Andrew Martin
DevOps Lead @ UK Home Office
Andrew is a DevOps Lead at the UK Home Office with a strong test-first engineering background gained developing and deploying high volume web applications. Proficient in application development and Unix systems architecture and maintenance, he is comfortable profiling and securing every tier of a bare metal or virtualised web stack, and has battle-hardened experience delivering containerised solutions to enterprise clients.
talkLive Container Hacking: Capture The Flag - Andrew vs Ben
Every day hackers are searching for potential exploits and vulnerabilities within systems. The system administrator’s aim is to create protections and defenses to ensure that they don’t succeed. But what does that look like live? This talk will demonstrate live reconnaissance, exploitation, and defence of running containers and orchestrators. Ben has challenged Andrew to try and capture his flag, represented by a Bitcoin. If Andrew manages to exploit a Docker/Kubernetes deployment, then he’ll capture the flag and as such the Bitcoin. Ben needs to ensure that all the correct defenses are in place to stop this from happening. Be witness to attack and defend methods of Docker Security. Learn the approaches hackers use and how to defend your systems. More importantly, who will win? Will any systems still be up by the end? Will the containers successfully contain and protect from Andrew’s onslaught?
workshopSecuring Docker Containers and Deployments (Advanced)
Docker provides a number of container security extensions that can appear esoteric and confusing to a new user. During this hands-on workshop, Andrew and Ben will share their experiences of securing Docker and Kubernetes based deployments. This workshop will demonstrate why containers are insecure and work with vulnerable containers to secure them against various forms of attack and privilege escalation. Attendees will work through: - Hardening Containers - Container intrusion detection - Docker and Linux vulnerabilities - Out-of-the-box security with Docker - Securing containers with Seccomp and AppArmor - Securing containers using Linux Kernel features - CI continuous security measures to lock down containers at all stages of their lifecycle. - A comprehensive summary of container native security tooling and a comparison with existing tools. Attendees will leave the session understanding Linux and Docker's security model, the limitations and how to maximise your container’s security.
Conference add-on: Register (£99)
Meet our international lineup of container experts
Learn about security, orchestration, networking and more
- Laura FrankCodeship
talkEverything You Thought You Already Knew About Orchestration
Do you understand how quorum, consensus, leader election, and different scheduling algorithms can impact your running application? Could you explain these concepts to the rest of your team? Come learn about the algorithms that power all modern container orchestration platforms, and walk away with actionable steps to keep your highly available services highly available.
More about Laura Frank
- David ChungDocker
talkManaging Infrastructure in the World of Containers
Containers improved efficiencies in delivering software and moved us towards dynamic infrastructure and continuous deployment of code. Even as container platforms like Kubernetes solved problems in deployment and scaling, problems in the infrastructure layer remain -- from bootstrapping of container platform itself to infrastructure provisioning, scaling and updates. This talk describes these problems and how InfraKit as a project solves them by providing common primitives and automation. The audience will see how InfraKit and related projects can work together to help automate the management of container platforms whether they run in public cloud or in private data centers.
More about David Chung
- Claudia BeresfordPivotal
talkContainer FS: Adapt or Die
Since 2011, before containers were containers, CloudFoundry has been coming up with groundbreaking new methods of dealing with processes and isolation in production. Over the last five years, different filesystems were used as the underlying structure for what now are called containers, to meet every new demand as they appeared. In this talk Tiago and Claudia will discuss the pros and cons of each adopted filesystem, pointing out the reasons for each pivot and the lessons learned in the process. Starting with AUFS in Warden “containers”, through turbulent experiences with BTRFS, finally they will demonstrate CloudFoundry’s current reliable and more maintainable solution using Overlay+XFS.
More about Claudia Beresford
- Andrew MartinUK Home Office
talkLive Container Hacking: Capture The Flag - Andrew vs Ben
Every day hackers are searching for potential exploits and vulnerabilities within systems. The system administrator’s aim is to create protections and defenses to ensure that they don’t succeed. But what does that look like live? This talk will demonstrate live reconnaissance, exploitation, and defence of running containers and orchestrators. Ben has challenged Andrew to try and capture his flag, represented by a Bitcoin. If Andrew manages to exploit a Docker/Kubernetes deployment, then he’ll capture the flag and as such the Bitcoin. Ben needs to ensure that all the correct defenses are in place to stop this from happening. Be witness to attack and defend methods of Docker Security. Learn the approaches hackers use and how to defend your systems. More importantly, who will win? Will any systems still be up by the end? Will the containers successfully contain and protect from Andrew’s onslaught?
workshopSecuring Docker Containers and Deployments (Advanced)
Docker provides a number of container security extensions that can appear esoteric and confusing to a new user. During this hands-on workshop, Andrew and Ben will share their experiences of securing Docker and Kubernetes based deployments. This workshop will demonstrate why containers are insecure and work with vulnerable containers to secure them against various forms of attack and privilege escalation. Attendees will work through: - Hardening Containers - Container intrusion detection - Docker and Linux vulnerabilities - Out-of-the-box security with Docker - Securing containers with Seccomp and AppArmor - Securing containers using Linux Kernel features - CI continuous security measures to lock down containers at all stages of their lifecycle. - A comprehensive summary of container native security tooling and a comparison with existing tools. Attendees will leave the session understanding Linux and Docker's security model, the limitations and how to maximise your container’s security.
