Loading…
This event has ended. Visit the official site or create your own event on Sched.
September 11-14, 2017 - Los Angeles, CA
Click Here For Information & Registration

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

ContainerCon Tracks [clear filter]
Monday, September 11
 

11:00am

Choose Your Own Adventure: Finding the Right Path to Containerization - Erica von Buelow, CoreOS, Inc.
Swapping out your underlying infrastructure is one of the most stressful tasks in an organization. Tasked with modernizing your company's infrastructure, how can you get from here to there AND keep up with current development demands with limited resources?
In this talk, Erica von Buelow, software engineer at CoreOS, will present some guidelines and techniques for navigating through the hype to get to the containerized promised land. She'l draw on her experiences migrating to containers in situations with limited resources. We'll look at what technologies are worth adapting, when to do it yourself and when to use a service, and common pitfalls to avoid.

Speakers
avatar for Erica von Buelow

Erica von Buelow

Software Engineer, Redhat
Erica Von Buelow is a Senior Software Engineer at Red Hat and previously at CoreOS. She is a full stack engineer and software developer working on the Openshift Container Platform and Kubernetes at Red Hat with focus on security and auth functionality. She has spoken at Red Hat Summit... Read More →



Monday September 11, 2017 11:00am - 11:40am
Diamond Ballroom 7

11:00am

Onto Petaflops with Kubernetes - Vishnu Kannan, Google
Kubernetes is becoming the sought after platform for managing Deep Learning Applications at scale. In this talk, the speaker will present the internals of how Kubernetes manages GPUs. The talk will then explore how Kubernetes helps power deep learning frameworks like Tensorflow and Caffe. Integration plans for other hardware accelerators will also be presented.

Speakers
avatar for Vishnu Kannan

Vishnu Kannan

Staff Engineer, Google
Vishnu Kannan is a Staff Software Engineer at Google. Vishnu received his Masters in ECE from Georgia Tech. He has been a systems engineer ever since he graduated. He hacked on the Linux Kernel for a couple of years at Cisco. He then worked on Borg at Google. He is currently an active... Read More →



Monday September 11, 2017 11:00am - 11:40am
Diamond Ballroom 8

11:00am

Panel Discussion: Are Containers the Future of IaaS? - Moderated by Bruno Cornec, Hewlett Packard Enterprise
The OpenStack project, one of the major Open Source IaaS solution is now 7 years old and see some major old-timers contributors changing strategies, as well as a new focus around containers, which are themselves pushed by newer companies such as Docker 4 years old. Come to this session to listen to our panelists debating around the future of Infrastr
ucture as a Service (IaaS):
- What is the role of bare-metal, virtualization, containers ?
- What are IaaS customers looking after in the coming years ?
- What is the best approach for Cloud Native Applications? Legacy ones ?

With representatives from the OpenStack project, the Docker project, distribution vendors and hardware vendors, this roundtable should give you the answers to these questions and more.

Moderators
avatar for Bruno Cornec

Bruno Cornec

Open Source & Technology Strategist, HPE
Bruno Cornec has been managing various Unix systems since 1987 and Linux since 1993 (0.99pl14).Bruno first worked 8 years around Software Engineering and Configuration Management Systems in Unix environments.Since 1995, he is Open Source and Linux (OSL) Technology Strategist, Linux... Read More →

Speakers
JP

Jerome Petazzoni

Tinkerer Extraordinaire, Docker Inc.
Jerome works at Docker, where he helps others to containerize all the things. In another life he built clouds when EC2 was just the name of a plane, developed a GIS to deploy dark fiber through the French subway, managed commando deployments of large-scale video streaming systems... Read More →


Monday September 11, 2017 11:00am - 11:40am
Diamond Ballroom 6

11:50am

CRIU: CRazI StUff for the Mainframe? - Michael Holzheu, IBM
2012, January 12, 20:42: Linus Torvalds merges Andrew's "patch-bomb" with the first CRIU kernel patches including the comment "... a project by various mad Russians to perform c/r mainly from userspace".

Now, five years later, Docker decided to integrate this project for checkpointing their containers. A valid reason for us to check out if this can be also good stuff for the Mainframe. After looking at the code at least one thing is clear now - it is ... crazy.

In this presentation we explain the deep technical details of checkpointing Linux processes in userspace including the Mainframe specific parts. We also show how CRIU can be used for Docker container checkpoints and for other promising scenarios.

So, Mission critical workload with CRIU or Mission impossible?

Speakers
avatar for Michael Holzheu

Michael Holzheu

Mr., IBM
Michael Holzheu is a Linux kernel developer at the IBM lab in Boeblingen, Germany. He studied computer science at the University of Erlangen and has worked for IBM since 1998. After a start in the z/OS UNIX Systems Services environment, he joined the Linux on z Systems team in 2000... Read More →



Monday September 11, 2017 11:50am - 12:30pm
Diamond Ballroom 7

11:50am

Deploying a Multi-Service App in Kubernetes - Michael Hrivnak, Red Hat, Inc.
This session will detail how to deploy a multi-service application in Kubernetes, using Pulp as the example. Pulp is a multi-service web application that manages repositories of content, such as software packages, and makes it available for installation. With a REST API, async worker processes, a scheduler process, and a service to curate job queues, Pulp is a natural fit for the orchestration provided by Kubernetes.

In this session, you will learn:
- How to deploy a multi-service application in Kubernetes
- How to share persistent storage across multiple services
- How to scale individual services to meet changing load
- How to manage shared configuration and secrets for a “pre-docker” app that was not designed for container deployment

Speakers
avatar for Michael Hrivnak

Michael Hrivnak

Principal Software Engineer, Red Hat, Inc.
Michael Hrivnak is a Principal Software Engineer at Red Hat. During his time as Team Lead for the Pulp project, he became involved in solving real-world container orchestration problems. He now works in that domain as part of the Automation Broker project. With experience in both... Read More →


Monday September 11, 2017 11:50am - 12:30pm
Diamond Ballroom 8

11:50am

The Anti-Pattern Wall of 2011 has Crumbled: Stateful Applications in Containers - Steve Wong, {code}
The “12 factor app” was written in 2011 and became a widely cited classic of useful patterns for application architecture. #6 on the list said: apps shall be stateless.

There is some question as to whether this made sense even at the time it was written – some suggest it was simply declaring state to be someone else’s problem.

Containers have been rapidly evolving since – Docker was released 2 years later. In a rapidly advancing field, design patterns should be periodically challenged.

Open source projects have been adding features specifically intended to allow the pets (stateful) to be hosted alongside the cattle (stateless). The Kubernetes StatefulSet is one example.

This talk will survey currently available support and best practices for running stateful services on popular open source platforms. Proposals and works-in-progress will also be covered.

Speakers
avatar for Steve Wong

Steve Wong

Strategic Open Source Partner Engineer, {code}
Steve Wong is an Open Source Engineer with the {code} team. Steve has been participating in the Apache Mesos, DC/OS, Kubernetes, and REX-Ray projects.



Monday September 11, 2017 11:50am - 12:30pm
Diamond Ballroom 6

2:00pm

A Greybeard's Worst Nightmare - How Kubernetes and Containers are Re-defining the Linux OS - Daniel Riek, Red Hat
Containers and Kubernetes are having a deep impact on the Linux operating system (OS) that goes well beyond DevOps and cloud-native applications. The concepts of application-centric packaging, process isolation through Linux containers, and immutable infrastructure are shaking up the core traditions of today's GNU/Linux operating systems. These concepts are also challenging the assumptions and approaches derived from the past 40+ years of work that originated with UNIX. The Linux distribution as we know it is coming to an end, and is being replaced by a new concept of containerized, multi-instance, multi-user applications, which can be deployed in scale-out environments. In this session, we'll assess this new OS environment and take a deep look at the consequences this new OS model has for both developers and operators.

