In this meetup we have two talks on The Dockerfile explosion and the need for higher level tools by Gareth Rushgrove and Container Security by Phil Estes
Dockerfiles are great. They provide a zero-barrier-to-entry format for describing a single Docker image which is immediately clear to anyone reading them. But with that simplicity comes problems that become apparent as your adoption of Docker gathers pace. This talk will: * Discuss the triggers for when managing Dockerfiles adhoc becomes a problem, including the passing of time and scaling teams and organisations usage of Docker* Talk about some of the strategies for managing Dockerfile sprawl* Show multiple examples from the Docker community of attempts to abstract away from Dockerfile, and why that might not always be the best approach* Speculate wildly and show experiments which look to address some of the issues discussed
This talk won’t provide a clear solution, but will hopefully make a good case for the problem being real, and provide a good overview of existing options and avenues for further hacking.
Gareth Rushgrove is a product manager at Docker. He works remotely from Cambridge, UK, helping to build interesting tools for people to better manage infrastructure and applications. Previously, he worked for the UK Government Digital Service focused on infrastructure, operations, and information security. When not working, he can be found curating the Devops Weekly newsletter or hacking on software in new-fangled programming languages.
Security has long been a hot discussion topic when modern Linux containers are compared to other isolation technologies such as virtual machines. Recently on DockerCon's keynote stage an extremely large enterprise, ADP, who manage highly sensitive personal information for millions of clients, made the bold claim that they came to containers because of, not in spite of, security requirements. In this talk, Phil will walk through the core security capabilities available today in Docker and other container runtimes, and how those capabilities have improved for both pure container isolation, but also improvements and capabilities that touch across the whole lifecycle of a container workflow. Phil will demonstrate recent additions to the Docker engine in 2016 such as user namespaces and seccomp and how they continue to enable better container security and isolation.
Phil is a Senior Technical Staff Member in the office of the CTO of IBM Cloud Platform. Phil is a core contributor and maintainer on the Docker engine project where he has contributed key features like user namespace support and multi-platform image capabilities. Phil is also a founding maintainer of the CNCF containerd project, and participates in the Open Container Initiative (OCI) as a contributor to the development of runc.
Ilya is a Developer Experience Engineer at Weaveworks, focused on making the adoption of microservices easier
Luke heads up Developer Experience at Weaveworks, where he spends his time thinking about how to optimise for happy users. He gets involved in open source projects, develops software, works on content and user journeys, and enjoys speaking at meetups and conferences. He previously co-founded ClusterHQ.