104581 - Auto-scalable microservices for Machine Learning @ UnifyIDIn this talk we’ll show how we’re scaling our Machine Learning back-end at UnifyID, capable of servicing 1+ million users, requiring both CPU, but mostly GPU intensive Neural Network computations. We’ll be demonstrating how we are running containers on EC2 GPU instances and how we have tackled some problems often seen when deploying Machine Learning clusters in production. Issues addressed include but not limited to:
Horizontal scaling using GPU information from NVML.
Leveraging multiple APIs for ML (TensorFlow, Caffe, Torch) by creating a uniform API for ML microservices.
Running unreliable, academic quality ML code reliably in production.
This is how the talk will progress; We will start by discussing the design of our auto-scalable ML back-end and the issues we tried to address. Then we will present our uniform, open-source API for Machine Learning microservices, which is available on DockerHub. Then we’ll discuss why GPU horizontal scaling is still unavailable for Kubernetes and Mesos. Finally we will present our in-house built auto-scaler which works based on GPU information from NVML.
105231 - The Rise of Cloud Development with Docker & Eclipse CheWe are witnessing the death of localhost and the rise of cloud development. Developing in the cloud provides one-click environments, better team onboarding and collaboration, and workspace platforms that improve agile workflows. Eclipse Che - a developer workspace server and next-generation Eclipse IDE - is the leading platform of this movement. It's gathered 4000 GitHub stars, 25K downloads / week, and 100 contributors from Codenvy, Docker, Red Hat, Microsoft, IBM, Bitnami, Samsung, SAP, and Software AG.
We'll discuss the market drive to cloud development, the battle with IT over root, and why containers are displacing Vagrant as defacto developer environments. We'll also discuss the Che community and how its community are distributing workspaces to modernize agile.
105387 - On-Demand Image Resizing from Part of the Monolith to Containerized MicroserviceIn this talk I will cover our experience moving CNET, from an in-house monolith image resizing application, to a containerized open source micro-service. I will detail the planning and development phases of the micro-service, which utilizes Thumbor. I will also cover the testing, deployment and monitoring strategies used in the process. Running in Docker Swarm Mode and delivering millions of image requests a day, the service has greatly improved stability and reduced infrastructure needs by 80%.
105442 - The Future is Cloud Native: How Projects Like Kubernetes, Prometheus, OpenTracing, and gRPC Will Help Shape Modern InfrastructureMany of today’s software-defined organizations, like Ticketmaster, ShowMax and VSCO, look to cloud native projects for crucial management and maintenance within their ever-changing infrastructures. For the 2017 DockerCon audience, Chris Aniszczyk, COO of the Cloud Native Computing Foundation, will moderate an introspective panel – featuring cloud native insiders like Ben Sigelman, lead author of OpenTracing; Jayant Kolhe, engineering director on gRPC; Aparna Sinha, product lead for Kubernetes; and Fabian Reinartz, core Prometheus developer – to discuss how these thriving open source projects will help shape modern infrastructure.
This expert panel will also address what it takes to develop meaningful cloud native systems, how these technologies fit into the overall stack, how to foster committed maintainers for emerging cloud native projects, and much more.
Aparna Sinha Bob Hrdinsky Julius Volz Ben Sigelman Chris Aniszczyk
105668 - Learning to Take Care of Your SELFPeople in tech are prone to working too much and all the time. Most of us really love what we do. We want to do our best. We want to succeed. We want to change the world with the code we write. Besides our normal day jobs we are involved in a ton of open source and community related volunteer projects. We work long nights. We work weekends. We give all we have. And a lot of times we forget ourselves. We neglect family, friends, and hobbies.
This work ethic may seem great at first glance but the consequences are drastic. In order to prevent those drastic consequences from happening we need to take a step back and evaluate. We all need to learn to take better care of ourselves! We all need to learn to practice SELF care more and more efficiently. Learning to take care of your SELF can be hard sometimes. It’s something you need to practice continuously. The goal of this talk is to 1) take a look at self-care: What is it? Why is it important? Why is it so hard? What can happen if we don’t take care of ourselves? and 2) teach you how to continuously practice self-care. When you take care of your SELF you have so much more to give!