Speakers
avatar for Daniel Riek

Daniel Riek

Red Hat



Monday September 11, 2017 2:00pm - 2:40pm
Diamond Ballroom 8

2:00pm

Container & Kubernetes Networking 101 - Arun Sriraman, Platform9 Systems Inc. & Aditya Amar
With the widespread adoption of Docker, containers have taken the DevOps world by storm. Cloud-native is the new programming paradigm. Since developers are not only the creators of these systems, but also the administrators and users - it is imperative for them to understand the different models of container networking both within a host and across hosts along with some of the newer Linux kernel constructs that aid container networking

This talk is aimed at introducing out-of-the-box docker networking and diving deeper into understanding the nuts & bolts of the system - from network namespaces to linux system calls that make everything work. We will also look at various open source networking projects such as Calico, Flannel and Weave for inter-node communication with Kubernetes as the container orchestration tool.

Some specifics that will be covered in the talk:
+ Direct host container networking (L2/L3 connectivity for Containers with the external network)
+ MACVLAN and IPVLAN
+ K8S pod network model & CNI
+ Running network backend outside of K8S versus running them as K8S objects (Daemon Sets)
+ Recent developments in Docker Networking
+ Debugging network issues using probes (Eg: Sysdig)
+ Gotchas in container networking
+ Future trends in container networking

Speakers
avatar for Aditya Amar

Aditya Amar

Sr. Principal Software Engineer
Aditya C. Amar is Software Architect/Sr. Principal Engineer with extensive experience on Linux, Networking(Layer 2/Layer 3)protocols,High Availability/Fault Tolerant Systems, Routing/Switching and more recently on Docker, Virtualization and Cloud Networking. Over the course of his... Read More →
avatar for Arun Sriraman

Arun Sriraman

Software engineer, Platform9 Systems



Monday September 11, 2017 2:00pm - 2:40pm
Diamond Ballroom 7

2:00pm

How Linux Containers can Help to Manage Development Environments for IoT and Embedded Systems - Yan Vugenfirer & Dmitry Fleytman, Daynix Computing LTD
In this presentation, Yan Vugenfirer will show appropriate techniques for seamless use of containers in development process for embedded and IoT. The implementation of those techniques will be demonstrated by using new and open source management framework, Rebuild (https://github.com/daynix/rebuild).

Speakers
avatar for Dmitry Fleytman

Dmitry Fleytman

CTO, Daynix Computing LTD
Dmitry is CTO at Daynix Computing LTD. Dmitry maintains and frequently contributes to several virtualization-related open source projects.
avatar for Yan Vugenfirer

Yan Vugenfirer

Virtualization Expert, Daynix Computing LTD.
Yan Vugenfirer is virtualization expert at Daynix Computing LTD. Since 2006, he has been specialized in the development of technologies related to virtualization as a contributor to QEMU and maintainer of virtio-win project.



Monday September 11, 2017 2:00pm - 2:40pm
Diamond Ballroom 6

2:50pm

Building Robust Streaming Data Pipelines with Apache Spark - Zak Hassan, Red Hat
There are challenges to architecting a solution that will allow for developers to stream data into Kafka and be able to manage dirty data which is always an issue in ETL pipelines. I'd like to share lessons learned and demonstrate how we can put Apache Kafka, Apache Spark and Apache Camel together to provide developers with a continuous data pipeline for the Spark applications. Without data it is very difficult to take advantage of its full capabilities of Spark. Companies sometimes have their data stored in many different systems and Apache Camel allows developers to Extract, Transform and Load their data to many systems Apache Kafka is one example. Apache Kafka is great for aggregating data in a centralized location and Apache Spark already comes with a built in connector to connect to Kafka. I'll also be explaining lessons learned from running these technologies inside docker.

Speakers
avatar for Zak Hassan

Zak Hassan

Senior Software Engineer - AI/ML CoE, CTO Office, Red Hat Inc.
Currently focused on developing analytics platform on OpenShift and leveraging Open Source ML Frameworks: Apache Spark, Tensorflow and more. Designing high performance and scalable ML platform that exposes metrics through cloud-native technology: Prometheus and Kubernetes.



Monday September 11, 2017 2:50pm - 3:30pm
Diamond Ballroom 6

2:50pm

FILEgrain: Transport-Agnostic, Fine-Grained Content-Addressable Container Image Layout - Akihiro Suda, NTT
The current Docker/OCI image format uses TAR archives, which are created for each of Dockerfile `RUN` changesets, for representing rootfs layers.
One of the problems with this format is that a container cannot be started until all the TAR archives are downloaded.
Also, the format has limitations in concurrency of downloading, and granularity of file deduplication among different versions of images.

FILEgrain solves these problems by using content-addressable store in the granularity of files, rather than of TAR archives, in the transport-agnostic way.
Since the files can be lazily downloaded, a container can be started without downloading whole the image.
The experimental result with 633MB of Java image shows that downloading 4MB of files is enough for running sh, 87MB for JRE, and 136MB for JDK.

Further information are available at https://github.com/AkihiroSuda/filegrain .

Speakers
avatar for Akihiro Suda

Akihiro Suda

Software Engineer, NTT
Akihiro Suda is a software engineer at NTT Corporation, a Japan-based telecommunication company. He has been a core maintainer of Moby (former Docker Engine) since November 2016. He has been also a maintainer of several opensource container software such as CNCF containerd and Moby... Read More →



Monday September 11, 2017 2:50pm - 3:30pm
Diamond Ballroom 7

2:50pm

Managing Compute and Storage at Scale with Kubernetes - Dan Paik, Google
Kubernetes can manage petabytes of storage, terabytes of memory, teraflops of compute, and a plethora of hardware devices. In this talk, the speaker will present the architectural principles behind how kubernetes manages these resources at scale.

This talk will answer questions like "should compute reside alongside storage", or "how much network bandwidth is necessary", or "how to improve utilization".
The speaker will present key features in Kubernetes that allows for managing clusters with large amounts of compute.

This talk will present tradeoffs to consider while building kubernetes clusters and application that run in it.

Speakers
avatar for Dan Paik

Dan Paik

Product Manager, Google
Dan is a Product Manager at Google on the Kubernetes and Google Container Engine team. He leads feature areas such as stateful workloads, nodes, GPU, multi-tenancy, and storage. Prior to Google, Dan was a software development manager on the payments platform at Amazon. Prior to Amazon... Read More →



Monday September 11, 2017 2:50pm - 3:30pm
Diamond Ballroom 8

4:00pm

Building Application Pipelines Using Kubernetes and a Serverless Approach - Sebastien Goasguen, Bitnami
Kubernetes and containers have changed the way we look at infrastructure. No more pets, no more servers, just an API that lets us focus on the distributed applications. With this renewed focus on applications and the availability of pre-packaged services, we can now think about the logic of complex application pipeline. How do I build an automated optical recognition system ? How do I build a scalable stream processing system ? Recently these types of applications have been enabled on AWS using Lambdas. In this talk we will show how they can also be enabled on Kubernetes, by injecting functions in Pods and using all the Kubernetes core primitives. This talk will position Kubernetes as a great platform to support serverless computing and to demonstrate this we will demo our own solution: kubeless.

Speakers
avatar for Sebastien Goasguen

Sebastien Goasguen

Kubernetes Lead, Bitnami
Sebastien Goasguen is a twenty year open source veteran. A member of the Apache Software Foundation, he worked on Apache CloudStack and Libcloud for several years before diving into the container world. He is the founder of Skippbox, a Kubernetes startup acquired by Bitnami where... Read More →


Monday September 11, 2017 4:00pm - 4:40pm
Diamond Ballroom 8

4:00pm

Get Hands on with Containerized Deployment of OpenStack - Charles Eckel, Cisco DevNet
Hearing a lot about OpenStack and want to check it out for yourself? See how quick and easy it is to install and start using OpenStack using containers that run within a VM on your laptop or within a sandbox. OpenStack Kolla provides production ready tools to deploy OpenStack services as Docker containers that can be managed and upgraded easily. To help you explore Kolla and OpenStack, we provide access to a VM with a containerized deployment of OpenStack Mitaka and step by step instructions. Acquaint yourself with the environment. Learn your way around Horizon (GUI) and the CLI to view and operate your OpenStack cloud. Best of all, take what you learn with you and experiment on your own to discover all OpenStack offers you.

