In this talk, Michal Crosby will present on runC and Containerd, the internals and how they work together to start and manage containers in Docker. Afterwards, Arnaud Porterie will touch on about what was shipped in 1.11 and how it will enable some of the things we are working on for 1.12.
Intro- Docker Native for OSX and WindowsThomas Chacko
The document discusses Docker on various operating systems including Linux, Windows, and Mac OS X. It provides an overview of using Docker Toolbox versus installing Docker natively. When using Docker natively, it installs the Docker client, engine, compose and other tools directly onto the operating system leveraging native virtualization capabilities for improved performance compared to Docker Toolbox. However, the native versions are currently in beta with some limitations like only allowing one Linux virtual machine on Windows Hyper-V.
This document discusses container orchestration and provides an overview of different container orchestration technologies including Mesos, Kubernetes, CoreOS Fleet, and Docker libswarm. It explains the benefits of containers and orchestration, and covers concepts like schedulers, service discovery, monitoring, and clustering.
Scaling Docker Containers using Kubernetes and Azure Container ServiceBen Hall
This document discusses scaling Docker containers using Kubernetes and Azure Container Service. It begins with an introduction to containers and Docker, including how containers improve dependency and configuration management. It then demonstrates building and deploying containerized applications using Docker and discusses how to optimize Docker images. Finally, it introduces Kubernetes as a tool for orchestrating containers at scale and provides an example of deploying a containerized application on Kubernetes in Azure.
Kubernetes Basics provides an overview of Kubernetes concepts and components. It discusses pods vs deployments, scaling deployments, rolling updates, stateful vs stateless applications, daemon sets, secrets, configmaps, services, ingress, storage classes, network policies, and Kubernetes CLI commands. Hands-on examples are given for running commands, exposing services, deleting resources, executing commands in pods, viewing logs, and getting resource information. YAML files are shown for defining deployments, services, and ingress. Skills discussed include using configmaps as environment variables, sidecar deployments, init containers, labels and node selectors, private registries, taints and tolerations, resource management, and readiness and liveness probes.
This document provides a high-level overview of Kubernetes in under 30 minutes. It begins with basic concepts like nodes, pods, replica sets, deployments, and services. It then covers additional concepts like secrets, config maps, ingress, daemon sets, pet sets/stateful sets and services. The document aims to explain the main components of Kubernetes and how they work together at a high level to deploy and manage container-based applications.
KubeCon EU 2016: A Practical Guide to Container SchedulingKubeAcademy
Containers are at the forefront of a new wave of technology innovation but the methods for scheduling and managing them are still new to most developers. In this talk we'll look at the kind of problems that container scheduling solves and at how maximising efficiency and maiximising QoS don't have to be exclusive goals. We'll take a behind the scenes look at the Kubernetes scheduler: How does it prioritize? What about node selection and external dependencies? How do you schedule based on your own specific needs? How does it scale and what’s in it both for developers already using containers and for those that aren't? We’ll use a combination of slides, code, demos to answer all these questions and hopefully all of yours.
Sched Link: http://sched.co/6BZa
Deploy at scale with CoreOS Kubernetes and Apache StratosChris Haddad
Platform-as-a-Service (PaaS) streamlines DevOps and allows developers to focus on application development. The PaaS handles provisioning, scaling, high availability, and tenancy.
Integration with the Docker platform, CoreOS Linux distribution, and Kubernetes container management system bring more scalability and flexibility to a PaaS. This session will include installing and deploying sample applications using Docker,CoreOS and Kubernetes, and a walkthrough on how it can be extended to support new application containers.
This document discusses Project Atomic and multi-container application packaging. It introduces Atomic Host, an optimized operating system for containers; Nulecule, a specification for describing multi-container applications; and Atomic App, a tool for installing applications defined by Nulecule specifications. Key components of Atomic Host like rpm-ostree and Cockpit are also summarized. The document encourages getting involved in the open source projects and provides references for learning more.