* Introduction - Who am I? What is this talk about? (2 minutes)
* What is self-care? (3 minutes)
* Why self-care? (3 minutes)
* Why is self-care so hard? (2 minutes)
* What can happen if we don’t take care of ourselves (4 minutes)
* Learning to take care of yourself: Practicing self care (11 minutes)
* Q&A (5 minutes)
106041 - Creating Effective ImagesSick of getting paged at 2am and wondering "where did all my disk space go?" This has actually happened to me, and you can learn from my mistakes! New Docker users often start with a stock image in order to get up and running quickly, but that isn't always the right answer. Creating efficient images is overlooked, but important. Beyond saving resources, using minimal images also delivers important security benefits: include only what you need, and not a whole runtime that might have security vulnerabilities.
In this session, I'll talk about how to create effective images, and lessons I've learned from running containers in production at a number of startups. I'll also cover topics like "how do layers work?", and some things you should think about when creating your images, such as; choosing or creating the right base image; ordering your statements correctly for caching; using RUN statements conservatively; and cleaning up as you install dependencies. I'll also address best practices; both at a high level (like using dual container builds - one to build an artifact, and one to build from base); and some language-specific best practices, for example, tips and tricks for creating containers for Node.js vs Go
To illustrate these points, we'll cover:
* How layers work?
* Choosing a base image vs. creating your own with scratch.
* The basics for building minimal images: ordering statements correctly for
caching awesomeness, using RUN conservatively, clean up as you go.
* High level best practices for Linux containers (in general, and some language
* Let's talk about Windows! High level best practices for Windows container
* Good vs. not so good Dockerfile examples
* Docker Image Scanning
* Looking forward to the future for even more optimization: Unikernels for
106080 - Taking Docker from Local to Production at IntuitIn this talk we will share how a small team at Intuit moved Docker from local to production serving real and critical workloads. We will share how we addressed the organization challenges of running Docker at large enterprises by building a business case for a pilot project to prove the value of containers and its real world application. Next, we will share how we solved the technical challenges that present themselves when taking Docker from local to production in a corporate data center. We will share the blueprint for the business case and the associated pilot which laser focused on running stateless back-end services throughout the entire SDLC. Finally, we will highlight our crawl-walk-run approach that allowed us to make inexpensive mistakes before investing in the right areas as our Docker knowledge increased. We will share the major technical issues we encountered, how we overcame them and the lessons we learned.
JanJaap Lahpor Harish Jayakumar
106270 - Deep Dive in Docker Overlay NetworksThe Docker network overlay driver relies on several technologies: network namespaces, VXLAN, Netlink and a distributed key-value store. This talk will present each of these mechanisms one by one along with their userland tools and show hands-on how they interact together when setting up an overlay to
The talk will continue with a demo showing how to build your own simple overlay
using these technologies.
106271 - Troubleshooting Tips from a Docker Support EngineerDocker makes everything easier. But even with the easiest platforms, sometimes you run into problems. In this session, you'll learn first hand from someone whose job is helping customers fix these problems. Using Docker and Docker Data Center, you can keep your apps running smoothly with minimal downtime.
In this session, you'll learn how to apply your troubleshooting skills in the Docker ecosystem, including:
1. Identification and characterization of the problem.
2. Command line tools to inspect networking and namespaces.
3. Applying these skills to your workloads on OSS Docker and on DDC.
106407 - Your Auto Scaling BotIn this talk we will talk about a docker swarm architecture that scales automatically with the help of a Slack Bot.
The talk will include
- Docker Swarm and Docker Compose
- Monitoring containers by cadvisor
- Managing alerts with promotheus and alert manager
- Running a slack bot that decides to deploy or undeploy services
- Generating load with siege
106413 - From Docker Zero to Hackathon WinnerThis is my story about how I got involved in the Docker hackathon (and won) without knowing Docker at all. I'll share what technological limitations I had before using Docker and how I managed to solve them, and also some tips to getting started. As a closing, I'll talk about the Whaleprint project and some key features that we would love to see in docker today.
