Do you want to stay up to date with all that's happening with Cloud Native? Don't miss this month's Cloud Native London, the CNCF approved meetup!
Join us for three talks from Bryan Boreham (Weaveworks), Nic Jackson (Hashicorp), and Alex Ellis (ADP, Docker Captain).
Full agenda coming soon!
CNI, the Container Network Interface, is a CNCF project that provides a standardised API to talk to container networks. Today there are over 30 different CNI plugins available, and container runtimes which support CNI include Kubernetes, Rkt, Mesos, OpenShift and Cloud Foundry.
This talk will run through the basics of how CNI operates, catch up on recent developments such as ipv6, port mapping and plugin chaining, and look ahead at future plans.
Bryan is Director of Engineering at Weaveworks, whose mission is to make developers successful with containers and cloud-native computing. Previously, Bryan has spent many years designing, building and debugging large distributed systems for banks and software companies.
In this talk, we will look at the problems associated with running Docker containers with privileged status and some solutions to how you can harden your Docker-based security. Check it out!
To understand the problem, we will take a quick look at how user and group isolation works in Unix and how this translates into a container. We will also look at how user namespaces work in Docker and how simple it is to build a non-root Docker container. In addition to all of this, we will look at some simple tools which can automatically detect these problems and notify you if they occur.
How users and groups work in Unix
Security problems with running container processes as root
Understanding of container namespaces and user mappings
How to build a non-Root container
Edge cases where Root containers may be required
Michael is a Developer Advocate for Go, Kubernetes, and OpenShift at Red Hat where he helps appops to build and operate distributed services. His background is in large-scale data processing and container orchestration and he's experienced in advocacy and standardization at W3C and IETF. Before Red Hat, Michael worked at Mesosphere, MapR and in two research institutions in Ireland and Austria. He contributes to open source software (mainly using Go), blogs and hangs out on Twitter too much.
Nic Jackson is a developer advocate and polyglot programmer at HashiCorp. He is the author of Building Microservices in Go, which examines the best patterns and practices for building microservices with the Go programming language. In his spare time, Nic coaches and mentors at Coder Dojo, teaches at Women Who Go and GoBridge, and speaks about and evangelizes good coding practice, process, and technique.
OpenFaaS or Functions as a Service is a Cloud Native framework for building serverless functions (as popularised by AWS Lambda) with containers. Check out this talk by Alex Ellis to learn more!
The OpenFaaS framework lets you package any process as a serverless function for either Linux or Windows - just bring your own Kubernetes or Docker cluster. Avoid vendor lock-in by running it in your own datacenter or the cloud with your existing certified clusters and ecosystem. The project focuses on ease of use through its UI which can be used to test and monitor functions in tandem with tight Prometheus integration that allows the cluster to auto-scale for demand.
You can deploy OpenFaaS in 60 seconds on Kubernetes or Swarm and thanks to concise code templates all you need to write is a handler in your favourite programming language - let your cluster do the heavy lifting. OpenFaaS was recently trending as the top Golang project on GitHub and has over 4k stars. Come and find out how and why people are leveraging an event-driven architecture along with some cool interactive demos.
Alex is a Docker Captain and Principal Developer @ ADP where he has years of experience in the enterprise supporting payroll and HCM for up to 500k clients. He's a polyglot, blogger, published writer and mentor in the Docker and Raspberry Pi community.