Automated hardware testing using docker for spaceDocker, Inc.
Two things are for certain – space is hard, and Docker is not just for web content! Space software development traditionally lags behind state of the art software process for good reason – our missions are long (7+ years), we run on highly constrained embedded hardware, and the software cannot fail. Docker, along with a devops mentality, has helped us create a scalable, parallelizable and rapidly deployable test infrastructure for DART, NASA’s mission to hit an asteroid at 6 km/s.
During the presentation, we will walk through how our dev cycle has changed from a human based testing system to an automated one. We will outline how we are using Docker (and NASA Goddard’s Core Flight Executive) for both our embedded development environment and our scalable test environment. Next, we will discuss what deployment means to us (and how different it is from web deployment). Lastly, we will explore lessons learned on how our hardware-centric testing approach was adapted into a software-based approach: what worked, what didn’t, what we wish we could do someday.
How can you help? We are new to Docker. We are excited to share our experiences and hear from the Docker community on our use cases, technological hurdles that we faced, our solutions to these problems, and how we can harness Docker to the fullest extent.
Configuration Management and Transforming Legacy Applications in the Enterpri...Docker, Inc.
Share the continuity of Société Générale's journey with Docker Enterprise from different points of view, from executives to devops, with CD platform as an enabler. Creating a Dockerfile that runs a container on a developer's laptop is pretty straightforward. But extending that to stacks of containers running on a dozen environments (development, integration, testing, staging, production, etc.) with different configuration and topologies can be a challenge. This talk will cover aspects of our journey to Docker Enterprise:
What configuration should go in an image?
Where to put different types of configuration? Images, environment variables, entrypoint, ...?
How to store assets for building images and configuration for deployment in version control.
We will discuss how Société Générale has implemented these, and what we plan next for Docker Enterprise deployment.
This document discusses container monitoring and provides an overview of options for monitoring containers including command line tools, cAdvisor, Docker stats, and sysdig. It outlines some key metrics that are important to monitor like resource usage, network activity, file I/O, errors, application activity, and topology. It then dives deeper into explaining how to use tools like cAdvisor, Docker stats, and sysdig to monitor these metrics and view specific activities within containers. The presenter argues that sysdig provides a more robust monitoring solution that can see inside containers while respecting their isolated and lightweight nature.
Kubernetes uses containers managed by container engines like Docker. It separates containers from the host machine using namespaces and cgroups for isolation. Docker containers share the host kernel and use aufs for the union filesystem. Virtual machines (VMs) run a full guest operating system with virtualization provided by hypervisors like KVM/QEMU. Containers are more lightweight than VMs as they share the host kernel and have smaller base images and faster launch times and resource usage.
Effective Data Pipelines with Docker & Jenkins - Brian DonaldsonDocker, Inc.
Ever find yourself needing data pipelines to feed a hungry data-driven culture, but not sure where to start, or what features are essential? In this talk, I will demonstrate a baseline data pipeline infrastructure built with Jenkins and Docker EE that checks all the boxes. Data pipelines often exist as that mysterious plumbing buried underground: occasionally inspected, but largely prone to silent failures and the ensuing hot fixes. Join the quest to daylight the infrastructure and benefit!
Slides from my ContainerCamp UK 2017 session.
These slides present a practical chaos engineering approach for resilience testing of Docker based software systems.
Experiences with AWS immutable deploys and job processingDocker, Inc.
How Docker is used at Gilt: At Gilt we use Docker primarily as a unit of immutability and to allow a standard way of deploying all kinds of software as opposed to its container properties.
Why Gilt built Ionroller: An overview of the problems we tried to solve with Ionroller and immutable deploys. Pitfalls we've encountered with immutable deployments since Ionroller saw adoption in Gilt. Will cover issues such as DNS traffic migration, utilisation of resources ELBs not warmed up properly, Elasticbeanstalk using Nginx as proxy etc. Our experiences with Cloudformation and Codedeploy as an alternative to Ionroller and Elasticbeanstalk.
