I figured it would be nice to have one canonical place for talks I have given on containers, container security, Docker, Kubernetes, and Open Source. So here it is…
This talk will dive into some of the problems of running servers at scale, including data from surveys about physical infrastructure and firmware concerns. In this talk, we’ll understand how open source firmware will solve some of these common problems. Why is open source firmware important for security and root of trust? We’ll discuss that as well, and cover the state of open source firmware today.
Co-Speakers: Justin Cormack, Per Buer, Allison Randal, Kenton Varda
Applications have been isolated by lots of different means: processes, virtual machines, containers, and new methods are appearing such as SGX and in-process isolates. What is secure? Have Spectre and Meltdown changed the landscape? What should be used?
This talk takes a deep dive into Intel’s SGX technology. It covers an overview of computer architecture as background and walks the audience through one version of the hardware and its flaws, as well as what changed in the next version.
This talk goes over using containers on AWS.
Chaos engineering and stories of bugs about containers.
Like the movie Plan 9 from outer space, this talk covers containers from user space. What are they? Where did they come from? How much koolaid is involved in adopting them into your life… watch for the jokes, learn from the interesting technical details.
Co-Speaker: Alex Mohr
This talk covers all the ways you can secure your Kubernetes cluster using a Certificate Authority, Authentication, Secrets and more. We also describe and demonstrate the ways you can use Seccomp, AppArmor, SELinux and cgroups to make your application containers as secure as possible - so you can build organizational and customer trust.
This talk covers how to build a secure desktop OS with only containers and CoreOS Container Linux. It also describes the benefits gained from using Container Linux as a base OS and how to go about running it on the desktop.
Co-Speaker: Brandon Philips
This talk covers how we designed an awesome security release process for Kubernetes and all it’s sub-projects.
Open source projects strive to be transparent in everything they do, but when it comes to fixing security patches they need to find the right balance of “open” and “responsible.” This means vulnerabilities should be reported in a safe way as well as patches tested and reviewed with a limited audience. The companies that rely on Kubernetes should have time to patch their systems before a public announcement.
Various sets of infrastructure and collaboration are needed to make this a reality. The design we used could also be applied to other projects and even internally in your company.
This talk demonstrates how to build containers from the Primitives in Linux without using a container runtime. Learn about the objects that make up containers themselves.
When working on open source projects, your contributions and opinions on the project and its motives are usually very personal. This talk covers intricacies of “choosing your battles” and how personal passion for a project might conflict with corporate motives.
This talk covers the differences between application sandboxes and containers. The most well known sandbox is Chrome, for providing “hard guarantees about what ultimately a piece of code can or cannot do no matter what its inputs are”.
At its core, the Linux Chrome sandbox uses namespaces along with seccomp and other native features to provide these guarantees. Containers are composed of the same primitives. What is needed for containers to provide this promise? Can it be done by default? What steps are already being made to get towards containers that actually “contain”? What challenges will be faced?
Co-Speaker: Arnaud Porterie
Learn about the latest capabilities in Docker Engine and how to use them in your application. This session also covers best practices for using Engine, troubleshooting tips, and cool lesser known features.
This video has the first ever demo of Seccomp in Docker as well as a fun story about trying to save a docker image to a floppy disk.
This talk is a 100% live demo of running desktop applications in containers. Everything from Spotify to Skype. Explore some of the more interesting things you can containerize on Linux. View first hand different workflows for how to run/build different apps in containers. This talk covers desktop apps as well as some other apps you would have never thought could run in a container.
This talk has live demos of desktop applications in containers including Steam.
This talk goes over the way the Docker project uses containers for their testing infrastructure as well as internal infrastructure. Find out about real pain points solved by running things in containers as well as some different hurdles uncovered along the way.
This talk recounts stories from the trenches of developing Docker, explaining 3
odd things her team stumbled upon in their Go code and how they fixed them. One
of which is very odd and gets into the depths of
Francesc Campoy and I talk all about Dockercon EU and containers.