monitoring containers with bpf
play

Monitoring Containers with BPF Jonathan Perry, Flowmill Agenda / - PowerPoint PPT Presentation

Aug 13, 2023 •245 likes •1.43k views

Monitoring Containers with BPF Jonathan Perry, Flowmill Agenda / Claims Agenda / Claims 1. Visibility into connections between services facilitates SRE/DevOps. Agenda / Claims 1. Visibility into connections between services facilitates

  1. 3. It is easy to navigate large deployments by looking at neighborhoods. Even small deployments can have 
 complex connectivity

  2. 3. It is easy to navigate large deployments by looking at neighborhoods. Even small deployments can have 
 complex connectivity

  3. 3. It is easy to navigate large deployments by looking at neighborhoods. Even small deployments can have 
 complex connectivity

  6. 3. It is easy to navigate large deployments by looking at neighborhoods. Neighborhood: 
 All the services up to N hops from the selection

  7. 3. It is easy to navigate large deployments by looking at neighborhoods. Neighborhood: 
 All the services up to N hops from the selection 1. Search

  8. 3. It is easy to navigate large deployments by looking at neighborhoods. Neighborhood: 
 All the services up to N hops from the selection 1. Search 2. Detected 
 anomalies

  9. 3. It is easy to navigate large deployments by looking at neighborhoods. Neighborhood: 
 All the services up to N hops from the selection 1. Search 2. Detected 
 anomalies 3. Alerts 
 (Slack/PagerDuty etc.)

  10. 4. Connection visibility can point to failure domains: version, instance, zone. Got an alert / anomaly. Now what? Common causes: • New version deploy • Overloaded / borked instance • Geo / zone failure Or, helpful to know if failure concentrated on single • Container spec • Process • Port

  13. Agenda / Claims

  14. Agenda / Claims 1. Visibility into connections between services facilitates SRE/DevOps.

  15. Agenda / Claims 1. Visibility into connections between services facilitates SRE/DevOps. 2. Effective triage requires visibility into how network infrastructure affects services.

  16. Agenda / Claims 1. Visibility into connections between services facilitates SRE/DevOps. 2. Effective triage requires visibility into how network infrastructure affects services. 3. It is easy to navigate large deployments by looking at neighborhoods .

  17. Agenda / Claims 1. Visibility into connections between services facilitates SRE/DevOps. 2. Effective triage requires visibility into how network infrastructure affects services. 3. It is easy to navigate large deployments by looking at neighborhoods . 4. Connection visibility can point to failure domains : version, instance, zone.

  18. Agenda / Claims 1. Visibility into connections between services facilitates SRE/DevOps. 2. Effective triage requires visibility into how network infrastructure affects services. 3. It is easy to navigate large deployments by looking at neighborhoods . 4. Connection visibility can point to failure domains : version, instance, zone. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility.

  19. Agenda / Claims 1. Visibility into connections between services facilitates SRE/DevOps. 2. Effective triage requires visibility into how network infrastructure affects services. 3. It is easy to navigate large deployments by looking at neighborhoods . 4. Connection visibility can point to failure domains : version, instance, zone. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. 6. Linux CLI provides great visibility without per-application changes.

  20. Agenda / Claims 1. Visibility into connections between services facilitates SRE/DevOps. 2. Effective triage requires visibility into how network infrastructure affects services. 3. It is easy to navigate large deployments by looking at neighborhoods . 4. Connection visibility can point to failure domains : version, instance, zone. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. 6. Linux CLI provides great visibility without per-application changes. 7. BPF enables 1-second granularity, low-overhead, full coverage of connections.

  21. Agenda / Claims 1. Visibility into connections between services facilitates SRE/DevOps. 2. Effective triage requires visibility into how network infrastructure affects services. 3. It is easy to navigate large deployments by looking at neighborhoods . 4. Connection visibility can point to failure domains : version, instance, zone. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. 6. Linux CLI provides great visibility without per-application changes. 7. BPF enables 1-second granularity, low-overhead, full coverage of connections. 8. BPF can handle encrypted connections (with uprobes)

  22. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. Logs, metrics, tracing, service meshes Each is great for its own use case! • Logs: low barrier, app internals • Metrics: dashboards on internals & business metrics • Tracing: cross-service examples of bad cases • Service mesh: aggregated connectivity, security, circuit breaking But…

  23. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. Cons: • Engineering time: requires per-service work (and maintenance) • Performance and cost • No infra visibility (drops, RTT) • Logs+Metrics: service centric, not connection • Tracing: sampling, cost

  24. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. Service mesh caveats Service Service Envoy Envoy cluster cluster HTTP HTTP conn mgr conn mgr cluster

  25. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. Service mesh caveats misconfigured mesh → broken telemetry. ● ○ want telemetry from a different source to debug the mesh Service Service Envoy Envoy cluster cluster HTTP HTTP conn mgr conn mgr cluster

  26. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. Service mesh caveats misconfigured mesh → broken telemetry. ● ○ want telemetry from a different source to debug the mesh ● partial deployments & managed services Service Service Envoy Envoy cluster cluster HTTP HTTP conn mgr conn mgr cluster

