power of containerd Events - Evan Hazlett (20)

Mais de Docker, Inc.

Mais de Docker, Inc. (20)

Último

Último (20)

Leveraging the Power of containerd Events - Evan Hazlett