Trust and Image Provenance by Derek McGowan

Jan 5, 20155 likes4,009 views

The document discusses trust and image provenance in Docker. It proposes a future where trust is established through a distributed trust graph using public key cryptography. Key servers would register keys and manage grants to provide access control. Image provenance would use digital signatures to verify the origin and contents of images in a content addressable layered format. The community is invited to provide feedback on proposals to implement a next generation registry and trust model in Docker.

DockerCon Europe
Introductions
Derek McGowan
Trust & Distribution Engineering Team @ Docker
dmcg on #docker-dev
dmcgowan on github
December 5, 2014

DockerCon Europe
Trust today
●
Transport level reliability
– TLS connection between client and daemon
– TLS connection between daemon and registry
●
Namespace enforced by registry
●
Basic authentication
December 5, 2014

Future of trust
● Globally federated namespace
● Distributed trust graph
● Public key cryptography
● Public key identity and fingerprint
● Chain of trust

Trust Graph
Key A3D8 Key 34F2
dmcgowan vbatts
My client's key Vincent's client's key
Key delegation
Signed by x509
Key delegation
Signed by x509
Grant vbatts “build” my images
Signed by key A3D8

Trust tool
● Trust as a tool separate from Docker
● Registers keys
● Creating and listing grants
● Key server specification
● Uses libtrust primitives

Demo
Key A3D8 Key 9B83
dmcgowan
My client's key Daemon's key
Key delegation
Signed by x509
Grant dmcgowan “run” access to
daemon
Signed by key 9B83

Image Provenance
Image provenance provides a verifiable record of
the origin and contents of an image.
● Self describing signed images
● Content addressable layers
● Digital signature
● Next generation registry
● Docker trust model
● Separation of name and transport

Get involved
● Attend trust and distribution bird of a feather
● Look at the proposals
● Look at next-generation registry design
● Provide feedback

Reference
● Trust system proposal (docker#9036)
● Authorization server proposal (docker#9081)
● Libtrust TLS (docker#8265)
● Trust tool prototype (libtrust#42)
● Next generation Registry (in the making)

The document discusses Docker, including what Docker is, who it is for, how it relates to cloud/virtualization, and security aspects. Specifically, it covers that Docker is a tool that uses OS-level virtualization to deliver software in packages called containers; that Docker is useful for developers, system administrators, and IT operations teams; and that Docker allows more efficient utilization of computing resources for cloud computing and improves security.

OpenShift & SELinux with Dan Walsh @rhatdanOpenShift Origin

Containing the Gear: Deep Dive on SELinux, Multi-tenancy, Containers & Security with Dan Walsh Presenter: Dan Walsh In this talk, Dan will do a deep dive into the Origin PaaS use of SELinux and containerization. He will discuss how SELinux being utilized to ensure that Origin is the the most secure PAAS available today. He will address some of his ideas for the future of Origin and SELinux. From 2013-04-14 OpenShift Origin Community Day in Portland, Oregon

Control Plane: Security Rationale for Istio (DevSecOps - London Gathering, Ja...Michael Man

Drone Continuous IntegrationDaniel Cerecedo

Ahmadabad mule soft_meetup_05june2021_mule4_automate mulesoft on prem servers...Shekh Muenuddeen

This document outlines the agenda for the Ahmedabad MuleSoft Meetup on June 5th from 12 PM to 2 PM IST. The meetup will include discussions and demonstrations on automating MuleSoft on-premises server patching with Ansible, managing on-premises cluster servers, MuleSoft releases and updates, introductions of speakers and organizers, and a Q&A session. Attendees are encouraged to participate and provide feedback.

What's hot docker con eu 2015 & what's new on docker 1.9jgsqware

DockerCon EU 2015 featured breaking news about Docker's growing ecosystem and security focus. Speakers discussed container as a service (CAAS) platforms like Tutum and the universal control plane for on-premise deployments. Docker 1.9 adds production-ready swarm mode for clustering, improved networking and security features like content trust and image scanning. Demos showed multi-host networking overlays, adding persistent volumes, and namespace locking. Upcoming areas of interest include Microsoft Windows Server 2016 native Docker support and unikernel containers.

Introduction of deno 1Vishal Sharma

Deno is a new JavaScript and TypeScript runtime developed by the creator of Node.js as an improved successor that addresses Node's weaknesses. Deno 1.0 was recently released, introducing features like a secure permission-based security model, decentralized package management via URL imports, built-in tooling, and TypeScript support out of the box. Deno aims to fix Node's design mistakes while providing a modern development environment and being browser compatible without build tools.

Debugging Your Debugging Tools: What to do When Your Service Mesh Goes DownAspen Mesh

In this CNCF Member Webinar, Neeraj Poddar (Aspen Mesh) and John Howard (Google) shared information on debugging your debugging tools when your service mesh goes down in production. Service meshes are widely used as a means to enforce policies and at the same time gain visibility into your application behavior and performance. As more organizations adopt service mesh in their architectures, they are relying more heavily on the metrics, tracing and other traffic management and security capabilities provided by the service mesh. But what happens when a critical piece of your infrastructure like Istio has issues while in production? In this webinar we will cover the debugging in production aspects of Istio, in particular the following topics will be covered: * How to debug and diagnose issues with your sidecar proxy Envoy * How to monitor and debug the Istio control plane * How to use operational tools like “istioctl” to understand issues with your configuration * Using profiling to identify bottlenecks * Recommendations for a production ready secure Istio deployment

DockerCon14 Contributing to Docker by TianonDocker, Inc.