Using linuxKit to build custom rancherOS systems Moby Project
This document discusses modernizing RancherOS, a micro Linux distribution. It describes replacing System Docker with runC and Containerd to reduce size and improve performance. Through iterative changes like removing unused files, generating container specs, and customizing services, the initrd size was reduced from 245MB to 190MB and boot time from 30 seconds to 12 seconds. The final version can boot and serve HTTP requests within 7 seconds while maintaining compatibility with RancherOS.
This document provides an overview of Docker and Kubernetes concepts and demonstrates how to create and run Docker containers and Kubernetes pods and deployments. It begins with an introduction to virtual machines and containers before demonstrating how to build a Docker image and container. It then introduces Kubernetes concepts like masters, nodes, pods and deployments. The document walks through running example containers and pods using commands like docker run, kubectl run, kubectl get and kubectl delete. It also shows how to create pods and deployments from configuration files and set resource limits.
runC: The little engine that could (run Docker containers) by Docker Captain ...Docker, Inc.
With the announcement of the OCI by Solomon Hykes at last summer's DockerCon, a Docker-contributed reference implementation of the OCI spec, called runC, was born. While some of you may have tried runC or have a history of poking at the OS layer integration library to Linux namespaces, cgroups and the like (known as libcontainer), many of you may not know what runC offers. In this talk Phil Estes, Docker engine maintainer who has also contributed to libcontainer and runC, will show what's possible using runC as a lightweight and fast runtime environment to experiment with lower-level features of the container runtime. Phil will introduce a conversion tool called "riddler", which can inspect and convert container configurations from Docker into the proper OCI configuration bundle for easy conversion between the two environments. He'll also demonstrate how to make custom configurations for trying out security features like user namespaces and seccomp profiles.
Kubernetes is an open-source system for managing containerized applications across multiple hosts. It groups related containers into pods that are scheduled together on the same host. Key components include the master node for managing the cluster, minion nodes for hosting pods, and kubelet software for running pods and managing containers. Pods allow tight coupling of related containers, while labels provide loose organization of cooperating pods.
Kubernetes can orchestrate and manage container workloads through components like Pods, Deployments, DaemonSets, and StatefulSets. It schedules containers across a cluster based on resource needs and availability. Services enable discovery and network access to Pods, while ConfigMaps and Secrets allow injecting configuration and credentials into applications.
Containers provide isolation between processes using cgroups and namespaces to limit resource utilization and isolate processes. Containers run within a single operating system kernel and share the kernel with other containers, using fewer resources than virtual machines which run entire guest operating systems. Docker is the most common container platform and uses containerization to package applications and their dependencies into portable containers that can be run on any Linux server.
A small introduction to get started on Kubernetes as a user. This explains the main concepts like pod, deployment and services and gives some hints to help you use kubectl command.
These slides were presented in Grenoble Docker meetup in November 2017.
Containerd Internals: Building a Core Container RuntimePhil Estes
Containerd Internals: Building a Core Container Runtime discusses the architecture and internals of Containerd. It provides a brief history of Containerd and explains its goals of providing a clean API, full OCI support, and decoupled components. It describes Containerd's components like runtimes, storage, and snapshots. It then explains the processes of pulling an image, starting a container, and getting Prometheus metrics.
This document discusses Docker internals and components. It covers:
1. Docker provides build once, configure once capabilities to deploy applications everywhere reliably, consistently, efficiently and cheaply.
2. Docker components include the Docker daemon, libcontainer, cgroups, namespaces, AUFS/BTRFS/dm-thinp, and the kernel-userspace interface.
3. Docker uses filesystem isolation through layering, copy-on-write, caching and differencing using union filesystems like AUFS to provide efficient sharing of files between containers.
Continuous delivery of microservices with kubernetes - Quintor 27-2-2017Arjen Wassink
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes can deploy containerized applications as microservices and provide mechanisms to update them without downtime using techniques like rolling updates. It also provides tools for service discovery, load balancing, storage orchestration, auto-scaling, self-healing, and more.
This document discusses Kubernetes usage at VMware SAAS. It covers dynamic provisioning of applications on Kubernetes, monitoring tools used like DataDog and Log Insight, and best practices for upgrading Kubernetes clusters. Key points include using stateless applications where possible, service discovery using Kubernetes services, dynamic provisioning using an onboarding service, and performing rolling upgrades for stateful applications to minimize downtime.
