Brendan Burns (Microsoft Azure)
Talk details to be announced
Diogo Mónica (Docker)
Orchestrating Least Privilege
The popularity of containers has driven the need for distributed systems that have the ability to manage resources, place workloads and adapt to faults. These so-called Container Orchestrators have seen a rise in popularity in the enterprise that is reminiscent of the early container adoption. Open-source projects such as Docker Swarm, Kubernetes and Marathon make it easy for anyone to manage their container workloads using their cloud-based or on-premise infrastructure. Unfortunately, a lot of these orchestrator systems have not been architected with security in mind. In particular, compromise of a less-privileged node usually allows an attacker to escalate privileges to either gain control of the whole system, or to access resources it shouldn't have access to. Given the popularity of containers in the enterprise, it is critical that we start designing orchestrators that are designed with security in mind, and follow the principle of least-privilege, where any participant of the system only has access to the resources that are strictly necessary for its legitimate purpose. No more, no less.
Vishnu Kannan (Google)
Kubernetes meets Linux
Kubernetes is a cluster management infrastructure that can manage thousands of linux nodes and hundreds of thousands of linux containers. This talk will explore how kubernetes manages linux nodes under the hood. This talk will also present some of the current shortcomings of linux in the containers clusters space and explore how Google's Borg had solved those limitations.
Jonathan Boulle (CoreOS)
OCI and Open Container Standards
In 2015, the Open Container Initiative was formed to establish common standards around application container images and runtimes. Both specifications are fast approaching version 1.0, an important milestone release for the container ecosystem. This talk will explore some of the history of efforts to create standards for containers, describe the particulars of the OCI specifications today, and talk about what the future holds for users.
Michelle Noorali (Deis)
Highway to Helm
Helm is a tool that helps you find, share, build, and manage Kubernetes native applications. It allows you to install packages (or Charts) of Kubernetes resources and manage them as a single unit. In this talk, we'll discuss the history of helm, how to use it, and how to get involved with the helm community.
Scott Coulton (Puppet)
If It's In a Container It's Secure Right?
In the talk we will look at the different layers of security that can be applied to a container eco system and the different teams responsibility in the eco system to deliver security. From the sysadmins point of view how do i make sure the container daemon is secured, what official hardening guides are out there to follow. From an application developers point of view, how does secomp/appapparmor work ? To make sure that only the process from the application have access to the host machine. Now that we have the local container secured, how do we make sure our deployments follow the same structure and security profiles. Can we add security checks to our container CD pipeline like we would quality gates ? Lastly we will look at from the point of the security team. How can they have input to all the steps we have taken from beginning of the process and not the end. Allowing all the teams to work together breaking down silo to deliver a solution.
Docker Orchestration (Workshop)
Deployment and orchestration at scale. Docker Captain Scott Coulton walks you through taking an application from development to production with Docker. You’ll run a sample app on a single node with Compose and add scaling and load balancing before provisioning a cluster of Docker nodes and deploying the application on that cluster. Scott also demonstrates how to perform Ops tasks and explores options for high availability.
Liz Rice (Aqua Security)
Containers from scratch - the sequel!
What are containers, really? In this talk we dispel the magic by writing one live in Go from scratch, so you can really see what people mean when they talk about namespaces and control groups. This is an evolved version of a talk at Container Camp London, with some more container features and a few extra twists and turns!
Angus Lees (Bitnami)
Kubernetes and the Rise of Serverless
There is an ongoing transition in infrastructure plumbing as successive technology layers emerge, evolve and mature. Containers and Pods are now the lowest compute unit, and the building blocks become “applications/services” rather than “servers”. We look at Kubernetes applications definition and how serverless computing fits within this new model, putting the focus on application design and operation rather than on bare infrastructure.