More about Andrew Martin
- Ben HallKatacoda
talkLive Container Hacking: Capture The Flag - Andrew vs Ben
Every day hackers are searching for potential exploits and vulnerabilities within systems. The system administrator’s aim is to create protections and defenses to ensure that they don’t succeed. But what does that look like live? This talk will demonstrate live reconnaissance, exploitation, and defence of running containers and orchestrators. Ben has challenged Andrew to try and capture his flag, represented by a Bitcoin. If Andrew manages to exploit a Docker/Kubernetes deployment, then he’ll capture the flag and as such the Bitcoin. Ben needs to ensure that all the correct defenses are in place to stop this from happening. Be witness to attack and defend methods of Docker Security. Learn the approaches hackers use and how to defend your systems. More importantly, who will win? Will any systems still be up by the end? Will the containers successfully contain and protect from Andrew’s onslaught?
workshopSecuring Docker Containers and Deployments (Advanced)
Docker provides a number of container security extensions that can appear esoteric and confusing to a new user. During this hands-on workshop, Andrew and Ben will share their experiences of securing Docker and Kubernetes based deployments. This workshop will demonstrate why containers are insecure and work with vulnerable containers to secure them against various forms of attack and privilege escalation. Attendees will work through: - Hardening Containers - Container intrusion detection - Docker and Linux vulnerabilities - Out-of-the-box security with Docker - Securing containers with Seccomp and AppArmor - Securing containers using Linux Kernel features - CI continuous security measures to lock down containers at all stages of their lifecycle. - A comprehensive summary of container native security tooling and a comparison with existing tools. Attendees will leave the session understanding Linux and Docker's security model, the limitations and how to maximise your container’s security.
More about Ben Hall
- Michael HausenblasRed Hat
talkCan you restore and upgrade your Kubernetes cluster without downtimes?
As motivated in https://hackernoon.com/introducing-reshifter-for-kubernetes-backup-restore-migration-upgrade-ffaf78da36 there are currently not many end-to-end solutions available for backing up, restoring and live upgrading Kubernetes clusters. In this talk you’ll learn about the challenges of Kubernetes Disaster Recovery, backup/restore solutions and we’ll also see the ReShifter tool (http://reshifter.info/) in action.
More about Michael Hausenblas
- Alexei LedenevCodefresh
talkChaos testing for Docker containers
The best defence against unexpected failures is to build resilient services. Testing for resiliency enables teams to discover these failures before the customer notices. In my talk I'm going to present open source tool that can be used for containers resilience testing and network emulation.
More about Alexei Ledenev
- Paul BouwerMicrosoft
talkManage policy, testing and failures in your Kubernetes services with Istio
Istio is a service mesh that allows you to connect, manage and secure your services on Kubernetes with zero changes to your application code. This talk will guide you through the Istio capabilities that you should understand to easily deliver A/B testing, canary releases, rate limiting, security, and traffic policies across your services. In addition, we'll discuss how you can configure Istio to manage fault conditions in production, and inject faults in testing to improve your service resiliency.
More about Paul Bouwer
- Christoph Andreas TorlinskyNuage Networks
talkCNI/CNM - what does it all mean? Introducing container networking
This session will overview and elaborate what the current Container Networking frameworks all mean from a 'end user' point of view, often confusing and hard to navigate we have now two main frameworks - CNI (Container Network Interface) and CNM (Container Network Model). So what does it mean to you? Let's explore!
More about Christoph Andreas Torlinsky
- Cheryl HungStorageOS
workshopIntro to Container Storage (Beginner)
Developers have embraced containers and orchestration for the ease and flexibility of deploying web scale applications. However many developers run into difficulties when building and migrating stateful applications. What are your options for storage in a cloud native architecture? Use Docker and Kubernetes to deploy, manage and scale storage in this workshop.