This document provides information on various ways to contribute to the Docker project, including contributing code via pull requests, helping with documentation, testing, triaging issues, and more. It discusses the large number of existing contributors and files in the Docker codebase. The document encourages submitting pull requests and offers tips for doing so, such as keeping PRs small and easy to review, writing tests, and discussing significant proposed changes first on IRC. It also introduces tools like Gordon that can help with code reviews and maintenance.

Distributed, Real-time Web AppsDocker, Inc.

Stack.io is a real-time distributed communication framework that allows for building real-time web applications using a unified RPC model between web clients and backend services, as well as between backend services. It uses technologies like Node.js, Socket.io, and ZeroRPC to provide features like streaming responses, authentication, OAuth support, and centralized routing across different programming languages.

Tyrion Cannister Neural Styles by Dora Korpar and Siphan BouDocker, Inc.

DockerCon EU 2015: From Local Development to Production Deployments using Ama...Docker, Inc.

Amazon EC2 Container Service (ECS) is a highly scalable and high performance container management service that makes it easy to run and scale containerized applications on AWS. It eliminates the need to install and manage your own cluster management software. ECS manages the placement of containers on EC instances, handles scaling from 1 to thousands of containers, and provides control and monitoring of the containers. The new ECS CLI for Docker Compose allows users to leverage existing Docker Compose files and workflows with ECS through commands like 'ecs-cli up' for deploying to ECS.

DockerCon14 KeynoteDocker, Inc.

DockerCon EU 2015: Nesting Containers: Real Life ObservationsDocker, Inc.

Nested containers provide efficiency benefits over virtual machines by avoiding hardware virtualization overhead and allowing for elastic resizing without downtime. Running Docker containers within system containers implements nested containerization and provides additional tenant isolation through solid Linux container security and resource capping abilities. However, Docker's layered storage model poses challenges for nested environments due to security restrictions on block device mounts. The storage extpoint framework aims to address this by moving storage driver functionality outside of Docker containers to enable better storage solutions, though more work is still needed to fully protect images and manage storage space when containers are removed. Further compatibility issues may also arise as Docker continues to evolve.

DockerCon EU 2015: Monitoring and Managing Dynamic Docker EnvironmentsDocker, Inc.

Presented by Alois Reitbauer, Chief Technical Evangelist, ruxit This talk provides detailed insights into how to manage large-scale production Docker environments. We will cover how to tune your containerised micro services for ideal performance, validate automated deployments with Marathon and Mesos and tune and manage the deployment complexity of hundreds of nodes. Last but not least we will demonstrate how easy it is to get up and running monitoring Docker using Ruxit.

DockerCon EU 2015: Sparebank; a journey towards DockerDocker, Inc.

Sparebank 1 bank wanted to break up its monolithic application architecture into microservices. It first used virtual machines for development environments but found Docker provided better portability and efficiency. The bank has been adopting Docker for all of its applications and services, bringing benefits like easier deployment and management. It sees Docker as key to its future application development and infrastructure.

Monitoring Containers at New Relic by Sean Kane Docker, Inc.

New Relic went all-in with Docker very early, and has continued to stay on the forefront of the container ecosystem, both as a user of the technology and as a monitoring and analytics vendor. Today, a variety of teams utilize Docker in a variety of ways using a mix of home-grown and external OSS frameworks. The Container Fabric team is working on our next generation container platform utilizing Mesos/Marathon and a variety of other OSS tools, like Heka. We will briefly review our setup, and then discuss how we gather data that we care about from the ecosystem and inject it into the various tools we rely on for visibility and analytics. We love the functionality of what we’ve built, and we believe that you will find it useful too.

Docker at DevTableDocker, Inc.

Docker allows DevTable to run development tools like debuggers and terminals securely and quickly inside containers. Previously LXC was used but startup times were over a minute. Docker reduced this to under 4 seconds. The container server manages Docker containers and exposes their ports. When files change, notifications are sent between the backend and container server. This allows real-time collaboration. Docker images can also quickly load development environments and custom plugins for the IDE. Quay was introduced as DevTable's private Docker registry for distributing images.

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...Docker, Inc.

Presentation by Dr. Marius Millea, Cosmologist and Postdoctoral Fellow at the Institut Lagrange de Paris Cosmology@Home is a project which uses volunteer computing to analyze cosmological data and answer questions about our universe such as "how much dark matter is there?" and "under what conditions did the Big Bang occur?" We recently began using Docker by taking each job which we would normally send to our volunteer computers, and packaging it up inside a Docker container. The volunteer computers themselves come from interested users all over the world who download and run the software allowing them to become volunteers (called BOINC). The system is working exceedingly well and using Docker has made it massively easier for us to develop and run it. I will explain some of the technical details of the implementation, which involves a customized boot2docker ISO, as well give a brief summary of the scientific questions we are trying to answer and how these results made possible by Docker are helping analyze data from, e.g. the European Space Agency's Planck satellite.

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ Docker, Inc.

In this talk, we will provide a 10,000-ft. overview of the key concepts, architectures, and common deployment scenarios for stateful services. We will cover the Docker volumes and available storage options in the community including ClusterHQ’s Flocker volume manager. After getting the lay of the land, we'll see these concepts in action. Starting by deploying a database container on a single node with UCP, Flocker and VolumeHub. Then, using the features of Docker Swarm and Flocker, we will then allow Swarm to automatically reschedule the stateful service along with Flocker moving its volume when the node fails giving us a HA containerized database.

DockerCon SF 2015: Docker After Launching 1 Billion ContainersDocker, Inc.