Speakers
avatar for Charles Eckel

Charles Eckel

Developer Advocate, Cisco Systems
Charles Eckel is a developer evangelist with a passion for open source and standards. His open source journey began in 1999 as a founding member of Vovida Networks, where he developed some of the industry’s first open source Voice over IP (VoIP) protocol stacks and applications... Read More →



Monday September 11, 2017 4:00pm - 4:40pm
Gold 4

4:00pm

gRPC and Go: Developing Efficient and Type-Safe Services - Clinton Kitson, {code}
While REST, JSON over HTTP 1.1, is ubiquitous, it is a simple text-based protocol that was not designed to handle the demands of modern cloud-native service architectures. The gRPC project, originated from work at Google, is intended to continue where JSON stopped. It is a universal RPC protocol that uses binary payload over HTTP 2.0 for creating efficient, strongly typed, idiomatic and expressive service APIs using the language of your choice (ten so far).

In this session, speaker Vladimir Vivien explores the use of gRPC with the Go programming language. The session starts with the definition of a service using gRPC’s interface definition language (IDL). It continues on to create a working service while demonstrating the different gRPC API styles including uni-directional, bi-directional and streaming. Lastly, the session explores implications such client development, integration with existing JSON environments, and security.

Presentation topics:

- gRPC overview
- gRPC and the Go programming language
- Service definition and code generation
- Synchronous and asynchronous streaming APIs
- gRPC services with REST gateways
- Secure services

Speakers
avatar for Clint Kitson

Clint Kitson

Technical Director, {code}
Clint is the Technical Director for the {code} open source initiative. He focuses on contributing and building community around emerging trends in software-based infrastructure, containers, open source, and DevOps. He represents Dell Technologies as a CNCF governing board member... Read More →



Monday September 11, 2017 4:00pm - 4:40pm
Diamond Ballroom 6

4:00pm

Introduction to System Containers - Christian Brauner, Canonical Ltd.
The last couple of years have seen an increased interest in container-related technologies. When people speak of containers they usually mean process containers. They often view a container as being much more comparable to a single process than to a virtual machine. But this is not the only way that containers can be used. The features that the Linux kernel provides allow for much more, up to running a whole Linux system unmodified inside a single container. For the last couple of years the LXD team has worked on just that: making containers behave much more like a virtual machine. This talk is going to introduce the concept of a system container in depth and touch on some of the more challenging aspects one faces when containerizing a whole init system and not just a single process. We will also show how system containers allow you to do things like running other container runtimes like runC, Docker/Moby, and LXD inside them and allow for device passthrough for GPU and USB devices in a much easier way than actual virtual machines can.

Speakers
avatar for Christian Brauner

Christian Brauner

Senior Software Engineer, Canonical Ltd.
Christian Brauner is a kernel and core developer and maintainer of the LXD and LXC projects. He works mostly upstream on the Linux Kernel and lower-level problems. He is strongly committed to working in the open, and a strong proponent of Free Software.



Monday September 11, 2017 4:00pm - 4:40pm
Diamond Ballroom 7

4:50pm

Containerd Internals: Building a Core Container Runtime - Stephen Day, Docker & Phil Estes, IBM
Containerd is the core container runtime used in Docker to execute containers and distribute images. It was designed from the ground up to support the OCI image and runtime specifications. The design of containerd is carefully crafted to fit the use cases of modern container orchestrators like Kubernetes and Swarm. In this talk, we dive into design decisions that help containerd meet a diverse set of requirements for a growing container world. Developing an understanding of the decoupled components will provide attendees a grasp where they can leverage functionality in their platforms. By slicing the components of a container runtime into the right pieces, integrators can choose only what they need.

Speakers
avatar for Stephen Day

Stephen Day

Containerd Maintainer, Cruise Automation
Stephen Day is a software engineer at Docker. His many contributions to Docker ecosystem projects include SwarmKit and the version 2 specification for the Docker Registry HTTP API, and evolving the available models for container image distribution. He currently works on containerd... Read More →
avatar for Phil Estes

Phil Estes

Distinguished Engineer & CTO, Container Architecture Strategy, IBM Cloud
Phil is a Distinguished Engineer in the office of the CTO for the IBM Cloud Platform, guiding IBM's architecture strategy around containers and Linux. | | Phil is a core contributor and maintainer on the Docker engine project where he has contributed key features like user namespace... Read More →



Monday September 11, 2017 4:50pm - 5:30pm
Diamond Ballroom 7

4:50pm

GPU, USB, NICs and Other Physical Devices in Your Containers - Stéphane Graber, Canonical Ltd.
The very definition of a container is that it's a set of processes, or in this case full operating system which is sharing the kernel with the host machine.

This opens a full array of possibilities as far as what can be shared between host and container. This talk will be covering some of the most common use cases, such as sharing one or multiple GPUs with a container for compute use, accessing USB devices or physical network interfaces. Then go into slightly weirder cases of kernel device passthrough and see what can be done in such containers.

Outside of the obvious GPU compute use case, device passthrough can also be used to consolidate a number of distinct, mostly idle or old machines into just a single one, including any custom hardware that they may have attached to them and with very little hassle.

Working on Android apps and need to build a CI platform driving a large number of phones, USB passthrough can make this very easy for you too.

LXD will be used as the container manager as it makes all of this rather easy as part of its goal to offer a VM-like environment but built on top of Linux containers.

Speakers
avatar for Stéphane Graber

Stéphane Graber

Technical Lead, Canonical Ltd.
Stéphane Graber works as the technical lead for LXD at Canonical Ltd. He is the upstream project leader for LXC and LXD and a frequent speaker and track leader at various containers and other Linux related events. | | Stéphane is also a long time contributor to the Ubuntu Linux... Read More →



Monday September 11, 2017 4:50pm - 5:30pm
Diamond Ballroom 6

4:50pm

Mesos vs Kubernetes: What We Learned Working With Both From Customers - Khalid Ahmed, IBM
IBM has been working in Apache Mesos community for almost two year and also builds a product named as Conductor for Container (https://hub.docker.com/r/ibmcom/cfc-installer/) which is based on Kubernetes and Mesos.

In this talk, we want to talk something as following:
1. Engagement experience and feedback about customer’s attitude towards Mesos and open DC/OS ecosystem compared with Kubernetes
2. The advantages and disadvantages for Mesos and Kubernetes based container cloud solution
3. The adoption of those different solutions and why customer choose different solutions.
4. How to improve Mesos and Open DC/OS ecosystem to align more with customer requirement.
5. What IBM is doing to make Mesos and Mesos + Kubernetes awesome for customers.

Speakers
avatar for Khalid Ahmed

Khalid Ahmed

Distinguished Engineer, IBM
Khalid Ahmed is an STSM, Chief Architect of Infrastructure Software at IBM Platform. He works on the design and architecture of large scale grid and cloud computing systems with focus on scheduling, resource, workload and data management. In over 20 years at industry experience he... Read More →



Monday September 11, 2017 4:50pm - 5:30pm
Diamond Ballroom 8

5:40pm

BoF: Container Monitoring in 5 Minutes - Mark Stemm, Sysdig
Containers will require you to significantly shift the way you think of monitoring. In this lightning talk, we'll cover:

1. What are the three main ways that containers change the process of instrumenting & monitoring your apps?
2. What stays the same?

Speakers
avatar for Mark Stemm

Mark Stemm

Senior Software Engineer, Sysdig
Mark is a Senior Software Engineer at Sysdig. He has a B.S. in Math/CS from Carnegie Mellon University and a M.S./Ph.D. in Computer Science from the University of California, Berkeley. | | He's worked at Fast Forward Networks on the first generation of internet-based live video... Read More →



Monday September 11, 2017 5:40pm - 6:30pm
Diamond Ballroom 3

5:40pm

BoF: Our Immutable Future - Josh Berkus, Red Hat
What comes next, after we've containerized everything? In this brave new world, where everything is a cloud, what we need from the operating system is changing radically. Not only does the OS need to be smaller and more nimble, it needs to be vastly lower-administration. Dozens to hundreds of hosts per admin is the norm now; in the future, everyone will be administering thousands. Getting there without working admins to death requires a key ingredient: immutability.

