SlideShare a Scribd company logo
1 of 32
Download to read offline
LinuxKit and Moby
News from DockerCon 2017 - Austin,TX
Dieter Reuter - @Quintus23M
Senior Consultant at bee42 solutions gmbh - @bee42solutions
Docker Captain - @HypriotTweets
Docker Meetup Bochum, May 11th 2017
What happened? What to expect?
Will I become a Moby Captain?
What will change?Governance?
What’s that LinuxKit?
What is LinuxKit ?
“A platform is only as secure
as its weakest components„
— Solomon Hykes
“I want Docker for whateverplatform!„— Me (whenever I discover any new platform)
LinuxKit
a SECURE Linux subsystem
Only works with containers
- Smaller attack surface
- Immutable infrastructure
- Sandboxed system services
- Specialized patches and
configurations
Incubator for security
innovations
- Wireguard, Landlock, KSPP
- MirageOS type safe system
daemons
- okernel
Community-first security
process
- Linux is too big for a single
company to secure it
- Participate in existing Linux
security efforts
LinuxKit
a LEAN Linux subsystem
- Minimal size, minimal boot time
- All system services are containers
- Everything can be removed or replaced
- Desktop, Server, IoT, Mainframe
- Intel & ARM (and others)
- Bare Metal & Virtualized
- On-premises & in the Cloud
LinuxKit
a PORTABLE Linux subsystem
In LinuxKit the BluePrint is a YAML file!
Example “linuxkit.yml” see: https://github.com/linuxkit/linuxkit/blob/master/linuxkit.yml
kernel:
image: "linuxkit/kernel:4.9.x"
cmdline: "console=ttyS0 console=tty0 page_poison=1"
Everything is a yaml file: kernel
see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#kernel
init:
- linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b
- linuxkit/runc:2649198589ef0020d99f613adaeda45ce0093a38
- linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b
- linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288
Everything is a yaml file: init
see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#init
Everything is a yaml file: onboot
onboot:
- name: sysctl
image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a"
net: host
pid: host
ipc: host
capabilities:
- CAP_SYS_ADMIN
readonly: true
see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#onboot
Everything is a yaml file: services
services:
- name: ntpd
image: "linuxkit/openntpd:a38eabb308d0405f58894979f8b8031a6c7e1134"
capabilities:
- CAP_SYS_TIME
- CAP_SYS_NICE
- CAP_SYS_CHROOT
- CAP_SETUID
- CAP_SETGID
net: host
see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#services
Everything is a yaml file: files
files:
- path: etc/docker/daemon.json
contents: '{"debug": true}'
Everything is a yaml file: output
outputs:
- format: kernel+initrd
- format: iso-bios
- format: iso-efi
- format: vhd
- format: vmdk
see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#output
LinuxKit and Moby, news from DockerCon 2017 - Austin,TX
LinuxKit - build on macOS
1. Clone the GitHub repository
$ git clone https://github.com/linuxkit/linuxkit.git
$ cd linuxkit
2. Compile LinuxKit CLI tools (we need Docker4Mac and Go)
$ make clean
$ make
3. Install LinuxKit CLI tools: “moby” and “linuxkit”
$ make install
LinuxKit - use it on macOS
1. Build your first LinuxKit VM
$ moby build examples/node_exporter.yml
$ ls -alh node_exporter*.img
-rw-r--r-- 1 dieter staff 36M May 11 15:44
node_exporter-initrd.img
2. Run the LinuxKit VM with HyperKit (macOS Hypervisor)
$ linuxkit run hyperkit node_exporter
# runc list
# halt
Moby Project
Production model: Open Source
Production model: Open Components
Docker is a Platform made of Components
The open components model shows its limits...
Next level: Collaborating on Components & Assemblies
“With going mainstream comes great responsibilities„
— Solomon Hykes
LinuxKit and Moby, news from DockerCon 2017 - Austin,TX
LinuxKit and Moby, news from DockerCon 2017 - Austin,TX
“A framework to assemble
specialized container
systems without reinventing
the wheel”
- Library of 80+ components
- Package your own components
as containers
- Reference assemblies deployed
on millions of nodes
- Create your own assemblies or
start from existing ones
What Moby means for you as a:
DOCKER USER
Nothing changes for you, your command line
remains the same and also anything else
It’s just that now Docker can leverage the
ecosystem to innovate faster for you
SYSTEM BUILDER
Moby helps you to innovate without tying you to
Docker
You can build your own Container Runtime
systems easier and faster
“The Moby Project is to Docker what
Fedora is to Red Hat Enterprise Linux„
— Solomon Hykes
LinuxKit and Moby, news from DockerCon 2017 - Austin,TX
Thank You!
Dieter Reuter
@Quintus23M
Credits: original slide deck by Docker Captain Lorenzo Fontana @fntlnz

