Docker is excited to sponsor KubeCon + CloudNativeCon Europe 2018. The conference will gather 3,000 end users, committed and new vendors, leading contributors and developers from around the world for three days in Copenhagen to exchange knowledge, best practices, and experiences. With community-centric sessions, keynotes, lightning talks, workshops, panels, breakouts, salons, SIG meetings and BoFs.
If you're attending the conference, make sure to attend the following workshop and sessions:
Tuesday, May 1st
13:00 - 17:00
Registration Fee: $25 donation; Request a registration code now by filling out the form and a Docker representative will respond. Add this to your KubeCon + CloudNativeCon registration with the code provided.
The latest versions of Docker for Mac and Windows, as well as Docker Enterprise Edition now incorporate Kubernetes. Come to this workshop and learn how easy it is to use Kubernetes with the Docker platform.
In this workshop, we’ll cover:
Working with Kubernetes locally on a Mac or Windows machine
Using Docker EE for secure application deployment
Deploying an app on Kubernetes in Docker EE
And finally, we’ll connect the two, using client bundles to authorize use of your desktop to manage the EE cluster
Wednesday, May 2
11:55 - 12:30
Containerd is the foundation for all container run times whether you use Docker, cri-conatinerd in Kubernetes. As a developer, what is containerd? What can I use containerd for? In this talk, we will look into containerd's internals, walk through the relationship with cri-containerd. Then we will take the knowledge we just learned and look at how as a developer we can build applications and tooling interfacing with containerd via grpc but also on top of containerd itself by creating containerised applications only using containerd and runc
14:00 - 14:35
Securing your Kubernetes Delivery Pipelines with Notary and TUF - Liam White & Michael Hough, IBM (Intermediate Skill Level)
As the cloud native ecosystem matures, the focus shifts more towards security. One of the key challenges in this area for enterprises is ensuring that you trust the code that's running in your production environment and that it hasn't been tampered with by malicious third parties.
In this session, you'll learn about how Notary addresses this problem, how to get started with Notary and your image registry, and how you can use Kubernetes admission controllers to verify your images against Notary.
14:45 - 15:20
containerd Intro by Stephen, Day
Containerd is the core container runtime originally used in Docker to execute containers and distribute images. It was designed from the ground up to support the OCI image and runtime specifications. The design of containerd is carefully crafted to fit the use cases of modern container orchestrators like Kubernetes and Swarm. In this talk, we'll provide an introduction to containerd and how you can get started with leveraging it in your infrastructure.
16:25 - 17:00
Take Control of your Filesystems with containerd’s Snapshotters - - Stephen Day, Docker, Inc. (Advanced Skill Level)
Containers have had uncanny abilities to build, manage, and distribute changes as part of the container’s filesystems through the use of layers and graphdrivers. A critical part of the magic making people’s experience with containers delightful, this is considered a necessity in any container-based system. The complexity and integration of graphdrivers makes working with them directly cumbersome and error prone.
containerd departs from this and introduces a new abstraction, known as “snapshotters”. Mounting a container’s filesystem, direct manipulation, arbitrary diffing, and native copying, previously a challenge, are all now possible with minimal effort. In this talk, we’ll cover the evolution of Docker’s graphdrivers to containerd snapshotters, demonstrating the wonderful properties of snapshotters in the process.
Thursday, May 3
16:35 - 17:10
Entitlements: Understandable Container Security Controls by Justin Cormack, Docker
In this talk I introduce a new system of security entitlements for container workloads. These specify the types of access a pod should have in a human readable way. I will also demonstrate an example implementation running in Kubernetes. The current model of how to configure what a container running in an orchestration system is allowed to do is very low level. You have to specify everything how the operating system sees it. These things do not really make any sense to users of the system, and even experts have to constantly reference the man pages. How can we make security configuration understandable? One route comes from the model of application entitlements that Apple uses on the iPhone to control things like access to Push Notifications and Payments. These are designed to be understood by all users. The open source entitlements library, being developed at Docker, enables similarly high level controls to be used for managing containers. The talk will also cover the relationship with Open Policy Agent and other access control frameworks.
Friday, May 4
11:55 - 12:30
15:40 - 16:15
containerd Deep Dive by Stephen Day, Docker
Containerd is the core container runtime used in Docker to execute containers and distribute images. It was designed from the ground up to support the OCI image and runtime specifications. The design of containerd is carefully crafted to fit the use cases of modern container orchestrators like Kubernetes and Swarm. In this talk, we dive into design decisions that help containerd meet a diverse set of requirements for a growing container world. Developing an understanding of the decoupled components will provide attendees a grasp where they can leverage functionality in their platforms. By slicing the components of a container runtime into the right pieces, integrators can choose only what they need.