Jobs: How we used to do batch jobs. Solutions we considered such as Mesos and Chronos. An overview of Sundial, an in house solution we built in the last few months and hope to open source for running containerized Docker jobs on Amazon ECS and why we chose it as our preferred solution.
containerd the universal container runtimeDocker, Inc.
containerd is a widely used container runtime that is now a CNCF project. It is designed to be embedded in larger systems rather than used directly by developers. containerd provides core primitives for managing containers on a host, such as container execution, image distribution, and storage. It focuses on simplicity, robustness, and portability. containerd will serve as a core container runtime for the CNCF ecosystem and is being integrated with projects like Kubernetes.
LinuxKit is an open source project that provides the components to build secure, portable, and lean container-based operating systems. It produces minimal and immutable images defined through a YAML configuration file. The project emphasizes security through limiting components, modern kernels, and container isolation with minimal privileges. It is maintained by Anthropic and supported on various platforms through integration with tools like Docker, Kubernetes, and InfraKit for managing clusters. Future work includes porting to more platforms and architectures while improving security and reliability.
Containerd Donation to CNCF Cloud Native Conference Berlin 2017Patrick Chanezon
Docker has donated containerd, a core container runtime built by Docker with input from major cloud providers, to the Cloud Native Computing Foundation (CNCF). Containerd provides primitives for managing containers and works with projects like Docker Engine, Kubernetes, and CNCF projects. It has over 100 commits per month from many contributors and maintainers and is already widely used through Docker with millions of installs across industries.
DockerCon EU 2015: Cultural Revolution - How to Mange the Change Docker BringsDocker, Inc.
The document discusses how organizations can manage the cultural changes that adopting Docker brings. It outlines four choices organizations face: whether to adopt Docker as a skunkworks project or enterprise-wide, whether to containerize monolithic or microservice applications, whether to use standard tools or develop proprietary solutions, and whether to adopt Docker openly or secretly. The document argues that adopting Docker openly as an enterprise standard can facilitate a DevOps culture, improve software quality, and increase hardware efficiency, ultimately benefiting the organization.
Deploying Kubernetes without scaring off your security team - KubeCon 2017Major Hayden
Kubernetes provides plenty of enhancements for deploying software, but it can cause anxiety on the corporate security team. This talk explains how to approach your security team and how to push them to provide guardrails, not deployments.
Slides from the talk given to the Startup Berlin Slack Group that demonstrates how TruckIN is implementing its continuous delivery workflow using technologies and open-source tools.
Topics that are covered: Automated Cloud Provisioning (Network, Subnets, VMs, Kubernetes Cluster, Firewall, Disks, Credentials, Private Docker Registry); Configuration Management (Salt Stack), Continuous Integration (Jenkins CI), Continuous Delivery/Deployment (Salt API/Reactor + Kubernetes) to a Google Cloud Kubernetes Cluster, Remote Application Debugging, Managing Google Cloud Kubernetes Cluster, Logging, Monitoring and ChatOps (Slack and operable.io)
DockerCon 2017 - Cilium - Network and Application Security with BPF and XDPThomas Graf
This talk will start with a deep dive and hands on examples of BPF, possibly the most promising low level technology to address challenges in application and network security, tracing, and visibility. We will discuss how BPF evolved from a simple bytecode language to filter raw sockets for tcpdump to the a JITable virtual machine capable of universally extending and instrumenting both the Linux kernel and user space applications. The introduction is followed by a concrete example of how the Cilium open source project applies BPF to solve networking, security, and load balancing for highly distributed applications. We will discuss and demonstrate how Cilium with the help of BPF can be combined with distributed system orchestration such as Docker to simplify security, operations, and troubleshooting of distributed applications.
Troubleshooting Tips from a Docker Support EngineerJeff Anderson
The document discusses various troubleshooting techniques for Docker including using tools like socat and curl to characterize networking and TLS issues, checking container processes and permissions, using volumes to store persistent data, and resolving issues with incorrect localhost references between containers. It also provides examples of troubleshooting issues with a Minecraft server, Ruby application, and Nginx proxy configuration.
What Have Namespaces Done for you Lately? Liz Rice, Aqua SecurityDocker, Inc.
Containers are made with namespacing and cgroups, but what does that really mean? In this talk we'll write a container from scratch in Go, using bare system calls, and explore how the different namespaces affect the container's view of the world and the resources it has access to.