106465 - Lowering the Barrier to Entry with DockerWith the growing demand for developers, the IT industry is tasked with bringing more workers into the field. Along with the lack of support from universities, stereotypes and ignorance are a major blocker to this initiative.
I will speak about my journey into technology (from a background in film and art) by finding things that lowered the barrier to entry for me and how I attained the skills necessary to become a cloud automation engineer in 4 months.
While in that job, I wanted to learn Docker, but my colleagues advised against it, as it was too advanced of a topic. Out of necessity, I learned it anyway, and I discovered that, because of the concept of inverted learning, Docker is arguably a very strong tool in lowering the barrier to entry into technology for many others.
106473 - Docker In ChinaDocker has become extremely popular in China. Since October of 2016, Alibaba Cloud and Docker partnered to drive adoption of containerized applications in China. In this talk, I will share the status for this program and will present the latest survey of container adoption in China. We'll take a deep analysis of the current landscape and what is different about China's market.
In this session, we will also share some use cases for container usage in enterprises - i.e. how Alibaba group build the core business application platform based on scalable container infrastructure and how local enterprises run their business with container technologies in a hybrid cloud environment.
106478 - Cluster SymphonyAny talk about containers always ends up with a discussion of orchestration. A containerised application is seen as a musician playing her part exactly when required. Playing in harmony with other containers. All watched over by a benevolent conductor in the form of Docker swarm, kubernetes or marathon.
Once we have a lot of these musicians playing, getting out of tune, self-healing, ephemerally appearing and disappearing in different corners of our cloud - it becomes ever harder to perceive our system as a whole, to reason about it, to ensure that harmony is preserved. Lately we've seen a number of approaches to visualizing such systems with the use of D3 and other visualization frameworks. There are also new tools for monitoring - as we realize old tools aren't adequate. But it always stroke me as a paradox. We talk about cloud orchestration but we only provide a textual and visual representation of it. This is a silent orchestra!
That's why I decided to give this orchestra a voice. The idea is to associate each application/image repository with a specific sonic frequency, monitor its state and cluster location, and then transcribe this data into midi notation. This way we will be able to listen to our cluster in the way a sonic telescope listens to the stars.
It's hardly practical in this early stage but it can be beautiful, inspiring and may provide a totally new way of monitoring a cluster health in the future.
106530 - Building the Super-Dynamic Demo CenterWhile developer tools and a typical SDLC are important to us all, it is not uncommon for field sales engineering organizations that make customer-facing product demos to have such a coordinated process. We will show how using Docker (and a CI pipeline) we modernized a field sales engineering "Demo Center", made it more efficient, flexible and a capable of handling lots of new use cases.has become truly enabling service.
We will show you how to go from a very manual devops process, to a Docker Service based product demonstration center using features of Docker 1.12 (Swarm Mode) and using Splunk for Analytics, how truly enabling it has become.
106548 - Do you speak Exec-glish?Have you been prototyping Docker? Do you like what it can do? Are you having a difficult time selling it to your leadership?
Or are you an executive and your team is glowing about DevOps? Do you understand the business value that it can offer?
Gaining large-scale adoption of container technology requires an ability to translate tech-speak into exec-speak. We will provide some examples from what worked for us, as well as some mistakes that we would avoid next time.
We have built a major DevOps effort from the ground-up in the definition of "bureaucrazy" - the US Federal Gov't. We'd like to share some of our lessons learned so that you can apply them in your organizations.
The use of tools in the "DevOps" operating model require consistent support. This support must be provided in various ways - management support, rank and file support, and most importantly financial support.
106569 - Reproducible Dynamic Report Generation with Docker and RAutomatic report generation is extensively needed in reproducible research and commercial applications. However, operation system-level reproducibility is still a huge concern in the current implementations. I'm going to demonstrate how easy it is to write a dynamic and reproducible report with the help of Docker, Docker API R client package, and the R package liftr we developed. Specifically, you will see how to dockerize your existing R Markdown documents, with applications to the analysis of petabyte-scale cancer genomics data, and the potential to distribute and reuse such reports.