Travis Reeder discusses Docker and how Iron.io uses Docker containers to run over a million tasks per day across thousands of machines for its IronWorker task processing platform. Docker allows Iron.io to easily upgrade and add new programming language images while maintaining backwards compatibility. It also allows developers to test their code locally in the same Docker image it will run in remotely. Iron.io uses Docker for development, continuous integration, production deployment to CoreOS, and on-premise packaging and deployment.

How to Successfully Build a Local Docker Community by Mathias RennerDocker, Inc.

A community is one of the key components of an open source software project. The success of an open source project like Docker is highly dependent on a large and active community. The speakers will share their experience of how to successfully build a local community by the example of how they raised a Docker community at their University (Univ. of Bamberg, Germany). They summon their best practices as a result of the mistakes they made, illustrated by story telling. This is a talk from me as a student, which is an underrepresented group at DockerCon.

DockerCon SF 2015: From Months to MinutesDocker, Inc.

How GE Appliances Brought Docker Into the Enterprise - Talk Description: In a traditional enterprise IT shop, it’s common to find a plethora of aging technologies. From COBOL running on mainframes, to huge Java applications spread across both physical and virtual hardware, the enterprise can sometimes resemble a living museum of IT. For application owners, bureaucracy, lack of business priority, and complex infrastructure can slow innovation, and make it difficult to stay current. At GE, we leveraged Docker/Mesos to create an internal application platform that brings speed, simplicity, and cutting edge deployment processes to our enterprise, empowering developers to go from concept to production in minutes, rather than months.

Docker at SpotifyDocker, Inc.

DockerCon SF 2015: Maintaining the official node.js docker imageDocker, Inc.

This document discusses maintaining the official Node.js Docker image. It covers how Joyent took over an existing official image, the workflow for updating images, testing images, using tags and variants, keeping images small, monitoring user feedback, and future plans regarding the merging of Node.js and io.js. It provides recommendations for those starting from scratch on official images, such as using an official base image, including tests, and considering image size versus usefulness.

Dockerfile Basics Workshop #1Docker, Inc.

Building a Smarter Application StackDocker, Inc.

This document discusses Smartstack, a solution for service discovery and load balancing in distributed systems like Docker. It addresses problems like dynamically wiring dependent microservices and handling failures without taking down entire sites. Smartstack consists of Synapse, which generates HAProxy configurations for discovery, and Nerve, which registers services and checks health. It promotes independent deployability through techniques like external load balancing and "ambassador containers" that abstract service connections. This allows flexible, bottom-up architectures and reduces complexity compared to rigid top-down approaches.

DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDocker, Inc.

PaaSTA is Yelp's open-source Docker-based PaaS that glues together common PaaS components like scheduling with Mesos/Marathon, service delivery with Docker, discovery with SmartStack, and monitoring with Sensu. The document discusses how PaaSTA provides a production-ready platform by using stable components, reducing single points of failure, enabling graceful degradation, making upgrades painless, and incorporating self-healing and alerting capabilities. Lessons learned include the importance of interfaces, maintaining the app-infra boundary, using the right abstractions, and making iterative improvements.

Introduction to docker_notary_v1.0.0Anshul Patel

This document provides an introduction to Docker Notary service. It explains that Notary provides trust for digital content by signing and verifying updates. It ensures the integrity and freshness of software and protects against threats like compromised keys or spoofed updates. The key components of Notary include clients, servers, signers and databases. Notary is integrated with Docker Content Trust to sign images when they are pushed to repositories, establishing trust for users interacting with those images.

Docker Federal Summit 2017 General SessionDocker, Inc.

More Related Content

Viewers also liked (20)

DockerCon14 Contributing to Docker by TianonDocker, Inc.

Distributed, Real-time Web AppsDocker, Inc.

Tyrion Cannister Neural Styles by Dora Korpar and Siphan BouDocker, Inc.

DockerCon EU 2015: From Local Development to Production Deployments using Ama...Docker, Inc.

DockerCon14 KeynoteDocker, Inc.

DockerCon EU 2015: Nesting Containers: Real Life ObservationsDocker, Inc.

DockerCon EU 2015: Monitoring and Managing Dynamic Docker EnvironmentsDocker, Inc.

DockerCon EU 2015: Sparebank; a journey towards DockerDocker, Inc.

Monitoring Containers at New Relic by Sean Kane Docker, Inc.

Docker at DevTableDocker, Inc.

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...Docker, Inc.

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ Docker, Inc.

DockerCon SF 2015: Docker After Launching 1 Billion ContainersDocker, Inc.

How to Successfully Build a Local Docker Community by Mathias RennerDocker, Inc.

DockerCon SF 2015: From Months to MinutesDocker, Inc.

Docker at SpotifyDocker, Inc.

DockerCon SF 2015: Maintaining the official node.js docker imageDocker, Inc.

Dockerfile Basics Workshop #1Docker, Inc.

Building a Smarter Application StackDocker, Inc.

DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDocker, Inc.

DockerCon14 Contributing to Docker by TianonDocker, Inc.

Distributed, Real-time Web AppsDocker, Inc.

Tyrion Cannister Neural Styles by Dora Korpar and Siphan BouDocker, Inc.

DockerCon EU 2015: From Local Development to Production Deployments using Ama...Docker, Inc.

DockerCon14 KeynoteDocker, Inc.

DockerCon EU 2015: Nesting Containers: Real Life ObservationsDocker, Inc.

DockerCon EU 2015: Monitoring and Managing Dynamic Docker EnvironmentsDocker, Inc.