This document provides an overview of Kubernetes security concepts including the Kubernetes attack surface, TLS certificates, securing the Kubelet and etcd, authentication, authorization, admission controllers, tooling landscape, pod security policies, network policies, and secrets. It discusses key configuration recommendations and checks for securing different components like disabling privileged mode, setting TLS certificates, CIS benchmarks for etcd, and authentication methods in Kubernetes. The different types of admission controllers and CNCF security tooling are also briefly introduced.
Docker for Ops - Scott Coulton, PuppetDocker, Inc.
In this talk, Scott Coulton will take you through Docker's cluster solution Swarm mode with his operations hat on. We will start from the beginning by describing what swarm mode is, what it does, and how it works behind the scenes. From there, we will look at very basic configurations of Swarm mode from the point of view of the operations team as well as a production-ready workflow including deployments of the cluster, logging and CD best practices. Attendees will be able to apply their learnings to their use cases.
This document discusses container build tools and summarizes some of their key features. It notes that while Docker works well, it has some inefficiencies like lack of concurrency support and inefficient caching. Alternatives discussed include BuildKit, Kaniko, img, and Buildah. The document recommends BuildKit as the most promising option as it uses a DAG-style language called LLB for more efficient concurrency and caching support compared to Dockerfiles, and its integration with Docker.
Monitoring microservices: Docker, Mesos and Kubernetes visibility at scaleAlessandro Gallotta
This document discusses monitoring microservices running in containers at scale. It introduces Sysdig, an open source tool that captures system events and provides visibility into containers, processes, files, and more through a curses UI. Sysdig addresses the challenges of getting monitoring data out of orchestrated applications running in containers across nodes and making sense of that data. It collects kernel-level data without adding dependencies to containers. Sysdig Cloud provides correlated monitoring data at scale. The document also introduces Falco, an anomaly detection system built on Sysdig that monitors for security threats through behavior rules.
Our cloud-native environments are more complex than ever before! So how can we ensure that the applications we’re deploying to them are behaving as we intended them to? This is where effective observability is crucial. It enables us to monitor our applications in real-time and analyse and diagnose their behaviour in the cloud. However, until recently, we were lacking the standardization to ensure our observability solutions were applicable across different platforms and technologies. In this session, we’ll delve into what effective observability really means, exploring open source technologies and specifications, like OpenTelemetry, that can help us to achieve this while ensuring our applications remain flexible and portable.
This document discusses monitoring Docker containers. It provides an overview of Datadog and how it can be used to monitor dynamic infrastructure like Docker. It then discusses the challenges in monitoring Docker environments due to their dynamic and distributed nature. Finally, it outlines different methods for collecting key metrics on Docker containers like CPU, memory, I/O and network metrics using Docker's pseudo-files, stats command and API.
Operational Visibiliy and Analytics - BU SeminarCanturk Isci
The document discusses building operational visibility and analytics directly into cloud platforms. It describes an agentless system crawler that can provide deep visibility into cloud instances without requiring any action from end users. The crawler collects various system data which is then analyzed to provide operational insights and solve real-world problems. Specific applications discussed include vulnerability advising, configuration analysis, and license discovery. The goal is to design monitoring and analytics that are seamlessly integrated and optimized for cloud environments.
In this short demo-driven meetup, we'll help you get a handle on what's changing and how it will impact your DevOps practice. We'll cover:
- What are the operational limitations of containers in production?
- How do you get visibility inside containers without super-human effort?
- How do you look into kubernetes performance, and not just container performance?
- A live install of Sysdig Cloud on a running environment
Docker moves very fast, with an edge channel released every month and a stable release every 3 months. Patrick will talk about how Docker introduced Docker EE and a certification program for containers and plugins with Docker CE and EE 17.03 (from March), the announcements from DockerCon (April), and the many new features planned for Docker CE 17.05 in May.
This talk will be about what's new in Docker and what's next on the roadmap
According to service scale, there are hundreds or thousands of running containers in your service. Should we monitor each container by microscope or monitor each microservice by magnifier? This depends which granularity can help us find and solve the problems. In this sharing, I will introduce how to use cAdvisor, Icinga2, InfluxDB and Grafana to build a self-hosted monitoring system. In addition, I also discuss with how to embrace open source and share some practical experiences.