Docker allows building portable software that can run anywhere by packaging an application and its dependencies in a standardized unit called a container. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups containers that make up an application into logical units for easy management and discovery. Kubernetes can replicate containers, provide load balancing, coordinate updates between containers, and ensure availability. Defining applications as Kubernetes resources allows them to be deployed and updated easily across a cluster.
More tips and tricks for running containers like a pro - Rancher Online MEetu...Shannon Williams
This document outlines the agenda for a Rancher meetup on tips and tricks for running containers like a pro. The agenda includes presentations on integrated secrets management, autoscaling with Rancher webhooks, using Traefik for load balancing, and the Kubernetes dashboard and Helm. It also provides information on the latest Rancher releases.
This document provides an overview of container management and Kubernetes concepts. It discusses delivery and deployment methods like classic deployment, containers, virtualization, and container orchestration. It then covers Kubernetes components like etcd, the control plane, and nodes. It outlines cluster administration tasks and best practices for cluster usage. Finally, it provides examples of Kubernetes resource types like pods, replica sets, and deployments.
This document provides an introduction to Kubernetes, including definitions of key concepts like pods, services, labels, replica sets, deployments, and horizontal pod autoscaling. It explains how Kubernetes abstracts and virtualizes resources to run and manage containers across a cluster. Examples and diagrams illustrate concepts like pod networking and canary deployments. The document recommends resources for learning more about Kubernetes and getting started, including Google Cloud Platform and a demo of Kubernetes capabilities.
Kubernetes on AWS allows users to deploy and manage Kubernetes clusters on the AWS cloud infrastructure. It provides tools to create clusters across multiple AWS availability zones for high availability. Users can define Kubernetes objects like pods, services, deployments etc using kubectl and utilize AWS services like EBS volumes for persistent storage. The presentation demonstrated setting up a Kubernetes cluster on AWS using kube-up.sh along with examples of using EBS volumes in pods through persistent volume claims. It also showed monitoring and managing applications running on the Kubernetes cluster deployed on AWS.
Idea to Production - with Gitlab and KubernetesSimon Dittlmann
Setting up a continuous delivery pipeline form scratch with gitlab.com and Kubernetes (Google Container Service GKE) on Google Cloud Platform.
The entire source code is available at https://github.com/Pindar/gcloud-k8s-express-app
Blog post https://www.itnotes.de/gitlab/kubernetes/k8s/gke/gcloud/2017/03/05/idea-to-production-with-gitlab-and-kubernetes/
Stateful set in kubernetes implementation & usecases Krishna-Kumar
This document summarizes a presentation on StatefulSets in Kubernetes. It discusses why StatefulSets are useful for running stateful applications in containers, the differences between stateful and stateless applications, how volumes are used in StatefulSets, examples of running single-instance and multi-instance stateful applications like Zookeeper, and the current status and future roadmap of StatefulSets in Kubernetes.
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...Nane Kratzke
Elastic container platforms (like Kubernetes, Docker Swarm, Apache Mesos) fit very well with existing cloud-native application architecture approaches. So it is more than astonishing, that these already existing and open source available elastic platforms are not considered more consequently for multi-cloud approaches. Elastic container platforms provide inherent multi-cloud support that can be easily accessed. We present a solution proposal of a control process which is able to scale (and migrate as a side effect) elastic container platforms across different public and private cloud-service providers. This control loop can be used in an execution phase of self-adaptive auto-scaling MAPE loops (monitoring, analysis, planning, execution). Additionally, we present several lessons learned from our prototype implementation which might be of general interest for researchers and practitioners. For instance, to describe only the intended state of an elastic platform and let a single control process take care to reach this intended state is far less complex than to define plenty of specific and necessary multi-cloud aware workflows to deploy, migrate, terminate, scale up and scale down elastic platforms or applications.
Kubernetes on AWS at Europe's Leading Online Fashion PlatformHenning Jacobs
Henning Jacobs is a Kubernetes on AWS Hacker at Zalando Tech. His talk briefly covers our learnings in Zalando Tech while running Kubernetes on AWS in production.
