SlideShare una empresa de Scribd logo

LinuxKit and Moby, News from DockerCon 2017

Dieter Reuter
Dieter Reuter

Talk at DevOpsCon 2017 Berlin, June 14th Using LinuxKit you can easily build your own lean and secure Linux subsystem, even for ARM and IoT devices. Right now this project is progressing pretty fast and you can create your specific Linux distro which actually runs on bare metal and cloud servers, like VMware vSphere, GCP, AWS EC2, Azure, and so on... LinuxKit is designed to be small, secure and portable. You can build LinuxKit images for CPU architectures like Intel and ARM (still under development), and maybe more in the near future

Tecnología
1 de 32
Descargar para leer sin conexión
LinuxKit and Moby News from DockerCon 2017 - Austin,TX Dieter Reuter - @Quintus23M Senior Consultant at bee42 solutions gmbh - @bee42solutions Docker Captain - @HypriotTweets DevOpsCon Berlin, June 14th 2017
What happened? What to expect? Will I become a Moby Captain? What will change?Governance? What’s that LinuxKit?
What is LinuxKit ?
“A platform is only as secure as its weakest components„ — Solomon Hykes
“I want Docker for whateverplatform!„— Me (whenever I discover any new platform)
LinuxKit a SECURE Linux subsystem Only works with containers - Smaller attack surface - Immutable infrastructure - Sandboxed system services - Specialized patches and configurations Incubator for security innovations - Wireguard, Landlock, KSPP - MirageOS type safe system daemons - okernel Community-first security process - Linux is too big for a single company to secure it - Participate in existing Linux security efforts
LinuxKit a LEAN Linux subsystem - Minimal size, minimal boot time - All system services are containers - Everything can be removed or replaced
- Desktop, Server, IoT, Mainframe - Intel & ARM (and others) - Bare Metal & Virtualized - On-premises & in the Cloud LinuxKit a PORTABLE Linux subsystem
In LinuxKit the BluePrint is a YAML file! Example “linuxkit.yml” see: https://github.com/linuxkit/linuxkit/blob/master/linuxkit.yml
kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" Everything is a yaml file: kernel see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#kernel
init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:2649198589ef0020d99f613adaeda45ce0093a38 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 Everything is a yaml file: init see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#init
Everything is a yaml file: onboot onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" net: host pid: host ipc: host capabilities: - CAP_SYS_ADMIN readonly: true see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#onboot
Everything is a yaml file: services services: - name: ntpd image: "linuxkit/openntpd:a38eabb308d0405f58894979f8b8031a6c7e1134" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE - CAP_SYS_CHROOT - CAP_SETUID - CAP_SETGID net: host see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#services
Everything is a yaml file: files files: - path: etc/docker/daemon.json contents: '{"debug": true}'
Everything is a yaml file: output outputs: - format: kernel+initrd - format: iso-bios - format: iso-efi - format: vhd - format: vmdk see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#output
LinuxKit - build on macOS 1. Clone the GitHub repository $ git clone https://github.com/linuxkit/linuxkit.git $ cd linuxkit 2. Compile LinuxKit CLI tools (we need Docker4Mac and Go) $ make clean $ make 3. Install LinuxKit CLI tools: “moby” and “linuxkit” $ make install
LinuxKit - use it on macOS 1. Build your first LinuxKit VM $ moby build examples/node_exporter.yml $ ls -alh node_exporter*.img -rw-r--r-- 1 dieter staff 36M May 11 15:44 node_exporter-initrd.img 2. Run the LinuxKit VM with HyperKit (macOS Hypervisor) $ linuxkit run hyperkit node_exporter # runc list # halt
Moby Project
Production model: Open Source
Production model: Open Components
Docker is a Platform made of Components
The open components model shows its limits...
Next level: Collaborating on Components & Assemblies
“With going mainstream comes great responsibilities„ — Solomon Hykes
“A framework to assemble specialized container systems without reinventing the wheel” - Library of 80+ components - Package your own components as containers - Reference assemblies deployed on millions of nodes - Create your own assemblies or start from existing ones
What Moby means for you as a: DOCKER USER Nothing changes for you, your command line remains the same and also anything else It’s just that now Docker can leverage the ecosystem to innovate faster for you SYSTEM BUILDER Moby helps you to innovate without tying you to Docker You can build your own Container Runtime systems easier and faster
“The Moby Project is to Docker what Fedora is to Red Hat Enterprise Linux„ — Solomon Hykes
Thank You! Dieter Reuter @Quintus23M Credits: original slide deck by Docker Captain Lorenzo Fontana @fntlnz