Kaseya Connect 2012 - THE ABC'S OF MONITORINGKaseya
Is Agent or Agentless the best approach to monitoring devices and applications? The answer is both. Join us as we review the various approaches and solutions that Kaseya offers to handle this complex question and how they will be enhanced over the coming year.
Presented by: Jeff Keyes, Product Marketing Manager & Scott Brackett, Product Manager
Rob Davies presentation during Red Hat's "Microservices Journey with Apache Camel" that took place in Atlanta on 10/04/16 and in Minneapolis on 10/06/16.
DCSF19 Container Security: Theory & Practice at NetflixDocker, Inc.
Michael Wardrop, Netflix
Usage of containers has undergone rapid growth at Netflix and it is still accelerating. Our container story started organically with developers downloading Docker and using it to improve their developer experience. The first production workloads were simple batch jobs, pioneering micro-services followed, then status as a first class platform running critical workloads.
As the types of workloads changed and their importance increased, the security of our container ecosystem needed to evolve and adapt. This session will cover some security theory, architecture, along with practical considerations, and lessons we learnt along the way.
Go through the result of our latest large-scale study about Docker usage in real environment. Analyze and see the impact for operations and monitoring.
Monitoring Containerized Micro-Services In AzureAlex Bulankou
This document discusses best practices for monitoring containerized microservices applications in Azure. It begins with an introduction to Application Insights and describes the agenda. It then discusses what is different about monitoring microservices compared to monolithic applications and some factors to consider when choosing a monitoring system. The document provides recommendations for setting up day-to-day monitoring operations, including maintaining a 15 minute daily triage process focusing on business metrics, application performance and health, and infrastructure and costs. It concludes with a demo of monitoring a sample microservices application using Application Insights and other tools.
This document provides an overview of microservices architecture, including concepts, characteristics, infrastructure patterns, and software design patterns relevant to microservices. It discusses when microservices should be used versus monolithic architectures, considerations for sizing microservices, and examples of pioneers in microservices implementation like Netflix and Spotify. The document also covers domain-driven design concepts like bounded context that are useful for decomposing monolithic applications into microservices.
Containers as Infrastructure for New Gen AppsKhalid Ahmed
Khalid will share on emerging container technologies and their role in supporting an agile cloud-native application development model. He will discuss the basics of containers compared to traditional virtualization, review use cases, and explore the open-source container management ecosystem.
Following simple patterns of good application design can allow you to scale your application for your customers easily. This presentation dives into the 12 factor application design and demo how this applies to containers and deployments on Amazon ECS and Fargate. We'll take a look at tooling that can be used to simplify your workflow and help you adopt the principles of the 12 factor application.
Monitoring in Motion: Monitoring Containers and Amazon ECSAmazon Web Services
Containers and other forms of dynamic infrastructure can prove challenging to monitor. How do you define normal, when your infrastructure is intentionally in motion and change from minute to minute? Join us as we discuss proven strategies for monitoring your containerized infrastructure on AWS and ECS.
Patterns and Pains of Migrating Legacy Applications to KubernetesJosef Adersberger
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs, and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud native apps. But what to do if you’ve no shiny new cloud native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!
We’re facing the challenge of migrating hundreds of JEE legacy applications of a German blue chip company onto a Kubernetes cluster within one year.
The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way.
Patterns and Pains of Migrating Legacy Applications to KubernetesQAware GmbH
Open Source Summit 2018, Vancouver (Canada): Talk by Josef Adersberger (@adersberger, CTO at QAware), Michael Frank (Software Architect at QAware) and Robert Bichler (IT Project Manager at Allianz Germany)
Abstract:
Running applications on Kubernetes can provide a lot of benefits: more dev speed, lower ops costs and a higher elasticity & resiliency in production. Kubernetes is the place to be for cloud-native apps. But what to do if you’ve no shiny new cloud-native apps but a whole bunch of JEE legacy systems? No chance to leverage the advantages of Kubernetes? Yes you can!
We’re facing the challenge of migrating hundreds of JEE legacy applications of a German blue chip company onto a Kubernetes cluster within one year.
The talk will be about the lessons we've learned - the best practices and pitfalls we've discovered along our way.