More about Cheryl Hung
- Jussi NummelinKontena, Inc
talkBuilding geographically distributed microservices with containers
Running applications and services across several cloud providers and/or data centers can bring many benefits for organisations. Actually, in some cases it can even be a mandatory requirement. Making your application stack compliant with multiple cloud providers can be problematic as there are differences between cloud providers, for example in networking configurations. And to make things even more difficult, you should have a way to secure the intra-services’ communications between many cloud providers. In practice this means cumbersome network configurations with VPN and other networking security solutions. Luckily containers and modern (container) overlay networks can solve this complexity for you.
More about Jussi Nummelin
- Shane PeckhamMicrosoft
workshopMicrosoft Azure: Containers Everywhere
Come and join Microsoft to learn how and where we are plugging in containers into the Azure platform. From Azure Container Service and Kubernetes, to Azure Container instances and Web Apps for Linux. We will also throw a bit of Draft in the mix to work on closing the development inner loop
More about Shane Peckham
- Ivan PedrazasKube.camp
workshopIntroduction to Istio (Advanced)
Istio is an open platform to connect, manage, and secure microservices. Istio addresses many of the challenges faced by developers and operators as monolithic applications transition towards a distributed microservice architecture. During this workshop, we will learn the basics of how to install and configure Istio in Kubernetes.
More about Ivan Pedrazas
- Justin DaviesMicrosoft
workshopMicrosoft Azure: Containers Everywhere
Come and join Microsoft to learn how and where we are plugging in containers into the Azure platform. From Azure Container Service and Kubernetes, to Azure Container instances and Web Apps for Linux. We will also throw a bit of Draft in the mix to work on closing the development inner loop
More about Justin Davies
- Ed RobinsonReevoo
workshopBuilding Your Own Kubernetes Operator (Advanced)
Kubernetes Operators extend the Kubernetes API through CustomResourceDefinitions, enabling users to create, configure and manage applications. They are software that encapsulates the operational knowledge of a human operator. Projects like etcd, Prometheus and Rook have built operators to make managing their software simpler. But can you as a Developer, Sysadmin, or SRE on a small team reuse these ideas to build software that streamlines and automates your own processes? In this workshop we will introduce you to some of the patterns that are used in operators. Then we will split into small teams to work on a challenge to build your own simple operator.
More about Ed Robinson
- Elton StonemanDocker
workshopDocker on Windows: From 101 to Production (Beginner)
You can run Windows apps in Docker containers on Windows 10 and Windows Server 2016. In this workshop learn how to package existing ASP.NET apps as Docker images, run them in containers, modernize the architecture and deploy to production.
More about Elton Stoneman
- Tiago ScolariPivotal
talkContainer FS: Adapt or Die
Since 2011, before containers were containers, CloudFoundry has been coming up with groundbreaking new methods of dealing with processes and isolation in production. Over the last five years, different filesystems were used as the underlying structure for what now are called containers, to meet every new demand as they appeared. In this talk Tiago and Claudia will discuss the pros and cons of each adopted filesystem, pointing out the reasons for each pivot and the lessons learned in the process. Starting with AUFS in Warden “containers”, through turbulent experiences with BTRFS, finally they will demonstrate CloudFoundry’s current reliable and more maintainable solution using Overlay+XFS.
More about Tiago Scolari
- Liz RiceAqua Security
talkYour (container) secret's safe with me
In a containerized deployment, how do you safely pass secrets - like passwords and tokens - between containers without compromising their safety? If orchestration means a container can run on any machine in the cluster, how do you minimize access to your secrets on all those hosts? In this talk we will explore and demonstrate the risks, and discuss best practices for keeping your secrets safe.
More about Liz Rice
- Matt BatesJetstack
workshopGoogle Cloud: Kubernetes Core Concepts (Beginner)
In this workshop we’ll introduce the core concepts of Kubernetes. We’ll explain many of the common components you’ll come across and how they interact with each other. We’ll then go on to deploy a microservices demo application onto a Google Container Engine (GKE) cluster, before discussing what can be done to begin ‘productionising’ the deployment. Presented by Google Cloud in partnership with Jetstack.
workshopGoogle Cloud: Kubernetes Under the Hood (Advanced)
In this session, we’re going to be demonstrating some of the more advanced features of Kubernetes. We will start to give you an understanding of how to deploy more complex services such as databases onto a cluster. We’ll also do a detailed deep dive of the Kubernetes control plane, discussing the various components and how they interoperate to provide the core Kubernetes functionality. Presented by Google Cloud in partnership with Jetstack.
More about Matt Bates
- Adnan AbdulhusseinBitnami
talkContinuously delivering apps to Kubernetes using Helm
With Helm, you can deploy distributed apps on Kubernetes using packages known as charts, but how do you go beyond that initial deployment? Helm was designed to fit right into existing CI/CD pipelines and in this talk we'll see this in action. We'll also discuss the benefits of managing all your deployment configuration as code, and see how Helm enables this.
More about Adnan Abdulhussein