Recomendados

Docker opens the Doors for IoT
Docker opens the Doors for IoTDocker opens the Doors for IoT
Docker opens the Doors for IoTDieter Reuter
 
Running Docker on ARM
Running Docker on ARMRunning Docker on ARM
Running Docker on ARMDieter Reuter
 
LinuxKit and Moby, news from DockerCon 2017 - Austin,TX
LinuxKit and Moby, news from DockerCon 2017 - Austin,TXLinuxKit and Moby, news from DockerCon 2017 - Austin,TX
LinuxKit and Moby, news from DockerCon 2017 - Austin,TXDieter Reuter
 
Moby Introduction - June 2017
Moby Introduction - June 2017Moby Introduction - June 2017
Moby Introduction - June 2017Patrick Chanezon
 
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)Docker on the Raspberry Pi by Dieter Reuter (Hypriot)
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)Docker, Inc.
 
Introduction to Docker, Meetup at University of Bamberg by Hypriot
Introduction to Docker, Meetup at University of Bamberg by HypriotIntroduction to Docker, Meetup at University of Bamberg by Hypriot
Introduction to Docker, Meetup at University of Bamberg by HypriotTeam Hypriot
 
DockerCon 2016 Recap
DockerCon 2016 RecapDockerCon 2016 Recap
DockerCon 2016 RecapJochen Zehnder
 
Mastering Docker on a Raspberry Pi
Mastering Docker on a Raspberry PiMastering Docker on a Raspberry Pi
Mastering Docker on a Raspberry PiTeam Hypriot
 

Recomendados

Docker opens the Doors for IoT
Docker opens the Doors for IoTDocker opens the Doors for IoT
Docker opens the Doors for IoTDieter Reuter
 
Running Docker on ARM
Running Docker on ARMRunning Docker on ARM
Running Docker on ARMDieter Reuter
 
LinuxKit and Moby, news from DockerCon 2017 - Austin,TX
LinuxKit and Moby, news from DockerCon 2017 - Austin,TXLinuxKit and Moby, news from DockerCon 2017 - Austin,TX
LinuxKit and Moby, news from DockerCon 2017 - Austin,TXDieter Reuter
 
Moby Introduction - June 2017
Moby Introduction - June 2017Moby Introduction - June 2017
Moby Introduction - June 2017Patrick Chanezon
 
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)Docker on the Raspberry Pi by Dieter Reuter (Hypriot)
Docker on the Raspberry Pi by Dieter Reuter (Hypriot)Docker, Inc.
 
Introduction to Docker, Meetup at University of Bamberg by Hypriot
Introduction to Docker, Meetup at University of Bamberg by HypriotIntroduction to Docker, Meetup at University of Bamberg by Hypriot
Introduction to Docker, Meetup at University of Bamberg by HypriotTeam Hypriot
 
DockerCon 2016 Recap
DockerCon 2016 RecapDockerCon 2016 Recap
DockerCon 2016 RecapJochen Zehnder
 
Mastering Docker on a Raspberry Pi
Mastering Docker on a Raspberry PiMastering Docker on a Raspberry Pi
Mastering Docker on a Raspberry PiTeam Hypriot
 
Containerday17 Moby-linuxkit-DockerCon-2017-announcements
Containerday17 Moby-linuxkit-DockerCon-2017-announcementsContainerday17 Moby-linuxkit-DockerCon-2017-announcements
Containerday17 Moby-linuxkit-DockerCon-2017-announcementsKiratech
 