106596 - Lightning UnikernelsLet's take a lightning tour of this exciting new technology, in 600 seconds we'll do a race around what are unikernels, what technologies exist and at least 2 demos !! Then we'll all breath again ...
106613 - Empower Your Docker Containers with WatsonTransform your Docker containers with the power of Watson. In this session you will learn how to add cognitive capability to your application with specific use cases built on Docker that leverage Watson's conversation service, tone analyzer and others with minimal development effort. Join us and learn how to take your Docker containers to the next level!
Phil Estes Lin Sun
106614 - Container Evolution Journey at PayPalThe biggest challenge for any adoption in an enterprise is how to adapt new technology alongside generations of legacy applications and tools. Similar challenges exist while adopting Docker as containerization technology. This talk covers how to solve the challenge of Dockerizing hundreds of legacy apps across thousands of world wide developers, without transforming (imposing) the developers into overnight Docker experts, causing minimum overhead/touchpoints for the conversion and ensuring risk-free production migration. PayPal is in the middle of the journey, with the goal of containerizing all legacy applications to Docker containers. Containerization is the first step in the goal of moving to a dynamic cluster managed environment where any legacy application can live anywhere in the cluster.
Kamalakannan Congevaram Muralidharan
106622 - Localization with NLP: Global Empire-Building for Fun & ProfitIn order to establish a user base across the globe, a product needs to support a variety of locales. The challenge with supporting multiple locales is the maintenance and generation of localized strings, which are deeply integrated into many facets of a product. To address these challenges at Qordoba, we’re using highly scalable technologies and natural language processing (NLP) to automate the process. Specifically, we need to generate high-quality translations in many different languages and make them available in real-time across platforms, e.g. mobile, print, and web. The combination of Docker & various open source tools such as Scala, Apache Spark, Apache Kafka, Apache Cassandra, & Apache PredictionIO (incubating) provides structure for a scalable localization platform with machine learning at its core.
In this talk, we describe the techniques we’re using to provide:
* Continuous deployment of localized strings
* Live syncing across platforms (mobile, web, photoshop, sketch, help desk, etc.)
* Content generation for any locale
* Emotional response
We will also share our architecture for handling billions of localized strings in many different languages. We talk about our use of Docker for the following purposes:
* Local development
* Continuous integration & continuous delivery
* Auto-scaling for training, cross-validation, and prediction
* Dependency management
We present our natural language processing (NLP) techniques in the context of a platform that makes it feasible to build products that feel native to every user, regardless of language.
106642 - From Arm to Z: Building, Shipping, and Running a Multi-platform Docker SwarmWe live in a multi-platform world, and who doesn't want their project to run on all of them? The last few DockerCon events have covered the introduction of multi-platform image capabilities into the Docker registry and engine releases. Now it's time to put these features to good use building applications across architectures and running them all in a heterogeneous Docker Swarm!
In this talk we'll cover the new `docker manifest` command for making multi-architecture images; how to emulate architectures in docker containers on your own machine; and give a live demonstration of these capabilities with a Docker Swarm consisting of workers of different CPU architectures, including armhf, ppc64le, s390x, and x86_64. We'll also share some pointers for making sure your project is multi-platform ready!
1. Attendees will be introduced to manifest lists and how to create multi-arch images using the new 'docker manifest' command.
2. Attendees will learn how to easily create and deploy a basic multi-arch service using multi-platform images.
3. Bonus: Attendees will learn how to run non-native docker containers on their systems.
Christopher Jones Christy Perez
106647 - Cool Genes: The Search for a Cure Using Genomics, Big Data, and DockerThe Translational Genomics Research Institute (TGen) is a non-profit organization dedicated to using genomic and other -omic generated information to provide a greater understanding of the underlying biological defects that cause diseases and disorders. The human genome has over 3 billion nucleotide base pairs residing in our 23 pairs of chromosomes, each of which has up to thousands of genes. Talk about looking into The Matrix!