Topics include:
- Cluster provisioning,
- AWS integration,
- Ingress,
- Cluster autoscaling,
- OAuth/IAM and
- Operations/monitoring.
https://www.meetup.com/Zalando-Tech-Events-Berlin/events/238212872/
Security best practices for kubernetes deploymentMichael Cherny
This document provides best practices for securing a Kubernetes deployment. It recommends integrating security into the CI/CD pipeline by only using vetted code for builds, scanning images for vulnerabilities, and using private registries to store and push only approved images. It also suggests limiting direct access to Kubernetes nodes, implementing fine-grained role-based access control and quotas, securely managing secrets, implementing network segmentation and "least privilege" controls. Finally, it stresses the importance of logging all activity and integrating logs with monitoring systems for visibility.
Kubernetes & Puppet is a presentation about using Puppet configuration management to provide and manage software in Kubernetes clusters. Puppet defines the desired configuration state and enforces it across different operating systems and devices, including Windows servers, Ubuntu servers, Cisco switches, and Kubernetes clusters. The presentation also discusses using Puppet to manage containers and how that is similar to managing software in production environments.
The document discusses the Kubernetes API server and its RESTful HTTP API. It describes the API endpoints for accessing different Kubernetes resources, how API groups and versions are organized, how API requests are routed and processed, how Kubernetes objects are converted between different versions, and how storage and code generation are used.
Checking in your deployment configuration as code
Helm is a tool that streamlines the creation, deployment and management of your Kubernetes-native applications. In this talk, we take a look at how Helm enables you to manage your deployment configurations as code, and demonstrate how it can be used to power your continuous delivery (CI/CD) pipeline.
Kubernetes as Orchestrator for A10 Lightning ControllerAkshay Mathur
The document discusses using Kubernetes as an orchestrator for A10 Lightning Controller. Some key points:
1) Kubernetes allows for automatic recovery of pods on failure, easy rolling upgrades of code, and automated scaling of microservices.
2) Using Kubernetes allows the controller to be deployed on-premise and scaled across multiple VMs, with automated launching and scaling. Installation is also now independent of the underlying infrastructure.
3) The journey involved moving from a manual deployment to a Kubernetes deployment, which simplified overlay networking, environment variable passing, and simplified adding/replacing nodes.
The document discusses Docker and Linux containers. It begins with an overview of traditional server virtualization compared to containers. Containers provide isolation at the process level using kernel namespaces for resources like filesystem, network, users and CPUs. Docker uses device mapper thin provisioning to manage disk images for container filesystems and the networking and cgroups APIs to isolate other resources.
Unraveling Docker Security: Lessons From a Production CloudSalman Baset
Unraveling Docker Security: Lessons From a Production Cloud
This document discusses Docker security issues in a multi-tenant cloud deployment model where containers from different tenants run on the same host machine. It outlines threats like containers attacking other containers or the host, and describes Docker features for isolation like namespaces, cgroups, capabilities, AppArmor, and restricting the Docker API. Putting these protections together can help provide security, but inherent issues remain with shared kernel access and some features needing further implementation.
Tokyo OpenStack Summit 2015: Unraveling Docker SecurityPhil Estes
A Docker security talk that Salman Baset and Phil Estes presented at the Tokyo OpenStack Summit on October 29th, 2015. In this talk we provided an overview of the security constraints available to Docker cloud operators and users and then walked through a "lessons learned" from experiences operating IBM's public Bluemix container cloud based on Docker container technology.
From Monolith to Docker Distributed ApplicationsCarlos Sanchez
Docker is revolutionizing the way people think about applications and deployments. It provides a simple way to run and distribute Linux containers for a variety of use cases, from lightweight virtual machines to complex distributed microservice architectures. But migrating an existing Java application to a distributed microservice architecture is no easy task, requiring a shift in the software development, networking, and storage to accommodate the new architecture. This presentation provides insights into the experience of the speaker and his colleagues in creating a Jenkins platform based on distributed Docker containers running on Apache Mesos and Marathon and applicable to all types of applications, especially Java- and JVM-based ones.