Michael Hausenblas (Red Hat)
Docker, Kubernetes, and OpenShift for Developers
So, you want to use Docker and Kubernetes for your development but don’t want to spend your days writing Dockerfiles and running Docker builds? In this talk you will learn how to deploy and manage applications using docker, kubernetes, and the open source OpenShift projects to truly simplify your development flow. Diving a bit deeper, we will learn how to use the Source 2 Image project to automatically build and deploy docker images straight from source code. After that, we will take it up a notch by learning how to add databases and scale the application to achieve fast response times for your users. At the conclusion of this talk, we will have built a geo-spatial application backed with a MongoDB database as well and understand the workflow to build, deploy, scale and manage applications deployed using Docker, Kubernetes, and OpenShift. And just for giggles, we will also learn how to do A/B and Blue / Green deployments.
Luke Bond (UK Home Office)
Building a Kubernetes Operator (Workshop)
In 2016, CoreOS announced "Operators", a semi-automatic weapon for automation of operations for complex, stateful services- the kind of service that fall outside of the easy-to-automate services commonly discussed in the PaaS and container world. In this workshop, we will write our own Operator for a real, complex, distributed service: PostgreSQL. You will also learn about how Operators relate to other Kubernetes concepts such as StatefulSets, ReplicaSets and Deployments. We will build the Operator in Golang; even if you have only a very basic familiarity with Golang you will still find the workshop useful, as the workshop will work towards the solution iteratively, providing all code along the way. Whilst this is an advanced topic, we will do our best to accommodate all levels of experience.
Mike Hepburn (Red Hat)
OpenShift - Cloud Deployments Made Easy (Workshop)
A hands on workshop for developers and operators who can learn to easily deploy container based applications to OpenShift Container Platform - RedHat's enterprise Kubernetes Container based Platform as a Service. Learn about deployment strategies, CICD techniques, microservices architectures and hear real world stories and techniques for speeding up your enterprise deployments safely - so you can get your weekends back!
Vishal Biyani (Infracloud Technologies)
Deploying Serverless on Kubernetes with Funktion, Iron Functions & Fission
The talk will demo running serverless (Function as a service) style frameworks on top of Kubernetes. We will compare Funktion from Fabric8, Iron Functions and Fission from Platform9; each framework comes with its strength & weaknesses be it connectors or maturity of deployment. We will evaluate and demo these frameworks from POV of 1) Built in triggers 2) Cold start capability 3) Runtime availability 4) Ease of use: deployment and operations 5) Additional features such as API gateway etc. We will demonstrate two distinct use cases one with low latency requirement and one without.
Kubernetes 101 (Workshop)
The workshop will start with setting up a Kubernetes cluster and understanding the components of the architecture. We will show how to interact with Kubernetes with Kubectl & API. Next we will cover basic types such as POD, ReplicaSet, Service, Ingress, StatefulSet, Labels & selectors in concept and one sample of each deployed to a live cluster. Next we will compose an application composed of various types we discussed earlier and deploy to cluster. The last section will cover areas such as networking, storage, integration with the underlying cloud provider and one sample each.
Ian Lewis (Google)
Kubernetes 101 (Workshop)
How do I manage application at scale? That’s a common question facing developers today and this code lab helps to make sense of the ever changing scalable app landscape. Use Docker and Kubernetes to deploy, scale, and manage a microservices based application in this workshop.
Aleksa Sarai (SUSE)
Rootless Containers with runC
Essentially all popular container runtimes require some form of root privileges in order to create and manage containers. This becomes a problem for certain systems, where administrators are hesitant to install any software, let alone a container runtime -- many of which allow for privileged containers without authentication. In this talk, Aleksa Sarai will describe recent work done within runC by himself and other maintainers to allow people to use rootless containers with a well-supported container runtime, as well as discussing challenges discovered by this work and kernel work which is being done to alleviate these challenges and bring a new form of containers to users and developers. In addition, he will briefly talk about image formats and the management of images without privileges as well.
