Do you want to stay up to date with all that's happening with Cloud Native? Don't miss this month's Cloud Native London, the CNCF approved meetup!
Join us for three talks from Bryan Boreham (Weaveworks), Nic Jackson (Hashicorp), and Alex Ellis (ADP, Docker Captain).
Full agenda coming soon!
CNI, the Container Network Interface, is a CNCF project that provides a standardised API to talk to container networks. Today there are over 30 different CNI plugins available, and container runtimes which support CNI include Kubernetes, Rkt, Mesos, OpenShift and Cloud Foundry.
This talk will run through the basics of how CNI operates, catch up on recent developments such as ipv6, port mapping and plugin chaining, and look ahead at future plans.
Bryan is Director of Engineering at Weaveworks, whose mission is to make developers successful with containers and cloud-native computing. Previously, Bryan has spent many years designing, building and debugging large distributed systems for banks and software companies.
In this talk, we will look at the problems associated with running Docker containers with privileged status and some solutions to how you can harden your Docker-based security. Check it out!
To understand the problem, we will take a quick look at how user and group isolation works in Unix and how this translates into a container. We will also look at how user namespaces work in Docker and how simple it is to build a non-root Docker container. In addition to all of this, we will look at some simple tools which can automatically detect these problems and notify you if they occur.
How users and groups work in Unix
Security problems with running container processes as root
Understanding of container namespaces and user mappings
How to build a non-Root container
Edge cases where Root containers may be required
Nic Jackson is a software engineering evangelist working for notonthehighstreet.com, with over 20 years experience in software development and leading software development teams. A huge believer that the rise of Docker and container solutions is a positive transformation for the way we develop, deploy and maintain software.
OpenFaaS or Functions as a Service is a Cloud Native framework for building serverless functions (as popularised by AWS Lambda) with containers. Check out this talk by Alex Ellis to learn more!
The OpenFaaS framework lets you package any process as a serverless function for either Linux or Windows - just bring your own Kubernetes or Docker cluster. Avoid vendor lock-in by running it in your own datacenter or the cloud with your existing certified clusters and ecosystem. The project focuses on ease of use through its UI which can be used to test and monitor functions in tandem with tight Prometheus integration that allows the cluster to auto-scale for demand.
You can deploy OpenFaaS in 60 seconds on Kubernetes or Swarm and thanks to concise code templates all you need to write is a handler in your favourite programming language - let your cluster do the heavy lifting. OpenFaaS was recently trending as the top Golang project on GitHub and has over 4k stars. Come and find out how and why people are leveraging an event-driven architecture along with some cool interactive demos.
Alex is a Docker Captain and Principal Developer @ ADP where he has years of experience in the enterprise supporting payroll and HCM for up to 500k clients. He's a polyglot, blogger, published writer and mentor in the Docker and Raspberry Pi community.