Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon Europe 2023
Authors: Natalie Arellano, Aidan Delaney
2023-04-19
tldr - powered by Generative AI
The presentation discusses customizing the build process using Cloud Native Buildpacks. It explores the various buildpacks extension points that enable custom workflows for application developers and platform operators.
- Cloud Native Buildpacks simplifies building container images
- Customizing the build process is necessary for some workflows
- Inline buildpacks and build time environment variables can be used for customization
- Base image extension with Dockerfiles can be used by platform operators
- Buildpacks can be used to implement unique build patterns
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Aidan Delaney
2022-10-26
tldr - powered by Generative AI
The presentation discusses multi-architecture images and their implementation in Buildpacks.
- Buildpacks are a declarative way to translate application source code into a production image.
- Multi-architecture images are becoming increasingly important as developers require their applications to run on both x86_64 and ARM64.
- The current platform specification maps a platform onto a single architecture, so there is a need to explore approaches to implementing multi-architecture images.
- Three high-level approaches to implementing multi-architecture images are presented.
- The talk aims to accelerate the discussion around multi-architecture images and encourage design questions around it.
Conference: Cloud Native SecurityCon North America 2022
Authors: Billy Lynch
2022-10-25
Attestations are a useful tool for attaching supply chain metadata to artifacts and images, but how can we attach attestations to source code itself? In this talk, we'll go into some of the ways you can attach attestations to source code with Git. Learn how data can be stored verifiably alongside commits, how attestations can be modeled to describe SLSA source requirements, and how tools like Gitsign can make this easy to add to your CI/CD pipelines.
Conference: Cloud Native SecurityCon North America 2022
Authors: Ayse Kaya
2022-10-24
tldr - powered by Generative AI
The talk discusses the evolution of vulnerabilities in popular public container images and the challenges faced by developers and DevSecOps teams in handling them. The speaker shares insights from a report on publicly available containers on Docker Hub and highlights the need for practical steps to prevent the dev process from grinding to a halt.
- Container scanning and security is becoming more widely adopted, but the long-term security posture of containers is not well-understood.
- New vulnerabilities arise constantly, and many vulnerabilities fall into a catchall bucket of 'won't fix'.
- The attack surface of popular public container images like Python and NodeJS has changed over the past year, and different vulnerability scanners show different results.
- Developers and DevSecOps teams face challenges in ensuring containerized applications are free from vulnerabilities due to the complexity of containers and manual processes.
- Practical steps can be taken to stay on top of vulnerabilities and prevent the dev process from grinding to a halt.
Conference: Cloud Native SecurityCon North America 2022
Authors: Adrian Mouat
2022-10-24
tldr - powered by Generative AI
The talk discusses techniques and tooling to address security concerns in building images for the secure supply chain.
- Provenance and reproducibility are major issues in the current state of security in IT.
- The distroless philosophy and using smaller base images can save from scan report purgatory.
- Updating images and dependencies is crucial.
- Using apko to build container images with SBOMs and complete reproducibility.
- Signing images with Sigstore.
- Cutting down dependencies by using smaller base images and keeping them up to date.
- Verifying signatures and using policy management tools to check for vulnerabilities.
- The vulnerability exploitability exchange can help filter vulnerabilities and cut down noise.
- Google container tools and digital images are small and perfect for running statically compiled binaries.
- The drawbacks of using Google container tools include a hard-to-extend list and difficulty in installing apps.
- Cutting down images to the minimum set of dependencies can drastically reduce noise in vulnerability reports.
Conference: CloudOpen 2022
Authors: Ketan Gangatirkar
2022-06-23
Cloud products have generated remarkable value over the last two decades. Ironically much of this value doesn’t benefit the software engineers while they code those products. We’re still tediously constructing our workspaces by hand, just like we did in 1994.That is finally changing – software engineering is entering the cloud era. The key is remote workspaces that use consistent images so your code truly runs on everyone’s machine. You can check out, edit, compile, test, run, debug, and do almost everything else you can do on a local machine except trip over the power cord. Remote workspaces can provide superb performance no matter what device is in your hand, on your lap, or under your desk.These platforms are now possible because of an ecosystem rich with open source components like Docker, VS Code Remote, and Infrastructure-as-Code. There’s now a remote workspace option for almost everyone, whether working for someone else, on an open source project, or for yourself. These products are already capable enough for many, but some obstacles remain before adoption by most software engineers.The good news is that all those obstacles will be overcome – the problems are well understood, so it’s just a matter of time. Join Ketan Gangatirkar, VP of Engineering and Product for Coder, tolearn the current state of the art, what obstacles stand in the way of mainstream adoption, and why your future workstation will be in the cloud. You may not be using a cloud workspace today, but in just a few more years you won’t consider using anything else.
Conference: KubeCon + CloudNativeCon Europe 2022
Authors: Jason Hall, Daniel Mangum
2022-05-19
tldr - powered by Generative AI
The presentation discusses the memory hierarchy and the use of container registries in DevOps.
- The memory hierarchy is based on the principles of temporal and spatial locality.
- The memory hierarchy consists of registers, cache, and RAM.
- The presentation provides a demonstration of a simple program and its disassembled instructions.
- Container registries have benefits but should be used judiciously.
- There are some great applications for container registries.
- The presentation invites discussion on RISC-V and container registries.
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Jon Johnson, Daniel Mangum
2021-10-14
You know the registry as your most boring friend. You push and pull images, and it just works, but have you ever taken the time to really get to know it? What is the registry really like behind that unassuming OCI specification? What does it do when it’s not just distributing your images? Maybe it gets a little crazy on the weekend - maybe it has hidden talents you don’t know about. What would happen if this thankless hero went rogue? In this talk we will demonstrate unconventional registry implementations, including those that serve self-modifying and dynamically generated images. Along the way we’ll also take a look at how clients can utilize registries in interesting and unexpected ways, e.g. as a content-addressable key-value store or a general-purpose directed acyclic graph database. Attendees will walk away with a better understanding of what guarantees OCI images and registries provide, as well as how they can exploit the registry’s flexibility to benefit their own use cases.
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Kohei Tokunaga, Tao Peng
2021-10-14
tldr - powered by Generative AI
The presentation discusses the benefits and implementation of lazy loading and e-suggested images in container ecosystems.
- Lazy loading can improve container startup time by prefetching data before it is needed.
- E-suggested images allow for customization and optimization of container images.
- Several tools and platforms support lazy loading and e-suggested images, including Podman, Buildkit, and Container Registry.
- The presentation proposes extending the OCI image specification to include e-suggested images.
- Lazy loading and e-suggested images can improve the efficiency and usability of container ecosystems.