Container virtualization has become the tool of choice for running isolated applications in cloud environments. Linux-Containers virtualize at the operating system level, with multiple containers running atop the operating system kernel directly. Therefore, threats to one container are potentially threats to many others. Especially for PaaS and Serverless providers, the secure execution of untrusted workloads on their platform in order to mitigate software vulnerabilities from spreading has high priority. Containers face a variety of different threats, vulnerabilities and historical weaknesses that need to be considered and defended against. In this talk we will look at different approaches for securing container workloads. gVisor, Kata Containers, Nabla Containers and Firecracker are presented and compared with each other.
Developing everything in containers? Then you might be ready for Fedora Silverblue — an immutable desktop OS built for container workflows! Silverblue is built on top of rpm-ostree providing atomic upgrades, easy rollbacks, and even installing individual packages when necessary. Come for a quick overview covering the basics of rpm-ostree, Flatpak (containerized graphical application), and the overall experience of using a container-oriented desktop.
Everyone wants to do DevOps. But only few understand what DevOps is and what it does with your company. When you want to introduce DevOps in a company you need to convince decision makers that it is worth to invest money / time / resources into the DevOps transformation. They will ask you about the business case and the return on investment of DevOps. In this talk I will show you how to convince the decision maker about the business case and the return on investment of DevOps, so that you get the money / time and resources for your DevOps transformation.
The intent of this talk is to share the experience of building such a service and deploying it on a Kubernetes cluster. In this talk we will discuss all the requirements which an enterprise grade Hadoop/Spark cluster running on containers bring in for a container orchestrator. This talk will cover in details how Kubernetes orchestrator can be used to meet all our needs of resource management, scheduling, networking and network isolation, volume management etc.
For developers, the benefits of a cloud native approach are quickly clear. However, these advantages are not as readily apparent to people who don’t code - yet those same people usually hold decision making and budgetary power. This talk seeks to explain the what, why, and business benefits of being cloud native without diving into code. Audience members will learn how to explain cloud native technologies to non-coders and give the business case for a cloud native approach at the organizational level.
The world of IT and technology is moving faster than ever before. Cloud native technology and application architecture have been influencing and disrupting the software engineering discipline for the past years and there is no end in sight. But according to Gardner we are currently entering the trough of disillusionment. So does this mean we followed the wrong path and that we should turn back? Hell no!!! Despite of all disbelievers and trolls: cloud native is neither a failure nor a hype anymore! It will become mainstream. We already see widespread adoption at all our customers. Of course there still is a lot of room for improvement. No doubt about that. Technology, methodology, processes, operations, cloud native architecture and software development need to mature even further to become boring and ready for the enterprise. This is software industrialization in its purest form. And our skills and expertise are required to make this happen.
Ashutosh will present the quirks of scaling up Custom Controllers - around implementing mutex, handling upgrades and best practices around versioning of the CRs. The talk is based on the experiences of running Custom Controllers in openebs project. CRs are crucial part of Kubernetes ecosystem enabling projects to put their own sauce within Kubernetes environment. Whenever it comes to access/modify a resource in the world of concurrent programming the very first thing that would come to our mind is mutexes to avoid undesired behaviours. This talk will walk through live examples of code and CR YAMLs.