How Secure Is Your Container? ContainerCon Berlin 2016Phil Estes
A conference talk at ContainerCon Europe in Berlin, Germany, given on October 5th, 2016. This is a slightly modified version of my talk first used at Docker London in July 2016.
This document provides an introduction to Docker and containerization. It covers:
1. The differences between virtual machines and containers, and the container lifecycle.
2. An overview of the Docker ecosystem tools.
3. Instructions for installing and using the Docker Engine and Docker CLI to build, run, and manage containers.
4. A demonstration of using Docker Hub to build and store container images.
5. An introduction to Docker networking and volumes.
6. A demonstration of using Docker Compose to define and run multi-container applications.
7. Suggestions for further learning resources about Docker.
This document outlines the curriculum for an introduction to containerization presentation. It includes slides and hands-on exercises on installing Docker, building Docker images, running containers, viewing processes inside containers, and experimenting with resource isolation using cgroups and namespaces. Attendees will build a Docker image for a sample Flask application, run the container, view logs and processes, and push the image to Docker Hub. The presentation covers definitions of key containerization concepts and the benefits of using containers.
Presentation on the Linux namespaces and system calls used to provide container isolation with Docker. Presented in March 2015 at http://www.meetup.com/Docker-Phoenix/ in Tempe, Arizona.
This document provides an overview of Docker concepts and tools for beginners. It covers:
1. The differences between virtual machines and containers, and the container lifecycle.
2. Tools in the Docker ecosystem such as Docker Engine, Docker CLI, Docker Hub, Docker Compose, and networking/volume commands.
3. Examples of using Docker Engine, Docker Hub for images, networking, volumes and deploying images to Azure PaaS.
4. How to use Docker Compose to define and run multi-container applications.
This document provides an overview of Docker concepts and tools for beginners. It covers:
1. The differences between virtual machines and containers, and the container lifecycle.
2. Tools in the Docker ecosystem such as Docker Engine, Docker CLI, Docker Hub, Docker Compose, and networking/volume commands.
3. Examples of using Docker Engine, Docker Hub for images, networking, volumes and deploying images to Azure PaaS.
4. How to use Docker Compose to define and run multi-container applications.
This document summarizes a presentation on container security given by Phil Estes. It identifies several threat vectors for containers including risks from individual containers, interactions between containers, external attacks, and application security issues. It then outlines various security tools and features in Docker like cgroups, Linux Security Modules, capabilities, seccomp, and user namespaces that can help mitigate these threats. Finally, it discusses some future directions for improving container security through more secure defaults, image signing, and network security enhancements.
A presentation focused on the latest Storage API from Docker and integrating with an EMC {code} project called Rexray to provide container storage from EBS volumes.
This document summarizes Docker security features as of release 1.12. It discusses key security modules like namespaces, cgroups, capabilities, seccomp, AppArmor/SELinux that provide access control and isolation in Docker containers. It also covers multi-tenant security, image signing, TLS for daemon access, and best practices like using official images and regular updates.
Summary of the lessons we learned with Docker (Dockerfile, storage, distributed networking) during the first iteration of the AdamCloud project (Fall 2014).
The AdamCloud project (part I) was presented here:
http://www.slideshare.net/davidonlaptop/bdm29-adamcloud-planification
This document provides an agenda for a one-day Docker introduction workshop. It includes an introduction to Docker tools and concepts like containers vs VMs, the Docker ecosystem and tools, Linux and Docker command line usage, Docker Engine, Docker Hub, Docker images, networking and volumes. It also covers deploying Docker images to Azure PaaS, Docker Compose, building ARM images on x86 machines, and a TensorFlow demo. The workshop aims to provide attendees with foundational Docker knowledge and hands-on experience through examples and exercises.
Bjørn Nordlund discusses how Docker allows building and sharing infrastructure as easily as code. Docker uses containers based on Linux kernel features like namespaces and cgroups to package applications securely and independently from the underlying infrastructure. Docker provides a simple interface to create, start, stop, move, and share application containers. This allows more efficient utilization of server resources and easier deployment of applications.