In this BoF, Josh will go over what's been done to implement immutable infrastructure at all layers of the new application stacks through Atomic Host and other projects, and what work remains to be done.

Speakers
avatar for Josh Berkus

Josh Berkus

Community Lead at Red Hat, Red Hat
Josh Berkus is Red Hat's Kubernetes Community Manager, which is the reason he spends so much time working in SIG-Release and SIG-Contributor Experience. He's also a long-time database geek, and has done benchmarks for the TPC and SPEC. His real passion in the cloud native world is... Read More →


Monday September 11, 2017 5:40pm - 6:30pm
Diamond Ballroom 6
  • Experience Level Any
 
Tuesday, September 12
 

11:05am

Advanced Continuous Delivery Strategies for Containerized Applications Using DC/OS - Elizabeth Joseph, Mesosphere
Using a container orchestration platform like the Datacenter Operating System (DC/OS) makes it trivial to setup an automated continuous deployment pipeline that pushes code to production on every commit (perhaps with some tests thrown in the middle). This is a win for customers (they see new features sooner), developers (much less bureaucracy with each release) and operators (fewer changes with each release means less risk).

In this presentation, Elizabeth will introduce DC/OS, an open source distributed operating system and container orchestrator based on the production proven Apache Mesos. She will then describe and demonstrate advanced deployment strategies including canary deployments and blue/green deployments, showing you how you can integrate these with continuous deployment pipelines on DC/OS to perform advanced automated deployments with low risk over thousands of machines.

Speakers
avatar for Elizabeth K. Joseph

Elizabeth K. Joseph

Systems Engineer
Elizabeth K. Joseph is a systems engineer and developer advocate who most recently spent time working in the Apache Mesos and DC/OS communities. Previously, she spent four years as a systems engineer on the OpenStack Infrastructure team and six years on the Ubuntu Community Council... Read More →



Tuesday September 12, 2017 11:05am - 11:45am
Diamond Ballroom 7

11:05am

Condensing Your Infrastructure Using System Containers - Stéphane Graber, Canonical Ltd.
As much as stateless micro-services running in containers are a great way of running your infrastructure and having it scale, very many of us have to deal with existing software that wasn't designed with any of that in mind.

One option is to just keep that software running where it is, possibly on some old physical server in a rack somewhere. Another is to move the whole thing to a virtual machine and save some power and space in the process.

But what about system containers? Can't you use those to run all your existing or legacy software with the kind of flexibility and density that containers provide?

This presentation will look into what kind of workload make the most sense to move to containers, what limitations there may be with running old software on very recent systems and will also touch on how such a system container environment can be managed at scale.

Speakers
avatar for Stéphane Graber

Stéphane Graber

Technical Lead, Canonical Ltd.
Stéphane Graber works as the technical lead for LXD at Canonical Ltd. He is the upstream project leader for LXC and LXD and a frequent speaker and track leader at various containers and other Linux related events. | | Stéphane is also a long time contributor to the Ubuntu Linux... Read More →



Tuesday September 12, 2017 11:05am - 11:45am
Diamond Ballroom 8

11:05am

Tutorial: An Introduction to Stateful Applications on Kubernetes - Saad Ali, Google & Chris Duchesne, {code}

(You can view the tutorial here).

Saad and Chris will address how Kubernetes storage works in the context of supporting stateful applications. The talk will cover how Kubernetes storage is implemented now, and what's next for storage in future releases. Also addressed will be mechanisms like StorageClasses and StatefulSets which can provide advanced features when deploying stateful applications. The talk will include a demonstration, with audience participation, showing how a stateful application can be deployed in a platform neutral way, and unchanged way to both a public and an on-prem cloud.


Speakers
avatar for Saad Ali

Saad Ali

Senior Software Engineer, Google
Saad Ali is a senior software engineer at Google where he works on the open-source Kubernetes project. He joined the project in December 2014, and has led the development of the Kubernetes storage and volume subsystem. He serves as a lead of the Kubernetes Storage SIG, and is co-author... Read More →
avatar for Chris Duchesne

Chris Duchesne

Developer Advocate, {code}
Chris Duchesne is a Developer Advocate with {code} by Dell EMC. Chris is a longtime Linux advocate and has been participating in the Docker, Kubernetes, and REX-Ray projects. Also, his home lab uses 10Gbe because 1Gbe clearly isn't good enough.



Tuesday September 12, 2017 11:05am - 11:45am
Gold 4

11:05am

Unikernels and Explorations - Tiejun Chen, VMware

Unikernel is really beginning to attract people’s attention. Comparing to the traditional VM or the recent containers, Unikernels are smaller, more secure and efficient, making them ideal for cloud environments. There are already lots of open source projects but why these existing unikernels have yet to gain large popularity broadly? We think Unikernels are facing same major challenges. In this presentation, we will review our exploration of if-how we can construct the best platform of running unikernels cases like converting Linux as Unikernel. It's necessary to optimize that to gain some good performance and convenience to run any customized images based on different Linux profiles like Real-Time/Secure/.


Speakers
avatar for Tiejun Chen

Tiejun Chen

Staff engineer II and technical leader, VMware
Tiejun Chen is a staff engineer II and one technical leader from ATC, Advanced Technology Center, VMware OCTO. In recent years he is working on some projects or explorations involved Linux, Unikernel, libOS, IoT, Edge Computing, secure container, k8s, serverless, etc. Before joined... Read More →



Tuesday September 12, 2017 11:05am - 11:45am
Diamond Ballroom 6

11:55am

Container Orchestration from Theory to Practice - Stephen Day, Docker & Laura Frank, Codeship
Join Laura Frank and Stephen Day as they explain and examine technical concepts behind container orchestration systems, like distributed consensus, object models, and node topology. These concepts build the foundation of every modern orchestration system, and each technical explanation will be illustrated using Docker’s SwarmKit as a real-world example. Gain a deeper understanding of how orchestration systems like SwarmKit work in practice, and walk away with more insights into your production applications.

Speakers
avatar for Stephen Day

Stephen Day

Containerd Maintainer, Cruise Automation
Stephen Day is a software engineer at Docker. His many contributions to Docker ecosystem projects include SwarmKit and the version 2 specification for the Docker Registry HTTP API, and evolving the available models for container image distribution. He currently works on containerd... Read More →
avatar for Laura Frank

Laura Frank

Director of Engineering, Codeship
As the Director of Engineering at Codeship and a Docker Captain, Laura's primary focus is making tools for other developers. At Codeship, she works on improving the Docker infrastructure and overall experience for all users of the CI/CD platform. Previously, she worked on several... Read More →



Tuesday September 12, 2017 11:55am - 12:35pm
Diamond Ballroom 8

11:55am

Testing Software Performance and Scalability Using Containers - Saurabh Badhwar, Red Hat
Software performance and scalability is critical to the success of an enterprise software and a great amount of effort and resources are spent in testing the performance and scalability for various use cases of a software, before it is released. But replicating the environment for testing this performance and scalability of a software can be too costly or sometimes not feasible due to lack of proper equipment at disposal.
The talk focuses on how to utilize container and automation technologies to replicate large scale environments to automate the testing for performance and scalability of the software according to the user requirements. The key points of focus are:
- Utilizing containers to replicate large scale environments
- Automating deployment and performance, scalability tests on these containerized environments

Speakers
avatar for Saurabh Badhwar

Saurabh Badhwar

Associate Software Engineer, Red Hat
Saurabh Badhwar is a developer and open source enthusiast who is passionate about improving the software performance and scalability. Saurabh Badhwar has been actively contributing to Mozilla Servo and Fedora Project in the fields of Release Engineering, Quality Assurance and Community... Read More →



Tuesday September 12, 2017 11:55am - 12:35pm
Diamond Ballroom 7

11:55am

What You Should Know about Etcd v3 - Paul Burt & Elsie Phillips, CoreOS
Description
With Kubernetes 1.6, etcd v3 becomes the preferred storage backbone of every Kubernetes cluster. Do you know what’s changed? How to recover from failures? This talk is a look at what’s new to etcd v3. It will act as a refresher on what failure scenarios admins need to be mindful of, in order to keep their cluster safe.

