Showing 35 out of 35 results


A Container Security Checklist

Take a quick look at the main takeaways from 6 points shared by Liz Rice from her security checklist covering the need-to-know when deciding how to protect deployments running on containers.

August 10, 2021

Software Technologies that Stand the Test of Time

What software technologies have stood the test of time or have had a massive influence over existing systems? Which do you love or hate? We asked these questions to the GOTO Book Club authors and interviewers that made up the lineup for the second season. Find out what Nicki Watt, CTO/CEO at OpenCredo, Eberhard Wolff, fellow at innoQ, Venkat Subramaniam, founder of Agile Developer, Inc., Liz Rice, chief open source officer at Isovalent, Rebecca Nugent, professor in statistics & data science, Phil Winder, CEO of Winder Research, Hanna Prinz, DevOps & software engineer and Eoin Woods, CTO at Endava, had to say. The conversation was moderated by Rebecca Parsons, CTO at ThoughtWorks.

May 6, 2021

Container Security: Fundamental Technology Concepts that Protect Containerized Applications

What should you do to secure your containers? Liz Rice, author of the book Container Security: Fundamental Technology Concepts that Protect Containerized Applications & VP of open source engineering at Aqua Security, and Eoin Woods, CTO at Endava, explore what containers are, what are the implications of a shared kernel and how to assess potential security risks that could affect your deployments. Learn best practices and understand how containers work in this Book Club interview.

December 17, 2020

The Best of GOTO Book Club Part One

When is the last time you read a programming book? Has it helped you with your career? Check out some of the highlights of the GOTO Book Club and immerse yourself in the next level of your professional development: - Elixir - Elm - Clean Architecture - Containers - Retrospectives - Continuous Architecture Stay tuned for the next episodes.

November 18, 2021

Containerd Internals: Building a Core Container Runtime

Containerd is the core container runtime used in Docker to execute containers and distribute images. It was designed from the ground up to support the OCI image and runtime specifications. The design of containerd is carefully crafted to fit the use cases of modern container orchestrators like Kubernetes and Swarm. In this talk, we dive into design decisions that help containerd meet a diverse set of requirements for a growing container world. Developing an understanding of the decoupled components will provide attendees a grasp where they can leverage functionality in their platforms. By slicing the components of a container runtime into the right pieces, integrators can choose only what they need.


Distributed Data Stores on Kubernetes

Are containers good for running anything other than stateless ephemeral services? Let’s explore why and how to run a distributed data store like Cassandra on Kubernetes. This approach can be beneficial for development and testing, as cluster creation, destruction, and set up take minutes instead of hours or days. In this talk, we will explore Kubernetes features, such as Stateful Sets to help work with a distributed data store, Jobs to perform data population, and others, all based on Azure Container Service (ACS/AKS). You’ll leave able to create a Container Service cluster in Azure, deploy a Cassandra Stateful Set, and populate it with data using Jobs.


Cloud Foundry Container Runtime: BOSH-Powered, Web-Scale Release Engineering for Kubernetes

We’ve all come to know and love Kubernetes, but have you ever wondered where the cracks begin to show? How does K8s handle massive load? Can you ensure that your workloads will always be available to your end users, even “at scale"? This and other challenges like patching and upgrading have been keeping K8s operators up at night. No more! Enter BOSH, the automation powerhouse at the heart of running large-scale distributed systems like Cloud Foundry. BOSH has long been championed for its excellence in 'Day 2' operations - patching and upgrading, scaling, zero-downtime deployments - all while creating incredible resiliency and reliability with battle tested processes around high availability. When the power of Kubernetes meets the operational efficiency of BOSH, magic happens. Cloud Foundry Container Runtime is that magic incarnate. Come learn about this powerful project, and see some real world resiliency in action!


Cloud Native is about Culture, not Containers

As a developer in IBM’s Cloud Garage, Holly works with customers who are trying to get to the cloud so everything becomes better. What’s getting in their way isn’t the technology—wrapping something in a Docker container (usually) isn’t that hard. Instead, it’s the structures that have been put in place to manage risk and the relationships between teams that trip companies up. In this session, Holly shares some stories of customers struggling to get cloud-native and how her team applied its methodology to turn things around. The presentation covers the ideal team size, the ideal microservice size, what skills a team needs, the role of architects, how to know if something is ready to ship, and whose fault everything really is.