More Related Content

What's hot

Introduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupIntroduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupAjeet Singh Raina
 
Dev with Docker WCPHX 2019
Dev with Docker WCPHX 2019Dev with Docker WCPHX 2019
Dev with Docker WCPHX 2019Maura Teal
 
Introduction to Docker and Linux Containers @ Cloud Computing Rhein Main
Introduction to Docker and Linux Containers @ Cloud Computing Rhein MainIntroduction to Docker and Linux Containers @ Cloud Computing Rhein Main
Introduction to Docker and Linux Containers @ Cloud Computing Rhein MainPuja Abbassi
 
DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...
DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...
DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...Docker, Inc.
 
LinuxKit Update at the Moby Summit
LinuxKit Update at the Moby SummitLinuxKit Update at the Moby Summit
LinuxKit Update at the Moby SummitDocker, Inc.
 
Easy Docker on Microsoft Azure
Easy Docker on Microsoft AzureEasy Docker on Microsoft Azure
Easy Docker on Microsoft AzureDocker, Inc.
 
Dockerizing your applications - Docker workshop @Twitter
Dockerizing your applications - Docker workshop @TwitterDockerizing your applications - Docker workshop @Twitter
Dockerizing your applications - Docker workshop @TwitterdotCloud
 
Docker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete ComponentsDocker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete ComponentsPhil Estes
 
Docker worshop @Twitter - How to use your own private registry
Docker worshop @Twitter - How to use your own private registryDocker worshop @Twitter - How to use your own private registry
Docker worshop @Twitter - How to use your own private registrydotCloud
 
John Engates Keynote at Dockercon 14
John Engates Keynote at Dockercon 14John Engates Keynote at Dockercon 14
John Engates Keynote at Dockercon 14dotCloud
 
Modernizing .NET Apps
Modernizing .NET AppsModernizing .NET Apps
Modernizing .NET AppsDocker, Inc.
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with dockerDocker, Inc.
 
containerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerdcontainerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerdDocker, Inc.
 
OSCON: Unikernels and Docker: From revolution to evolution
OSCON: Unikernels and Docker: From revolution to evolutionOSCON: Unikernels and Docker: From revolution to evolution
OSCON: Unikernels and Docker: From revolution to evolutionDocker, Inc.
 
DockerDay2015: Docker Security
DockerDay2015: Docker SecurityDockerDay2015: Docker Security
DockerDay2015: Docker SecurityDocker-Hanoi
 
Docker on Google App Engine
Docker on Google App EngineDocker on Google App Engine
Docker on Google App EngineDocker, Inc.
 
Introduction of Docker and Docker Compose
Introduction of Docker and Docker ComposeIntroduction of Docker and Docker Compose
Introduction of Docker and Docker ComposeDr. Ketan Parmar
 

What's hot (20)

Rexdockercon2017
Rexdockercon2017Rexdockercon2017
Rexdockercon2017
 
Introduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore MeetupIntroduction to LinuxKit - Docker Bangalore Meetup
Introduction to LinuxKit - Docker Bangalore Meetup
 
Dev with Docker WCPHX 2019
Dev with Docker WCPHX 2019Dev with Docker WCPHX 2019
Dev with Docker WCPHX 2019
 
Introduction to Docker and Linux Containers @ Cloud Computing Rhein Main
Introduction to Docker and Linux Containers @ Cloud Computing Rhein MainIntroduction to Docker and Linux Containers @ Cloud Computing Rhein Main
Introduction to Docker and Linux Containers @ Cloud Computing Rhein Main
 
DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...
DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...
DockerCon EU 2015: Speed Up Deployment: Building a Distributed Docker Registr...
 