Abstract
The most notable change to etcd v3 is the introduction of gRPC. We’ll talk about why the change was made and how it affects the old REST API. Did you know that HTTP and gRPC are namespaced differently? You will after this talk, and you’ll also discover what implications it has for running your cluster.

After covering changes, we’ll take a look at common failure scenarios for etcd. We’ll discuss common misconceptions about leader election. We’ll explore the risks associated with 3 node cluster vs a 9 node, and a regional cluster vs a global. Finally, we’ll end with a live demo of how to backup your cluster, and restore from said backup.

This talk is applicable to any developer that relies on an etcd backed platform. That includes Kubernetes, and many other cloud native projects. Only a glancing familiarity with etcd and distributed consensus are required.

Speakers
avatar for Paul Burt

Paul Burt

Community + Product Marketing, CoreOS
Paul Burt is a Community Manager at CoreOS. He’s upvoting your /r/kubernetes threads and answering your #coreos questions on freeNode. Paul has a knack for and demystifying infrastructure, and making gnarly, complex topics approachable. He enjoys home brewing beer, reading independent... Read More →
EP

Elsie Phillips

Community Manager, CoreOS
Elsie herds the CoreOS Community and Co-Leads the Kubernetes Contributor Experience SIG. She's a northwest native who got her start in open source working at the Oregon State University Open Source Lab. In her free time she throws wild one woman dance parties and makes a mean vegan... Read More →



Tuesday September 12, 2017 11:55am - 12:35pm
Diamond Ballroom 6

1:55pm

Containerization in Mesos, Embracing the Standards - Jie Yu, Mesosphere
Containers are now everywhere. Apache Mesos, as one of the most powerful container orchestrators, greatly simplifies the deploy, provision and execution of containerized workloads. In this talk, I will talk about the evolution of container technology in Mesos. In particular, how Mesos embraces the industry standard for container networking, storage and image specification, and how Mesos achieves that by using a pluggable and extensible architecture. The first part of this talk will give you an overview about the container technology in Mesos and how it has evolved over the years. Then, I will dive into three specific areas in the container technology: networking, storage and image provisioning, and the three industry standards that Mesos is adopting: CNI (Container Network Interface), CSI (Container Storage Interface) and OCI (Open Container Initiative) image spec.

Speakers
avatar for Jie Yu

Jie Yu

Tech Lead, Mesosphere
Jie Yu is a Tech Lead at Mesosphere, Inc, focused on containerization, storage and networking. Before joining Mesosphere, he was a software engineer at Twitter. Jie obtained his PhD in Computer Science and Engineering from the University of Michigan where he conducted research for... Read More →



Tuesday September 12, 2017 1:55pm - 2:35pm
Diamond Ballroom 8

1:55pm

Containers: In Your House and Moving the Furniture - Steven Pousty, Red Hat

It’s obvious containers are here to stay and they are making a large impact in computing. In this presentation I will talk about and demo containers as a substrate for future of our server side computing. I will start with some simple use cases involving CNCF work and finish with some of the more complicated orchestration scenarios that this work has enabled. The goal of the talk is to set up a vision of where we can go with containers for cloud native computing.


Speakers
avatar for Steven Pousty

Steven Pousty

Developer Evangelist, Red Hat
Steve is a Dad, Son, Partner, and Developer Evangelist with OpenShift. He goes around and talks about cool technology that sometimes involves Red Hat Technology. He can teach you about Java, Python, PostgreSQL MongoDB, some JavaScript, Docker, and Kubernetes. He has deep subject area... Read More →


Tuesday September 12, 2017 1:55pm - 2:35pm
Gold 4

1:55pm

Modern CI/CD with Containers - Chloe Condon, Codefresh
Modern CI/CD with Containers- In this talk, Chloe Condon will talk about how to approach CI/CD in the new age of containers. New CI/CD requires us to be even more agile, and requires new capabilities from CI platforms that many are missing. This means DevOps end up building their own tools/scripts. But what if I told you, there's an easier way? In this talk we’ll see how we can achieve the same results, but much more efficiently.

Speakers
avatar for Chloe Condon

Chloe Condon

Developer Evangelist, Codefresh
Chloe is the Developer Evangelist for Codefresh where she helps engineering and infrastructure teams streamline their development processes by adopting container driven development tooling on Kubernetes. Before becoming an Engineer, Chloe was a musical theatre actress who decided... Read More →



Tuesday September 12, 2017 1:55pm - 2:35pm
Diamond Ballroom 7
  • Experience Level Any

1:55pm

OpenSDS: Storage Challenges in a Cloud Native Era - Allen Samuels, Western Digital
Cloud-native adoption is disrupting the traditional enterprise data center landscape forcing traditional hardware vendors to rethink their strategies in a software-defined era to better address the storage challenges faced by their customers. In this session, we will share how leading vendors are coming together in the OpenSDS community to solve these challenges, and building open solutions that support Kubernetes, Mesos, Docker, CloudFoundry, OpenStack and other open source cloud ecosystems.

Speakers
avatar for Allen Samuels

Allen Samuels

Engineering Fellow, Western Digital
Allen joined SanDisk in 2013 as an Engineering Fellow, he is responsible for directing software development for SanDisk’s system level products. He has previously served as Chief Architect at Weitek Corp. and Citrix, and founded several companies including AMKAR Consulting, Orbital... Read More →



Tuesday September 12, 2017 1:55pm - 2:35pm
Diamond Ballroom 6

2:45pm

Building .NET Core Microservices with Steeltoe - Zach Brown & Matthew Horan, Pivotal
The software world is moving to microservices. For all their benefits, microservice architectures expose many distributed computing problems that developers need to solve--problems like service discovery, shared configuration, distributed tracing, etc. The good news is that Netflix, Spring Cloud, and others have developed industry standard patterns to simplify the task of building resilient scale-out microservice-based applications. Until very recently, however, this technology has really only been accessible to Java devs. Steeltoe is a new OSS project that makes these patterns available to .NET developers.

In this presentation, we will provide an overview of Steeltoe and why we created it. We will cover current capabilities, future roadmap, and of course, demos that show how it works.

http://steeltoe.io
https://github.com/steeltoeoss
twitter: @steeltoeoss

Speakers
avatar for Zach Brown

Zach Brown

Product Owner, Pivotal
Zach Brown starting building web sites in the 90s using Netscape-optimized HTML, cgi, and lots of Photoshop lens flares. He spent many years as a developer on the Microsoft stack, then as an architect and manager of dev teams. Currently he's responsible for product strategy and marketing... Read More →
avatar for Matthew Horan

Matthew Horan

Software Engineer, Pivotal
Matthew Horan has spent over a decade developing Web applications. Before becoming a developer, he worked as a systems administrator at various startups and hosting providers. Having worked with just about every configuration management tool, and being a developer by trade, he was... Read More →



Tuesday September 12, 2017 2:45pm - 3:25pm
Diamond Ballroom 6

2:45pm

Building Specialized Container-Based Systems with Moby: A Few Use Cases - Patrick Chanezon, Docker, Inc.
Moby is an open source project providing a "LEGO set" of dozens of components, the framework to assemble them into specialized container-based systems, and a place for all container enthusiasts to experiment and exchange ideas.
One of these assemblies is Docker CE, an open source product that lets you build, ship, and run containers.