Dockerizing Symfony2 application. Why Docker is so cool And what is Docker? And what are Containers? How they works? What are the ecosystem of Docker? And how to dockerize your web application (can be based on Symfony2 framework)?
This document discusses Docker, an open source project that automates the deployment of applications inside software containers. It begins by describing common problems in application deployment and how virtual machines address some issues but introduce overhead. It then summarizes the history and rapid growth of Docker since its launch in 2013. The rest of the document dives into technical aspects of Docker like how images and containers work, comparisons to virtual machines, security considerations, the Docker workflow, and how Docker relates to DevOps and continuous delivery practices.
Similar to Endocode Kubernetes Meetup: Architecture Patterns for Microservices in Kubernetes (20)
Drona Infotech is one of the best Mobile App Development Company in Noida. Elevate your business with our professional app development services. Let us help you create user-friendly and high-performing mobile applications.
Visit Us For: https://www.dronainfotech.com/mobile-application-development/
Sami provided a beginner-friendly introduction to Amazon Web Services (AWS), covering essential terms, products, and services for cloud deployment. Participants explored AWS' latest Gen AI offerings, making it accessible for those starting their cloud journey or integrating AI into coding practices.
Ansys Mechanical enables you to solve complex structural engineering problems and make better, faster design decisions. With the finite element analysis (FEA) solvers available in the suite, you can customize and automate solutions for your structural mechanics problems and parameterize them to analyze multiple design scenarios. Ansys Mechanical is a dynamic tool that has a complete range of analysis tools.
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio, Inc.
Alluxio Webinar
June. 18, 2024
For more Alluxio Events: https://www.alluxio.io/events/
Speaker:
- Jianjian Xie (Staff Software Engineer, Alluxio)
As Trino users increasingly rely on cloud object storage for retrieving data, speed and cloud cost have become major challenges. The separation of compute and storage creates latency challenges when querying datasets; scanning data between storage and compute tiers becomes I/O bound. On the other hand, cloud API costs related to GET/LIST operations and cross-region data transfer add up quickly.
The newly introduced Trino file system cache by Alluxio aims to overcome the above challenges. In this session, Jianjian will dive into Trino data caching strategies, the latest test results, and discuss the multi-level caching architecture. This architecture makes Trino 10x faster for data lakes of any scale, from GB to EB.
What you will learn:
- Challenges relating to the speed and costs of running Trino in the cloud
- The new Trino file system cache feature overview, including the latest development status and test results
- A multi-level cache framework for maximized speed, including Trino file system cache and Alluxio distributed cache
- Real-world cases, including a large online payment firm and a top ridesharing company
- The future roadmap of Trino file system cache and Trino-Alluxio integration
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...Hironori Washizaki
Hironori Washizaki, "Charting a Course for Equity: Strategies for Overcoming Challenges and Promoting Inclusion in the Metaverse", IEEE COMPSAC 2024 D&I Panel, 2024.
Seamless PostgreSQL to Snowflake Data Transfer in 8 Simple StepsEstuary Flow
Unlock the full potential of your data by effortlessly migrating from PostgreSQL to Snowflake, the leading cloud data warehouse. This comprehensive guide presents an easy-to-follow 8-step process using Estuary Flow, an open-source data operations platform designed to simplify data pipelines.
Discover how to seamlessly transfer your PostgreSQL data to Snowflake, leveraging Estuary Flow's intuitive interface and powerful real-time replication capabilities. Harness the power of both platforms to create a robust data ecosystem that drives business intelligence, analytics, and data-driven decision-making.
Key Takeaways:
1. Effortless Migration: Learn how to migrate your PostgreSQL data to Snowflake in 8 simple steps, even with limited technical expertise.
2. Real-Time Insights: Achieve near-instantaneous data syncing for up-to-the-minute analytics and reporting.
3. Cost-Effective Solution: Lower your total cost of ownership (TCO) with Estuary Flow's efficient and scalable architecture.
4. Seamless Integration: Combine the strengths of PostgreSQL's transactional power with Snowflake's cloud-native scalability and data warehousing features.