The bioinformatics industry is undergoing a sea change, driven by advances in biological research and gains in computational power that accelerates the ability to find treatments and cures. While inexpensive compute infrastructure made this work possible, managing those enormous workloads was a massive headache, until science found a cure: Docker!
This talk will describe how TGen uses Docker and the Docker storage plugins API to run a large-scale, big data compute cluster to push the limits of biological science.
You will learn:
- How TGen uses bioinformatics to predict disease behavior and hypothesize a cure
- How to package bioinformatics workloads into Docker containers
How to orchestrate elastic compute clusters at scale
- How to manage big data workloads using the Docker plugins API v2
106653 - Docker 0 to 60 in 5 Months: How a Traditional Fortune 40 Company Turns on a DimeDocker and microservices allowed our development teams to create what once was inconceivable; a unified front-end application for our customers, employees and agents connecting them to over 400 legacy back-end systems of record. On the engineering side, our challenge was identifying the right infrastructure approach to deliver this new solution on a global scale. In our exploration of solutions; we threw out the book on our traditional design approach and brought our first Docker environment and Microservice app to production in 5 months from start to finish. This talk discusses some of the key changes we made to ensure our success, from tossing out waterfall, to quickly establishing design standards, and finally rallying around test driven engineering. We had successes and obstacles to overcome along the way, and want to share a few of them.
106663 - Taming Cloud Costs with DockerThe container revolution arrived at XO Group as we inverted our DevOps organization and gave squads more control over their deployment pipelines. We used Amazon Elastic Beanstalk to help ease the learning curve associated with moving from homegrown orchestration tools to containerized microservices. As a result, the company has been able to containerize over 90% of our client-facing assets in under a year.
Along the way, we realized that as we latched our hopes and dreams onto Beanstalk, we also unleashed a giant. The giant known as AWS spend.
In this session, we will analyze our growing cloud spend, developed our cost containment strategy and executed it. We’ll also discuss the results of our implementation of Docker Swarm to improve our instance utilization and lower our cost per vCPU.
106670 - Browser Testing with Docker: The Good, The Bad, The UglyIntegration tests are an integral part of any modern web application, and regardless of which front-end or server side framework you choose, you'll likely be running Selenium tests. While Selenium tests are easy to write and execute on your local workstation, Works On My Machine™ won't get you past your CI system. Now you're stuck with two bad options, use a SaaS provider and live with slow builds or running your own Selenium Grid and managing a multitude of machines and browser versions. Rock, meet hard place, right?
It doesn't have to be that way! In this talk you'll see how easy it is to setup a Selenium Grid with Docker, how easy it is to maintain, and how to extend and grow your Selenium grid to satisfy your team's needs. It's not all roses and sunshine, so you'll see some common issues presented and how to avoid them. Finally, a Selenium Grid you'll want to manage!
Craig Huber Qirui Yang
106965 - Activision's Skypilot: Delivering amazing game experiences through containerized pipelines"Technologies that are going to affect our lives in the next decade are being tested and developed in the video game sphere." In January 2016 Activision approved a pilot project to build a containerised continuous delivery pipeline using Docker. This project spanned multiple devops teams and would culminate in launching a production title "Skylanders Imaginators" in October 2016.
The Mission Statement :
“Our mission is to deliver an amazing build, test and deploy pipeline that aims to be so reliable, effective and easy to use that our product and title departments will end up writing high value gaming services all day long without giving a second thought to how they may reliably deliver these in record time.”
This talk will discuss the cultural and technical challenges faced throughout the pilot. Spoiler alert: Not everyone was happy with the decision to use Docker. The talk will cover the concerns and how we handled them.
It will cover why it is important, especially in the games industry, to be evaluating and integrating technologies like Docker in order to remain relevant.
For the first time in Demonware history developers were responsible for the launch and support of a title. We are also the first studio under Activision to be running Docker in Production.