Andrew Martin (UK Home Office)
Securing Docker Containers (Workshop)
Docker provides a number of container security extensions that can appear esoteric and confusing to a new user. This workshop will demonstrate why containers are insecure and work with vulnerable containers to secure them against various forms of attack and privilege escalation. Attendees will work through hardening, intrusion detection, and CI continuous security measures to lock down containers at all stages of their lifecycle. It finishes with a comprehensive summary of container native security tooling and a comparison with existing tools.
Christian Brauner (Canonical)
Mixing cgroupfs v1 and cgroupfs v2: finding solutions for container runtimes
With the release of kernel 4.5 the new cgroupfs v2 API was declared non-experimental. But the missing feature parity between cgroupfs v2 with cgroupfs v1 makes it nearly impossible for container runtimes to use it. Especially before the cpu controller is merged, no runtime is expected to switch to it by default. Nonetheless cgroupfs v2 is slowly making its way into various distributions. This brings with it a new set of problems and challenges which container runtimes must tackle. For example, one of the core problems container runtimes will have to face is how to support running cgroupfs v1 hierarchies inside a container while the host is running a cgroupfs v2 hierarchy and vica versa. This talk will try to outline some of these problems more clearly, and suggest possible solutions and hopefully inspire a fruitful discussion that leads to further solutions or at least helps to identify and specify various problems more clearly.
James Buckett (levvel.io)
Kubernetes and the Next Generation Data Center
Kubernetes and the Next Generation Data Center Kubernetes is becoming an attractive option to run true hybrid cloud workloads without vendor lock in. Cloud providers such as Microsoft Azure and Google Kontainer Engine offering Kubernetes support enable this capability. Kubernetes Federation and Federation Ingress are key concepts to understand. I will discuss Kubernetes, Kubernetes Federation and Federation Ingress and how they will drive future hybrid cloud workloads.
Michael Withrow (Twistlock)
Scaling App Defense with Intent Based Security
While some have focused on trying to bend traditional security approaches to fit containers and devops, the larger security opportunity has often been missed. Containers, both the core technology and the operational patterns they enable, have some fundamental differences from traditional models. In the session, we examine the changes to the threat landscape that containers bring, what fundamental characteristics of containers are different, and how security organizations can leverage these characteristics to understand developer intent and automate the creation and management of scalable, yet app tailored, defenses.
Rachit Arora (IBM)
Running Hadoop Clusters as a Service in Production using Containers
In order to build and deploy an analytic service on Cloud is a challenge and bigger challenge is to maintain the service. Users are moving towards the model where they want to provision an instance of service on the fly and use it for analytics and done with the service when done. Containers is now proven technology to deploy and distribute modules quickly, easily and reliably. Intent of this talk is to share the experience of building such service. Usually it takes weeks to provision a production/enterprise ready hadoop cluster. In this Session we will give details on how we have build a platform which is offering Hadoop Clusters to the user within 4 mins out of which 2-3 mins are used be various hadoop components to start. In This we will also discuss the framework used to deploy 1000s of containers on 100s of machine and efficiently handle resource management. In this session there will be discussion on how stateless containers help in patching 1000s of containers in very short time.
Sven Dowideit (Rancher Labs)
Building and using micro Linux distributions for Docker
Docker containers have transformed how new software is developed, with hundreds of millions of containers supporting applications in production today. However, every container needs a Linux host on which to run. This talk will provide a short history and landscape review of Linux microdistributions available today, before diving into the considerations for building and using such distributions.We'll include the architectural decision points involved with buiLding and choosing a container-focused Linux distribution, and conclude with demos and practical use cases for developers, DevOps, and operations teams who are investigating and using containers today.
Vincent De Smet (honestbee)
Distributed Command Execution using Containers and Cog
Overview of Operable Cog (a ChatOps bot) and how it uses containers and Docker hosts to execute command across a distributed set of servers. A 30 minute talk about ChatOps and the power of linux command pipelines when leveraging technologies such as Docker. I hope to ignite an interest to attract new FaaS oriented frameworks on integrating with the user interface provided by Cog.