Don't miss out on this opportunity to unlock the full potential of your data. Read & Download this comprehensive guide now and embark on a seamless data journey from PostgreSQL to Snowflake with Estuary Flow!
Try it Free: https://dashboard.estuary.dev/register
What is OCR Technology and How to Extract Text from Any Image for FreeTwisterTools
Discover the fascinating world of Optical Character Recognition (OCR) technology with our comprehensive presentation. Learn how OCR converts various types of documents, such as scanned paper documents, PDFs, or images captured by a digital camera, into editable and searchable data. Dive into the history, modern applications, and future trends of OCR technology. Get step-by-step instructions on how to extract text from any image online for free using a simple tool, along with best practices for OCR image preparation. Ideal for professionals, students, and tech enthusiasts looking to harness the power of OCR.
Are you wondering how to migrate to the Cloud? At the ITB session, we addressed the challenge of managing multiple ColdFusion licenses and AWS EC2 instances. Discover how you can consolidate with just one EC2 instance capable of running over 50 apps using CommandBox ColdFusion. This solution supports both ColdFusion flavors and includes cb-websites, a GoLang binary for managing CommandBox websites.
6. WHAT ARE CONTAINERS
Way of isolating and restricting Linux processes
● Isolation
○ namespaces
● Restriction
○ cgroups
○ capabilities
○ seccomp
7. CGROUPS: CONTROL GROUPS
● cpuset
● cpu
● cpuacct
● memory
● devices
● freezer
● net_cls
● ns
● blkio
these are directories with fine grained sub folders
8. NAMESPACES
Namespace Constant Isolates
Cgroup CLONE_NEWCGROUP Cgroup root directory
IPC CLONE_NEWIPC System V IPC, POSIX message queues
Network CLONE_NEWNET Network devices, stacks, ports, etc.
Mount CLONE_NEWNS Mount points
PID CLONE_NEWPID Process IDs
User CLONE_NEWUSER User and group IDs
UTS CLONE_NEWUTS Hostname and NIS domain name
9. CAPABILITIES
CAP_AUDIT_CONTROL, CAP_AUDIT_READ, CAP_AUDIT_WRITE, CAP_BLOCK_SUSPEND,
CAP_CHOWN,CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, CAP_FOWNER, CAP_FSETID,
CAP_IPC_LOCK, CAP_IPC_OWNER, CAP_KILL, CAP_LEASE, CAP_LINUX_IMMUTABLE,
CAP_MAC_ADMIN,CAP_MAC_OVERRIDE, CAP_MKNOD, CAP_NET_ADMIN,
CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW, CAP_SETGID,
CAP_SETFCAP, CAP_SETPCAP, CAP_SETUID, CAP_SYS_ADMIN, CAP_SYS_BOOT,
CAP_SYS_CHROOT, CAP_SYS_MODULE, CAP_SYS_NICE, CAP_SYS_PACCT, CAP_SYS_PTRACE,
CAP_SYS_RAWIO, CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG,
CAP_SYSLOG, CAP_WAKE_ALARM, CAP_INIT_EFF_SET
These are a lot! Use profiles to group them together!
15. Locomotive Pattern
By Nate Beal (originally posted to Flickr as Griffith, IN) [CC BY 2.0 (http://creativecommons.org/licenses/by/2.0)], via Wikimedia Commons
25. Greek for “Helmsman”; also the root of the
words “governor” and “cybernetic”
● Runs and manages containers
● Inspired and informed by Google’s
experiences and internal systems
● Supports multiple cloud and bare-metal
environments
● Supports multiple container runtimes
● 100% Open source, written in Go
Manage applications, not machines
KUBERNETES
30. SUMMARY
● Lot of useful standard patterns
○ sidecar
○ scatter gather
○ locomotive, tractor
● Powerful Linux container patterns
○ separation of control and transport
○ wormhole
○ here be dragons
● Orchestration Patterns
○ Helm charts
○ upcoming: Service Broker
31. CONCLUSION
● Concepts before Coding
● Reshaping applications
○ Legacy
○ Compromises are necessary
○ Containment for Technical Debt
● Paradigm Shift
● Microservice Mindset