106967 - Communications Operations: Lift off With DockerCommunication Ops (Co-Ops) is a collaboration model that helps connect people, machines, software and automation to a get-things-done pipeline. Encouraging transparency, continual improvement and speed, Co-Ops helps everyone work together. In this session, you'll learn how to build your own lightweight communication infrastructure based on Docker components, and what integrations matter most in getting your team humming along productively. We'll also use the latest in bot technology to augment reporting, support, and execution of a software delivery lifecycle.
107252 - Make Stateful Applications Highly Available with Docker Swarm ModeThe next phase of container maturity is being able to take any application, whether its a database, key:value store, or a random java app your company built, containerize it and persist its data. This session will cover the current state of storage and container volumes with Docker Swarm Mode along with a demo of high-availability using automated recovery of persistent data in stateful application.
107253 - Prepare to Bare it All with InfraKitThe need to run virtual machines is diminishing as more companies move to a container first strategy for applications. With combined technologies to control infrastructure and orchestration, now is the time to return to bare-metal servers and banish costly snowflake deployments with immutable infrastructure. If you’ve ever dreamed of running your own bare-metal infrastructure come learn how an open source project that provides vendor-agnostic automation of servers, integrates into InfraKit to provide bare-metal consumption from native toolsets ready to run containers.
107843 - Docker for DevsIn this talk John Zaccone will present tips and best practices for developing dockerized applications. We will start with the simple question: "Why Docker?", then dive into practical knowledge for developers to apply on their own. John will cover best practices concerning Dockerfiles and the best tools to use for developing. We will also talk about the "hand-off" between developer and operations and how the two roles can work together to address broad issues such as CI/CD and security. After John's talk, stay tuned for Scott Coulton's talk that will dive deeper into Docker for Ops.
107844 - Docker for OpsIn this talk Scott Coulton will take you through Docker's cluster solution Swarm mode with his operations hat on. We will start from the beginning by describing what swarm mode is, what it does, and how it works behind the scenes. From there, we will look at very basic configurations of Swarm mode from the point of view of the operations team as well as a production-ready workflow including deployments of the cluster, logging and CD best practices. Attendees will be able to apply their learnings to their use cases.
107845 - Docker for Java DevelopersDocker provides PODA (Package Once Deploy Anywhere) and complements WORA (Write Once Run Anywhere) provided by Java. It also helps you reduce the impedance mismatch between dev, test, and production environment and simplifies Java application deployment. In this talk, Arun Gupta, Java Champion and Docker Captain and Fabiane Nardon, Java Champion, will explain how to run and package your Java application with Docker including sharing your Java application using Docker Hub. In addition, they will cover:
* Deploying your Java application using Maven
* Deploying your application using Docker for AWS
* Scaling Java services with Docker Engine swarm mode
* Packaging your multi-container application and use service discovery
* Monitoring your Docker + Java applications
* Building a deployment pipeline using common tools
Fabiane Nardon Arun Gupta
107846 - Docker for .NET DevelopersMillions of developers use .NET to build high performance apps, from Enterprise to hobbiests. Docker enables .NET developers to build containerized applications that can be deployed natively to Windows or Linux. Windows containers support applications that leverage the full .NET Framework. And with AspNetCore on Linux developers can target both Linux-based Docker containers or Windows containers. In both cases you can develop your applications on Windows using your favorite .NET developer tools - then build Docker images and run them as containers on Windows Server or Linux machines.
This session in this session, you will learn how to build or migrate full .NET Framework applications and deploy them as Windows Containers. Then you will learn to build AspNetCore applications that can target either Windows or Linux containers, without any changes to your code.
Topics covered include
- Common considerations as you work locally
- Running local Docker containers, and preserving as environment settings
- Unit testing
- Choosing the right base image
- Working with IIS or Kestrel
- Composing multiple containers
- Working with a Docker Registry
Michele Leroux Bustamante
107847 - Journey to Docker Production: Evolving Your Infrastructure and ProcessesDevOps in the Real World is far from perfect, and we're all somewhere on the path to one day writing that "Amazing-Hacker-News-Post about your chat-bot fully-automated micro-service infrastructure." But until then, how can you *really* start using containers today, in meaningful ways that impact yours and your customers productivity? This session is designed for practitioners who are looking for ways to get started now with Docker and Swarm in production. No Docker 101 here, this is for helping you be successful on your way to Dockerizing your production systems. Attendees will get tactics, example configs, real working infrastructure designs, and see the (sometimes messy) internals of Docker in production today.
