<u>Containers</u> <br/> <br/> Ameya Shenoy <br/> <a href="https://github.com/codingcoffee" target="_blank">@codingcoffee</a> Note: Feel free to heckle. Interupt me. Ask questions in the middle, makes this fun, I like it. Or you can wait till the end, but interactive is good

<img data-src="./images/vm_vs_container.jpg"></img> <br/> VM Vs Container Note: I'll be talking about containers, their basic underlying working, their functionality how eYantra can benefit it been around since 2008, as c-groups in linux, this paved the path for containers later on - examples: firejail, lxc, docker --- Limitations of VM - dependency hell - versioning - upgrades - replication Note: - originally traditional servers, perfect replication not possible, multiple variables - os, os version, os deps and versions, application deps and versions - probelems - versioning: i setup test env today, and setup production tomorrow, there may be inconcistency in the OS level deps, which may cause incompatibility - upgrade: keeping all deps updated is important to avoid security vulns, but it comes at a cost of inconcistency - replication: b/w qa and prod env, local dev, works on my machine, doesnt work in prod, dev work on mac books, prod is centos --- Containers - filesystem isolation - process isolation - device isolation - network isolation - scaling Note: - now containres, package entire app, incluing the OS level deps, makes it easy to deploy and have concistency in the environemnts - now: - isolation - fs: file:///home/cc firefox demo, iso apps scannnig directories they are not supposed to, like chrome - process: app 1 isnt aware about app b running - d run -it --rm --name nginx nginx:alpine - d exec -it nginx sh - device: GPU - lxc exec steam -- sudo --login --user ubuntu bash - nvidia-smi - lxc exec matlab -- sudo --login --user ubuntu bash - nvidia-smi - network: - d run -it --rm python:3.9.4-alpine3.13 sh - d run -it --rm --network none python:3.9.4-alpine3.13 sh - scaling: better utilization of resources, resource allocation and sharing --- Kubernetes - 0 downtime upgrade <a href="https://nginx-blue-green.codingcoffee.me/" target="_blank">demo</a> - maintains state - scaling Note: - Production-Grade Container Orchestration Platform - container orchestration takes away a lot of operations workload from engg - SSL termination - think of k8s as a knowledge base of all the best practicies of deployment for applications built at scale by Google

Refs - <a href="https://ieeexplore.ieee.org/abstract/document/7036275" target="_blank">To Docker or Not to Docker: A Security Perspective</a> - <a href="https://arxiv.org/abs/1501.02967" target="_blank">Analysis of Docker Security</a> - <a href="https://www.seltzer.com/margo/teaching/CS508.19/papers/merkel14.pdf" target="_blank">Lightweight Linux Containers for Consistent Development and Deployment</a> Note: - A few papers which I read, but I'd rather you practically use this stuff

Thanks for listening! <br/> <br/> <br/> <div style="text-align: left"> <small> <a href="https://gitea.codingcoffee.me/codingcoffee/slides" target="_blank">codingcoffee/slides</a> </small> </div> <div style="text-align: right"> <a href="https://codingcoffee.dev/" target="_blank">Ameya Shenoy</a> </div>