2022-06-21 ~ 2022-01-24
Presentations (with video): 0 (-4)
Containers are revolutionizing the way workloads are automated, deployed and scaled, and ContainerCon is where teams can learn more about why and how to adopt containerization to further automation, portability and efficiency.
Sort by:
Most recent
Conference: ContainerCon 2022
Authors: Max Körbächer
2022-06-24
tldr - powered by Generative AI
WebAssembly and Kubernetes have a lot of potential for use cases beyond the browser, but there are still some limitations and challenges to overcome.
- WebAssembly can run alongside existing technologies and has good adoption possibilities
- It has a small resource footprint and is highly secure, but not all programming languages are supported
- Kubernetes can extend the use of WebAssembly beyond the browser, but there are still some harmonization issues to be resolved
- WebAssembly is not suitable for heavy lifting applications and will not replace containers
- WebAssembly and Kubernetes together have a lot of potential for the future
Conference: ContainerCon 2022
Authors: Massimiliano Gori
2022-06-24
Containers introduce new organisational challenges for compliance with standards like NIST 800, GDPR, PCI DSS. Vulnerability management, network security, threat analysis and mitigation, data protection, user access control: we address the main problem areas and how to achieve compliance by design.---Containers introduce a paradigm shift for application development. They drive increased use of open source software and accelerate the pace of software development, effectively posing a huge challenge for established security & compliance checkpoints. While NIST, DISA and CIS have released specific container security guides, additional security controls have to be introduced to ensure compliance to established standards like GDPR and PCI DSS. In this talk we will explore some of the common areas touched by these regulations and the new challenges posed by containers: - Vulnerability management - Network security - Threat analysis and mitigation - Data protection - User access control
Conference: ContainerCon 2022
Authors: Ying Xiong, Yulin Sun
2022-06-24
Quark container is one new secure container runtime as Kata runtime and gVisor. It is a high-performance OCI compatible secure container runtime developed by Rust program language with low memory footprint and startup overhead. It is designed for containerized service execution running in the Data Center and Edge environment. Quark is based on System Call virtualization. Compare with Linux VM based virtualization, it adopts multiple performance improvements such as zero memory copy QCall to avoid Hypercall’s communication overhead between Guest Kernel and Host; Linux host io-uring based IO virtualization. It also support RDMA based container network which transparently execute TCP based containerized application over RDMA to achieve low latency and high throughput. The talk will introduce Quark container architecture together with the secure container design challenge and opportunity.
Conference: ContainerCon 2022
Authors: Scott Seago, Orlin Vasilev
2022-06-23
tldr - powered by Generative AI
Valero is an open-source backup and recovery tool for Kubernetes that has a vibrant and diverse community of contributors and maintainers.
- Valero has over 6,000 stars on GitHub and more than 1,000 forks
- The community has over 230 active contributors from diverse organizations and locations around the world
- Valero's community is welcoming to new contributors and has a well-described governance document for getting started
- Valero has weekly community meetings alternating between US/China and US/European time zones
- Valero has two main Slack channels for developers and users to ask questions and discuss issues
- Valero recently released version 1.9 with new features like a CSI plugin and updates to existing resource policies
Conference: ContainerCon 2022
Authors: Corby Page, Cora Iberkleid
2022-06-23
The Kubernetes ecosystem has a rich set of solutions for various stages of CI/CD. Tools like Flux, Tekton, kpack, Knative, ArgoCD, and more help create a modern path to production. And yet, teams and organizations that adopt these tools struggle with complex, DIY snowflake pipelines. The challenge can be creating and maintaining imperative scripts; orchestrating the flow of information between tools; driving reusability; adopting GitOps practices; and enabling proper separation of concerns. Cartographer is an exciting OSS project that elegantly addresses these challenges, providing the backbone for a modern application platform built on Kubernetes. Rooted in the concept of event-driven supply chain choreography, it enables composable, reusable roadmaps to drive source code to production. It provides an abstraction layer that facilitates the adoption and integration of existing and emerging CI/CD tools, while clearly delineating developer and operator ownership. It complements the existing ecosystem, filling an important gap to ease use, maintenance, and scalability. In this tutorial, you will learn how to create secure end-to-end workflows, sustainably and at scale. You will gain working knowledge of Cartographer that you can apply to your own application deployments.
Conference: ContainerCon 2022
Authors: Alan Cha
2022-06-23
tldr - powered by Generative AI
Iterate is a tool for load testing, A/B testing, and SLO validation of HTTP and gRPC services that can be used locally or within a Kubernetes cluster. It also supports custom metrics and tasks, and can be extended for use in CI/CD pipelines.
- Iterate is a tool for load testing, A/B testing, and SLO validation of HTTP and gRPC services
- It can be used locally or within a Kubernetes cluster
- It supports custom metrics and tasks
- It can be extended for use in CI/CD pipelines
Conference: ContainerCon 2022
Authors: Shai Almog
2022-06-23
tldr - powered by Generative AI
The presentation discusses the challenges of debugging in a Kubernetes environment and introduces Cube City or Debug and Cogito as solutions.
- Debugging in a Kubernetes environment is challenging due to multiple layers of abstraction and the bare bone container problem.
- Cube City or Debug and Cogito are solutions to these challenges.
- Cube City or Debug allows for inspection of a pod even if it has crashed or is a bare bone image.
- Cogito is an open source project that includes a set of opinionated curated platform-specific tools for debugging with Cube City or Debug.
- Anecdote: The presentation provides a demo of using Cube City or Debug to increase logging levels and connect to an ephemeral container with the Busybox image.
- Tags: Kubernetes, debugging, Cube City or Debug, Cogito, ephemeral container, bare bone container problem.
Conference: ContainerCon 2022
Authors: Phu Tran, Vinay Kulkarni
2022-06-23
tldr - powered by Generative AI
The presentation discusses the use of ebpf technology in achieving cni networking with Mizar and XDP. The speaker also talks about future plans for enhancing the technology and proposes a formal EPA change to Kubernetes.
- Ebpf technology was used to achieve cni networking with Mizar and XDP without changing any lines of kernel code
- Future plans include enhancing the technology with a tx hook for XDP, proposing a formal EPA change to Kubernetes, and improving performance measurement
- The speaker also discusses the need for a management plane and multi-tenant networking
- The presentation includes a demo of the technology using four virtual machines
Conference: ContainerCon 2022
Authors: Glen Darling
2022-06-23
tldr - powered by Generative AI
Open Horizon is an edge computing platform that uses policy-based autonomous agents to manage fleets of devices. It can handle unreliable networks and has the ability to revert to previous versions of software in case of failure. It also allows for the manual provision of software bill of materials (S-BOM) data to avoid deploying risky software.
- Open Horizon uses policy-based autonomous agents to manage fleets of devices
- It can handle unreliable networks and has the ability to revert to previous versions of software in case of failure
- It allows for the manual provision of software bill of materials (S-BOM) data to avoid deploying risky software
Conference: ContainerCon 2022
Authors: Mritunjay Sharma
2022-06-23
tldr - powered by Generative AI
Docker Slim is a tool that makes Docker images smaller, faster, and more secure by analyzing and collecting information from a temporary container.
- Docker Slim creates a temporary container to analyze and collect information from a fat image
- It applies heuristics to optimize the image and create a security profile
- The resulting slim image is much smaller and faster than the original image
- Docker Slim is a developer-oriented tool that can be used on existing commercial software
- Future plans for Docker Slim include introducing a Docker Compose feature and using traditional HTTP probes