Docker & GitLab
Docker & GitLabDocker & GitLab
Docker & GitLabPhilip Zheng
 
How to easy deploy app into any cloud
How to easy deploy app into any cloudHow to easy deploy app into any cloud
How to easy deploy app into any cloudLadislav Prskavec
 
Canonical Kubernetes on the Oracle Cloud (1)
Canonical Kubernetes on the Oracle Cloud (1)Canonical Kubernetes on the Oracle Cloud (1)
Canonical Kubernetes on the Oracle Cloud (1)Dustin Kirkland
 
Docker Meetup Rosenheim: Container Runtimes
Docker Meetup Rosenheim: Container RuntimesDocker Meetup Rosenheim: Container Runtimes
Docker Meetup Rosenheim: Container RuntimesNico Meisenzahl
 
Git SCM
Git SCMGit SCM
Git SCMFehmi Can SAĞLAM
 
Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...
Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...
Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...Anne Nicolas
 
Managing Docker containers
Managing Docker containersManaging Docker containers
Managing Docker containerssiuyin
 
時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇Philip Zheng
 
Dokku
DokkuDokku
DokkuDenys Kurets
 
What's Rio 〜Standalone〜
What's Rio 〜Standalone〜What's Rio 〜Standalone〜
What's Rio 〜Standalone〜cyberblack28 Ichikawa
 
Docker on ARM Raspberry Pi
Docker on ARM Raspberry PiDocker on ARM Raspberry Pi
Docker on ARM Raspberry PiEueung Mulyana
 
Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...
Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...
Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...Anne Nicolas
 
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies Daniel Oh
 
Gcc - Linux Hack Day
Gcc - Linux Hack DayGcc - Linux Hack Day
Gcc - Linux Hack DayLeonn Ferreira
 
容器與IoT端點應用
容器與IoT端點應用容器與IoT端點應用
容器與IoT端點應用Philip Zheng
 
Open design at large scale
Open design at large scaleOpen design at large scale
Open design at large scaleshykes
 
Vagrant
VagrantVagrant
VagrantDenys Kurets
 
[Container world 2017] The Questions You're Afraid to Ask about Containers
[Container world 2017] The Questions You're Afraid to Ask about Containers[Container world 2017] The Questions You're Afraid to Ask about Containers
[Container world 2017] The Questions You're Afraid to Ask about ContainersDustin Kirkland
 
Idea to Production - with Gitlab and Kubernetes
Idea to Production - with Gitlab and KubernetesIdea to Production - with Gitlab and Kubernetes
Idea to Production - with Gitlab and KubernetesSimon Dittlmann
 
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at KiratechMoby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at KiratechKiratech
 
Introduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupIntroduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupAjeet Singh Raina
 

Más contenido relacionado

La actualidad más candente

Containerday17 Moby-linuxkit-DockerCon-2017-announcements
Containerday17 Moby-linuxkit-DockerCon-2017-announcementsContainerday17 Moby-linuxkit-DockerCon-2017-announcements
Containerday17 Moby-linuxkit-DockerCon-2017-announcementsKiratech
 
How to easy deploy app into any cloud
How to easy deploy app into any cloudHow to easy deploy app into any cloud
How to easy deploy app into any cloudLadislav Prskavec
 
Canonical Kubernetes on the Oracle Cloud (1)
Canonical Kubernetes on the Oracle Cloud (1)Canonical Kubernetes on the Oracle Cloud (1)
Canonical Kubernetes on the Oracle Cloud (1)Dustin Kirkland
 
Docker Meetup Rosenheim: Container Runtimes
Docker Meetup Rosenheim: Container RuntimesDocker Meetup Rosenheim: Container Runtimes
Docker Meetup Rosenheim: Container RuntimesNico Meisenzahl
 
Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...
Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...
Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...Anne Nicolas
 
Managing Docker containers
Managing Docker containersManaging Docker containers
Managing Docker containerssiuyin
 