3 years ago, Meetic chose to rebuild it's backend architecture using microservices and an event driven strategy. As we where moving along our old legacy application, testing features became gradually a pain, especially when those features rely on multiple changes across multiple components. Whatever the number of application you manage, unit testing is easy, as well as functional testing on a microservice. A good gherkin framework and a set of docker container can do the job. The real challenge is set in end-to-end testing even more when a feature can involve up to 60 different components.
To solve that issue, Meetic is building a Kubernetes strategy around testing. To do such a thing we need to :
- Be able to generate a docker container for each pull-request on any component of the stack
- Be able to create a full testing environment in the simplest way
- Be able to launch automated test on this newly created environment
- Have a clean-up process to destroy testing environment after tests To separate the various testing environment, we chose to use Kubernetes Namespaces each containing a variant of the Meetic stack. But when it comes to Kubernetes, managing multiple namespaces can be hard. Yaml configuration files need to be shared in a way that each people / automated job can access to them and modify them without impacting others.
This is typically why Meetic chose to develop it's own tool to manage namespace through a cli tool, or a REST API on which we can plug a friendly UI.
In this talk we will tell you the story of our CI/CD evolution to satisfy the need to create a docker container for each new pull request. And we will show you how to make end-to-end testing easier using Blackbeard, the tool we developed to handle the need to manage namespaces inspired by Helm.
Wordpress y Docker, de desarrollo a produccionSysdig
This document summarizes a presentation about using Docker for WordPress development and deployment. It discusses using Docker to create development environments for WordPress, building Docker images, and deploying WordPress containers to production using Docker Compose or Kubernetes. It also covers customizing configurations, using Traefik for proxy and SSL termination, backup strategies, and notes that Kubernetes is more complex than Docker for simple use cases.
What Prometheus means for monitoring vendorsSysdig
Prometheus has become a de facto standard for exposing metrics from cloud-native applications and services. While originally intended as a time series database (TSDB) and monitoring stack, Prometheus metrics can now be used across different monitoring vendors through open standards like Open Metrics. This has implications for how monitoring vendors operate and provide value. Rather than seeing Prometheus as a threat, vendors should embrace the ecosystem and offer services that support Prometheus, like providing a scalable Prometheus backend, visualization tools, and metric collection agents. Doing so allows vendors to continue helping customers while respecting the open standards and tools they choose to use.
While there have been many improvements around securing containers, there is still a large gap in monitoring the behaviour of containers in production. Sysdig Falco is an open source behavioural activity monitor for containerized environments.
Sysdig Falco can detect and alert on anomalous behaviour at the application, file, system, and network level. In this session get a deep dive into Falco: How does behavioural security differ from existing security solutions like image scanning, seccomp, SELinux or AppArmor? What can Sysdig Falco detect? Building and customizing rules for your Docker and Kubernetes apps. Forensics analysis with Sysdig Inspect even when the container doesn't exist anymore!
Read more on:
https://sysdig.com/blog/docker-runtime-security/
https://sysdig.com/blog/runtime-security-kubernetes-sysdig-falco/
Continuous Delivery helps to keep your software and Docker images updated and deploy new versions in production easily. Microservices are great reducing the attack vector and limiting the privileges or credentials access of each piece of your application. Containers provide an opportunity to implement better security, small, immutable, single process and purpose. In this session, we will discover real use case examples on how to make your CI/CD pipeline interact with Docker security tools. But security doesn’t stop where your deployment pipeline ends. How we can prepare for 0-days and policy violations that happen at run-time? Can we make it part of the CI/CD process?
This document discusses metrics to monitor in a Kubernetes environment across 5 layers:
1. Application metrics like request rates, errors, and durations
2. Service metrics like database connections and service-specific metrics
3. Kubernetes deployment metrics like available replicas and rolling update status
4. Kubernetes internal metrics like node status and resource availability
5. Host/node metrics like CPU, memory, and disk usage
Monitoring all 5 layers provides visibility into the health of applications, services, Kubernetes clusters and underlying infrastructure.