DockerCon EU 2015: Sparebank; a journey towards DockerDocker, Inc.

Monitoring Containers at New Relic by Sean Kane Docker, Inc.

Docker at DevTableDocker, Inc.

DockerCon EU 2015: Finding a Theory of the Universe with Docker and Volunteer...Docker, Inc.

Everything You Need to Know About Docker and Storage by Ryan Wallner, ClusterHQ Docker, Inc.

DockerCon SF 2015: Docker After Launching 1 Billion ContainersDocker, Inc.

How to Successfully Build a Local Docker Community by Mathias RennerDocker, Inc.

DockerCon SF 2015: From Months to MinutesDocker, Inc.

Docker at SpotifyDocker, Inc.

DockerCon SF 2015: Maintaining the official node.js docker imageDocker, Inc.

Dockerfile Basics Workshop #1Docker, Inc.

Building a Smarter Application StackDocker, Inc.

DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDocker, Inc.

Similar to Trust and Image Provenance by Derek McGowan (20)

Introduction to docker_notary_v1.0.0Anshul Patel

Docker Federal Summit 2017 General SessionDocker, Inc.

Chris Homer - Moving the entire stack to k8s within a year – lessons learnedDariia Seimova

1) The document discusses lessons learned from thredUP's experience migrating their entire infrastructure stack to Kubernetes over the course of a year. 2) Some key challenges included addressing performance issues, DNS errors, and pod distribution after cluster maintenance. 3) Migrating to Kubernetes provided benefits like halving deployment times, making rollbacks fast and easy, and decreasing hardware provisioning costs.

Building a Secure App with Docker - Ying Li and David Lawrence, DockerDocker, Inc.

Built-in security is one of the most important features in Docker. But to build a secure app, you have to understand how to take advantage of these features. Security begins with the platform, but also requires conscious secure design at all stages of app development. In this session, we'll cover the latest features in Docker security, and how you can leverage them. You'll learn how to add them to your existing development pipeline, as well as how you can and streamline your workflow while making it more secure.

Categorizing Docker Hub Public ImagesRoberto Hashioka

Dockers & kubernetes detailed - Beginners to GeekwiTTyMinds1

Docker is a platform for building, distributing and running containerized applications. It allows applications to be bundled with their dependencies and run in isolated containers that share the same operating system kernel. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. It groups Docker containers that make up an application into logical units for easy management and discovery. Docker Swarm is a native clustering tool that can orchestrate and schedule containers on machine clusters. It allows Docker containers to run as a cluster on multiple Docker hosts.

Deploying Microservice on DockerKnoldus Inc.

Docker Security Deep Dive by Ying Li and David LawrenceDocker, Inc.

Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Docker, Inc.

This document outlines Docker Cloud's capabilities for managing multiple Docker swarms. It discusses how Docker Cloud allows users to provision new swarms across different cloud providers quickly and consistently, securely access swarms, share access with other users, and manage swarms from desktop clients. The presentation covers Docker Cloud's overview, managing multiple swarms, swarm provisioning, swarm management and collaboration features, technical architecture, and future roadmap. It concludes with a reminder for users to provide feedback on Docker Cloud.

SSL/TLS for Mortals (Voxxed Days Luxembourg)Maarten Mulders

This document provides an overview of SSL/TLS including: 1. Why SSL/TLS is important for secure connections between systems and applications. 2. An explanation of public/private key encryption and how digital certificates and certificate authorities work to establish trust. 3. A demonstration of how SSL/TLS protects data in transit using encryption. 4. Examples of vulnerabilities in older SSL/TLS versions and how protocols have evolved over time to improve security. 5. Details of a compromise of the DigiNotar certificate authority that resulted in distrust of its certificates.

El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...Nicolas Bortolotti

The document discusses applying cloud computing, Firebase, and TensorFlow to build successful applications. It mentions using Cloud Vision API, Cloud Auto Scaling, and Firebase for chat/support services. TensorFlow is discussed for image classification. Firebase provides backend services like real-time database, authentication, hosting, and remote config. It also discusses using Google Cloud Platform for scalable infrastructure and TensorFlow for machine learning tasks like image classification.

Sharing secret keys in Docker containers and K8sJose Manuel Ortega Candel

In this talk I will show how to save secret keys in Docker containers and K8s in production and best practices for saving and securing distribution of secrets. With Docker and k8s secrets we can manage information related to keys that are needed at runtime but cannot be exposed in the Docker image or source code repository. These could be the main talking points: 1.Challenges of security and secret keys in containers 2.Best practices for saving and securing distribution of secrets in Docker Containers 3.Managing secrets in Kubernetes using volumes and sealed-secrets 4.Other tools for distributing secrets in containers like Hashicorp Vault and KeyWhiz

Integration kubernetes with docker private registryHungWei Chiu

#Morecrypto (with tis) - version 2.2Olle E Johansson

This document discusses the importance of using more encryption on the Internet to increase privacy and security. It makes the following key points: 1) The Internet has become too easy to monitor as we have built it without sufficient security protections by default. More encryption needs to be implemented across Internet services and protocols to make eavesdropping more difficult. 2) Developers should enable encryption by default for all new Internet protocols. Opportunistic encryption techniques can provide some protections even without full authentication. 3) Individuals can help push for more encryption by requiring encrypted connections when using services and enabling tools like HTTPS Everywhere on their browsers. Transitioning to encrypted connections wherever possible raises the bar for surveillance.