107848 - Escape From Your VMs with Image2DockerMigrating apps out of Virtual Machines is difficult, especially distributed apps with multiple components, and even more so when the components run on different operating systems. But with the Docker platform and the Image2Docker tools - which extract Linux and Windows apps from existing VMs into containers - it's easy.
In this session we'll take a PHP front-end application running in a Linux VM, which connects to a .NET Web Service running in a Windows VM, and convert the whole stack to Docker automatically. Then we'll run the app on a hybrid Docker Datacenter cluster, where we can manage the Windows and Linux components from a single pane of glass.
Jeff Nickoloff Elton Stoneman
107930 - What's New in DockerIt’s the first breakout after the keynote and you need to know more about all the latest and greatest Docker announcements. We've got you covered! In this session, Victor Vieux, will go deeper looking into what's new with Docker, demo the latest features and answer your questions.
107931 - Under the Hood with Docker Swarm ModeJoin SwarmKit maintainers Drew and Nishant as they showcase features that have made Swarm Mode even more powerful, without compromising the operational simplicity it was designed with. They will discuss the implementation of new features that streamline deployments, increase security, and reduce downtime. These substantial additions to Swarm Mode are completely transparent and straightforward to use, and users may not realize they're already benefiting from these improvements under the hood.
Nishant Totla Drew Erny
107933 - Infinit's Next Generation Key-value StoreKey-value store projects have been widely adopted as a way to store metadata, but also as a low-level construct on top of which can be built more advanced storage solutions from file systems, object storage APIs and more. Unfortunately, most key-value store constructs suffer the same limitations when it comes to scalability, performance, and resilience. Infinit's key-value store takes a different approach, relying on a decentralized architecture rather than a master/slave model while offering strong consistency.
Julien Quintard Quentin Hocquet
107936 - Secure Substrate: Least Privilege Container DeploymentThe popularity of containers has driven the need for distributed systems that can provide a substrate for container deployments. These systems need the ability to provision and manage resources, place workloads, and adapt in the presence of failures. In particular, container orchestrators make it easy for anyone to manage their container workloads using their cloud-based or on-premise infrastructure.
Unfortunately, most of these systems have not been architected with security in mind.Compromise of a less-privileged node can allow an attacker to escalate privileges to either gain control of the whole system, or to access resources it shouldn't have access to.
In this talk, we will go over how Docker has been working to build secure blocks that allow you to run a least privilege infrastructure - where any participant of the system only has access to the resources that are strictly necessary for its legitimate purpose. No more, no less.
Riyaz Faizullabhoy Diogo Mónica
107937 - Docker Networking: From Application-Plane to Data-PlaneDocker containers wrap a piece of software in a complete filesystem that contains everything needed to run: code, runtime, system tools, system libraries – anything that can be installed on a server. This guarantees that the software will always run the same, regardless of its environment. By default, containers isolate applications from one another and the underlying infrastructure, while providing an added layer of protection for the application.
What if the applications need to communicate with each other, the host, or an external network? How do you design a network to allow for proper connectivity while maintaining application portability, service discovery, load balancing, security, performance, and scalability? In this session you'll learn about these network design challenges, the latest tools available to you from Docker, and common deployment patterns.
107940 - Plug-ins: Building, Shipping, Storing, and RunningAt Docker, we are striving to enable the extensibility of Docker via "Plugins" and make them available for developers and enterprises alike. Come attend this talk to understand what it takes to build, ship, store and run plugins. We will deep dive into plugin lifecycle management on a single engine and across a swarm cluster. We will also demonstrate how you can integrate plugins from other enterprises or developers into your ecosystem. There will be fun demos accompanying this talk!
