162 lines
6.3 KiB
HTML
162 lines
6.3 KiB
HTML
<!doctype html>
|
|
<html>
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
|
|
|
|
<title>reveal.js</title>
|
|
|
|
<link rel="stylesheet" href="dist/reset.css">
|
|
<link rel="stylesheet" href="dist/reveal.css">
|
|
<link rel="stylesheet" href="dist/theme/beige.css" id="theme">
|
|
|
|
<!-- Theme used for syntax highlighted code -->
|
|
<link rel="stylesheet" href="plugin/highlight/monokai.css" id="highlight-theme">
|
|
</head>
|
|
<body>
|
|
<div class="reveal">
|
|
<div class="slides">
|
|
|
|
<section>
|
|
<section data-markdown data-separator="---" data-separator-notes="^Note:">
|
|
<textarea data-template>
|
|
<u>Containers</u>
|
|
<br/>
|
|
<br/>
|
|
Ameya Shenoy
|
|
<br/>
|
|
<a href="https://github.com/codingcoffee" target="_blank">@codingcoffee</a>
|
|
Note:
|
|
Feel free to heckle.
|
|
Interupt me. Ask questions in the middle, makes this fun, I like it.
|
|
Or you can wait till the end, but interactive is good
|
|
</textarea>
|
|
</section>
|
|
</section>
|
|
|
|
<section>
|
|
<section data-markdown data-separator="---" data-separator-notes="^Note:">
|
|
<textarea data-template>
|
|
<img data-src="./images/vm_vs_container.jpg"></img>
|
|
<br/>
|
|
VM Vs Container
|
|
Note:
|
|
I'll be talking about containers, their basic underlying working, their functionality how eYantra can benefit it
|
|
been around since 2008, as c-groups in linux, this paved the path for containers later on
|
|
- examples: firejail, lxc, docker
|
|
|
|
---
|
|
|
|
Limitations of VM
|
|
- dependency hell
|
|
- versioning
|
|
- upgrades
|
|
- replication
|
|
|
|
Note:
|
|
- originally traditional servers, perfect replication not possible, multiple variables
|
|
- os, os version, os deps and versions, application deps and versions
|
|
- probelems
|
|
- versioning: i setup test env today, and setup production tomorrow, there may be inconcistency in the OS level deps, which may cause incompatibility
|
|
- upgrade: keeping all deps updated is important to avoid security vulns, but it comes at a cost of inconcistency
|
|
- replication: b/w qa and prod env, local dev, works on my machine, doesnt work in prod, dev work on mac books, prod is centos
|
|
|
|
---
|
|
|
|
Containers
|
|
- filesystem isolation
|
|
- process isolation
|
|
- device isolation
|
|
- network isolation
|
|
- scaling
|
|
|
|
Note:
|
|
- now containres, package entire app, incluing the OS level deps, makes it easy to deploy and have concistency in the environemnts
|
|
|
|
- now:
|
|
- isolation
|
|
- fs: file:///home/cc firefox demo, iso apps scannnig directories they are not supposed to, like chrome
|
|
- process: app 1 isnt aware about app b running
|
|
- d run -it --rm --name nginx nginx:alpine
|
|
- d exec -it nginx sh
|
|
- device: GPU
|
|
- lxc exec steam -- sudo --login --user ubuntu bash
|
|
- nvidia-smi
|
|
- lxc exec matlab -- sudo --login --user ubuntu bash
|
|
- nvidia-smi
|
|
- network:
|
|
- d run -it --rm python:3.9.4-alpine3.13 sh
|
|
- d run -it --rm --network none python:3.9.4-alpine3.13 sh
|
|
- scaling: better utilization of resources, resource allocation and sharing
|
|
|
|
---
|
|
|
|
Kubernetes
|
|
- 0 downtime upgrade <a href="https://nginx-blue-green.codingcoffee.me/" target="_blank">demo</a>
|
|
- maintains state
|
|
- scaling
|
|
|
|
Note:
|
|
- Production-Grade Container Orchestration Platform
|
|
- container orchestration takes away a lot of operations workload from engg
|
|
- SSL termination
|
|
- think of k8s as a knowledge base of all the best practicies of deployment for applications built at scale by Google
|
|
|
|
</textarea>
|
|
</section>
|
|
</section>
|
|
|
|
<section>
|
|
<section data-markdown data-separator="---" data-separator-notes="^Note:">
|
|
<textarea data-template>
|
|
Refs
|
|
- <a href="https://ieeexplore.ieee.org/abstract/document/7036275" target="_blank">To Docker or Not to Docker: A Security Perspective</a>
|
|
- <a href="https://arxiv.org/abs/1501.02967" target="_blank">Analysis of Docker Security</a>
|
|
- <a href="https://www.seltzer.com/margo/teaching/CS508.19/papers/merkel14.pdf" target="_blank">Lightweight Linux Containers for Consistent Development and Deployment</a>
|
|
|
|
Note:
|
|
- A few papers which I read, but I'd rather you practically use this stuff
|
|
</textarea>
|
|
</section>
|
|
</section>
|
|
|
|
<section>
|
|
<section data-markdown data-separator="---" data-separator-notes="^Note:">
|
|
<textarea data-template>
|
|
Thanks for listening!
|
|
<br/>
|
|
<br/>
|
|
<br/>
|
|
<div style="text-align: left">
|
|
<small>
|
|
<a href="https://gitea.codingcoffee.me/codingcoffee/slides" target="_blank">codingcoffee/slides</a>
|
|
</small>
|
|
</div>
|
|
<div style="text-align: right">
|
|
<a href="https://codingcoffee.dev/" target="_blank">Ameya Shenoy</a>
|
|
</div>
|
|
</textarea>
|
|
</section>
|
|
</section>
|
|
</div>
|
|
</div>
|
|
|
|
<script src="dist/reveal.js"></script>
|
|
<script src="plugin/notes/notes.js"></script>
|
|
<script src="plugin/markdown/markdown.js"></script>
|
|
<script src="plugin/highlight/highlight.js"></script>
|
|
<script>
|
|
// More info about initialization & config:
|
|
// - https://revealjs.com/initialization/
|
|
// - https://revealjs.com/config/
|
|
Reveal.initialize({
|
|
hash: true,
|
|
slideNumber: 'c/t',
|
|
// showNotes: true,
|
|
|
|
// Learn about plugins: https://revealjs.com/plugins/
|
|
plugins: [ RevealMarkdown, RevealHighlight, RevealNotes ]
|
|
});
|
|
</script>
|
|
</body>
|
|
</html>
|