This talk will explain how you can leverage the Moby project to assemble your own specialized container-based system, whether for IoT, cloud or bare metal scenarios.
We will cover Moby itself, the framework, and tooling around the project, as well as many of it’s components: LinuxKit, InfraKit, containerd, SwarmKit, Notary.
Then we will present a few use cases and demos of how different companies have leveraged Moby and some of the Moby components to create their own container-based systems.

Speakers
avatar for Patrick Chanezon

Patrick Chanezon

Chief Developer Advocate, Docker
As the Chief Developer Advocate for Docker, Patrick Chanezon helps drive the direction of the company’s open source projects, acting as an advocate for the developer community to assure that their requirements and issues are addressed in the Docker platform. From 2013 to 2015, he... Read More →


Tuesday September 12, 2017 2:45pm - 3:25pm
Diamond Ballroom 8

2:45pm

Extending Custom Kubernetes Deployments with Operators - Mike Metral, CoreOS

Kubernetes is a system used to manage compute and app workloads using clusters of nodes. Clusters are capable of handling various types of use cases, but there are certain resources which may be vital to your deployments that the system does not natively implement. In order to create custom deployments with Kubernetes, we must extend the cluster with new resources and processes, formally known as Operators.

Join Mike Metral in this talk for an introduction to Operators, understand the migration changes from Third Party Resources to Custom Resource Definitions in Kubernetes, and walk through a demo on how to create a new Operator for your Kubernetes cluster.



Tuesday September 12, 2017 2:45pm - 3:25pm
Gold 4
 
Wednesday, September 13
 

11:00am

Kubernetes Best Practices From The Field - Allan Naim, Google
Speakers
avatar for Allan Naim

Allan Naim

Senior Manager, Google
Allan is a seasoned veteran for public cloud. At Google, Allan is a Sr. Manager within the Google Kubernetes Engine Product Management team focussed on Google Cloud's Open Services platform, enabling Enterprise teams to build modern cloud native architectures. Prior to Google, Allan... Read More →



Wednesday September 13, 2017 11:00am - 11:40am
Diamond Ballroom 8
  • Experience Level Any

11:00am

Modular Overlay Networking Solutions with the Container Network Interface - Murali Paluru, Rancher Labs, Inc.
The Container Network Interface (CNI) is becoming the de facto standard for implementing plugins for container runtimes, and is used by Mesos, Kubernetes, and Cloud Foundry. The same CNI standard makes it possible to implement networking as a modular component of your environment, enabling teams to swap in the best networking solution based on the infrastructure used. This talk will walk through the process of building and implementing modular networking solutions, designed to swapped out based on use case. We’ll conclude with a demo of the solutions built, and include important takeaways for determining which overlay networking solutions are best suited for certain use cases.

Speakers
avatar for Murali Paluru

Murali Paluru

Principal Software Engineer, Rancher Labs, Inc.
Murali Paluru is a Principal Software Engineer at Rancher Labs. His most recent works include implementing network policy to secure communications between containers, implementation of VXLAN CNI plugin for different container orchestration engines like Rancher, Kubernetes, refactoring... Read More →



Wednesday September 13, 2017 11:00am - 11:40am
Diamond Ballroom 6
  • Experience Level Any

11:00am

Nightmares of a Container Orchestration System - Jörg Schad, Mesosphere
A lot of talks will tell you how to setup a systems correctly. This talk is about what not to do with your Apache Mesos and DC/OS cluster.

We will share some of our favorite/scariest support stories covering typical system-setup, configuration, and application pitfalls for new (and not-so-new) Mesos and DC/OS operators. And, we will give some hints about how to debug those pitfalls if you do encounter them, resulting in fewer nightmares.

Speakers
avatar for Jörg Schad

Jörg Schad

Head of Machine Learning, ArangoDB
Jörg Schad is Head of Machine Learning at ArangoDB. In a previous life, he worked on built machine learning pipelines in healthcare, distributed systems at Mesosphere, and in-memory databases, conducted research in the Hadoop and Cloud area. He’s a frequent speaker at meetups... Read More →



Wednesday September 13, 2017 11:00am - 11:40am
Diamond Ballroom 7

11:50am

Docker Adoption Patterns - Ilan Rabinovitch, Datadog
As a SaaS monitoring solution specializing in dynamic infrastructure, Datadog has a unique vantage point into the container usage patterns at a global scale. What patterns are organizations finding most successful in their adoption? Which technologies are being containerized? Join us as we open up the data and discuss real world container, orchestration and scheduler usage in organizations large and small, from startup to enterprise.

Speakers
avatar for Ilan Rabinovitch

Ilan Rabinovitch

Dir, Technical Community, Datadog
Ilan is Director of Technical Community at Datadog. Prior to joining Datadog, he spent a number of years leading infrastructure and reliability engineering teams at organizations such as Ooyala and Edmunds.com. In addition to his work at Datadog, he active in the open-source and DevOps... Read More →


Wednesday September 13, 2017 11:50am - 12:30pm
Diamond Ballroom 8
  • Experience Level Any

11:50am

Panel Discussion: Containers and Networking: A Symbiotic Relationship - Moderated by Phil Robb, Open Daylight Project
As cloud adoption grows, containers are increasingly being used to simplify deployment of distributed applications. Ironically, the mix of container deployment models ranging from VM to bare metal, as well as the need to manage overlay container networks independently but synchronously with the underlay, create a new thicket of networking complexity to navigate.

This panel will discuss topics including:
An overview of containers and container networking
Special requirements vs networking business as usual
Best practices for deploying containers using SDN and NFV
Various approaches to container networking and how ONAP and other approaches to cloud orchestration can integrate with Container Orchestration Engines including Kubernetes and Docker Swarm

Moderators
avatar for Phil Robb

Phil Robb

Vice President - Operations, Networking & Orchestration, Linux Foundation
Phil Robb’s experience spans more than 30 years of work on the leading edge of software and networking technology, beginning with the launch of the personal computer in the early 1980s. He began working with open source in 2001 at Hewlett Packard, where he formed and led the company’s... Read More →

Speakers
avatar for Patrick Chanezon

Patrick Chanezon

Chief Developer Advocate, Docker
As the Chief Developer Advocate for Docker, Patrick Chanezon helps drive the direction of the company’s open source projects, acting as an advocate for the developer community to assure that their requirements and issues are addressed in the Docker platform. From 2013 to 2015, he... Read More →
avatar for Swarna Podila

Swarna Podila

Head of Product Marketing, Avi Networks
Swarna Podila leads the product marketing function at Avi Networks. Prior to Avi Networks, Podila has led product marketing functions at smaller organizations such as Mocana and large enterprises such as Citrix and Symantec. Podila feels strongly about diversity and strives to bring... Read More →
avatar for Josh Wood

Josh Wood

DocOps, CoreOS
Josh Wood’s passion for the rkt container runtime led him to CoreOS, where he is responsible for documentation. He enjoys photographing polydactyl cats and writing short autobiographies.
avatar for Chris Wright

Chris Wright

Chief Technology Officer, Red Hat
Chris Wright is vice president and chief technology officer (CTO) at Red Hat. Wright leads the Office of the CTO, which is responsible for incubating emerging technologies and developing forward-looking perspectives on innovations such as artificial intelligence, cloud computing... Read More →


Wednesday September 13, 2017 11:50am - 12:30pm
Diamond Ballroom 6
  • Experience Level Any

11:50am

What's in Your Containers? Tracing the Origin of Binaries - Philippe Ombredanne, AboutCode.org and nexB Inc.
We are all building containers from base images with possibly questionable pre-built binaries every day. Why? We do not know what is in our own containers.
Modern software is routinely assembled from a combo of 1000's open source and vendor-provided packages that we reuse as pre-built binaries (and sometimes build from sources). A unknown, buggy or vulnerable package will sneak in easily in such a large quantity of third-party code packages where most of them are FOSS/open source.

Join me to dive in advanced techniques to identify which known packages are built into Elfs binaries either libraries or static exes.