LinuxKit Update at the Moby Summit
LinuxKit Update at the Moby SummitLinuxKit Update at the Moby Summit
LinuxKit Update at the Moby Summit
 
Easy Docker on Microsoft Azure
Easy Docker on Microsoft AzureEasy Docker on Microsoft Azure
Easy Docker on Microsoft Azure
 
Docker 101 Checonf 2016
Docker 101 Checonf 2016Docker 101 Checonf 2016
Docker 101 Checonf 2016
 
Dockerizing your applications - Docker workshop @Twitter
Dockerizing your applications - Docker workshop @TwitterDockerizing your applications - Docker workshop @Twitter
Dockerizing your applications - Docker workshop @Twitter
 
Docker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete ComponentsDocker Engine Evolution: From Monolith to Discrete Components
Docker Engine Evolution: From Monolith to Discrete Components
 
Docker worshop @Twitter - How to use your own private registry
Docker worshop @Twitter - How to use your own private registryDocker worshop @Twitter - How to use your own private registry
Docker worshop @Twitter - How to use your own private registry
 
John Engates Keynote at Dockercon 14
John Engates Keynote at Dockercon 14John Engates Keynote at Dockercon 14
John Engates Keynote at Dockercon 14
 
Docker & Kubernetes intro
Docker & Kubernetes introDocker & Kubernetes intro
Docker & Kubernetes intro
 
Modernizing .NET Apps
Modernizing .NET AppsModernizing .NET Apps
Modernizing .NET Apps
 
Kubernetes with docker
Kubernetes with dockerKubernetes with docker
Kubernetes with docker
 
containerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerdcontainerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerd
 
OSCON: Unikernels and Docker: From revolution to evolution
OSCON: Unikernels and Docker: From revolution to evolutionOSCON: Unikernels and Docker: From revolution to evolution
OSCON: Unikernels and Docker: From revolution to evolution
 
DockerDay2015: Docker Security
DockerDay2015: Docker SecurityDockerDay2015: Docker Security
DockerDay2015: Docker Security
 
Docker on Google App Engine
Docker on Google App EngineDocker on Google App Engine
Docker on Google App Engine
 
Introduction of Docker and Docker Compose
Introduction of Docker and Docker ComposeIntroduction of Docker and Docker Compose
Introduction of Docker and Docker Compose
 

Viewers also liked

Docker Federal Summit 2017 General Session
Docker Federal Summit 2017 General SessionDocker Federal Summit 2017 General Session
Docker Federal Summit 2017 General SessionDocker, Inc.
 
Why Docker? Dayton PHP, April 2017
Why Docker? Dayton PHP, April 2017Why Docker? Dayton PHP, April 2017
Why Docker? Dayton PHP, April 2017Chris Tankersley
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017Patrick Chanezon
 
DockerCon 2017: Docker in China
DockerCon 2017: Docker in ChinaDockerCon 2017: Docker in China
DockerCon 2017: Docker in ChinaZhimin Tang
 
Docker HK Meetup - 201707
Docker HK Meetup - 201707Docker HK Meetup - 201707
Docker HK Meetup - 201707Clarence Ho
 
Wordcamp Bratislava 2017 - Docker! Why?
Wordcamp Bratislava 2017 - Docker! Why?Wordcamp Bratislava 2017 - Docker! Why?
Wordcamp Bratislava 2017 - Docker! Why?Adam Štipák
 
Docker Security - Continuous Container Security
Docker Security - Continuous Container SecurityDocker Security - Continuous Container Security
Docker Security - Continuous Container SecurityDieter Reuter
 
DSD-INT 2017 Docker, Compute as a Service (CaaS) and beyond - Van Gils
DSD-INT 2017 Docker, Compute as a Service (CaaS) and beyond - Van GilsDSD-INT 2017 Docker, Compute as a Service (CaaS) and beyond - Van Gils
DSD-INT 2017 Docker, Compute as a Service (CaaS) and beyond - Van GilsDeltares
 
Tracxn Research - Docker Ecosystem Report, May 2017
Tracxn Research - Docker Ecosystem Report, May 2017Tracxn Research - Docker Ecosystem Report, May 2017
Tracxn Research - Docker Ecosystem Report, May 2017Tracxn
 
Weave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapWeave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapPatrick Chanezon
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectPatrick Chanezon
 
Moby Summit introduction
Moby Summit introductionMoby Summit introduction
Moby Summit introductionMoby Project
 
Online Meetup: Intro to LinuxKit
Online Meetup: Intro to LinuxKitOnline Meetup: Intro to LinuxKit
Online Meetup: Intro to LinuxKitDocker, Inc.
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformancePhil Estes
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017Docker, Inc.
 