This will be session will be beneficial to you if you:
1) Are an ops team member trying to integrate Docker with your favorite storage or network vendor
2) Are Interested in extending or customizing Docker; or
3) Want to become a Docker partner, and want to make the technology integration seamless
Nandhini Santhanam Tibor Vass
107941 - Docker Enterprise Edition: Building a Secure Supply Chain for the EnterpriseLearn from the development team as we dive into some of the latest and upcoming features in Docker EE, our enterprise container management solution. We will focus on the architecture and configuration of the features and how they can be used with both modern apps and containerized legacy apps. Stay for some tips on monitoring and troubleshooting to help you prevent your production environment from going sideways.
Patrick Devine Vivek Saraswat Daniel Hiltgen
107942 - Automation and Collaboration Across Multiple Swarms Using Docker CloudDocker Cloud is the official cloud service for continuously delivering Docker applications. In this session, we'll show you how you can use Docker Cloud to:
1) Easily deploy and manage multiple Swarms across different IaaS providers
2) Automate build and test pipelines for any of your repositories, and
3) Collaborate with your team across repos, builds and Swarms.
Marcus Martins Fernando Mayo Fernandez
108522 - Building a Secure App with DockerBuilt-in security is one of the most important features in Docker. But to build a secure app, you have to understand how to take advantage of these features. Security begins with the platform, but also requires conscious secure design at all stages of app development.
In this session, we'll cover the latest features in Docker security, and how you can leverage them. You'll learn how to add them to your existing development pipeline, as well as how you can and streamline your workflow while making it more secure.
David Lawrence Ying Li
108523 - What Have Namespaces Done For You Lately?Containers are made with namespacing and cgroups, but what does that really mean? In this talk we'll write a container from scratch in Go, using bare system calls, and explore how the different namespaces affect the container's view of the world and the resources it has access to.
108524 - Monitoring, the Prometheus WayPrometheus is an opinionated metrics collection and monitoring system that is particularly well suited to accommodate modern workloads like containers and micro-services. To achieve these goals, it radically breaks away from existing systems and follows very different design principles. In this talk, Prometheus founder Julius Volz will explain these design principles and how they apply to dockerized applications. This will provide insight useful to newcomers wanting to start on the right foot in the land of container monitoring, but also to veterans wanting to quickly map their existing knowledge to Prometheus concepts. In particular, a demo will show Prometheus in action together with a Docker Swarm cluster.
108525 - Everything You Thought You Already Knew About OrchestrationDo you understand how quorum, consensus, leader election, and different scheduling algorithms can impact your running application? Could you explain these concepts to the rest of your team? Come learn about the algorithms that power all modern container orchestration platforms, and walk away with actionable steps to keep your highly available services highly available.
108526 - Securing the Software Supply Chain with TUF and DockerIf you want to compromise millions of machines and users, software
distribution and software updates are an excellent attack vector.
Using public cryptography to sign your packages is a good starting
point, but as we will see, it still leaves you open to a variety of attacks.
This is why we designed TUF, a secure software update framework.
TUF helps to handle key revocation securely, limits the impact a
man-in-the-middle attacker may have, and reduces the impact of
repository compromise. We will discuss TUF's protections and integration
into Docker's Notary software, and demonstrate new techniques that could
be added to verify other parts of the software supply chain,
including the development, build, and quality assurance processes.
108527 - Cilium - Network and Application security with BPF and XDPThis talk will start with a deep dive and hands on examples of BPF,
possibly the most promising low level technology to address challenges
in application and network security, tracing, and visibility. We will
discuss how BPF evolved from a simple bytecode language to filter raw
sockets for tcpdump to the a JITable virtual machine capable of
universally extending and instrumenting both the Linux kernel and user
space applications. The introduction is followed by a concrete example
of how the Cilium open source project applies BPF to solve networking,
security and load balancing for highly distributed applications. We
will discuss and demonstrate how Cilium with the help of BPF can be
combined with distributed system orchestration such as Docker to
simplify security, operations, and troubleshooting of distributed