The Truth Behind Serverless

We'll look at how to architect and build a serverless platform and what makes something "serverless". We will dive into the design patterns for serverless applications and how container management solutions must be architected around user requirements. We will dive deep into how existing cloud-based serverless platforms leverage containers, how they're scheduled, managed, and sandboxed. We'll also look at what improvements we might expect or desire of new and existing serverless platforms.


Dino Apps Deserve Love Too!

We all have them... dino (legacy) apps that no one wants to touch, let alone "modernize" by breaking it apart and creating microservices. While Docker is often seen as a tool to support microservices, what if you REALLY don't want to change the app? It's just too risky, right? Not at all. In fact, it's too risky NOT to containerize that dino. Come prepared to hear of the benefits, learn best practices, and even see a dino app get updated to enjoy the benefits of being moved into a modern software supply chain, especially the security-related benefits. And who knows? There may even be some dino surprises, so be ready for anything!


Building Distributed Systems with Kubernetes

Kubernetes has taken the container orchestration space by storm, but it can also be used to create higher-level application abstractions that allow you to build your own distributed systems from scratch. We’ll take a look at some of the patterns and tools available for creating these abstractions using Kubernetes, including Custom Resource Definitions and the Operator pattern. You’ll leave understanding how CRDs and the Operator pattern work, and how to create your own application abstractions using these techniques.


Containers From Scratch

What is a container? Is it really a “lightweight VM”? What are namespaces and control groups? What does a host machine know about my containers? And what do my containers know about each other? In this talk Liz will live-code a container in a few lines of Go code, to answer all these questions and more, and show you exactly what’s happening under the covers when you run a container. This talk is based on Liz’s top-rated DockerCon session “What have namespaces done for you lately?”, with updates and additions for 2018. **Prerequisite knowledge**:<br> So long as you’re reasonably comfortable running the Linux command ps, you’ll be fine!


A Strong Belief, Loosely Held: Bringing Empathy to IT

In this talk, the conversation centers around how to use behavioral economics and other processes to assist in getting IT organizations to adopt DevOps practices. Technology is easy but, people are hard. How can we use game theory to encourage empathy in an organization? How can you, as an individual contributor, help drive positive change in your team, company, and community? This talk fosters thought and dialogue on how to address the people and IT cultural needs as organizations transform.


Going Docker and Swarm Production Like a Pro

Learn fast from my years of being a container consultant and Docker implementer. Come join me for a jam-packed session of decisions you need to make and key technical factors you should know. No fluff, all practicals. Updated for 2018 and based on my top-rated DockerCon talks. <b>Who should show up?</b> * You are planning or involved with building/using a Docker production system * You are thinking of using Swarm (but not required) * You like random 80's/90's video game trivia thrown at you DevOps in the Real World is far from perfect, yet we all dream of that amazing auto-healing fully-automated CI/CD micro-service infrastructure that we'll have "someday." But until then, how can you really start using containers today, and what decisions do you need to make to get there? This session is designed for practitioners who are looking for ways to get started now with Docker and Swarm in production. This is not a Docker 101, but rather it's to help you be successful on your way to Dockerizing your production systems. Attendees will get tactics, example configs, real working infrastructure designs, and see the (sometimes messy) internals of Docker in production today. **Session Topics** * Preventing scope creep in your project planning (what you can throw out) * Dockerfile anti-patterns * OS and Kernel choice * Container image choice * Swarm architecture designs * Infrastructure layers to maybe outsource * Infrastructure "stacks", layer the solution from OS to cluster GUI


Docker Security

<p>The security of containers has been a hotly discussed topic in recent months. This talk will explain the main concerns around container security, and offer some best practices and guidance for addressing them.</p> <p>The guiding philosophy will be &ldquo;defence in depth&rdquo;; no one layer or tool should be relied upon to provide complete security.</p> <p>The topics covered will include:</p> <ul> <li>The isolation guarantees of containers</li> <li>Making sure your images haven&rsquo;t been tampered with</li> <li>How to limit the resources that containers can access</li> <li>How to audit and monitor containers</li> <li>Using VMs and containers together to maximize security and efficiency</li> <li>How to safely share secrets (API keys, passwords) with containers</li> </ul>



Stay tuned for more details about this talk!