Stups.io - an Open Source Cloud Framework for AWSJan Löffler

Introduction to DockerPubudu Jayawardana

Docker is a tool that allows applications to run in isolated containers to make them portable and consistent across environments. It provides benefits like easy developer onboarding, eliminating application conflicts, and consistent deployments. Docker tools include the Docker Engine, Docker Client, Docker Compose, and Docker Hub. Key concepts are images which are templates for containers, and containers which are where the code runs based on an image. The document outlines how to build custom images from Dockerfiles, communicate between containers using linking or networks, and deploy containers using Docker Compose or in the cloud.

Samantha Wang [InfluxData] | Data Collection Overview | InfluxDays 2022InfluxData

This document summarizes Samantha Wang's presentation on InfluxDB data collection options. She discussed three main options: native data collection, client libraries, and Telegraf. Native collection allows ingesting data directly from sources without transformation. Client libraries are available for many languages. Telegraf has over 300 plugins and supports ingesting from many sources. Future plans for Telegraf include reducing its binary size, improving the CLI, and adding new plugins.

DockerCon EU 2015: What's New with Docker Trusted RegistryDocker, Inc.

Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)bridgetkromhout

Docker 101 describing basic docker usageZiyanMaraikar1

Introduction to docker_notary_v1.0.0Anshul Patel

Docker Federal Summit 2017 General SessionDocker, Inc.

Chris Homer - Moving the entire stack to k8s within a year – lessons learnedDariia Seimova

Building a Secure App with Docker - Ying Li and David Lawrence, DockerDocker, Inc.

Categorizing Docker Hub Public ImagesRoberto Hashioka

Dockers & kubernetes detailed - Beginners to GeekwiTTyMinds1

Deploying Microservice on DockerKnoldus Inc.

Docker Security Deep Dive by Ying Li and David LawrenceDocker, Inc.

Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Docker, Inc.

SSL/TLS for Mortals (Voxxed Days Luxembourg)Maarten Mulders

El siguiente paso para aplicaciones exitosas, aplicando cloud, tensorflow y f...Nicolas Bortolotti

Sharing secret keys in Docker containers and K8sJose Manuel Ortega Candel

Integration kubernetes with docker private registryHungWei Chiu

#Morecrypto (with tis) - version 2.2Olle E Johansson

Stups.io - an Open Source Cloud Framework for AWSJan Löffler

Introduction to DockerPubudu Jayawardana

Samantha Wang [InfluxData] | Data Collection Overview | InfluxDays 2022InfluxData

DockerCon EU 2015: What's New with Docker Trusted RegistryDocker, Inc.

Join Our Party: The Cloud Native Adventure Brigade (TCSW 2019)bridgetkromhout

Docker 101 describing basic docker usageZiyanMaraikar1

More from Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.

Raymond Arifianto, AccelByte and Mark Mandel, Google - We have been deploying containerized micro-services for our Game Backend Services for a while. Now we are tackling the challenge to scale up fleets of game dedicated servers in multiple regions, multiple data centers and multiple providers - some in bare metal, some in Cloud. So we leverage docker containerization to deploy Game Servers to achieve Portability, Fast Deployment and Predictability, enabling us to scale up to thousands of servers, on demand, without a sweat.

How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.

Nicholas Dille, Haufe-Lexware + Docker Captain - Docker continues to be the standard tool for building container images. For more than a year Docker ships with BuildKit as an alternative image builder, providing advanced features for secret and cache management. These features help to make image builds faster and more secure. In this session, Docker Captain Nicholas Dille will teach you how to use Buildkit features to your advantage.

Build & Deploy Multi-Container Applications to AWSDocker, Inc.

Lukonde Mwila, Entelect - As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

Securing Your Containerized Applications with NGINXDocker, Inc.

How To Build and Run Node Apps with Docker and ComposeDocker, Inc.

Kathleen Juell, Digital Ocean - Containers are an essential part of today's microservice ecosystem, as they allow developers and operators to maintain standards of reliability and reproducibility in fast-paced deployment scenarios. And while there are best practices that extend across stacks in containerized environments, there are also things that make each stack distinct, starting with the application image itself. This talk will dive into some of these particularities, both at the image and service level, while also covering general best practices for building and running Node applications with database backends using Docker and Compose.

Hands-on Helm Docker, Inc.

Distributed Deep Learning with Docker at SalesforceDocker, Inc.

Jeff Hajewski, Salesforce - There is a wealth of information on building deep learning models with PyTorch or TensorFlow. Anyone interested in building a deep learning model is only a quick search away from a number of clear and well written tutorials that will take them from zero knowledge to having a working image classifier. But what happens when you need to deploy these models in a production setting? At Salesforce, we use TensorFlow models to help us provide customers with insights into their data, and we do this as close to real-time as possible. Designing these systems in a scalable manner requires overcoming a number of design challenges, but the core component is Docker. Docker enables us to design highly scalable systems by allowing us to focus on service interactions, rather than how our services will interact with the hardware. Docker is also at the core of our test infrastructure, allowing developers and data scientists to build and test the system in an end to end manner on their local machines. While some of this may sound complex, the core message is simplicity - Docker allows us to focus on the aspects of the system that matter, greatly simplifying our lives.

The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.

James Fuller, webcomposite s.r.o. - Curl is the venerable (yet very modern) 'swiss army knife' command line tool and library for transferring data with URLs. Recently we (the Curl team) decided to build a release for Docker Hub. This talk will outline our current development workflow with respect to the docker image and provide insights on what it takes to build a docker image for mass public consumption. We are also keen to learn from users and other developers how we might improve and enhance the official curl docker image.

Monitoring in a Microservices WorldDocker, Inc.