This document discusses the top 5 metrics to monitor in Kubernetes applications. It identifies 5 layers to monitor: 1) the application layer, 2) the services layer, 3) the Kubernetes deployment layer, 4) the Kubernetes internals layer, and 5) the host/node layer. For each layer, it provides example metrics and thresholds to monitor to check that layer is performing as expected. The overall document provides guidance on monitoring all aspects of a Kubernetes application from the application and services down through the underlying Kubernetes infrastructure and hosts.
Behavioural activity monitoring on CoreOS with Sysdig FalcoSysdig
This document contains instructions and configuration details for monitoring Linux systems and containers using Falco. It includes commands to install necessary packages like Falco and its dependencies. It also provides examples of Falco rules to generate alerts for suspicious activities like modifying files in critical directories or accessing devices like cameras without the proper applications. The rules leverage conditions, macros and lists to define what behaviors to flag for further review.
This document discusses various techniques for securing containers and monitoring container activity, including:
- Static and dynamic scanning of container images to detect vulnerabilities
- Using seccomp, seccomp-bpf, SELinux, and Auditd for sandboxing and monitoring system calls
- Sysdig Falco for behavioral monitoring and detecting anomalies based on rules
- Examples of rules to detect things like shells running in containers or overwriting system binaries
The document provides an overview of these various security tools and techniques for containers, with examples of how they can be used to monitor and restrict container behavior to detect security issues or policy violations.
The document discusses Sysdig, an open source system troubleshooting tool with native container support. It allows capturing system events, filtering, and running scripts on them. Sysdig includes tracing capabilities through Sysdig Tracers, which can inject markers into the event stream to trace functions, network requests, and arbitrary code segments with low overhead. Traces can then be analyzed to troubleshoot performance and measure latencies in code and across systems.
The Dark Art of Container Monitoring - SpanishSysdig
Este documento discute los desafíos de monitorear contenedores y propone buenas prácticas. Explica que la instrumentación tradicional no funciona bien para contenedores, debido a su naturaleza aislada. En cambio, sugiere monitorear a nivel de kernel para obtener métricas de forma transparente sin configuración. También enfatiza la necesidad de etiquetar automáticamente las métricas para darles sentido a los equipos, y proveer análisis y depuración de fallos a nivel de llamadas al sistema.
Lions, Tigers and Deers: What building zoos can teach us about securing micro...Sysdig
How to secure microservices running in containers? Strategies for Docker, Kubernetes, Openshift, RancherOS, DC/OS Mesos.
Privileges, resources and visibility constrains with capabilities, cgroups and namespaces. Image vulnerability scanning and behaviour security monitoring with Sysdig Falco.
Containers have the potential to improve the security of typical deployments, but for many the argument has not yet been made convincingly. This talk will describe the existing security technologies around containers, and show how their use can make container-based systems more secure than the alternatives. It will then go further, describing new technologies that allow admins to have even greater confidence in the security of their systems, beyond anything possible with traditional deployment techniques.
System calls are the primary mechanism of user-to-kernel interaction. Today the Linux system call interface has achieved a primacy and ubiquity that make it an ideal layer at which to understand single-system and distributed-system pathologies. Sysdig advances the art of system call observability by drawing on the systems that came before it. Informed by his work with /proc, process tools and DTrace, Adam will walk through a history of system calls and system call observability from simple systems like truss and strace, moderns ones like DTrace and SystemTab, and ancient ones from the early days of Unix.
You have a system with an advanced programmatic tracer: do you know what to do with it? Brendan has used numerous tracers in production environments, and has published hundreds of tracing-based tools. In this talk he will share tips and know-how for creating CLI tracing tools and GUI visualizations, to solve real problems effectively. Programmatic tracing is an amazing superpower, and this talk will show you how to wield it!
Sysdig is infinitely extensible through Chisels, and now you’re going to learn how to build one. Using a real-world example, we’re going to show you how to leverage sysdig’s luascript engine to build powerful new functionality customized to your needs.
This document summarizes a presentation about containers and the Sysdig tool. It discusses how containers make it easy to bundle and replicate applications and environments, but introduce new challenges for monitoring, troubleshooting, and security. Sysdig is presented as a tool that can capture system events from containers to help with these tasks. The document then demonstrates Sysdig through examples of investigating login attempts, failing HTTP requests, and unusual syscall behavior in a container. It concludes by providing information on installing Sysdig and downloading example capture files to experiment with.