Container Performance Analysis
Container Performance AnalysisContainer Performance Analysis
Container Performance AnalysisBrendan Gregg
 

Viewers also liked (17)

Docker Federal Summit 2017 General Session
Docker Federal Summit 2017 General SessionDocker Federal Summit 2017 General Session
Docker Federal Summit 2017 General Session
 
Why Docker? Dayton PHP, April 2017
Why Docker? Dayton PHP, April 2017Why Docker? Dayton PHP, April 2017
Why Docker? Dayton PHP, April 2017
 
What's New in Docker - February 2017
What's New in Docker - February 2017What's New in Docker - February 2017
What's New in Docker - February 2017
 
DockerCon 2017: Docker in China
DockerCon 2017: Docker in ChinaDockerCon 2017: Docker in China
DockerCon 2017: Docker in China
 
Docker HK Meetup - 201707
Docker HK Meetup - 201707Docker HK Meetup - 201707
Docker HK Meetup - 201707
 
Wordcamp Bratislava 2017 - Docker! Why?
Wordcamp Bratislava 2017 - Docker! Why?Wordcamp Bratislava 2017 - Docker! Why?
Wordcamp Bratislava 2017 - Docker! Why?
 
Docker Security - Continuous Container Security
Docker Security - Continuous Container SecurityDocker Security - Continuous Container Security
Docker Security - Continuous Container Security
 
DSD-INT 2017 Docker, Compute as a Service (CaaS) and beyond - Van Gils
DSD-INT 2017 Docker, Compute as a Service (CaaS) and beyond - Van GilsDSD-INT 2017 Docker, Compute as a Service (CaaS) and beyond - Van Gils
DSD-INT 2017 Docker, Compute as a Service (CaaS) and beyond - Van Gils
 
Tracxn Research - Docker Ecosystem Report, May 2017
Tracxn Research - Docker Ecosystem Report, May 2017Tracxn Research - Docker Ecosystem Report, May 2017
Tracxn Research - Docker Ecosystem Report, May 2017
 
Weave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 RecapWeave User Group Talk - DockerCon 2017 Recap
Weave User Group Talk - DockerCon 2017 Recap
 
Oscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby projectOscon 2017: Build your own container-based system with the Moby project
Oscon 2017: Build your own container-based system with the Moby project
 
DockerCon EU 2017 Recap
DockerCon EU 2017 RecapDockerCon EU 2017 Recap
DockerCon EU 2017 Recap
 
Moby Summit introduction
Moby Summit introductionMoby Summit introduction
Moby Summit introduction
 
Online Meetup: Intro to LinuxKit
Online Meetup: Intro to LinuxKitOnline Meetup: Intro to LinuxKit
Online Meetup: Intro to LinuxKit
 
Bucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime PerformanceBucketbench: Benchmarking Container Runtime Performance
Bucketbench: Benchmarking Container Runtime Performance
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017
 
Container Performance Analysis
Container Performance AnalysisContainer Performance Analysis
Container Performance Analysis
 

Similar to LinuxKit and Moby, news from DockerCon 2017 - Austin,TX

Containerday17 Moby-linuxkit-DockerCon-2017-announcements
Containerday17 Moby-linuxkit-DockerCon-2017-announcementsContainerday17 Moby-linuxkit-DockerCon-2017-announcements
Containerday17 Moby-linuxkit-DockerCon-2017-announcementsKiratech
 
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at KiratechMoby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at KiratechKiratech
 
Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Patrick Chanezon
 
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDocker, Inc.
 
RunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeRunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeStefano Stabellini
 
Poky meets Debian: Understanding how to make an embedded Linux by using an ex...
Poky meets Debian: Understanding how to make an embedded Linux by using an ex...Poky meets Debian: Understanding how to make an embedded Linux by using an ex...
Poky meets Debian: Understanding how to make an embedded Linux by using an ex...Yoshitake Kobayashi
 
Docker en kernel security
Docker en kernel securityDocker en kernel security
Docker en kernel securitysmart_bit
 
Codemotion Rome 2015 IBM Bluemix and Docker
Codemotion Rome 2015 IBM Bluemix and DockerCodemotion Rome 2015 IBM Bluemix and Docker
Codemotion Rome 2015 IBM Bluemix and Dockergjuljo
 
Modern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinModern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinDjalal Harouni
 
IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017Robert Parker
 
Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?msyukor
 
HLayer / Docker and its ecosystem
HLayer / Docker and its ecosystemHLayer / Docker and its ecosystem
HLayer / Docker and its ecosystemAymen EL Amri
 
- Codemotion Rome 2015
- Codemotion Rome 2015- Codemotion Rome 2015
- Codemotion Rome 2015Codemotion
 
Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...
Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...
Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...Docker, Inc.
 
Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment Docker, Inc.
 