We will first review some basic approaches to identify distro and application packages using static analyzers (without running a container!) and existing techniques for binary analysis using symbols and content-defined fingerprints with locality sensitive hashing. We will then review a new approach to determine the origin the code in binaries based on shared or unique binary information sets to build efficient indexes of the minimal signatures needed to identify packages and versions of packages (such as OpenSSL) that may be statically linked in arbitrary binaries.

Finally we will show how this approach can be used for automated detection by subverting anti-virus scanners for known binary identification. And relate the collected origin information to actual known vulnerabilities.

Speakers
avatar for Philippe Ombredanne

Philippe Ombredanne

AboutCode.org maintainer and nexB CTO, AboutCode.org and nexB Inc.
Philippe is a passionate FOSS developer, contributor to several FOSS projects including the Linux kernel, AboutCode.org and a long time GSoC mentor. He is the CTO of nexB, a software company on a quest to find what is in your code offering both open source on open source tools and... Read More →



Wednesday September 13, 2017 11:50am - 12:30pm
Diamond Ballroom 7

2:00pm

A Question of Trust – When Good Containers Go Bad - Tim Mackey, Black Duck Software
Containerization has increased the pace of application deployment, but has trust kept pace? Once an image is compromised, which applications are at risk and how far has trust been broken?
To answer this, we assert the container image came from a trusted source, and that our application was subject to static code analysis and the container to pen-testing. We further assert appropriate perimeter defenses and deployment controls are in place. While we have defined a trust model, we didn’t include the impact of information flow.
Vulnerability remediation is a function of awareness. To devise an action plan, defenders must assess the impact of a security issue. Malicious actors with early access to information can craft and refine attacks while defenders are reacting. Having a full inventory of container dependencies is key to increasing awareness and reducing reaction time from days to hours.

Speakers
avatar for Tim Mackey

Tim Mackey

Senior Technical Evangelist, Black Duck by Synopsys
Tim Mackey is a technology evangelist for Black Duck Software specializing in the secure deployment of applications using virtualization, cloud and container technologies. Prior to joining Black Duck, Tim was most recently the community manager for XenServer and was part of the Citrix... Read More →


Wednesday September 13, 2017 2:00pm - 2:40pm
Diamond Ballroom 7

2:00pm

Our Experiences Deploying Kubernetes with IPv6 - André Martins, Covalent IO
IPv6 will turn 20 years old in 2018, IPv4 addresses are nearly extinct, it is time to give IPv6 a real chance. This talk will cover the process of deploying Kubernetes with IPv6 step by step. We will discuss the current state of IPv6 in Kubernetes and all related components and list what is left to be done. We will walk through the deployment step by step in a easy to follow demo where questions can be asked. This talk will give a chance to learn more about Kubernetes networking and how IPv6 will enable to scale public addressing inside your Kubernetes cluster.

Speakers
avatar for André Martins

André Martins

Software Engineer, Cilium Isovalent
André Martins started his open source career through a Linux Foundation Internship years ago where he focused on projects that ease the deployment of networking infrastructures by contributing to the OpenDaylight project. André then switched focused to containers and orchestration... Read More →



Wednesday September 13, 2017 2:00pm - 2:40pm
Diamond Ballroom 6

2:00pm

WTF My Container Just Spawned a Shell! - Mark Stemm, Sysdig
While there have been many improvements around securing containers, there is still a large gap in monitoring the behavior of containers in production. Enter Sysdig Falco, the open source behavioral activity monitor for containerized environments.

Sysdig Falco can detect and alert on anomalous behavior at the application, file, system, and network level. In this session get a deep dive into Falco:
- How does behavioral security differ from existing security solutions like image scanning?
- How does Falco work?
- What can it detect?
- How can you customize it?
- What actions can you take?

Speakers
avatar for Mark Stemm

Mark Stemm

Senior Software Engineer, Sysdig
Mark is a Senior Software Engineer at Sysdig. He has a B.S. in Math/CS from Carnegie Mellon University and a M.S./Ph.D. in Computer Science from the University of California, Berkeley. | | He's worked at Fast Forward Networks on the first generation of internet-based live video... Read More →



Wednesday September 13, 2017 2:00pm - 2:40pm
Diamond Ballroom 8

2:50pm

Cilium - Container Security and Networking Using BPF and XDP - Thomas Graf, Covalent
This talk introduces Cilium, a fast emerging open source project leveraging BPF to provide networking and security for containers. We will do a quick deep dive into BPF, possibly the most promising low level technology to address challenges in application and network security, networking, tracing, and visibility. We will discuss how BPF became capable of universally extending and instrumenting both the Linux kernel and user space applications. The introduction is followed by a concrete example of how the Cilium open source project applies BPF to solve networking, security, and load balancing for highly distributed applications. We will discuss how Cilium can be combined with orchestration systems such as Kubernetes to provide security and networking for cloud native applications.

Speakers
avatar for Thomas Graf

Thomas Graf

Co-Founder & CTO, Isovalent
Thomas Graf is Co-Founder & CTO at Isovalent and creator of the Cilium project. Before this, Thomas has been a Linux kernel developer at Red Hat for many years.


Wednesday September 13, 2017 2:50pm - 3:30pm
Diamond Ballroom 6

2:50pm

Isolated Container Runtime for Docker Images - Harshal Patil, IBM
Isolated Container Runtime (Harshal Patil, IBM) - Docker by default uses a container runtime called ‘runc’ to run containers using cgroups and namespaces. But Docker by design can run one or many runtimes, simultaneously. In this presentation, Harshal Patil will showcase alternative runtime that is aimed at achieving higher isolation for the application running inside containers using Qemu. Higher isolation is useful for applications which require the agility of containers but strong isolation provided by virtual machines, such as smart contract execution by blockchain (such as Hyperledger).

Speakers
HP

Harshal Patil

Advisory Systems Software Engineer, IBM
Advisory Systems Software Engineer at IBM, Linux Technology Centre work on containers and technologies around it. Currently works on Encryption in Container Images, and previously on Isolated Container Runtime for Docker Images (https://ossna2017.sched.com/event/BDpW/isolated-container-runtime-for-docker-images-harshal-patil-ibm... Read More →



Wednesday September 13, 2017 2:50pm - 3:30pm
Diamond Ballroom 7

2:50pm

Migrating Legacy Monoliths to Cloud Native Microservices Architectures on Kubernetes - Dan Kohn, Cloud Native Computing Foundation
Cloud Native architectures, such as those built on Kubernetes, are envied for their ability to segment different parts of an application into microservices that can separately be containerized, so that each microservice can be written in its own language, with its own framework, and its unique set of libraries. This has been shown to significantly increase developer and team productivity by decoupling dependencies between different parts of a team. This talk will look at several real-world cases where existing monolithic, legacy applications deployed in multi-billion dollar companies were slowly evolved into cloud native microservices architectures on Kubernetes. In doing so, they demonstrated that the cloud native architecture is suitable across most categories of computing, including both greenfield and brownfield development.