Building a Modern Infrastructure Stack

<p><span class="s1">In this talk we&rsquo;ll walk through a modern production stack, everything from <strong>cloud deployment</strong>&nbsp;to <strong>load balancing</strong> based on our experience of developing <span style="color: #5c1367; font-weight: bold;"></span></span>.</p> <p>There is an enormous amount of effort that goes in to setting up infrastructure for modern, cloud native application. MANTL aims to remove much of the pain, but allow you to tweak you set up to you needs.</p> <p>MANTL is an open-source (Apache 2.0) project sponsored by Cisco that makes it&nbsp;easy for anyone to deploy infrastructure for running containers and streaming data applications.&nbsp;In less than a year we&rsquo;ve gained over 1,800 Github stars and have multiple production deployments.</p>


A Practical Guide to Container Scheduling

<p>Containers are at the forefront of a new wave of technology innovation but the methods for scheduling and managing them are still new to most developers.</p> <p>Turns out that Google have been scheduling and managing containers for some time now and in this talk we'll look at how the lessons we've learned have fed into the design and development of <a href="" target="_blank">Kubernetes</a>. How does Kubernetes schedule containers? How does it prioritize? What about node selection and external dependencies? How do you schedule based on your own needs? How does it scale and what&rsquo;s in it for Java developers and for developers in general? We&rsquo;ll use a combination of slides, code, demos to answer all these questions and hopefully all of yours.&nbsp;</p>


Secure Substrate: Building the Moby Whale

The popularity of containers has driven the need for distributed systems that can provide a substrate for container deployments. These systems need the ability to provision and manage resources, place workloads, and adapt in the presence of failures. In particular, container orchestrators make it easy for anyone to manage their container workloads using their cloud-based or on-premise infrastructure. Unfortunately, most of these systems have not been architected with security in mind. Compromise of a less-privileged node can allow an attacker to escalate privileges to either gain control of the whole system, or to access resources it shouldn't have access to. In this talk, we will go over how Docker has been working to build secure blocks that allow you to run a least privilege infrastructure - where any participant of the system only has access to the resources that are strictly necessary for its legitimate purpose. No more, no less.


Simplifying Container Management with Habitat

Containers provide a delightful development experience. It’s easy to download a container image and get started writing code. But it’s a different story when you have to run containers in production at scale. That’s when all the hidden complexities become apparent and the real challenges begin. What tools are you going to use to build, deploy, run, and manage your containerized applications? How are you going to manage difference between environments like staging and production with a fleet of immutable objects? How will you effectively scale containerized applications once you’ve deployed them? Habitat, our open-source project for application automation, simplifies container management by packaging applications in a compact, atomic, and easily auditable format that makes it easier to deploy your application on various container runtimes. Once your applications are deployed, the Habitat supervisor simplifies the complexities of running in production environments with built-in abstractions for functions typically handled by external tooling, such as dynamic scaling and rolling updates. In this talk I'll give a overview of Habitat, compare it with current methods used to package applications, and show how a Habitat built container reduces the complexity of running containers in production.


Java 2022: Containerized, Serverless, Cloud Native

A lot has happened to the Java ecosystem in the last decade. Despite numerous predictions of Java's death, it's alive and moving forward at light speed. This talk given by Andrey Adamovich will share his experience of using Java in cloud-native environments and give an overview and interesting technical details of features (cache, JIT/AOT, jlink, custom runtimes) and tools/libraries (GraalVM, Micronaut, Quarkus) that make Java ready for the present and for the future. Andrey will also focus on Java being optimized for serverless deployments, and give resource consumption and performance tuning tips. Also, he will make a comparison with other programming languages. **In this talk, you'll learn:** * Where does Java currently stand and what has happened in the last decade * Definitions of serverless and cloud-native and how Java's ecosystem fits into them * How the JVM fits into containerized, cloud-native, and serverless deployments with lots of technical details and real-life experience sharing


Kubernetes-ize your Java Application

Deploying your Java application in a Kubernetes cluster could feel like Alice in Wonderland. You keep going down the rabbit hole and don’t know how to make that ride comfortable. This no-slide and code-only session will explain how a Java application consisting of different microservices can be deployed in a Kubernetes cluster. Specifically, it will explain the following: * Show a Java application with three microservices * How this application is packaged as a Docker image * Create Kubernetes manifests * How Helm charts are created and hosted in a Helm repository * Test in a local environment such as minikube * Attach debugger (may need to find out if tooling exists in this area) * Install Istio in k8s, show service visibility * Install k8s on AWS * Migrate application from a local cluster to a cluster on the Cloud * Setup deployment pipeline using CodePipeline * Use an Alexa skill to scale the application * Change application, show A/B using Istio