Kubernetes is a tremendous system for orchestrating your containers onto physical infrastructure. But troubleshooting Kubernetes can be incredibly challenging due to the dynamic and isolated nature of the containers it orchestrates. Sysdig leverages the powerful concept of container-aware system events and correlates each one of them with super rich metadata Kubernetes. In this session you’ll go deep into a couple of Kubernetes issues and how you would track them down using sysdig.
Race to find the hacker! Take everything you’ve learned today and put it to work. We’ll construct a scenario and you will try to solve the problem with sysdig and build a falco rule to detect the issue in the future. Gear up, folks, there is a drone on the line as a prize for the winner!
While there have been many improvements around improving containers, there is still a large gap in securing the behavior of containers in production. Enter sysdig falco, the behavioral activity monitor for containerized environments. It can detect and alert on anomalous behavior at the application, file, system, and network level. In this session get a deep dive into falco and learn: - How does behavioral security differ from existing security solutions like image scanning? - How does falco work? What can it detect? - How do you build and customize rules for falco?
Sysdig Meetup - San Francisco, December 2014Sysdig
Sysdig is an open source system monitoring tool created by Loris Degioanni that captures system events and filters them to provide instant insight. It combines the functionality of tools like strace, tcpdump, and lsof with Lua scripting. By collecting system call data, sysdig provides visibility into processes, file I/O, network I/O, memory usage, and inter-process communication across a system.
Ansys Mechanical enables you to solve complex structural engineering problems and make better, faster design decisions. With the finite element analysis (FEA) solvers available in the suite, you can customize and automate solutions for your structural mechanics problems and parameterize them to analyze multiple design scenarios. Ansys Mechanical is a dynamic tool that has a complete range of analysis tools.
COMPSAC 2024 D&I Panel: Charting a Course for Equity: Strategies for Overcomi...Hironori Washizaki
Hironori Washizaki, "Charting a Course for Equity: Strategies for Overcoming Challenges and Promoting Inclusion in the Metaverse", IEEE COMPSAC 2024 D&I Panel, 2024.
A captivating AI chatbot PowerPoint presentation is made with a striking backdrop in order to attract a wider audience. Select this template featuring several AI chatbot visuals to boost audience engagement and spontaneity. With the aid of this multi-colored template, you may make a compelling presentation and get extra bonuses. To easily elucidate your ideas, choose a typeface with vibrant colors. You can include your data regarding utilizing the chatbot methodology to the remaining half of the template.
Alluxio Webinar | 10x Faster Trino Queries on Your Data PlatformAlluxio, Inc.
Alluxio Webinar
June. 18, 2024
For more Alluxio Events: https://www.alluxio.io/events/
Speaker:
- Jianjian Xie (Staff Software Engineer, Alluxio)
As Trino users increasingly rely on cloud object storage for retrieving data, speed and cloud cost have become major challenges. The separation of compute and storage creates latency challenges when querying datasets; scanning data between storage and compute tiers becomes I/O bound. On the other hand, cloud API costs related to GET/LIST operations and cross-region data transfer add up quickly.
The newly introduced Trino file system cache by Alluxio aims to overcome the above challenges. In this session, Jianjian will dive into Trino data caching strategies, the latest test results, and discuss the multi-level caching architecture. This architecture makes Trino 10x faster for data lakes of any scale, from GB to EB.
What you will learn:
- Challenges relating to the speed and costs of running Trino in the cloud
- The new Trino file system cache feature overview, including the latest development status and test results
- A multi-level cache framework for maximized speed, including Trino file system cache and Alluxio distributed cache
- Real-world cases, including a large online payment firm and a top ridesharing company
- The future roadmap of Trino file system cache and Trino-Alluxio integration
Explore the rapid development journey of TryBoxLang, completed in just 48 hours. This session delves into the innovative process behind creating TryBoxLang, a platform designed to showcase the capabilities of BoxLang by Ortus Solutions. Discover the challenges, strategies, and outcomes of this accelerated development effort, highlighting how TryBoxLang provides a practical introduction to BoxLang's features and benefits.