Fabian Stäber, Instana - In recent years, we saw a great paradigm shift in software engineering away from static monolithic applications towards dynamic distributed horizontally scalable architectures. Docker is one of the key technologies enabling this development. This shift poses a lot of new challenges for application monitoring, ranging from practical issues (need for automation) to technical challenges (Docker networking) to organizational topics (blurring line between software engineers and operations) to fundamental questions (define what is an application). In this talk we show how Docker changed the way we do monitoring, how modern application monitoring systems work, and what future developments we expect.

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.

Clemente Biondo, Engineering Ingegneria Informatica - When the COVID 19 pandemic started, Engineering Ingegneria Informatica Group (1.25 billion euros of revenues, 65 offices around the world, 12.000 employees) was forced to put their digital transformation to the test in order to maintain operational continuity. In this session, Clemente Biondo, the Tech Lead of the Information Systems Department, will share how his company is reacting to this unforeseeable scenario and how Docker-driven digital transformation had paved the path for work to continue remotely. Clemente will discuss learnings moving from colocated teams, manual approaches, email based-business processes, and a monolithic application to a mature DevOps culture characterized by a distributed autonomous workforce and a continuous deployment process that deploys backward-compatible Docker containerized microservices into hybrid multi cloud datacenters an average of twice a day with zero-downtime. He will detail how they use Docker to unify dev, test and production environments, and as an efficient and automated mechanism for deploying applications. Lastly, Clemente shares how, in our darkest hour, he and others are working to shine their brightest light.

Predicting Space Weather with DockerDocker, Inc.

The document discusses how NOAA's Space Weather Prediction Center transitioned from a monolithic architecture to microservices using Docker. It describes how they started with a small verification project, then replaced their critical GOES satellite data source. This improved developers' morale and delivery speed. They encountered some security issues initially but learned from them. The transition was very successful and allowed them to quickly expand their mission to forecast aviation impacts using scientists' models packaged as Docker services.

Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.

Brian Christner, 56k + Docker Captain - In this session, we will unlock the full potential of using Microsoft Visual Studio Code (VS Code) and Docker Desktop to turn you into a Docker Power User. When we expand and utilize the VS Code Docker plugin, we can take our projects and Docker skills to the next level. In addition to using VS Code, we streamline our Docker Desktop development workflow with less context switching and built-in shortcuts. You will learn how to bootstrap new projects, quickly write Dockerfiles utilizing templates, build, run, and interact with containers all from VS Code.

How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.

Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.

Ashish Sharma, SS&C Eze - SS&C Eze provides various products in the stock market domain. We spent the last couple of years building Eclipse which is an investment suite born in cloud. The journey so far has been very interesting. The very first version of the product were a bunch of monolithic windows services and deployed using Octopus tool. We successfully managed to bring all the monolithic problem to the cloud and created a nightmare for ourselves. We then started applying microservices architecture principles and started breaking the monolithic into small services. Very soon we realized that we need a better packaging/deployment tool. Docker looked like a magical solution to our problem. Since its adoption, It has not only solved the deployment problem for us but has made a deep impact on different aspects of SDLC. It allowed us to use heterogeneous technology stacks, simplified development environment setup, simplified our testing strategy, improved our speed of delivery, and made our developers more productive. In this talk I would like to share our experience of using Docker and its positive impact on our SDLC.

Kubernetes at Datadog ScaleDocker, Inc.

Kubernetes networking can be complex to scale due to issues like growing iptables rules, but newer solutions are helping. Pod networking uses CNI plugins like flannel or Calico to assign each pod an IP and allow communication. Service networking uses kube-proxy and iptables or IPVS for load balancing to pods. DNS is used to resolve service names to IPs. While Kubernetes networking brings flexibility, operators must learn the nuances of their specific CNI plugin and issues can arise, but the ecosystem adapts quickly to new needs and changes don't impact all workloads.

Labels, Labels, Labels Docker, Inc.

Andy Clemenko, StackRox - One underutilized, and amazing, thing about the docker image scheme is labels. Labels are a built in way to document all aspects about the image itself. Think about all the information that the tags inside your clothing carry. If you care to look you can find out everything about the garment. All that information can be very valuable. Now think about how we can leverage labels to carry similar information. We can even use the labels to contain Docker Compose or even Kubernetes Yaml. We can even include labels into the CI/CD process making things more secure and smoother. Come find out some fun techniques on how to leverage labels to do some fun and amazing things.

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.

Micro Focus uses Docker Hub at scale to support its software delivery and deployment model. Some key points: - Docker Hub is used as the registry service for Micro Focus container images - It allows for optimized, secure, reliable and cost-effective software delivery through deployments and updates of container images to customers and partners - Micro Focus leverages features like private repositories, offline/online access, signing and scanning of images, and integration with CI/CD pipelines - Over 1,650 organizations, 450 repositories, and 18 teams are used on Docker Hub to manage access and deliver software from Micro Focus

Build & Deploy Multi-Container Applications to AWSDocker, Inc.