時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇Philip Zheng
 
Docker on ARM Raspberry Pi
Docker on ARM Raspberry PiDocker on ARM Raspberry Pi
Docker on ARM Raspberry PiEueung Mulyana
 
Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...
Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...
Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...Anne Nicolas
 
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies Daniel Oh
 
容器與IoT端點應用
容器與IoT端點應用容器與IoT端點應用
容器與IoT端點應用Philip Zheng
 
Open design at large scale
Open design at large scaleOpen design at large scale
Open design at large scaleshykes
 
[Container world 2017] The Questions You're Afraid to Ask about Containers
[Container world 2017] The Questions You're Afraid to Ask about Containers[Container world 2017] The Questions You're Afraid to Ask about Containers
[Container world 2017] The Questions You're Afraid to Ask about ContainersDustin Kirkland
 
Idea to Production - with Gitlab and Kubernetes
Idea to Production - with Gitlab and KubernetesIdea to Production - with Gitlab and Kubernetes
Idea to Production - with Gitlab and KubernetesSimon Dittlmann
 

La actualidad más candente (20)

Containerday17 Moby-linuxkit-DockerCon-2017-announcements
Containerday17 Moby-linuxkit-DockerCon-2017-announcementsContainerday17 Moby-linuxkit-DockerCon-2017-announcements
Containerday17 Moby-linuxkit-DockerCon-2017-announcements
 
Docker & GitLab
Docker & GitLabDocker & GitLab
Docker & GitLab
 
How to easy deploy app into any cloud
How to easy deploy app into any cloudHow to easy deploy app into any cloud
How to easy deploy app into any cloud
 
Canonical Kubernetes on the Oracle Cloud (1)
Canonical Kubernetes on the Oracle Cloud (1)Canonical Kubernetes on the Oracle Cloud (1)
Canonical Kubernetes on the Oracle Cloud (1)
 
Docker Meetup Rosenheim: Container Runtimes
Docker Meetup Rosenheim: Container RuntimesDocker Meetup Rosenheim: Container Runtimes
Docker Meetup Rosenheim: Container Runtimes
 
Git SCM
Git SCMGit SCM
Git SCM
 
Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...
Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...
Embedded recipes 2018 - End-to-end software production for embedded - Guy Lun...
 
Managing Docker containers
Managing Docker containersManaging Docker containers
Managing Docker containers
 
時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇時代在變 Docker 要會:台北 Docker 一日入門篇
時代在變 Docker 要會:台北 Docker 一日入門篇
 
Dokku
DokkuDokku
Dokku
 
What's Rio 〜Standalone〜
What's Rio 〜Standalone〜What's Rio 〜Standalone〜
What's Rio 〜Standalone〜
 
Docker on ARM Raspberry Pi
Docker on ARM Raspberry PiDocker on ARM Raspberry Pi
Docker on ARM Raspberry Pi
 
Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...
Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...
Embedded Recipes 2018 - swupdate: update your embedded device - Charles-Anto...
 
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
Podman, Buildah, and Quarkus - The Latest in Linux Containers Technologies
 
Gcc - Linux Hack Day
Gcc - Linux Hack DayGcc - Linux Hack Day
Gcc - Linux Hack Day
 
容器與IoT端點應用
容器與IoT端點應用容器與IoT端點應用
容器與IoT端點應用
 
Open design at large scale
Open design at large scaleOpen design at large scale
Open design at large scale
 
Vagrant
VagrantVagrant
Vagrant
 
[Container world 2017] The Questions You're Afraid to Ask about Containers
[Container world 2017] The Questions You're Afraid to Ask about Containers[Container world 2017] The Questions You're Afraid to Ask about Containers
[Container world 2017] The Questions You're Afraid to Ask about Containers
 
Idea to Production - with Gitlab and Kubernetes
Idea to Production - with Gitlab and KubernetesIdea to Production - with Gitlab and Kubernetes
Idea to Production - with Gitlab and Kubernetes
 

Similar a LinuxKit and Moby, News from DockerCon 2017

Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at KiratechMoby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at KiratechKiratech
 
Introduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupIntroduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupAjeet Singh Raina
 
Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Patrick Chanezon
 
Modern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinModern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinDjalal Harouni
 
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDocker, Inc.
 
RunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeRunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeStefano Stabellini
 
Poky meets Debian: Understanding how to make an embedded Linux by using an ex...
Poky meets Debian: Understanding how to make an embedded Linux by using an ex...Poky meets Debian: Understanding how to make an embedded Linux by using an ex...
Poky meets Debian: Understanding how to make an embedded Linux by using an ex...Yoshitake Kobayashi
 
Docker en kernel security
Docker en kernel securityDocker en kernel security
Docker en kernel securitysmart_bit
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectPatrick Chanezon
 
Codemotion Rome 2015 IBM Bluemix and Docker
Codemotion Rome 2015 IBM Bluemix and DockerCodemotion Rome 2015 IBM Bluemix and Docker
Codemotion Rome 2015 IBM Bluemix and Dockergjuljo
 
IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017Robert Parker
 
Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?msyukor
 
HLayer / Docker and its ecosystem
HLayer / Docker and its ecosystemHLayer / Docker and its ecosystem
HLayer / Docker and its ecosystemAymen EL Amri
 
Docker containers : introduction
Docker containers : introductionDocker containers : introduction
Docker containers : introductionrinnocente
 
Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...
Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...
Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...Docker, Inc.
 
Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment Docker, Inc.
 
LinuxKit Deep Dive
LinuxKit Deep DiveLinuxKit Deep Dive
LinuxKit Deep DiveDocker, Inc.
 
- Codemotion Rome 2015
- Codemotion Rome 2015- Codemotion Rome 2015
- Codemotion Rome 2015Codemotion
 
Being a Moby maintainer
Being a Moby maintainerBeing a Moby maintainer
Being a Moby maintainerAkihiro Suda
 

Similar a LinuxKit and Moby, News from DockerCon 2017 (20)

Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at KiratechMoby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
 
Introduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupIntroduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore Meetup
 
Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017
 
Rexdockercon2017
Rexdockercon2017Rexdockercon2017
Rexdockercon2017
 
Modern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinModern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - Berlin
 
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
 
RunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeRunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edge
 
Poky meets Debian: Understanding how to make an embedded Linux by using an ex...
Poky meets Debian: Understanding how to make an embedded Linux by using an ex...Poky meets Debian: Understanding how to make an embedded Linux by using an ex...
Poky meets Debian: Understanding how to make an embedded Linux by using an ex...
 
Docker en kernel security
Docker en kernel securityDocker en kernel security
Docker en kernel security
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby project
 
Codemotion Rome 2015 IBM Bluemix and Docker
Codemotion Rome 2015 IBM Bluemix and DockerCodemotion Rome 2015 IBM Bluemix and Docker
Codemotion Rome 2015 IBM Bluemix and Docker
 
IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017
 
Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?
 
HLayer / Docker and its ecosystem
HLayer / Docker and its ecosystemHLayer / Docker and its ecosystem
HLayer / Docker and its ecosystem
 
Docker containers : introduction
Docker containers : introductionDocker containers : introduction
Docker containers : introduction
 
Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...
Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...
Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...
 
Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment
 
LinuxKit Deep Dive
LinuxKit Deep DiveLinuxKit Deep Dive
LinuxKit Deep Dive
 
- Codemotion Rome 2015
- Codemotion Rome 2015- Codemotion Rome 2015
- Codemotion Rome 2015
 
Being a Moby maintainer
Being a Moby maintainerBeing a Moby maintainer
Being a Moby maintainer
 

Último

Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 

Último (20)

Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

LinuxKit and Moby, News from DockerCon 2017

  • 1. LinuxKit and Moby News from DockerCon 2017 - Austin,TX Dieter Reuter - @Quintus23M Senior Consultant at bee42 solutions gmbh - @bee42solutions Docker Captain - @HypriotTweets DevOpsCon Berlin, June 14th 2017
  • 2. What happened? What to expect? Will I become a Moby Captain? What will change?Governance? What’s that LinuxKit?
  • 4. “A platform is only as secure as its weakest components„ — Solomon Hykes
  • 5. “I want Docker for whateverplatform!„— Me (whenever I discover any new platform)
  • 6. LinuxKit a SECURE Linux subsystem Only works with containers - Smaller attack surface - Immutable infrastructure - Sandboxed system services - Specialized patches and configurations Incubator for security innovations - Wireguard, Landlock, KSPP - MirageOS type safe system daemons - okernel Community-first security process - Linux is too big for a single company to secure it - Participate in existing Linux security efforts
  • 7. LinuxKit a LEAN Linux subsystem - Minimal size, minimal boot time - All system services are containers - Everything can be removed or replaced
  • 8. - Desktop, Server, IoT, Mainframe - Intel & ARM (and others) - Bare Metal & Virtualized - On-premises & in the Cloud LinuxKit a PORTABLE Linux subsystem
  • 9. In LinuxKit the BluePrint is a YAML file! Example “linuxkit.yml” see: https://github.com/linuxkit/linuxkit/blob/master/linuxkit.yml
  • 10. kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" Everything is a yaml file: kernel see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#kernel
  • 11. init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:2649198589ef0020d99f613adaeda45ce0093a38 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 Everything is a yaml file: init see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#init
  • 12. Everything is a yaml file: onboot onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" net: host pid: host ipc: host capabilities: - CAP_SYS_ADMIN readonly: true see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#onboot
  • 13. Everything is a yaml file: services services: - name: ntpd image: "linuxkit/openntpd:a38eabb308d0405f58894979f8b8031a6c7e1134" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE - CAP_SYS_CHROOT - CAP_SETUID - CAP_SETGID net: host see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#services
  • 14. Everything is a yaml file: files files: - path: etc/docker/daemon.json contents: '{"debug": true}'
  • 15. Everything is a yaml file: output outputs: - format: kernel+initrd - format: iso-bios - format: iso-efi - format: vhd - format: vmdk see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#output
  • 16.
  • 17. LinuxKit - build on macOS 1. Clone the GitHub repository $ git clone https://github.com/linuxkit/linuxkit.git $ cd linuxkit 2. Compile LinuxKit CLI tools (we need Docker4Mac and Go) $ make clean $ make 3. Install LinuxKit CLI tools: “moby” and “linuxkit” $ make install
  • 18. LinuxKit - use it on macOS 1. Build your first LinuxKit VM $ moby build examples/node_exporter.yml $ ls -alh node_exporter*.img -rw-r--r-- 1 dieter staff 36M May 11 15:44 node_exporter-initrd.img 2. Run the LinuxKit VM with HyperKit (macOS Hypervisor) $ linuxkit run hyperkit node_exporter # runc list # halt
  • 22. Docker is a Platform made of Components
  • 23. The open components model shows its limits...
  • 24. Next level: Collaborating on Components & Assemblies
  • 25. “With going mainstream comes great responsibilities„ — Solomon Hykes
  • 26.
  • 27.
  • 28. “A framework to assemble specialized container systems without reinventing the wheel” - Library of 80+ components - Package your own components as containers - Reference assemblies deployed on millions of nodes - Create your own assemblies or start from existing ones
  • 29. What Moby means for you as a: DOCKER USER Nothing changes for you, your command line remains the same and also anything else It’s just that now Docker can leverage the ecosystem to innovate faster for you SYSTEM BUILDER Moby helps you to innovate without tying you to Docker You can build your own Container Runtime systems easier and faster
  • 30. “The Moby Project is to Docker what Fedora is to Red Hat Enterprise Linux„ — Solomon Hykes
  • 31.
  • 32. Thank You! Dieter Reuter @Quintus23M Credits: original slide deck by Docker Captain Lorenzo Fontana @fntlnz