Break data silos with real-time connectivity using Confluent Cloud Connectorsconfluent
Connectors integrate Apache Kafka® with external data systems, enabling you to move away from a brittle spaghetti architecture to one that is more streamlined, secure, and future-proof. However, if your team still spends multiple dev cycles building and managing connectors using just open source Kafka Connect, it’s time to consider a faster and cost-effective alternative.
What is OCR Technology and How to Extract Text from Any Image for FreeTwisterTools
Discover the fascinating world of Optical Character Recognition (OCR) technology with our comprehensive presentation. Learn how OCR converts various types of documents, such as scanned paper documents, PDFs, or images captured by a digital camera, into editable and searchable data. Dive into the history, modern applications, and future trends of OCR technology. Get step-by-step instructions on how to extract text from any image online for free using a simple tool, along with best practices for OCR image preparation. Ideal for professionals, students, and tech enthusiasts looking to harness the power of OCR.
2. How to Monitor Microservices?
Apps
Infra
Health
Checks
JVM/JMX
Custom
metrics
Metrics Processing Unicorns, rainbows
And cute dashboards
4. % whoami
Jorge Salamero Sanz
<jorge.salamero@sysdig.com>
• Working on OSS last 12 years
• Working on monitoring last 3 years
• Containers gamer @sysdig
@bencerillo
@sysdig
5. Agenda
• Challenges of container infrastructures
• Traditional monitoring limitations
• Best practices monitoring Microservices
• Sysdig, container native monitoring & troubleshooting
15. Container monitoring
New challenges:
1. How do we get the metrics?
2. How do we shape all this amount of metrics?
3. Analysis and troubleshooting
4. Teams on Microservices infrastructure
16. Container monitoring
New challenges:
1. How do we get the metrics?
2. How do we shape all this amount of metrics?
3. Analysis and troubleshooting
4. Teams on Microservices infrastructure
17. 1. Metric collection
• We containers, because:
– are simple
– are small
– are isolated
– less dependencies
• … but they are an opaque blackbox
18. “Workarounds”
Agent in the
Docker container
Agent in the
Kubernetes pod
Export metrics through
an external agent
App Agent App Agent
App
Agent
App
App
App
1. Complex instrumentation (x2 because just the monitoring) plus
service monitoring configuration
2. Limited and pre-established metric collection (Docker API, etc)
20. Why this is cool?
• Just one instrumentation per host:
– spawning or destroying a container is instrumentation-less
• Full visibility: all the system calls:
– automatic service discovery
– all metrics collection (no filtering)
– application monitoring without instrumentation (magic of
decoding protocols)
21. Container monitoring
New challenges:
1. How do we get the metrics?
2. How do we shape all this amount of metrics?
3. Analysis and troubleshooting
4. Teams on Microservices infrastructure
22. Remember... but in reality:
Database App Cache/Frontend
Computing node
Computing node Computing node
Computing node Computing node
Computing node
23. 2. Information aggregation
• Infrastructure monitoring should be transparent and
automatic (no instrumentation no configuration)
• You should handle your custom/biz metrics
• All metrics should be tagged automatically
• All metrics should be aggregated and segmented on a
service level basis
27. Container monitoring
New challenges:
1. How do we get the metrics?
2. How do we shape all this amount of metrics?
3. Analysis and troubleshooting
4. Teams on Microservices infrastructure
29. 3. Analysis & troubleshooting
• Imagine:
strace + wireshark + htop + lsof + iostat + vmstat + *
• Not available on containers, don’t understand
namespaces
• Metrics and logs can bite your in the ass, system
calls have all the truth
• Infrastructure gets more complex and volatile
31. Container monitoring
New challenges:
1. How do we get the metrics?
2. How do we shape all this amount of metrics?
3. Analysis and troubleshooting
4. Teams on Microservices infrastructure
33. 4. Teams by service
• Tags/Metadata from the orchestration platform, eg
Kubernetes:
– namespaces (dev, prod)
– services, deployments, RCs, pods
– custom tags
• ACLs out of the box (dashboards, alerts, etc) on
multi-tenant/PaaS scenarios
34. Container monitoring
New challenges:
1. How do we get the metrics?
2. How do we shape all this amount of metrics?
3. Analysis and troubleshooting
4. Teams on Microservices infrastructure