Docker containers : introduction
Docker containers : introductionDocker containers : introduction
Docker containers : introductionrinnocente
 
Being a Moby maintainer
Being a Moby maintainerBeing a Moby maintainer
Being a Moby maintainerAkihiro Suda
 
LinuxKit Deep Dive
LinuxKit Deep DiveLinuxKit Deep Dive
LinuxKit Deep DiveDocker, Inc.
 
LinuxKit & Moby - The next level of the container ecosystem
LinuxKit & Moby - The next level of the container ecosystemLinuxKit & Moby - The next level of the container ecosystem
LinuxKit & Moby - The next level of the container ecosystemPatrick Kleindienst
 
Docker - Der Wal in der Kiste
Docker - Der Wal in der KisteDocker - Der Wal in der Kiste
Docker - Der Wal in der KisteUlrich Krause
 

Similar to LinuxKit and Moby, news from DockerCon 2017 - Austin,TX (20)

Containerday17 Moby-linuxkit-DockerCon-2017-announcements
Containerday17 Moby-linuxkit-DockerCon-2017-announcementsContainerday17 Moby-linuxkit-DockerCon-2017-announcements
Containerday17 Moby-linuxkit-DockerCon-2017-announcements
 
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at KiratechMoby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
Moby and linux kit, what to expect - Lorenzo Fontana, DevOps Expert at Kiratech
 
Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017Moby Open Source Summit North America 2017
Moby Open Source Summit North America 2017
 
DockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon HykesDockerCon 2017 - General Session Day 1 - Solomon Hykes
DockerCon 2017 - General Session Day 1 - Solomon Hykes
 
RunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edgeRunX: deploy real-time OSes as containers at the edge
RunX: deploy real-time OSes as containers at the edge
 
Poky meets Debian: Understanding how to make an embedded Linux by using an ex...
Poky meets Debian: Understanding how to make an embedded Linux by using an ex...Poky meets Debian: Understanding how to make an embedded Linux by using an ex...
Poky meets Debian: Understanding how to make an embedded Linux by using an ex...
 
Docker en kernel security
Docker en kernel securityDocker en kernel security
Docker en kernel security
 
Codemotion Rome 2015 IBM Bluemix and Docker
Codemotion Rome 2015 IBM Bluemix and DockerCodemotion Rome 2015 IBM Bluemix and Docker
Codemotion Rome 2015 IBM Bluemix and Docker
 
Modern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - BerlinModern IoT and Embedded Linux Deployment - Berlin
Modern IoT and Embedded Linux Deployment - Berlin
 
IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017IBM MQ in containers MQTC 2017
IBM MQ in containers MQTC 2017
 
Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?Programming IoT with Docker: How to Start?
Programming IoT with Docker: How to Start?
 
HLayer / Docker and its ecosystem
HLayer / Docker and its ecosystemHLayer / Docker and its ecosystem
HLayer / Docker and its ecosystem
 
- Codemotion Rome 2015
- Codemotion Rome 2015- Codemotion Rome 2015
- Codemotion Rome 2015
 
Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...
Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...
Secure Substrate: Least Privilege Container Deployment - Diogo Monica and Riy...
 
Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment Secure Substrate: Least Privilege Container Deployment
Secure Substrate: Least Privilege Container Deployment
 
Docker containers : introduction
Docker containers : introductionDocker containers : introduction
Docker containers : introduction
 
Being a Moby maintainer
Being a Moby maintainerBeing a Moby maintainer
Being a Moby maintainer
 
LinuxKit Deep Dive
LinuxKit Deep DiveLinuxKit Deep Dive
LinuxKit Deep Dive
 
LinuxKit & Moby - The next level of the container ecosystem
LinuxKit & Moby - The next level of the container ecosystemLinuxKit & Moby - The next level of the container ecosystem
LinuxKit & Moby - The next level of the container ecosystem
 
Docker - Der Wal in der Kiste
Docker - Der Wal in der KisteDocker - Der Wal in der Kiste
Docker - Der Wal in der Kiste
 

Recently uploaded

UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 

Recently uploaded (20)

UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 

LinuxKit and Moby, news from DockerCon 2017 - Austin,TX

  • 1. LinuxKit and Moby News from DockerCon 2017 - Austin,TX Dieter Reuter - @Quintus23M Senior Consultant at bee42 solutions gmbh - @bee42solutions Docker Captain - @HypriotTweets Docker Meetup Bochum, May 11th 2017
  • 2. What happened? What to expect? Will I become a Moby Captain? What will change?Governance? What’s that LinuxKit?
  • 4. “A platform is only as secure as its weakest components„ — Solomon Hykes
  • 5. “I want Docker for whateverplatform!„— Me (whenever I discover any new platform)
  • 6. LinuxKit a SECURE Linux subsystem Only works with containers - Smaller attack surface - Immutable infrastructure - Sandboxed system services - Specialized patches and configurations Incubator for security innovations - Wireguard, Landlock, KSPP - MirageOS type safe system daemons - okernel Community-first security process - Linux is too big for a single company to secure it - Participate in existing Linux security efforts
  • 7. LinuxKit a LEAN Linux subsystem - Minimal size, minimal boot time - All system services are containers - Everything can be removed or replaced
  • 8. - Desktop, Server, IoT, Mainframe - Intel & ARM (and others) - Bare Metal & Virtualized - On-premises & in the Cloud LinuxKit a PORTABLE Linux subsystem
  • 9. In LinuxKit the BluePrint is a YAML file! Example “linuxkit.yml” see: https://github.com/linuxkit/linuxkit/blob/master/linuxkit.yml
  • 10. kernel: image: "linuxkit/kernel:4.9.x" cmdline: "console=ttyS0 console=tty0 page_poison=1" Everything is a yaml file: kernel see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#kernel
  • 11. init: - linuxkit/init:63eed9ca7a09d2ce4c0c5e7238ac005fa44f564b - linuxkit/runc:2649198589ef0020d99f613adaeda45ce0093a38 - linuxkit/containerd:18eaf72f3f4f9a9f29ca1951f66df701f873060b - linuxkit/ca-certificates:3344cdca1bc59fdfa17bd7f0fcbf491b9dbaa288 Everything is a yaml file: init see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#init
  • 12. Everything is a yaml file: onboot onboot: - name: sysctl image: "linuxkit/sysctl:1f5ec5d5e6f7a7a1b3d2ff9dd9e36fd6fb14756a" net: host pid: host ipc: host capabilities: - CAP_SYS_ADMIN readonly: true see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#onboot
  • 13. Everything is a yaml file: services services: - name: ntpd image: "linuxkit/openntpd:a38eabb308d0405f58894979f8b8031a6c7e1134" capabilities: - CAP_SYS_TIME - CAP_SYS_NICE - CAP_SYS_CHROOT - CAP_SETUID - CAP_SETGID net: host see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#services
  • 14. Everything is a yaml file: files files: - path: etc/docker/daemon.json contents: '{"debug": true}'
  • 15. Everything is a yaml file: output outputs: - format: kernel+initrd - format: iso-bios - format: iso-efi - format: vhd - format: vmdk see: https://github.com/linuxkit/linuxkit/blob/master/docs/yaml.md#output
  • 17. LinuxKit - build on macOS 1. Clone the GitHub repository $ git clone https://github.com/linuxkit/linuxkit.git $ cd linuxkit 2. Compile LinuxKit CLI tools (we need Docker4Mac and Go) $ make clean $ make 3. Install LinuxKit CLI tools: “moby” and “linuxkit” $ make install
  • 18. LinuxKit - use it on macOS 1. Build your first LinuxKit VM $ moby build examples/node_exporter.yml $ ls -alh node_exporter*.img -rw-r--r-- 1 dieter staff 36M May 11 15:44 node_exporter-initrd.img 2. Run the LinuxKit VM with HyperKit (macOS Hypervisor) $ linuxkit run hyperkit node_exporter # runc list # halt
  • 22. Docker is a Platform made of Components
  • 23. The open components model shows its limits...
  • 24. Next level: Collaborating on Components & Assemblies
  • 25. “With going mainstream comes great responsibilities„ — Solomon Hykes
  • 28. “A framework to assemble specialized container systems without reinventing the wheel” - Library of 80+ components - Package your own components as containers - Reference assemblies deployed on millions of nodes - Create your own assemblies or start from existing ones
  • 29. What Moby means for you as a: DOCKER USER Nothing changes for you, your command line remains the same and also anything else It’s just that now Docker can leverage the ecosystem to innovate faster for you SYSTEM BUILDER Moby helps you to innovate without tying you to Docker You can build your own Container Runtime systems easier and faster
  • 30. “The Moby Project is to Docker what Fedora is to Red Hat Enterprise Linux„ — Solomon Hykes
  • 32. Thank You! Dieter Reuter @Quintus23M Credits: original slide deck by Docker Captain Lorenzo Fontana @fntlnz