Lukonde Mwila, Entelect As the cloud-native approach to development and deployment becomes more prevalent, it's an exciting time for software engineers to be equipped on how to dockerize multi-container applications and deploy them to the cloud. In this talk, Lukonde Mwila, Software Engineer at Entelect, will cover the following topics: - Docker Compose - Containerizing an Nginx Server - Containerizing an React App - Containerizing an Node.JS App - Containerizing anMongoDB App - Runing Multi-Container App Locally - Creating a CI/CD Pipeline - Adding a build stage to test containers and push images to Docker Hub - Deploying Multi-Container App to AWS Elastic Beanstalk Lukonde will start by giving an overview of how Docker Compose works and how it makes it very easy and straightforward to startup multiple Docker containers at the same time and automatically connect them together with some form of networking. After that, Lukonde will take a hands on approach to containerize an Nginx server, a React app, a NodeJS app and a MongoDB instance to demonstrate the power of Docker Compose. He'll demonstrate usage of two Docker files for an application, one production grade and the other for local development and running of tests. Lastly, he'll demonstrate creating a CI/CD pipeline in AWS to build and test our Docker images before pushing them to Docker Hub or AWS ECR, and finally deploying our multi-container application AWS Elastic Beanstalk.

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.

Elton Stoneman, Docker Captain + Container Consultant and Trainer How do you provide a SaaS offering when your product is a 10-year old Fortran app, currently built to run on Windows 10? With Docker and Kubernetes of course - and you can do it in a week (... to prototype level at least). In this session I'll walk through the processes and practicalities of taking an older Windows app, making it run in containers with Kubernetes, and then building a simple API wrapper to host the whole stack as a cloud-based SaaS product. There's a lot of technology here from a real world case study, and I'll focus on: - running Windows apps in Docker containers - building a .NET Core API which can run in Linux or Windows containers - running the stack in Kubernetes with Docker Desktop locally and AKS in the cloud - configuring AKS workloads in Azure to burst out to Azure Container Instances And there's a core theme to this session: Docker and Kubernetes are complex technologies, but they're the key to modern development. If you invest time learning them, they make projects like this simple, portable, fast and fun.

Developing with Docker for the Arm ArchitectureDocker, Inc.

This virtual meetup introduces the concepts and best practices of using Docker containers for software development for the Arm architecture across a variety of hardware systems. Using Docker Desktop on Windows or Mac, Amazon Web Services (AWS) A1 instances, and embedded Linux, we will demonstrate the latest Docker features to build, share, and run multi-architecture images with transparent support for Arm.

Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.

How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.

Build & Deploy Multi-Container Applications to AWSDocker, Inc.

Securing Your Containerized Applications with NGINXDocker, Inc.

How To Build and Run Node Apps with Docker and ComposeDocker, Inc.

Hands-on Helm Docker, Inc.

Distributed Deep Learning with Docker at SalesforceDocker, Inc.

The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.

Monitoring in a Microservices WorldDocker, Inc.

COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.

Predicting Space Weather with DockerDocker, Inc.

Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.

How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.

Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.

Kubernetes at Datadog ScaleDocker, Inc.

Labels, Labels, Labels Docker, Inc.

Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.

Build & Deploy Multi-Container Applications to AWSDocker, Inc.

From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.

Developing with Docker for the Arm ArchitectureDocker, Inc.

Recently uploaded (20)

Technology Trends in 2025: AI and Big Data AnalyticsInData Labs

At InData Labs, we have been keeping an ear to the ground, looking out for AI-enabled digital transformation trends coming our way in 2025. Our report will provide a look into the technology landscape of the future, including: -Artificial Intelligence Market Overview -Strategies for AI Adoption in 2025 -Anticipated drivers of AI adoption and transformative technologies -Benefits of AI and Big data for your business -Tips on how to prepare your business for innovation -AI and data privacy: Strategies for securing data privacy in AI models, etc. Download your free copy nowand implement the key findings to improve your business.

Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell

Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul

Artificial intelligence is changing how businesses operate. Companies are using AI agents to automate tasks, reduce time spent on repetitive work, and focus more on high-value activities. Noah Loul, an AI strategist and entrepreneur, has helped dozens of companies streamline their operations using smart automation. He believes AI agents aren't just tools—they're workers that take on repeatable tasks so your human team can focus on what matters. If you want to reduce time waste and increase output, AI agents are the next move.

Complete Guide to Advanced Logistics Management Software in Riyadh.pdfSoftware Company

Explore the benefits and features of advanced logistics management software for businesses in Riyadh. This guide delves into the latest technologies, from real-time tracking and route optimization to warehouse management and inventory control, helping businesses streamline their logistics operations and reduce costs. Learn how implementing the right software solution can enhance efficiency, improve customer satisfaction, and provide a competitive edge in the growing logistics sector of Riyadh.

Linux Support for SMARC: How Toradex Empowers Embedded DevelopersToradex

Toradex brings robust Linux support to SMARC (Smart Mobility Architecture), ensuring high performance and long-term reliability for embedded applications. Here’s how: • Optimized Torizon OS & Yocto Support – Toradex provides Torizon OS, a Debian-based easy-to-use platform, and Yocto BSPs for customized Linux images on SMARC modules. • Seamless Integration with i.MX 8M Plus and i.MX 95 – Toradex SMARC solutions leverage NXP’s i.MX 8 M Plus and i.MX 95 SoCs, delivering power efficiency and AI-ready performance. • Secure and Reliable – With Secure Boot, over-the-air (OTA) updates, and LTS kernel support, Toradex ensures industrial-grade security and longevity. • Containerized Workflows for AI & IoT – Support for Docker, ROS, and real-time Linux enables scalable AI, ML, and IoT applications. • Strong Ecosystem & Developer Support – Toradex offers comprehensive documentation, developer tools, and dedicated support, accelerating time-to-market. With Toradex’s Linux support for SMARC, developers get a scalable, secure, and high-performance solution for industrial, medical, and AI-driven applications. Do you have a specific project or application in mind where you're considering SMARC? We can help with Free Compatibility Check and help you with quick time-to-market For more information: https://www.toradex.com/computer-on-modules/smarc-arm-family

TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc

Most consumers believe they’re making informed decisions about their personal data—adjusting privacy settings, blocking trackers, and opting out where they can. However, our new research reveals that while awareness is high, taking meaningful action is still lacking. On the corporate side, many organizations report strong policies for managing third-party data and consumer consent yet fall short when it comes to consistency, accountability and transparency. This session will explore the research findings from TrustArc’s Privacy Pulse Survey, examining consumer attitudes toward personal data collection and practical suggestions for corporate practices around purchasing third-party data. Attendees will learn: - Consumer awareness around data brokers and what consumers are doing to limit data collection - How businesses assess third-party vendors and their consent management operations - Where business preparedness needs improvement - What these trends mean for the future of privacy governance and public trust This discussion is essential for privacy, risk, and compliance professionals who want to ground their strategies in current data and prepare for what’s next in the privacy landscape.

Cyber Awareness overview for 2025 month of securityriccardosl1

Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveScyllaDB

Want to learn practical tips for designing systems that can scale efficiently without compromising speed? Join us for a workshop where we’ll address these challenges head-on and explore how to architect low-latency systems using Rust. During this free interactive workshop oriented for developers, engineers, and architects, we’ll cover how Rust’s unique language features and the Tokio async runtime enable high-performance application development. As you explore key principles of designing low-latency systems with Rust, you will learn how to: - Create and compile a real-world app with Rust - Connect the application to ScyllaDB (NoSQL data store) - Negotiate tradeoffs related to data modeling and querying - Manage and monitor the database for consistently low latencies

Greenhouse_Monitoring_Presentation.pptx.hpbmnnxrvb

Cybersecurity Identity and Access Solutions using Azure ADVICTOR MAESTRE RAMIREZ

DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxJustin Reock

Building 10x Organizations with Modern Productivity Metrics 10x developers may be a myth, but 10x organizations are very real, as proven by the influential study performed in the 1980s, ‘The Coding War Games.’ Right now, here in early 2025, we seem to be experiencing YAPP (Yet Another Productivity Philosophy), and that philosophy is converging on developer experience. It seems that with every new method we invent for the delivery of products, whether physical or virtual, we reinvent productivity philosophies to go alongside them. But which of these approaches actually work? DORA? SPACE? DevEx? What should we invest in and create urgency behind today, so that we don’t find ourselves having the same discussion again in a decade?

How analogue intelligence complements AIPaul Rowe

Artificial Intelligence is providing benefits in many areas of work within the heritage sector, from image analysis, to ideas generation, and new research tools. However, it is more critical than ever for people, with analogue intelligence, to ensure the integrity and ethical use of AI. Including real people can improve the use of AI by identifying potential biases, cross-checking results, refining workflows, and providing contextual relevance to AI-driven results. News about the impact of AI often paints a rosy picture. In practice, there are many potential pitfalls. This presentation discusses these issues and looks at the role of analogue intelligence and analogue interfaces in providing the best results to our audiences. How do we deal with factually incorrect results? How do we get content generated that better reflects the diversity of our communities? What roles are there for physical, in-person experiences in the digital world?

Build Your Own Copilot & Agents For DevsBrian McKeiver

AI EngineHost Review: Revolutionary USA Datacenter-Based Hosting with NVIDIA ...SOFTTECHHUB

I started my online journey with several hosting services before stumbling upon Ai EngineHost. At first, the idea of paying one fee and getting lifetime access seemed too good to pass up. The platform is built on reliable US-based servers, ensuring your projects run at high speeds and remain safe. Let me take you step by step through its benefits and features as I explain why this hosting solution is a perfect fit for digital entrepreneurs.

Procurement Insights Cost To Value Guide.pptxJon Hansen

UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPathCommunity

Join this UiPath Community Berlin meetup to explore the Orchestrator API, Swagger interface, and the Test Manager API. Learn how to leverage these tools to streamline automation, enhance testing, and integrate more efficiently with UiPath. Perfect for developers, testers, and automation enthusiasts! 📕 Agenda Welcome & Introductions Orchestrator API Overview Exploring the Swagger Interface Test Manager API Highlights Streamlining Automation & Testing with APIs (Demo) Q&A and Open Discussion Perfect for developers, testers, and automation enthusiasts! 👉 Join our UiPath Community Berlin chapter: https://community.uipath.com/berlin/ This session streamed live on April 29, 2025, 18:00 CET. Check out all our upcoming UiPath Community sessions at https://community.uipath.com/events/.

tecnologias de las primeras civilizaciones.pdffjgm517

Dev Dives: Automate and orchestrate your processes with UiPath MaestroUiPathCommunity

This session is designed to equip developers with the skills needed to build mission-critical, end-to-end processes that seamlessly orchestrate agents, people, and robots. 📕 Here's what you can expect: - Modeling: Build end-to-end processes using BPMN. - Implementing: Integrate agentic tasks, RPA, APIs, and advanced decisioning into processes. - Operating: Control process instances with rewind, replay, pause, and stop functions. - Monitoring: Use dashboards and embedded analytics for real-time insights into process instances. This webinar is a must-attend for developers looking to enhance their agentic automation skills and orchestrate robust, mission-critical processes. 👨‍🏫 Speaker: Andrei Vintila, Principal Product Manager @UiPath This session streamed live on April 29, 2025, 16:00 CET. Check out all our upcoming Dev Dives sessions at https://community.uipath.com/dev-dives-automation-developer-2025/.

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfPrecisely