Loading…
October 4-6 in Berlin, Germany
Register Now for LinuxCon+ContainerCon Europe

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

View all ContainerCon Sessions [clear filter]
Tuesday, October 4
 

11:15

Flotilla – Containerized Network Function Deployment at Enterprise Branch Offices - Sumanth Mysore Sathyanarayana, Deutsche Telekom
Traditionally network functions were getting deployed on specialized hardware appliances. But with the advent of Network Function Virtualization, these infrastructure services are now getting deployed as software inside VMs. This talk is about how Flotilla’s framework could be used to deploy these Network Functions inside containers and in doing so, understanding the benefits and challenges. Flotilla primarily provides three important features which are:
1. It acts as a self-service network function portal connecting multiple branch offices to the cloud.
2. It helps to establish dynamic vpn tunnels between the cloud and the branch offices.
3. It acts as a containerized network function deployer at the branch office, thereby bringing down the capital and operational expenses as well as decreasing the time for deployment and modifications required for the network functions.

Speakers
avatar for Sumanth M. Sathyanarayana

Sumanth M. Sathyanarayana

Sr Software Engineer, Twitch


Tuesday October 4, 2016 11:15 - 12:05
Tegel

11:15

Putting the Parts Together: Building a Secure Container Platform - Matthew Garrett, CoreOS
General purpose operating systems have to solve many problems, and that means they make compromises. You need to be able to install, upgrade and configure individual components, which means having a large surface area vulnerable to attack. More specialised products (such as phones and Chromebooks) benefit from being able to reduce that surface area. Can we do the same with containers?

Security technologies can be overly restrictive in general purpose operating systems. This presentation covers a range of technologies that can be used unobtrusively and effectively in container-focused designs. It will describe how features like dm-verity can provide filesystem-level assurance that binaries are unmodified, how the kernel keyring can be used to provide immutable trusted key stores, how secure boot can root all of this trust in firmware and how container introspection can stop attacks.

Speakers
MG

Matthew Garrett

Staff Security Developer, Google
Matthew Garrett is a security developer at Google, working on infrastructural security for Linux desktop and mobile platforms.


Tuesday October 4, 2016 11:15 - 12:05
Schinkel II/III

11:15

Kubernetes 101 and Fun - Mario-Leander Reimer, QAware GmbH
Cloud native applications are popular these days – applications that run in the cloud reliably und scale almost arbitrarily. They follow three key principles: they are built and composed as micro services. They are packaged and distributed in containers. The containers are executed dynamically in the cloud. Kubernetes is an open-source cluster manager for the automated deployment, scaling and management of cloud native applications. In this hands-on session we will introduce the core concepts of Kubernetes and then show how to build, package and operate a cloud native showcase application on top of Kubernetes step-by-step. Throughout this session we will be using an off-the-shelf MIDI controller to demonstrate and visualize the concepts and to remote control Kubernetes.

Speakers
avatar for Mario-Leander Reimer

Mario-Leander Reimer

Chief Software Architect, QAware GmbH
Passionate Java developer. Proud father. #CloudNativeNerd. Leander works as a chief software architect at QAware. He’s continuously looking for innovations in software engineering and ways to combine and apply state-of-the-art technology in real-world projects. As a speaker at national... Read More →


Tuesday October 4, 2016 11:15 - 12:05
Schöneberg

11:15

Taming Container Fears - Scott McCarty, Red Hat
Container technology promises greater agility and efficiency when it comes to building and deploying applications—a critical ability in this age of zero tolerance for downtime and great expectations for capabilities on demand. Indeed, containers can provide a technological edge that translates into significant business advantage, but some companies have been leery about adopting the technology because of (very valid) security fears stemming from the way in which containers interact with the OS: Containers share system resources for access to compute, networking and storage, but, unlike virtual machines, all containers on the same host share the same OS kernel. If the kernel is compromised, containers will be compromised--and vice versa.

Speakers
avatar for Scott McCarty

Scott McCarty

Technical Product Manager, Red Hat
At Red Hat, Scott McCarty is technical product manager for the container subsystem team, which enables key product capabilities in OpenShift Container Platform and Red Hat Enterprise Linux. Focus areas includes container runtimes, tools, and images. Working closely with engineering... Read More →



Tuesday October 4, 2016 11:15 - 12:05
Charlottenburg I/II
  • Experience Level Any

11:15

Container Orchestration with Docker Swarm, Mesos/Marathon and Kubernetes - Adrian Mouat, Container Solutions
Container orchestration is one of the most fierce battlegrounds in IT today, with several frameworks competing for control. In this talk, I'll explain what container orchestration is, and why it's important, before comparing and contrasting the major platforms: Docker Swarm, Mesos/Marathon and Kubernetes.

I'll use a simple web application as a running example, adapting it to run on each of the platforms in turn. This will allow us to drill down into details of the platforms and highlight their comparative advantages and disadvantages.

Speakers
avatar for Adrian Mouat

Adrian Mouat

Chief Scientist, Container Solutions
Adrian Mouat is Chief Scientist at Container Solutions and the author of the O'Reilly book "Using Docker". He has been a professional software developer for over 10 years, working on a wide range of projects from small webapps to large data mining platforms. His current focus is on... Read More →


Tuesday October 4, 2016 11:15 - 12:05
Bellevue

12:15

An Exploration of Linux Container Network Monitoring and Visualization - Alban Crequy, Kinvolk
The Linux kernel provides a multitude of ways to show what your application containers are doing with the network: /proc, Netlink sockets, eBPF programs, traffic control, Netfilter conntrack, cgroups... the list goes on. In this talk we’ll explore how to utilize these tools to monitor container network activity. We’ll also looks at how we can interface these with Kubernetes, testing frameworks, and Weave Scope, a visualization and monitoring tool.

Speakers
AC

Alban Crequy

Co-founder & Software Engineer, Kinvolk
Originally from France, Alban currently lives in Berlin where he is a co-founder and software engineer at Kinvolk GmbH. He is the technical project lead for rkt, a container runtime for Linux. Before falling into containers, Alban worked on various projects core to modern Linux; kernel... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Tegel

12:15

Secure Application Development in the Age of Continuous Delivery - Tim Mackey, Black Duck Software
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container

Speakers
avatar for Tim Mackey

Tim Mackey

Senior Technical Evangelist, Black Duck by Synopsys
Tim Mackey is a technology evangelist for Black Duck Software specializing in the secure deployment of applications using virtualization, cloud and container technologies. Prior to joining Black Duck, Tim was most recently the community manager for XenServer and was part of the Citrix... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Schinkel II/III

12:15

Test-driven Infrastructure with Puppet, Docker, Test Kitchen and Serverspec - Yury Tsarev, GoodData
In this talk Yury Tsarev will go through practical example of building infrastructure-as-code with a strong test-driven approach. While having opinionated tools selection the audience will be provided with generic framework to build on where the components are fully replaceable. Yury strongly believes that infrastructure code should be treated like any other code. This means apply a test driven development model, storing it in a source control system and building a regression test suite. He suggests doing this with Test Kitchen, a pluggable and extensible test orchestrator that originated in the Chef community. Using Test Kitchen’s docker driver, a docker container can be used to simulate a machine under test. Then Serverspec can verify that the configuration code properly setup the machine. Shell mocking is used to bypass external dependencies and docker limitations.

Speakers
avatar for Yury Tsarev

Yury Tsarev

Technology Architect - Site Reliability Engineering, McKinsey&Company
Yury is an experienced software engineer with strong focus on Linux and software quality. He is passionate about open source and contribute to several upstream projects on a regular basis. The most recent focus of his job is quality, test automation and continuous delivery practices... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Schöneberg

12:15

Why I Love Kubernetes - Sebastien Goasguen, Open Source Innovator
Kubernetes, the open source container orchestration system has become one of the top projects on GitHub and is set to become the standard for cloud native applications. In this talk I will explain and show why I love Kubernetes. From its lineage to Google internal application management system: Borg to its powerful REST API and great resources that make programming distributed applications easy as well as the keys features like rolling-update and scaling. The talk will mix slides and live demonstration and should leave you with a good understanding of Kubernetes principles, power and ease of use.

Speakers
avatar for Sebastien Goasguen

Sebastien Goasguen

Kubernetes Lead, Bitnami
Sebastien Goasguen is a twenty year open source veteran. A member of the Apache Software Foundation, he worked on Apache CloudStack and Libcloud for several years before diving into the container world. He is the founder of Skippbox, a Kubernetes startup acquired by Bitnami where... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Charlottenburg I/II

12:15

Building Distributed Systems without Docker, Using Docker Plumbing Projects - Patrick Chanezon & David Chung, Docker & Phil Estes, IBM
Docker provides an integrated and opinionated toolset to build, ship and run distributed applications. Over the past year, the Docker codebase has been refactored extensively to extract infrastructure plumbing components that can be used independently, following the UNIX philosophy of small tools doing one thing well: runC, containerd, swarmkit, hyperkit, vpnkit, datakit.

This talk will give an overview of these tools and how you can use them to build your own distributed systems without Docker.

Speakers
avatar for Patrick Chanezon

Patrick Chanezon

Chief Developer Advocate, Docker
As the Chief Developer Advocate for Docker, Patrick Chanezon helps drive the direction of the company’s open source projects, acting as an advocate for the developer community to assure that their requirements and issues are addressed in the Docker platform. From 2013 to 2015, he... Read More →
avatar for Phil Estes

Phil Estes

Distinguished Engineer & CTO, Container & Linux Strategy, IBM Cloud
Phil is a Distinguished Engineer in the office of the CTO for IBM Cloud, guiding IBM's strategy around containers and Linux. Phil is a founding maintainer of the CNCF containerd runtime project, and participates in the Open Container Initiative (OCI) as a member of the Technical Oversight... Read More →


Tuesday October 4, 2016 12:15 - 13:05
Bellevue

14:30

Getting Started with Docker Services - Mike Goelzer, Docker
Docker Services are a new abstraction available in recent versions of the Docker platform. Unlike the familiar 'docker run' command, Services are used to declare a desired application state that the Docker Engine will maintain.

In this presentation, Mike Goelzer will introduce the audience to Docker Services, explaining what they are and how to use them to deploy multi-tier applications. Other topics covered: load balancing, service discovery, scaling, security, deployment models, and common network topologies.

I will also present a live demo of a microservice application deployed and configured using Docker Services. All demo code will be available in Github.

Speakers
avatar for Mike Goelzer

Mike Goelzer

Sr. PM & Platform Architect, Docker
Docker and container orchestration


Tuesday October 4, 2016 14:30 - 15:20
Bellevue

14:30

Container Orchestration: Swarm, Mesos, Kubernetes - Which Conductor? - Mike Bright, HPE
Oh my, as if we didn’t have enough container choices with LXC, Docker, rkt, LXD, we still have to choose a container orchestrator and there are lots of them !

Worse - the choice of orchestrator is the new industry battleground.
Feature sets increase rapidly and industry players are making acquisitions and investments.

It’s still early days in container orchestration and so existing solutions partially overlap meaning that combinations of orchestrators may be needed.

So how should you choose for your use case?

In this talk we’ll take a look at what is orchestration and why you need it.
We’ll look at the main contenders amongst Docker Swarm, Google’s Kubernetes, Apache Mesos as well as Fleet, Rancher/cattle and Juju.

We’ll compare and contrast the existing solutions, look at where they are heading and how you can use them in your solution today and tomorrow.

Speakers
avatar for Michael Bright

Michael Bright

Technical Trainer, @mjbright Consulting
Michael Bright, is a Technical Trainer for Docker, Kubernetes, Serverless, Micro-services. Based in Grenoble, France, he runs a Python user group, and is a co-organizer of the Docker and FOSS Meetup groups. He has a keen interest in Containers, Orchestration, Unikernels and Serverless... Read More →


Tuesday October 4, 2016 14:30 - 15:20
Schinkel II/III

14:30

Container Standards: Past, Present and Future - Vincent Batts, Red Hat
Standards often arise out of patterns arising, but needing common interfaces to design to. So it goes with containers, but a culmination of hype, adoption and formal standards, is a lot to wade through. Many companies involved, but the interfaces you integrate with need to not be locked-in.
In this talk Vincent Batts will review how standards have arrived where they are, what the important next steps will be and how this affects you.

Speakers
avatar for Vincent Batts

Vincent Batts

Red Hat, Red Hat
A mindful polyglot, Vincent Batts has spent the last 15 years participating in the Linux and open source community. Presently involved on the Open Containers Initiative as a maintainer and on the technical board. Still a current member of Slackware Core Team and has been a maintainer... Read More →


Tuesday October 4, 2016 14:30 - 15:20
Charlottenburg I/II

14:30

Continuous Integration for Fun and Profit - Arnold Bechtoldt, Inovex GmbH
Continuous Integration helps to improve the process of developing and delivering software. Many people vote for it, but implementing and introducing it can be very challenging in various ways. Let’s take a look at container techniques and tools to implement a Continuous Integration process for a web app to make developer’s life easier.

Speakers
avatar for Arnold Bechtoldt

Arnold Bechtoldt

Systems Engineer, inovex
Arnold uses great technologies to move companies in Germany beyond #Neuland. As Systems Engineer at inovex he has gathered deep knowledge in software-defined datacenter management, continuous integration/delivery and getting rid of *the legacy stuff* for the last years.



Tuesday October 4, 2016 14:30 - 15:20
Schöneberg

15:30

SwarmKit: Docker's Simplified Model for Complex Orchestration - Stephen Day, Docker
SwarmKit is a new framework by Docker for building orchestration systems that powers Docker Engine's orchestration capabilities. In this talk, we'll dive into the model driven design and how the components fit together to build a user friendly orchestration system. Solving problems such as reconciliation, convergence and consistency at the model level ensure the system can evolve to meet modern use cases needed in orchestration applications. This approach leads to a simplified model that can reliably orchestrate complex deployments. Show me your data structures and I'll show you your orchestration system.

Speakers
avatar for Stephen Day

Stephen Day

Containerd Maintainer, Cruise Automation
Stephen Day is a software engineer at Docker. His many contributions to Docker ecosystem projects include SwarmKit and the version 2 specification for the Docker Registry HTTP API, and evolving the available models for container image distribution. He currently works on containerd... Read More →


Tuesday October 4, 2016 15:30 - 16:20
Bellevue

15:30

User Namespace and Seccomp Support in Docker Engine - Paul Novarese, Docker
Isolation in Docker is mainly accomplished via cgroups and namespaces. User namespaces are the newest namespace to be supported by the Docker engine, and allow users to run containers as without elevated privileges, which has been a longstanding shortcoming and frequent target of both user frustration and feature requests. In addition, Seccomp support adds a new method of containment for running containers by providing both whitelist and blacklist based controls of system calls that are permitted and/or forbidden for containerized processes. In this session, we’ll look at these new features, examine basics of configuration, and do some live demos to see them in action.

Speakers
avatar for Paul Novarese

Paul Novarese

Technical Account Manager, Docker, Inc.
Paul has been working in the ops side of open source for over 20 years, providing technical support, training, and general consulting in both the largest and smallest data centers.


Tuesday October 4, 2016 15:30 - 16:20
Schinkel II/III

15:30

5 Containers for 5 Languages: Patterns for Software Development Using Containers - Mario Loriedo, Red Hat
Go, Rust, Swift, Haskell and JavaScript are among the hottest languages in 2016 and all have different features that will be exploited to show different patterns to build, test and run applications using containers.

Building upon an earlier workshop at BreizhCamp in 2015 (https://gist.github.com/l0rd/316164ad3f170cde9b12, http://l0rd.github.io/talks/containers-and-languages/), attendees will be lead through the development of samples applications written in different languages in order to illustrate different containers usage patterns.

After a short description of the language, the container and the pattern to use participants will be asked to put into practice these patterns using a sample project.

Speakers
avatar for Mario Loriedo

Mario Loriedo

Senior Principal Software Engineer, Red Hat
Mario is a Software Engineer at Red Hat and has been involved in various open source projects integrating containers and development tools. He is the principal architect of the open source project Eclipse Che.


Tuesday October 4, 2016 15:30 - 16:20
Charlottenburg I/II

15:30

Building Efficient Parallel Testing Platforms with Docker - Laura Frank, Codeship
Fast and efficient software testing is easy with Docker. We often use containers to maintain parity across development, testing, and production environments, but we can also use containerization to significantly reduce time needed for testing by spinning up multiple instances of fully isolated testing environments and executing tests in parallel. This strategy also helps you maximize the utilization of infrastructure resources. The enhanced toolset provided by Docker makes this process simple and unobtrusive, and you’ll see how Docker Engine, Registry, and Compose can work together to make your tests fast.

Speakers
avatar for Laura Frank

Laura Frank

Director of Engineering, CloudBees
As the Director of Engineering at CloudBees and a Docker Captain, Laura's primary focus is making tools for other developers. At CloudBees, she works on improving the Docker infrastructure of the Codeship product and overall experience for all users of the CI/CD platform. Previously... Read More →


Tuesday October 4, 2016 15:30 - 16:20
Schöneberg

16:50

A New Approach to Tracing Through BPF - Elena Zannoni, Oracle
Fundamental changes are happening within the key areas of tracing.  While existing tools are being refined and more complex features are added to them, a totally new approach to tracing has emerged within the last year.  The Berkeley Packet Filtering (BPF) mechanism has been extended and it now integrates with the kernel perf events and the tracing subsystems to provide a flexible and feature rich tool increasing dynamic tracing's capabilities.  This talk will cover the inner workings of BPF with the new dynamic tracing features and examples of how to make use of them.

Speakers
avatar for Elena Zannoni

Elena Zannoni

Director of the Linux Tools and Languages Team, Oracle Corporation
Elena Zannoni is the manager for the Linux Toolchain and Tracing team at Oracle. The team covers the GNU toolchain and DTrace for Linux, among other things. Elena was one of the original GDB global maintainers and has spoken worldwide on topics related to tracing at many conferences... Read More →


Tuesday October 4, 2016 16:50 - 17:40
Schöneberg

16:50

Are Containers Enterprise Ready? - Michal Svec, SUSE
Containers has been around for quite some time and are a hot topic these days. In this session we will look at how containers and Docker can be used, what are the pros and cons of using containers and will show tools which help in enterprise deployments of containers, explaining aspects of container security and lifecycle.

Speakers
avatar for Michal Svec

Michal Svec

Senior Product Manager, SUSE
Michal Svec is a Senior Product Manager at SUSE, responsible for virtualization and containers in SUSE Linux Enterprise product family. Prior to this he served as a Director of Engineering focused on the installation and systems management and was involved in developing various parts... Read More →


Tuesday October 4, 2016 16:50 - 17:40
Charlottenburg I/II

16:50

Dev and Ops: Collaborating on an Up-to-Date Build Tool Chain - Christoph Goern, Red Hat & Robin Meissner, T-Systems/AppAgile
We all want stable and secure foundations for building applications, but getting there isn't easy. Developers want and need tools that move quickly, operations folks need and want trusted platforms that are up-to-date and known to be stable. You can have it all, if you do it
right.

This talk will explain how operations and developers can collaborate on a tool chain that is a win for all. It gives ops everything they need in terms of stability and security, and allows developers to build on that with the most recent tools. Best of all, this toolchain can be full automated and integrated in such a way that an update to the base OS can trigger an update for the entire stack.

Speakers
avatar for Christoph Görn

Christoph Görn

Principal Software Engineer, Red Hat



Tuesday October 4, 2016 16:50 - 17:40
Bellevue

16:50

Networking Approaches in a Container World - Flavio Castelli, SUSE
Networking has always been a complicated and delicate topic. Things get even more complicated in the world of containers, where lots of containers are continuously being created and moved over entire data centers.

Several choices are available, each one having a slightly different implementation and its own peculiarities.
This leads to a lot of confusion when a networking solution has to be chosen.

This talk illustrates how the major networking solutions for Linux application containers work: their implementation details, their positive and negative aspects and how they influence the deployment of distributed applications.

Speakers
avatar for Flavio Castelli

Flavio Castelli

Engineering Manager, SUSE
Flavio Castelli is the engineering manager for the containers team at SUSE. Flavio has been following Docker since its early days and focused on its integration within the openSUSE and SUSE ecosystems. Flavio developed experience in creating and managing systems while working on products... Read More →


Tuesday October 4, 2016 16:50 - 17:40
Schinkel II/III

16:50

Microservices vs. Reverse-Proxy - Emile Vauge, Containous
You proudly created a modern microservices app, packaged it with Docker, used Consul as service registry and deployed it on Mesos/Marathon and it was fast and super easy! Now you want to put a reverse proxy in front of it... And you have to write ugly hacks :(
Why don't we create a modern reverse proxy in GO that would support several backends (Docker, Mesos/Marathon, Kubernetes, Consul, Etcd, Zookeeper, BoltDB, Rest API, file…) to manage its configuration automatically and dynamically?

Speakers
avatar for Emile Vauge

Emile Vauge

CEO, Containous
Creator of traefik.io, founder of containo.us


Tuesday October 4, 2016 16:50 - 17:40
Tegel
 
Wednesday, October 5
 

11:00

Getting Started with Apache Mesos, Marathon, Containers, and DC/OS - Brenden Matthews, Mesosphere
Brenden will give an introduction to the primary components that make up the Mesos ecosystem: Apache Mesos, Marathon, and DC/OS. This talk will be an excellent entry point for anyone who is new to cluster management, container orchestration, and building distributed applications. In this talk Brenden will discuss best practices for architecting and deploying applications in a modern datacentre environment.

Speakers
avatar for Brenden Matthews

Brenden Matthews

Mesosphere
Brenden Matthews is a Software Architect at Mesosphere who works closely with customers and engineering. He ensures technical goals are aligned with customer needs. Previously, he was a software engineer at Airbnb, running Airbnb’s analytics stack. He is an Apache Mesos contributor... Read More →


Wednesday October 5, 2016 11:00 - 11:50
Bellevue

11:00

One Year of Deploying Applications with Docker, CoreOS, Kubernetes and Co. - Thomas Fricke, Endocode AG
The talk gives summary on one year of experience with containers in production. Rolling out distributed, heterogeneous applications was a difficult task. We present results from real customer projects, using Docker to deploy applications in a rapidly changing environment by Kubernetes and CoreOS.

Following a very strict approach, separating persistent and stateless applications, running everything in small units orchestrated by Kubernetes we could create descriptions of environments very rapidly, deploying complex environments with a single command. Examples in Java, Python and Ruby are shown. Security has been addressed to pass an extensive security audit.

The talk covers also operational challenges as implementing a deployment pipeline. logging under load, monitoring, distribution of passwords and configurations as limits to the containers resource management.

Speakers
avatar for Thomas Fricke

Thomas Fricke

CTO, Endocode AG
Thomas Fricke is the CTO of Endocode and a cloud architect. He likes to work with scaling applications, specially with distributed databases. He has worked as a development engineer, system, software and cloud architect for many years. Current topics are large scale system automation... Read More →



Wednesday October 5, 2016 11:00 - 11:50
Schinkel II/III

11:00

Cloud Services Catalog: One Year of OSCM - Uwe Specht & Michael Falkenhahn, Fujitsu
Almost exactly a year ago, Fujitsu launched its market-proven Cloud Management solution, Service Catalog Manager (CT-MG), as its first Open Source product, now under the new name Open Service Catalog Manager (OSCM). In this session Fujitsu will hold a resumé and present its activities, experiences and further plans to establish the project within the open source community. Fujitsu will share the experience of developing a first contribution based on a customer project. This session will also show how the open source project created engagement in the CNCF.

Speakers
avatar for Michael Falkenhahn

Michael Falkenhahn

Solution Architect, FUJITSU Enabling Software Technology GmbH
Michael Falkenhahn is Solution Architect for Cloud Management Products in Hybrid Cloud Environments at Fujitsu. He has over 15 years' experience in the software industry from development, through customer training and support. As OSCM community manager, he is taking care of all community... Read More →
avatar for Uwe Specht

Uwe Specht

Senior Manager, Fujitsu
Uwe Specht is Senior Manager for Partner Projects at Fujitsu. He is responsible for customer’s integration projects with Cloud Management Products in Hybrid Cloud Environments. He gathered deep technical knowledge in multiple cloud environments like AWS and Azure or VMware. He is... Read More →



Wednesday October 5, 2016 11:00 - 11:50
Schöneberg

11:00

Container Defense in Depth - Scott McCarty, Red Hat
Defense in depth is an information assurance technique to protect a system from any particular attack by having multiple independent countermeasures in place. In a containerized world, defense in depth is applied by thinking about security within a container, on the container host and at the container platform layer.

This talk will cover numerous technologies and practices at each layer - from kernel quality, svirt, and SECCOMP, to measuring attack surface, use of root and patch remediation, to platform level authentication and authorization, these are the droids you are looking for.

This talk will help an end user understand the breadth of tooling that is available at each level and how they will help protect their system from intrusions and compromises.

Speakers
avatar for Scott McCarty

Scott McCarty

Technical Product Manager, Red Hat
At Red Hat, Scott McCarty is technical product manager for the container subsystem team, which enables key product capabilities in OpenShift Container Platform and Red Hat Enterprise Linux. Focus areas includes container runtimes, tools, and images. Working closely with engineering... Read More →



Wednesday October 5, 2016 11:00 - 11:50
Tegel

11:00

Container Orchestration Lab: Swarm, Mesos, Kubernetes - Haïkel Guémar, Fedora Project
There are many container orchestration choices available to the developer today.

In this lab we will look at several orchestrators gaining hands-on experience with them to understand the challenges, and how to do effective orchestration with one or more of the available solutions.

Docker Swarm
Google Kubernetes
Apache Mesos
Combining them

Please follow setup instructions here
http://bit.ly/2674h5J

Speakers
avatar for Haikel Guemar

Haikel Guemar

RDO release wrangler, Fedora Project
CentOS Cloud SIG developerRDO Engineering at Red HatStacker


Wednesday October 5, 2016 11:00 - 12:50
Charlottenburg I/II

12:00

Tilling the Brownfield: A Container Story - Richard Marshall, IAC Publishing Labs
It seems everyone wants to be living the container native dream, but how does an established organization overcome inertia and shift towards that end? This presentation will tell the story of how IACPL (formerly Ask.com), a company with 2 decades of legacy, has navigated that journey thus far. There were wrong turns, speed bumps, roadblocks, and just about any road travel metaphor you can think of along the way. This talk will focus on those challenges we faced while adapting or replacing our existing processes, training staff, and all sorts of technical issues in an endeavor that has touched every part of our technology organization.

Speakers
avatar for Richard Marshall

Richard Marshall

Lead Platform Architect, IAC Publishing Labs
Richard Marshall is the Lead Platform Architect at IAC Publishing Labs where he works on private cloud infrastructure. He joined Ask.com (now IAC Publishing Labs) in 2011 and has led initiatives related to virtualization and containers; current efforts focus on building a production... Read More →


Wednesday October 5, 2016 12:00 - 12:50
Schinkel II/III
  • Experience Level Any

12:00

Cloud Native Applications, Containers, Microservices, Platforms, CI-CD…Oh My!! - Fabio Chiodini, EMC
As a new user the World of Cloud native applications may appear to be daunting: containers, container clustering, Platforms, networking, CI/CD , .. oh my! It appears there are at least two approaches to do this: an assembled one where you pick and choose disparate tools/technologies to build this up and a prescriptive one where you embrace a platform that contains and harmonizes a subset of these tools/technologies. In this session you'll see some practical examples (with extensive demos) on how you can use one approach or the other using a sample, easy to understand demo application and understand the pros and cons.

Speakers
avatar for Fabio Chiodini

Fabio Chiodini

Principal System Engineer, EMC
Fabio Chiodini is a Principal System Engineer at EMC focusing on the EMC+VMware+Pivotal technical alliance. His role at EMC is a mix of passion and expertise: preparing cool (and risky) live demos and helping customers in adopting new technologies and processes in this brave new cloud-native... Read More →


Wednesday October 5, 2016 12:00 - 12:50
Bellevue

12:00

OCI, Where Are We and Where Are We Going - Qiang Huang, Huawei
OCI (Open Container Initiative) is an open governance structure for the express purpose of creating open industry standards around container formats and runtime. Qiang Huang will introduce the constitution of OCI, duty and purpose of this organization, how this is important for container ecosystem and what benefit will people gain from it. He'll also talk about the status of OCI projects and the milestones and future plans of OCI.

Speakers
QH

Qiang Huang

Huawei
Qiang Huang is a software engineer who has been working in Huawei for 6 years, he has been working on container area since he joined the company. With experience in cgroup, namespace, LXC, CRIU, docker, OCI etc, he is now focusing on Docker and OCI and the ecosystem, as a maintainer... Read More →


Wednesday October 5, 2016 12:00 - 12:50
Schöneberg

12:00

Rkt Architecture and Security Features - Luca Bruno, CoreOS
rkt is a container runtime engine developed by CoreOS that was designed for security. rkt can run the same container with varying degrees of protection, from lightweight, OS-level namespace and capabilities isolation to heavier, VM-level hardware virtualization. rkt’s primary interface comprises a single executable, rather than a background daemon, and rkt uses this design to easily integrate with existing init systems while minimizing exposure to threats.

Speakers
LB

Luca Bruno

CoreOS
Luca Bruno is a software and security engineer at CoreOS where he works on rkt, a modular and security ­minded container engine. Luca is currently focused on network and system security topics. He is a longtime FLOSS supporter and an active Debian developer. Born on the Italian Riviera... Read More →


Wednesday October 5, 2016 12:00 - 12:50
Tegel

14:30

Blockchain, Linux, and Open Source Innovation - Matthew Golby-Kirk & Adam Jollans, IBM
Open source has become a hub for innovation, and one of the most exciting new use cases is Blockchain - a shared, immutable ledger for recording the history of transactions, which enables global businesses to transact with less friction and more trust. IBM is a founding member of the Hyperledger project at the Linux Foundation, and is actively contributing code, as well as working with a range of clients on Blockchain technology, and providing a test network for developers. This session will explain what Blockchain is and why it is important, show a demo of Blockchain in action, and discuss early customer implementations of Blockchain in practice.

Speakers
avatar for Matthew Golby-Kirk

Matthew Golby-Kirk

Global Blockchain Labs Engagement, IBM
Matthew is part of IBM’s global Blockchain engagement team, within the CTO Europe Office. He is based at IBM’s development laboratory in Hursley, England and has worked with IBM for almost 20 years on a variety of integration and middleware technologies. Most recently he spent... Read More →
avatar for Adam Jollans

Adam Jollans

Linux Strategy Manager, IBM
Adam Jollans is currently leading the worldwide cross-IBM Linux and open virtualization strategy for IBM. He has been involved with Linux and open source since 1999, and previously was a programmer and supported customer projects. He graduated from Cambridge University with a degree... Read More →


Wednesday October 5, 2016 14:30 - 15:20
Charlottenburg III

14:30

Reproduce and Verify Filesystems - Vincent Batts, Red Hat
A side effect of the many new ways to package filesystems (here's looking at you, containers!), is that filesystems are being copied around without many of the features that traditional packaging provided (i.e. `rpm -qV ...`). Much progress has been made for reproducible checksums, of which Docker now includes for better content addressibility. In this talk Vincent Batts will review options for distributing filesystems with reproducibility, and verifying the at-rest outcomes.

Speakers
avatar for Vincent Batts

Vincent Batts

Red Hat, Red Hat
A mindful polyglot, Vincent Batts has spent the last 15 years participating in the Linux and open source community. Presently involved on the Open Containers Initiative as a maintainer and on the technical board. Still a current member of Slackware Core Team and has been a maintainer... Read More →


Wednesday October 5, 2016 14:30 - 15:20
Schöneberg
  • Experience Level Any

14:30

Enforcing a Docker Container Security Policy - Thomas Sjögren, AB Svenska Spel
Even though the options to secure Docker containers are available, following a security baseline is often left to the user starting the container.

In this presentation Thomas Sjögren will show how to make a container, from image to runtime, a bit more secure and how to enforce a security policy by monitoring Docker events.

Speakers
avatar for Thomas Sjögren

Thomas Sjögren

System Technician, AB Svenska Spel
Thomas Sjögren is a system technician at AB Svenska Spel. He's one of the maintainers behind the docker/docker-bench-security project and contributor to the Center For Internet Security Docker Benchmark.


Wednesday October 5, 2016 14:30 - 15:20
Tegel

14:30

Packaging for Linux Distributions with Docker - Bruno Cornec, Hewlett Packard Enterprise
Docker has brought an ease of use without comparison with VMs typically to build native upstream distribution packages. Where before it was needed to launch a complete environment, copy the sources into it, invoke the build tools to create the packages and then copy them back to the host, Docker has made all these steps easier and straight forward, allowing for more rapid package production and automation.

This presentation will show and demo a detailed use case for building packages for both Mageia and Fedora with their respective bm or koji tools encapsulated in Docker containers. It should help any upstream packager adopt a similar approach to make his packaging task a breathe.

Also this presentation will explain how Docker support has been added to project-builder.org in order to ease the build of upstream project packages, which is a preparation step to distribution inclusion.

Speakers
avatar for Bruno Cornec

Bruno Cornec

Open Source & Technology Strategist, HPE
Bruno Cornec has been managing various Unix systems since 1987 and Linux since 1993 (0.99pl14).Bruno first worked 8 years around Software Engineering and Configuration Management Systems in Unix environments.Since 1995, he is Open Source and Linux (OSL) Technology Strategist, Linux... Read More →


Wednesday October 5, 2016 14:30 - 15:20
Bellevue

14:30

How Secure Is Your Container? A Docker Engine Security Update - Phil Estes, IBM
Security has long been a hot discussion topic when modern Linux containers are compared to other isolation technologies such as VMs. Recently at DockerCon 2016 in Seattle, ADP, a large worldwide enterprise, took the keynote stage and made the bold claim that they came to containers because of, not in spite of, their security requirements. This is a company who manage highly sensitive personal information for millions of clients worldwide! With that backdrop, Phil will walk through the core security capabilities available today in Docker and other container runtimes, and how those capabilities have improved in the last 12-18 months for both pure container isolation, but also improvements and capabilities that touch across the whole lifecycle of a container workflow. Phil will demonstrate recent additions to the Docker engine in 2016 such as user namespaces and seccomp and how they continue to enable better container security and isolation.

Speakers
avatar for Phil Estes

Phil Estes

Distinguished Engineer & CTO, Container & Linux Strategy, IBM Cloud
Phil is a Distinguished Engineer in the office of the CTO for IBM Cloud, guiding IBM's strategy around containers and Linux. Phil is a founding maintainer of the CNCF containerd runtime project, and participates in the Open Container Initiative (OCI) as a member of the Technical Oversight... Read More →


Wednesday October 5, 2016 14:30 - 15:20
Schinkel II/III

15:40

Docker Adoption and Usage Patterns 2016 - Ilan Rabinovitch, Datadog
As a SaaS monitoring solution specializing in dynamic infrastructure, Datadog has a unique vantage point into the container usage patterns at a global scale. What patterns are organizations finding most successful in their adoption? Which technologies are being containerized? Join us as we open up the data and discuss real world container, orchestration and scheduler usage in organizations large and small, from startup to enterprise.

Speakers
avatar for Ilan Rabinovitch

Ilan Rabinovitch

Dir, Technical Community, Datadog
Ilan is Director of Technical Community at Datadog. Prior to joining Datadog, he spent a number of years leading infrastructure and reliability engineering teams at organizations such as Ooyala and Edmunds.com. In addition to his work at Datadog, he active in the open-source and DevOps... Read More →


Wednesday October 5, 2016 15:40 - 16:30
Schinkel II/III

15:40

Docker Orchestration: Beyond the Basics - Aaron Lehmann, Docker
Docker Engine supports built-in Swarm orchestration that can run containers across a cluster of machines. While it's very easy to get started with orchestration in Docker, it's useful to understand some details in order to get the best results from a clustered deployment.

In this presentation, Aaron Lehmann will discuss best practices for running a cluster using Docker Engine's orchestration features. The presentation will go over how to get started with orchestration in Docker, and explain how to keep a cluster perfomant, secure, and reliable. No previous experience with Docker orchestration is necessary.

Attendees will learn how to properly deploy Docker orchestration for high availability with no single point of failure. They will also understand the security model and various security options.

Speakers
avatar for Aaron Lehmann

Aaron Lehmann

Software engineer, Docker
Aaron Lehmann is one of the authors and maintainers of the Docker SwarmKit open source project, which powers Docker's orchestration capabilities. In his work at Docker, he continues to enhance SwarmKit, and also contributes to Docker Engine and Docker Registry.


Wednesday October 5, 2016 15:40 - 16:30
Bellevue

15:40

VM-based Secure Container - Zhang Wei & Claudio Fontana, Huawei

Due to sharing the same kernel, native containers may never provide alone enough isolation and security without being run inside virtual infrastructure. Wei & Claudio have been workiing on a new VM-based Secure Container based on “RunV” which is an open source and an OCI-compatible runtime similar to “RunC”.

In the RunV community Wei has been working with developers from hyper.sh to make RunV compatible to the Docker API, so that it can integrate with higher level frameworks like Kubernetes and OpenStack and be deployable as easily as native containers.

Claudio has been optimizing virtualization components for this use case, removing legacy features and employing existing methods (Clear Containers) and new ways to boot quickly, decrease overheads, and improve performance. Novel work in the virtualizer and virtual firmware enables further improvements at the expense of fidelity to PC compatibility.


Speakers
WZ

Wei Zhang

Huawei
Zhang Wei & Claudio Fontana are both working for Huawei, in Beijing, China and Munich, Germany respectively. Zhang Wei is an active Docker contributor since 2015, with some speaking experience in the local circles.


Wednesday October 5, 2016 15:40 - 16:30
Tegel

15:40

Networking Containers in an Ultra-Low-Latency Environment - Avi Deitcher, Atomic Inc.
Containers must communicate. Without a method for one container to talk to another, let alone the outside world, the overwhelming majority of containers serve little purpose. Yet the networking stack for containers is not well understood, especially in environments with networking performance requirements, such as high performance computing, financial services, or simply those who cannot just throw hardware at a problem.

We will review how containers internetwork, explore multiple networking options for containers, and evaluate the latency and throughput characteristics of each.

Finally, we will look at an actual analysis of each option and the performance results as compared to bare metal, and what lessons we can learn.

Speakers
avatar for Avi Deitcher

Avi Deitcher

Consultant, Atomic Inc.
Avi Deitcher has been an engineer and businessman for over 20 years, designing and implementing technology, strategy and operations. He loves technology, but most importantly he loves what it enables us to do as individuals and businesses. He has run operations for global businesses... Read More →


Wednesday October 5, 2016 15:40 - 16:30
Charlottenburg I/II
  • Experience Level Any

16:40

A Summary and Assessment of Docker Hosting and Management Options - Claus Matzinger, Crate.IO
As part of my journey with Docker, I have discovered and assessed many options for hosting, management and scaling Docker containers. I have dug beneath their collective surfaces, taken them for a test drive, pushed them to the edge, broken them, asked their staff a lot of questions and built up a good idea of which ones are worth spending your time (and maybe money) on.

In this presentation I will take a sample Docker application stack and demonstrate how Docker hosting solutions help (or hinder) the process. This will include Docker Cloud, AWS, Azure, Code Ship, Container Ship and several others.

I will cover:

- Using images from the Docker Hub and custom images
- Hosting options and portability of containers
- How Docker configuration options such as ports, entry points and commands are exposed
- Scaling containers
- Integration with Docker Toolset
- GUI and CLI options

Speakers
avatar for Claus Matzinger

Claus Matzinger

Developer Relations/Support, Crate.IO
Former CTO and consultant but Software Engineer by trade, I am now a developer relations engineer at Crate.IO. My language journey has brought me from C#, Java, C, Scala, Python to Rust, in my opinion the most interesting language to date. Aside from that, I am an experienced presenter... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Bellevue

16:40

Containers for Grownups: Migrating Traditional & Existing Applications - Scott McCarty, Red Hat
Many organizations have had success dabbling with with Linux Containers. Once you take a small project and have success, the epiphany happens - and you ask yourself: 1. What else can we containerize? 2. Can we put everything in containers? 3. How do we get traditional applications into containers? This talk will highlight technical and architectural considerations when moving existing applications to containers. Ranging from systemd, and storage to backups, and debugging applications in production, there are a lot of things to think about when migrating existing applications to containers and running them in production.

Speakers
avatar for Scott McCarty

Scott McCarty

Technical Product Manager, Red Hat
At Red Hat, Scott McCarty is technical product manager for the container subsystem team, which enables key product capabilities in OpenShift Container Platform and Red Hat Enterprise Linux. Focus areas includes container runtimes, tools, and images. Working closely with engineering... Read More →



Wednesday October 5, 2016 16:40 - 17:30
Schinkel II/III

16:40

Orchestrating the Blockchain Using Containers - Andrew Kennedy, Cloudsoft
Blockchain technology is a new and exciting field, and being able to quickly test applications is essential for agile startups wanting to bring products to market quickly. We show how Clocker, a key open-source component of Cloudsoft AMP, can be used to orchestrate the deployment and scaling of a Hyperledger blockchain application. An OASIS CAMP blueprint is created to describe the application topology, which is then installed onto a managed cluster of Virtual Machines running Docker Engine and the Calico SDN.

- Open Source goodness - What are Cloudsoft AMP and Clocker
- The Hyperledger Blockchain Application Platform
- Describing Components and Topology
- Demo: Deploying and Managing a Hyperledger Blockchain Application

Speakers
avatar for Andrew Kennedy

Andrew Kennedy

Distributed Systems Hacker, Cloudsoft
Andrew is a Senior Software Engineer at Cloudsoft and the founder of the Clocker project. He is a contributor to several Open Source projects including jclouds and Qpid and is on the Apache Brooklyn PMC. Areas of interest include Distributed Systems, Virtualisation, Messaging, Information... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Charlottenburg I/II

16:40

Software Update Security: When the Going Gets Tough, Get TUF Going!- Riyaz Faizullabhoy & Lily Guo, Docker
Installing and updating software presents an interesting slate of security challenges.  The Update Framework (TUF) helps developers secure new or existing software update systems. TUF provides protection against data tampering, rollbacks, and many cases of key compromise. This presentation will discuss both the attacks that TUF protects against and how it actually does so under the hood. Additionally, this presentation will demonstrate the usability aspects of TUF as it is currently implemented in Docker Notary and Docker Content Trust, in particular how simple it is to recover from key compromise and delegate trust to collaborators. 

Speakers
avatar for Riyaz Faizullabhoy

Riyaz Faizullabhoy

Security Engineer, Docker, Inc
Riyaz is a security engineer at Docker, and previously researched systems security and malware detection at UC Berkeley. At Docker, he is currently focused on Notary: a content signing platform based on The Update Framework. Riyaz has previously spoken at LinuxCon North America, Docker... Read More →



Wednesday October 5, 2016 16:40 - 17:30
Tegel

16:40

Using Seccomp to Limit the Kernel Attack Surface - Michael Kerrisk, man7.org
Seccomp (secure computing) is a means to limit the system calls a program may make: it can be used to select exactly which system calls are permitted (or denied) and to restrict the arguments that may be passed to those system calls. System call filtering is achieved by writing BPF programs--programs written for a small in-kernel virtual machine that is able to examine system call numbers and arguments. Among other uses, seccomp is by now a key component of various container systems such as Docker and LXC. In this session, I'll provide a bottom-up view of seccomp before going on to examine the BPF virtual machine and some practical examples of filtering programs that restrict the set of permitted system calls. The goal is to give developers and administrators using container frameworks a solid understanding of a tool that has become a fundamental component of container frameworks.

Speakers
avatar for Michael Kerrisk

Michael Kerrisk

Trainer/consultant, man7.org Training and Consulting
Michael Kerrisk is the author of the acclaimed book, "The Linux Programming Interface" (http://man7.org/tlpi/), a guide and reference for system programming on Linux and UNIX. He contributes to the Linux kernel primarily via documentation, review, and testing of new kernel-user-space... Read More →


Wednesday October 5, 2016 16:40 - 17:30
Köpenick

16:40

Bringing Security and Multi-tenancy to Kubernetes - Lei Zhang, HyperHQ/Kubernetes Project
In this presentation, I will introduce HyperContainer, a hypervisor based container and see how it was introduced into the Kubernetes as first class container runtime, and enables users to serve their customers directly with virtualized containers, instead of wrapping them inside of full blown VMs. You will learn about Kubernetes design principles and implementation details from its maintainer. You will see the essential differences between Kubernetes and other projects like Swarm and learn how to make a choice. Today, many developers are not comfortable with Linux containers as an effective boundary, and requires for a stronger degree of isolation, particularly for those running in a multi-tenant environment. We believe HyperContainer with Kubernetes (Hypernetes project) is one of the best answers.

Speakers
avatar for Lei Zhang

Lei Zhang

Core Dev Member, HyperHQ
Phd candidate, and also a feature maintainer of Kubernetes project. I once worked for Cloud Foundry team in VMware and Baidu. Now as HyperCrew, the author team of world's leading open-source hypervisor based container. I mainly focus on Kubernetes upstream about scheduler and CRI... Read More →



Wednesday October 5, 2016 16:40 - 17:30
Schöneberg
 
Thursday, October 6
 

10:50

Cgroups and Namespaces, The Building Blocks of Linux Containers - Rami Rosen, Intel
Rami will discuss in this talk two Linux subsystems, which are the
building blocks of Linux containers: cgroups and namespaces, and which
are used also in embedded devices.
Rami will review implementation highlights of kernel namespaces
and cgroups, showing how lightweight the implementation is,
and give detailed examples which will demonstrate
the ease of the usage of these two subsystems. Rami will also describe the new cgroup v2
infrastructure and the unified hierarchy, which was started to be implemented recently,comparing them to the current implementation.Rami will discuss
the new features which were recently merged,the PIDs controller
and the cgroup namespace,giving examples demonstrating their usage. The talk
will be concluded by a very brief overview of Linux Containers projects
and how they use Namespaces and cgroups,drawing a brief comparison against
VMs.

Speakers
RR

Rami Rosen

NFV Team Leader, Intel, Intel
Author of the book "Linux Kernel Networking" (2015) : http://ramirose.wix.com/ramirosen; NFV team leader at Intel. I gave many talks in various forums, including recently in netdev 1.1 (Seville, 2016).Also my article about cgroup V2 was recently published in lwn.net,"Understanding... Read More →


Thursday October 6, 2016 10:50 - 11:40
Tegel
  • Experience Level Any

10:50

Converging QEMU and TCMU for Container Storage - Huamin Chen, Red Hat
Containers storage technologies are changing rapidly. Volume Plugins in Docker and Kubernetes open doors to 3rd party storage provisioning for containers. However, these technologies are all based on bind-mount, volume drivers have to implement storage functionalities on their own.

On the other hand, QEMU has a different approach to provide storage for virtual machines. QEMU's block drivers abstracts different backend storage types and thus supports features like multi-tenancy, snapshot, and QoS, which are currently missing in Container storage drivers.

This talk presents a new technology that converges QEMU and TCMU. This allows Containers to use rich storage features that are already available to Virtual Machines. This technology integrates QEMU's block layer with tcmu-runner, and enables Containers to access various storage backends and rich storage features.

Speakers
HC

Huamin Chen

Principal Software Engineer, Red Hat
Dr. Huamin Chen is a passionate developer at Red Hat' CTO office. He is one of the founding member of Kubernetes SIG Storage, member of Ceph, Knative, and Rook. He previously spoke at KubeCon, OpenStack Summits, and other technical conferences.


Thursday October 6, 2016 10:50 - 11:40
Schöneberg

10:50

Fully Fault Tolerant Realtime Data Pipeline with Docker and Mesos - Rahul Kumar, Sigmoid
Developing an end-to-end big data application right from data ingestion, data enrichment and visualisation is a very cumbersome task. In this talk, I will demonstrate how to use Apache Mesos, Marathon, Apache Spark and Docker to build a scalable, fault tolerant, responsive data platform. The result will be a real-time big data application with self-healing features — a dream for every software developer. This talk is a collection of different recipe’s that will help the developer to understand Mesos ecosystem projects and Docker.Choosing the right technologies and tools during the development phase has a major impact on the success of the whole project. Apache Mesos provides the best cluster management system, Marathon gives the feature for long-running applications,Docker allows us to package an application with all of its dependencies into a standardized unit for software development.

Speakers
avatar for Rahul Kumar

Rahul Kumar

Technical Lead, Sigmoid
Rahul Kumar working as a Technical lead with Sigmoid, He has more than 4 years of experience in Data-driven distributed application development with Java , Scala , and Akka toolkit. He developed various real-time data analytics applications using Apache Hadoop, Mesos ecosystem projects... Read More →



Thursday October 6, 2016 10:50 - 11:40
Schinkel II/III

10:50

Monitoring Microservices: Docker, Mesos and Kubernetes Visibility at Scale - Alessandro Gallotta, Sysdig
Microservices and containers are revolutionizing the way we deploy applications and maintain infrastructure. But as many have found containers still have a key problem: monitoring and troubleshooting them can be impractical, painful, and sometimes impossible. With the rise of microservice based architectures and orchestration tools such as Kubernetes and Mesos, managing this has become even harder.

Using real tools, in live environments, Alessandro Gallotta will walk through various hands-on scenarios including how to:
-visualize physical vs logical architectures of Kubernetes/Mesos deployments
-understand performance at the microservice/app level for orchestrated systems
-identify & surface system activity of individual Docker containers
-extract process & app-level metrics inside containers with non-intrusive methods
-troubleshoot detailed network activity in distributed containers

Speakers
avatar for Alessandro Gallotta

Alessandro Gallotta

Software Engineer, Sysdig
Alessandro Gallotta is a software engineer at Sysdig. He is a core developer where he focuses on backend services dealing with big data and high availability issues.  He holds a M.Sc. in Computer Engineering from University of Catania, Italy.  Prior to Sysdig he worked as web developer... Read More →


Thursday October 6, 2016 10:50 - 11:40
Charlottenburg I/II
  • Experience Level Any

10:50

Orchestrating Linux Containers While Tolerating Failures - Drew Erny, Docker
Although containers are bringing a refreshing flexibility when deploying services in production, the management of those containers in such an environment still requires special care in order to keep the application up and running. In this regard, orchestration platforms like Docker, Kubernetes and Nomad have been trying to alleviate this responsibility, facilitating the task of deploying and maintaining the entire application stack in its desired state. This ensures that a service will be always running, tolerating machine failures, network erratic behavior or software updates and downtime.

The purpose of this talk is to explain the mechanisms used in the core Docker Engine orchestration platform (using a framework called swarmkit) to tolerate failures of services and machines, from cluster state replication and leader-election to container re-scheduling logic when a host goes down.

Speakers
DE

Drew Erny

Software Engineer, Docker
Drew Erny is a software engineer at Docker working on Swarmkit, the framework that power's Docker's new Swarm Mode.


Thursday October 6, 2016 10:50 - 11:40
Bellevue

11:50

Containers and Logging - Eduardo Silva, Treasure Data
The implementation of Linux Containers provides enough flexibility to isolate applications with restricted access to CPU, memory and networking within others. While this technology is stable and production ready, there are some challenges that still needs to be addressed for the containerized application when deployed at scale: Logging.

While some applications writes their logs to the file system, others use the generic STDOUT and STDERR interfaces; when the application runs on top of a framework or virtual machine (JVM), it may generate some extra information. Since monitoring is a must, handling this data coming from different sources and formats adds an exponential complexity, specially when scaling to thousands of containers.

In this presentation I will describe the Logging challenges for containerized applications and how this is being solved with Fluentd.

Speakers
avatar for Eduardo Silva

Eduardo Silva

Principal Engineer, Arm Treasure Data
Eduardo is a Principal Engineer at Arm Treasure Data. He currently leads the efforts to make logging and data processing more friendly and scalable in Embedded and Containerized systems such as Kubernetes. Maintainer of Fluent Bit, a lightweight log and stream processor Besides his... Read More →


Thursday October 6, 2016 11:50 - 12:40
Charlottenburg I/II

11:50

Ansible + Containers: Orchestrating Happiness - Robyn Bergeron, Red Hat

According to a recent survey by The New Stack, 36% of container users expect to use Ansible for their container orchestration needs in the next year. Why? Because Ansible, as a next generation orchestration engine, is uniquely suited to solve the wide variety of problems encountered in the container’s journey from development to production. Ansible Container is a new project that seeks to bring together the best practices of the Ansible community into a tool that can manage the whole container lifecycle, from initial creation all the way
through deployment at scale on a variety of platforms. Come see Ansible Container in action and explore how it might fit into your own container workflow.

Speakers

Thursday October 6, 2016 11:50 - 12:40
Bellevue

11:50

Unikernels: When You Should and When You Shouldn't - Amir Chaudhry, Docker
Unikernels, built with library operating systems, reinvent earlier ideas for the modern era, improving the specialisation of apps. In fact, there is a continuum of specialisation, with general purpose OSs at one end, unikernels at the other extreme, & containerised apps in between.

All these options give developers more freedom & choice over how they write & distribute their apps. However, it also presents challenges in terms of understanding which approach is appropriate for a given use-case.

As with all technology, there are trade-offs with unikernels. This talk considers the benefits & drawbacks. By stepping away from hype & clarifying misunderstandings, attendees will appreciate why unikernels exist & where they're going. Attendees will also have a better idea of when they should consider a library OS for their next project, as well as the trade-offs they'll need to consider.

Speakers
avatar for Amir Chaudhry

Amir Chaudhry

Member of Technical Staff, Docker
Amir Chaudhry is the Community Manager for MirageOS and works at Docker to make unikernels accessible to developers everywhere. Most of his time is spent on open source efforts and he's a big fan of automation to maximise developer impact. In previous lives he led operations at a... Read More →


Thursday October 6, 2016 11:50 - 12:40
Tegel
  • Experience Level Any

11:50

Containers Infrastructure for Advanced Management - Federico Simoncelli, Red Hat
As the container ecosystem grows, the need for orchestration and advanced management is becoming more and more critical for an efficient, secure, and scalable deployment. This presentation will analyze all the common needs in container infrastructures in order to enable their own management. Each topic will be illustrated through the real-world experience gained in the effort of adding container management to ManageIQ, the leading Open Source cloud management platform.

With primary focus on container orchestration solutions such as Kubernetes and OpenShift, the presentation will cover, among other topics:

- Monitoring (Heapster)
- Time-Series databases for metrics (Hawkular)
- Analyzing metrics and events handling
- Images and containers fleecing (inspection)
- Security and errata notifications

Speakers
avatar for Federico Simoncelli

Federico Simoncelli

Associate Manager, Red Hat
Federico Simoncelli is an Associate Engineering Manager at Red Hat. He currently manages the container management team with main focus on CloudForms and OpenShift. Previously he served as Principal Software Engineer maintaining the oVirt/RHEV storage backend in VDSM and improving... Read More →


Thursday October 6, 2016 11:50 - 12:40
Schinkel II/III

11:50

Test It Like You Deploy It: Ansible Based CI with Zuul - Monty Taylor, Red Hat
The OpenStack Infra team runs one of the world's largest and craziest CI infrastructures. In service of our community, we have recently replaced our fleet of Jenkins masters that were connected to Zuul v2 via a Gearman system with Zuul v3 and Ansible. In the process, we also added a bunch of other fun features like support for static bare metal, container orchestration engines and per-repo job config. If replacing Jenkins with Ansible sounds crazy to you, that's cool - come anyway and we'll see if we can't convince you it was a good idea. If replacing Jenkins with Ansible sounds awesome, you're right - it is! We can talk about all the super cool things we can do ... and how you can do them too.

Speakers
avatar for Monty Taylor

Monty Taylor

Monty works on OpenStack and Zuul for Red Hat. He leads a team that works on developing and running the Developer Infrastructure systems for the project. He is the PTL Emeritus of the OpenStack Infra Program, set up the original project gating infrastructure and sits on the OpenStack... Read More →


Thursday October 6, 2016 11:50 - 12:40
Schöneberg

16:00

CephFS and LXC: Container High Availability and Scalability, Redefined - Florian Haas, Hastexo
The Ceph 10.2.2 "Jewel" release earlier this year introduced full production support for CephFS, the distributed filesystem based upon the Ceph distributed storage stack. As a massively scalable, highly available, distributed filesystem, CephFS makes for an excellent basis for container support.

In this presentation, we'll introduce a simple, automated means of deploying and orchestrating LXC containers on CephFS, enabling high-density deployments of critical system infrastructure services within segmented application containers.

Speakers
avatar for Florian Haas

Florian Haas

VP Education, City Network
Florian runs the Education business unit at City Network, and helps people learn to use, understand, and deploy complex technology. He has worked exclusively with open source software since about 2002, and has been heavily involved in OpenStack and Ceph since early 2012, and in Open... Read More →


Thursday October 6, 2016 16:00 - 16:50
Schöneberg

16:00

Building Cloud Native Application Infrastructure from Laptop to Cloud - and Back Again - Tony Kay, Oracle
MicroServices and Containerization create the new platform for developing Cloud Native Applications but are they the lowest layer of abstraction we should care about? Consistent industrial strength OS and virtualization layers matter or we are all in the “distro business”. This session shows how to build highly automated DevOps environments for Docker based development from laptop to cloud and back again enhancing consistency, reliability, repeatability and security.

Speakers
TK

Tony Kay

Director for Virtualization, Oracle
Tony Kay is Director for Virtualization at Oracle and has been using Unix and Linux since the early 90s when he wore both Dev and Ops hats. He joined Oracle via Sun Microsystems where he held, amongst other roles, Security Architect and later Chief Architect For HPC before moving... Read More →


Thursday October 6, 2016 16:00 - 16:50
Bellevue

16:00

How to Monitor Docker Containers with the Open Source ELK Stack - Asaf Yigal, Logz.io
As Docker becomes more and more popular, the number of deployed containers is increasing rapidly. As a result, the ability to monitor the logs of each container is becoming more and more difficult -- especially when organizations have many containers distributed across many servers. Centralized logging with the open source ELK Stack (Elasticsearch, Logstash, and Kibana) is the solution to this problem.

Setting up the ELK Stack to monitor Docker logs might seem like an easy task, but Asaf Yigal of Logz.io went through several iterations in his company's architecture and made mistakes in their deployments that are common in the industry. In this tutorial, he will go through what they did and explain what worked and what failed -- and why. This presentation is for people who use are interested in using open source ELK to perform Docker log analysis in their own environments.

Speakers
AY

Asaf Yigal

Logz.io
Asaf Yigal is co-founder and the VP of Product at Logz.io. Prior to Logz.io, Asaf co-founded Currensee, a social trading platform, which was later acquired by OANDA in 2013. Prior to Currensee, Asaf played executive roles at Akorri in developing an end-to-end performance monitoring... Read More →


Thursday October 6, 2016 16:00 - 16:50
Charlottenburg I/II

16:00

Resource Limitations for Your Containers- Stéphane Graber, Canonical
Back in the day, containers were mostly a local development tool, only trusted workloads were run inside them and it was expected that any given container could take all the resources of its host.

Over the past few years, things have changed a lot and containers are now everywhere, from embedded systems all the way to the largest supercomputers. It is not unusual for there to be several hundred containers running on any given system and having one of those bring the whole system down is simply unacceptable.

The Linux kernel offers a variety of features which combined together will let you restrict resource consumption for a given container as well as report resource usage back.

This talk will cover each of those and how to combine them to provide a good user experience, using the recent LXD work on resource limits as an example.

Speakers
avatar for Stéphane Graber

Stéphane Graber

Software Engineer, Canonical Ltd.
Stéphane Graber works as the technical lead for LXD at Canonical Ltd. He is the upstream project leader for LXC and LXD and a frequent speaker and track leader at the various containers and other Linux related events.Stéphane is also a long time contributor to the Ubuntu Linuxdistribution... Read More →


Thursday October 6, 2016 16:00 - 16:50
Tegel

16:00

rkt for Docker Users - Chris Kühl, Kinvolk
Docker is a great starting point for learning about Linux containers. But there are other container runtimes out there, one of which is rkt.
This talk will show how to apply what you’ve learned about containers via Docker to the rkt container runtime. We’ll see equivalent commands for setting up networking, mounts, runtime settings, etc. We’ll also highlight technical differences between the two runtimes and talk about why those differences exist.
In the end, we should come away with a clearer understanding of where the two runtimes are similar and where they differ.

Speakers
avatar for Chris Kühl

Chris Kühl

CEO, Kinvolk GmbH
After getting hooked on open source software as a hobby through the GNOME project, Chris turned his passion into a career and has since co-founded Kinvolk in Berlin, which focuses exclusively on foundational Linux technologies such as the Linux kernel, systemd, rkt, Kubernetes, etc... Read More →


Thursday October 6, 2016 16:00 - 16:50
Schinkel II/III
  • Experience Level Any

17:00

From Zero to Your First Container Images in Just the Time for a Coffee - Alessandro Puccetti & Iago López Galeiras, Kinvolk GmbH
Containers are an hot topic, but still many people are not familiar with them and their ecosystem, this talk will break the ice with the containers world by showing how to build your first container image in a really simply and fast way. We will get an application running on the host, pack it in a container images, and deploy it. In less of the time for a coffee you will have your first container images deployed on the cloud. We will cover the basics to bring your application from bare metal or VM to a container and then you will be able to get an application and run it inside a container in less than 10 minutes.

Speakers
avatar for Iago López Galeiras

Iago López Galeiras

Software Engineer, Kinvolk
Iago brought his relaxed Spanish demeanor to Berlin a few years back. Sincenthen, he’s been diving and swimming around the internals of various Linuxnflavors; Android, embedded and Cloud. Container technologies are his currentnfocus; specifically on the rkt project where he’s... Read More →
avatar for Alessandro Puccetti

Alessandro Puccetti

Software Engineer, Kinvolk
Alessandro is Italian by birth, but citizen of the world by choice. After a couple of years spent in exotic locations around the world doing research on network measurement and security, he decided to apply his experience to build new and better linux technologies at Kinvolk GmbH... Read More →


Thursday October 6, 2016 17:00 - 17:50
Bellevue

17:00

Game Changer: Software Defined Storage and Container Schedulers - David vonThenen, EMC {code}
One problem of running Enterprise Applications in container schedulers, like Apache Mesos and Kubernetes, has been making applications and their data highly available. To date, utilizing local disks on compute nodes has given us data persistence, but unfortunately does solve the data mobility problem required to make applications tolerate Agent node failures.

We will discuss what Software Defined Storage (SDS) is, how Software Defined Storage can transform local storage into an external globally accessible pool, how Mesos clusters can overcome this data mobility problem, and more importantly do so in such a way that is simple and easy to consume using an Apache Mesos Framework as a reference model. Will have a demonstration of Mesos Framework that will deploy a scale out software defined storage platform and deploy applications leveraging this new type of storage.

Speakers
avatar for David vonThenen

David vonThenen

Cloud Native Engineer, VMware
David vonThenen is a Cloud Native Engineer at VMware working in the container orchestrator space specifically around the Kubernetes and CNCF ecosystems. Some of his contributions have been in the Jaeger, Helm, Open Tracing, Prometheus, and cloud providers just to name a few. Prior... Read More →


Thursday October 6, 2016 17:00 - 17:50
Schöneberg

17:00

Cloud Anti-Patterns - Casey West, Pivotal
The value of embracing microservices, containers, and continuous delivery is powerful only when brought together in logical, scalable, and portable ways. When used incorrectly it’s increasingly easy to make things much worse for you and your team, and do it at scale.

For example, while microservices can be used to effectively isolate functionality, increase the speed of delivery, and help scale your team it can also be a way to inefficiently duplicate functionality and create single points of failure.

I’ll share anti-patterns and corresponding best practices based on my experience building application infrastructure and platforms, as well as the applications which are deployed to them.

Speakers
CW

Casey West

Principal Technologist, Cloud Foundry, Pivotal
Working in Internet infrastructure, web app security, and design taught Casey to be a paranoid, UX-oriented, problem solving Internet plumber; his earliest contributions to Perl live to this day on your Mac. Casey’s speaking and writing ranges from open source communities and culture... Read More →


Thursday October 6, 2016 17:00 - 17:50
Schinkel II/III

17:00

Containers: You are not Expected to Understand This - Bruno Barcarol Guimarães, Red Hat
The focus of container tooling has been on ease of use, shielding the developer from the intricacies of the kernel components. However, a deeper understanding of the implementation is critical to develop systems that take advantage of these technologies effectively.

This presentation explores the kernel and user-space elements that support the implementation and the use of containers, to clarify and allow critical reasoning about the advantages, disadvantages and limitations of their utilization.

Speakers
BB

Bruno Barcarol Guimarães

Red Hat
Bruno Barcarol Guimarães is a Software Engineer at Red Hat, currently working on Openshift. Past occupations include devops-before-we-knew-what-to-call-it of Django web applications and research projects on Computer Graphics and Artificial Intelligence. With a big soft spot for the... Read More →


Thursday October 6, 2016 17:00 - 17:50
Tegel

17:00

WARNING is a Waste of My Time - Schlomo Schapiro, Zalando
How many log levels do you know? How many log levels are actually useful? What is the practical difference between WARNING and NOTICE?

Schlomo believes that in a world of automation, one needs only two log levels:

ERROR and everything else.

ERROR means that Schlomo as a human should take action. Everything else is irrelevant for him. All the other log levels are just a remnant of the past from the last century. This lightning talk looks at the WARNING problem from both a Dev and an Ops perspective in order to find a useful definition for the age of automation.

See also http://blog.schlomo.schapiro.org/2015/04/warning-is-waste-of-my-time.html

Speakers
avatar for Schlomo Schapiro

Schlomo Schapiro

Chief Cloud Architect, DB Systel GmbH
Schlomo Schapiro is an Agile IT and Open Source enthusiast dedicated to advancing an agile mindset and a DevOps-orientated culture in IT. He works as Chief Architect Cloud at DB Systel in Berlin, is author of several Open Source projects, and regularly publishes blog and magazine... Read More →


Thursday October 6, 2016 17:00 - 17:50
Charlottenburg I/II
 
Friday, October 7
 

09:00

Tutorial: Comparing Container Orchestration Tools - Neependra Kumar Khare, CloudYuga
To deploy containers in production one would need to use some kind of orchestration tool like Docker Swarm, Kubernetes, Mesos Marathon, Nomad etc. In this lab/workshop we'll compare some of those tools and see pros/cons of them.

Speakers
avatar for Neependra Khare

Neependra Khare

Founder and Principal Consultant, CloudYuga Technologies
Neependra Khare is Founder and Principal Consultant at CloudYuga. CloufYuga provides training and consulting on Docker, Kubernetes, CoreOS, GO Programming etc. He is one of the Docker Captain as well and running Docker Meetup Group in Bangalore for more than 2 years. He is also the... Read More →


Friday October 7, 2016 09:00 - 12:00
Tiergarten