Speakers
avatar for Dan Kohn

Dan Kohn

Executive Director, Cloud Native Computing Foundation
Dan is Executive Director of the Cloud Native Computing Foundation, which sustains and integrates open source technologies like Kubernetes and Prometheus. He also helped create the Linux Foundation's Core Infrastructure Initiative as an industry-wide response to the security vulnerabilities demonstrated by Heartbleed.He previously served as CTO of several startups, including Spreemo, a healthcare marketplace, and Shopbeam, a shoppable ads company. Earlier, he was a general partner at Skymoon Ventures, a seed-stage... Read More →



Wednesday September 13, 2017 2:50pm - 3:30pm
Diamond Ballroom 8
  • Experience Level Any

4:00pm

A Security State of Mind: Compliance and Vulnerability Audits for Containers - Chris Van Tuin, Red Hat
Data breaches are on the rise and placing increased pressure on Enterprise IT to protect the business. With the rise of DevOps and as hackers takes advantage of known vulnerabilities on unpatched or misconfigured systems, Enterprise IT increasingly needs to automate vulnerability management, security management, and compliance checking.
* How Containers enable DevOps, Container Technology, and the security risks with deploying containers in the enterprise
* Security vulnerability and Configuration issues, notifications and checks
* Automating vulnerability management, security management, and compliance checking with OpenSCAP
* Scanning Containers and Virtual Machines with OpenSCAP
* Generating and understanding OpenSCAP audit reports
* Customizing OpenSCAP profiles

Speakers
CV

Chris Van Tuin

Chief Technologist, Red Hat
Chris Van Tuin, Chief Technologist for the Western US at Red Hat, has over 20 years of experience in IT and Software. Since joining Red Hat in 2005, Chris has been architecting solutions for strategic customers with a focus on emerging technologies including IaaS, PaaS, and DevOps... Read More →


Wednesday September 13, 2017 4:00pm - 4:40pm
Diamond Ballroom 7

4:00pm

Architecture as a Code - A Open Source Microservices Platform Realization - Sreekanth Nyamars, Wipro Technologies
Open Source technologies are driving core innovations and revolutionizing the way enterprise platforms are delivered. Microservices architecture has become a critical building block in these platforms. In this session Sreekanth will discuss the challenges faced while adopting open source technologies to build a microservice platform and potential solutions to these challenges. As enterprises evolve, there is an increasing proliferation of open source products, lack of governance around platform architecture and disparity between proposed architecture and realized architecture. Potential solutions are to create pre-defined architecture blueprints based on proposed architecture patterns for specific enterprise needs. Combining these preintegrated blueprints with PaaS capabilities can transform the proposed architecture into a form of configuration artifact – resulting in “Architecture as a Code”. This will also provide the much needed architecture governance and promotes reusable architecture.
A potential microservices architecture blueprint based on Spring-boot suite, monitoring and security software all pre-integrated into a deployable unit.
Leveraging Kubernetes as underlying container orchestrator, this deployable unit can be provisioned on any platform. Key benefit is the ability to consistently manage/govern the platform in a predictable manner thus improving time to deliver.

Speakers
SN

Sreekanth Nyamars

Lead Architect, Wipro Technologies
Has been part of software development and solutioning for over 17 years. Lead large scale integration platform implementations for telcom and banking customers. Areas of interest include container technologies, microservices and devops using Open Source technologies.


Wednesday September 13, 2017 4:00pm - 4:40pm
Diamond Ballroom 8
  • Experience Level Any

4:00pm

Panel Discussion: (Really!) Outside the Box: Cisco’s Open Source Journey - Moderated by Ed Warnicke, Cisco

Not used to hearing Cisco and “open” used in the same sentence? Wondering why Cisco is investing as heavily as it is in open source technologies? If you answered yes to either of those questions, this panel is for you. Join moderator and Linux luminary Ed Warnicke along with panelists Serpil Bayraktar, Anne McCormick, and Charles Eckel as they discuss the various areas of Cisco’s involvement in the open source ecosystem. They’ll be covering Cisco’s involvement in and contributions to FD.io/VPP, SNAS.io, OpenStack, Kubernetes/Cloud Native, and much more. The panel will also discuss how Cisco’s contributions and involvement in open source technologies are key components in its future strategy. You’ll also have the opportunity to learn about Cisco DevNet (developer.cisco.com), Cisco’s developer resource hub that offers learning labs, forums, sandboxes, API and code libraries, hackathons, and much, much more. The future is open and Cisco is moving forward to embrace it with (you knew it was coming) open arms.


Moderators
avatar for Ed Warnicke

Ed Warnicke

Distinguished Consulting Engineer, Cisco
Ed Warnicke is a Distinguished Consulting Engineer in the Chief Technology and Architecture Office (CTAO) office at Cisco Systems. He has been working for over a decade in many areas of networking and Open Source. He was the longest serving founding TSC member at OpenDaylight TSC... Read More →

Speakers
avatar for Serpil Bayraktar

Serpil Bayraktar

Distinguished Engineer, Cisco
Serpil Bayraktar started her career, quite by accident, as a Network Operator for the NSFNET project in the early 1990s. She worked as an operator, on-call engineer, network engineer and architect during this historical transition from a publicly funded research network to today’s... Read More →
avatar for Charles Eckel

Charles Eckel

Developer Advocate, Cisco Systems
Charles Eckel is a developer evangelist with a passion for open source and standards. His open source journey began in 1999 as a founding member of Vovida Networks, where he developed some of the industry’s first open source Voice over IP (VoIP) protocol stacks and applications... Read More →
avatar for David Lapsley

David Lapsley

Engineering Manager
David Lapsley leads the Metacloud Engineering team within Cisco Advanced Services. David’s background is in networking, cloud computing, data visualization, software as a service, and user experience. David has been using Python for over 10 years and Django for 5 years. His first... Read More →
avatar for Anne McCormick

Anne McCormick

Technical Leader, Cisco
Anne is a Software Engineer who joined the Cisco OpenStack team in 2014, and has attended the past five OpenStack summits. She is an active member of Women of Openstack, is a new OpenStack mentor, and has a background in networking, video, high-availability and virtualization.


Wednesday September 13, 2017 4:00pm - 4:40pm
Diamond Ballroom 6

4:50pm

Building Container Base Application Delivery System for IoT Platform - Masataka Mizukoshi, NTT Lab
The Internet of Things (IoT) devices are generating a large amount of data, and many companies are utilizing them. The data, that generated by IoT devices such as sensor, often must be analyzed very rapid and confidentially.
In case of industrial factories, IoT require new kind of platform. To archive rapid analytics or fast response time, the application should be running nearby IoT devices, such as edge computing. And we must continuously manage and update the applications, that located all over the world.

We built the container base application delivery system for this industrial IoT platform using docker registry mainly.
However docker registry is insufficient for satisfy our demands as follows.
・Check authenticity of container images for security reason.
・Manage thousand of images with no delay and difficulty.
・Update images via narrow band such as Over the Air network.
In this presentation, attendees will learn the way to build the application delivery platform that satisfy the above demands. To achieve image authenticity, we combined some component, not only docker registry, such as docker notary and clair. In addition, we improved registry's content addressability to manage a large amount of container images, and incorporated binary delta updating technique into image delivery mechanism for narrow band networks.

Speakers
MM

Masataka Mizukoshi

Building container base application delivery system for IoT platform., NTT Lab
Masataka is is a researcher working for NTT Labs. His group has been developing open source software such as Ryu and GoBGP. In his previous life, he conducted research in distributed computing related with hadoop and spark. His speaking experience include international conference... Read More →



Wednesday September 13, 2017 4:50pm - 5:30pm
Diamond Ballroom 8

4:50pm

High Performance Deep Learning on Containers - Khalid Ahmed & Bruce D'amora, IBM
The field of deep learning has led to the emergence of new frameworks such as Caffee, Torch, and TensorFlow that tackle problems in image recognition, object classification, or machine translation. These systems must interact with containerized micro-services developed using DevOps tools running on popular container management tools such as Kubernetes. In this talk we examine the work in the Kubernetes ecosystem to enable some of the special requirements of deep learning such as GPU support, high speed networking, access to large data sets, ,better batch job scheduling and distributed computing support. We show how the Kubernetes platform can support both CI/CD pipelines and the high performance computing requirements using examples from research and industry.

Speakers
avatar for Khalid Ahmed

Khalid Ahmed

Distinguished Engineer, IBM
Khalid Ahmed is an STSM, Chief Architect of Infrastructure Software at IBM Platform. He works on the design and architecture of large scale grid and cloud computing systems with focus on scheduling, resource, workload and data management. In over 20 years at industry experience he... Read More →
avatar for Bruce D'amora

Bruce D'amora

Senior Technical Staff Member, IBM
Bruce D’Amora is a Senior Technical Staff Member in the Data Centric Solutions department at IBM T.J. Watson Research Center in Yorktown Heights, NY. He is currently managing the Cognitive and Cloud solutions department focusing on enablement of HPC and Cognitive workflows using... Read More →



Wednesday September 13, 2017 4:50pm - 5:30pm
Diamond Ballroom 7