  27. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. Service mesh caveats misconfigured mesh → broken telemetry. ● ○ want telemetry from a different source to debug the mesh ● partial deployments & managed services ● no transport layer data (packet drops, RTT) Service Service Envoy Envoy cluster cluster HTTP HTTP conn mgr conn mgr cluster

  28. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. Service mesh caveats misconfigured mesh → broken telemetry. ● ○ want telemetry from a different source to debug the mesh ● partial deployments & managed services ● no transport layer data (packet drops, RTT) ● doesn’t solve the analysis part. Data is either ○ too aggregated - missing info on failure domains (version, zone, node) ○ too detailed (access logs) - still need to process 100k+ events/sec Service Service Envoy Envoy cluster cluster HTTP HTTP conn mgr conn mgr cluster

  29. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. Service mesh caveats misconfigured mesh → broken telemetry. ● ○ want telemetry from a different source to debug the mesh ● partial deployments & managed services ● no transport layer data (packet drops, RTT) ● doesn’t solve the analysis part. Data is either ○ too aggregated - missing info on failure domains (version, zone, node) ○ too detailed (access logs) - still need to process 100k+ events/sec Service Service Envoy Envoy cluster cluster HTTP HTTP conn mgr conn mgr cluster

  30. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. Service mesh caveats misconfigured mesh → broken telemetry. ● ○ want telemetry from a different source to debug the mesh ● partial deployments & managed services ● no transport layer data (packet drops, RTT) ● doesn’t solve the analysis part. Data is either ○ too aggregated - missing info on failure domains (version, zone, node) ○ too detailed (access logs) - still need to process 100k+ events/sec Service Service Envoy Envoy cluster cluster HTTP HTTP conn mgr conn mgr cluster

  31. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. Service mesh caveats misconfigured mesh → broken telemetry. ● ○ want telemetry from a different source to debug the mesh ● partial deployments & managed services ● no transport layer data (packet drops, RTT) ● doesn’t solve the analysis part. Data is either ○ too aggregated - missing info on failure domains (version, zone, node) ○ too detailed (access logs) - still need to process 100k+ events/sec Service Service Envoy Envoy cluster cluster HTTP HTTP conn mgr conn mgr cluster

  32. 5. Logging, metrics, tracing, service meshes are not ideal for connection visibility. Service mesh caveats misconfigured mesh → broken telemetry. ● ○ want telemetry from a different source to debug the mesh ● partial deployments & managed services ● no transport layer data (packet drops, RTT) ● doesn’t solve the analysis part. Data is either ○ too aggregated - missing info on failure domains (version, zone, node) ○ too detailed (access logs) - still need to process 100k+ events/sec ● eBPF user probes can efficiently get data from mesh and transport layer Service Service Envoy Envoy cluster cluster HTTP HTTP conn mgr conn mgr cluster

  33. 6. Linux CLI provides great visibility without per-application changes. Socket: Timestamp Source Destination Ports Bytes Drops RTT 1418530010 172.31.16.139 172.31.16.21 20641 22 4249 2 4 ms Protocol: Method Endpoint Code GET checkout?q=hrz4N 200

  34. 6. Linux CLI provides great visibility without per-application changes. Socket: Timestamp Source Destination Ports Bytes Drops RTT 1418530010 172.31.16.139 172.31.16.21 20641 22 4249 2 4 ms Protocol: Method Endpoint Code GET checkout?q=hrz4N 200 K8s: Tag IP Pod Zone Image 172.31.16.139 frontend frontend-image v1.16 us-west-1c 172.31.16.21 checkoutservice checkout-image v2.12a us-west-1a

  35. 6. Linux CLI provides great visibility without per-application changes. Socket: Timestamp Source Destination Ports Bytes Drops RTT 1418530010 172.31.16.139 172.31.16.21 20641 22 4249 2 4 ms Protocol: Method Endpoint Code GET checkout?q=hrz4N 200 K8s: Tag IP Pod Zone Image 172.31.16.139 frontend frontend-image v1.16 us-west-1c 172.31.16.21 checkoutservice checkout-image v2.12a us-west-1a Joined : Timestamp Source Destination Ports Bytes Drops RTT 1418530010 frontend checkout 20641 22 4249 2 4 ms frontend-image checkout-image v1.16 v2.12a Method Endpoint Code us-west-1c us-west-1a GET checkout?q=hrz4N 200

  36. 6. Linux CLI provides great visibility without per-application changes. Getting Flow Data A X B

  37. 6. Linux CLI provides great visibility without per-application changes. Getting Flow Data A X iptables B

  38. 6. Linux CLI provides great visibility without per-application changes. Getting Flow Data A A → X X iptables B

  39. 6. Linux CLI provides great visibility without per-application changes. Getting Flow Data A A → X (A,X) ~ X (A,B) iptables B

  40. 6. Linux CLI provides great visibility without per-application changes. Getting Flow Data A A → X (A,X) ~ X (A,B) iptables A → B B

  41. 6. Linux CLI provides great visibility without per-application changes. Getting Flow Data $ kubectl describe pod $POD Name: A Namespace: staging ... A Status: Running IP: 100.101.198.137 A → X Controlled By: ReplicaSet/A (A,X) ~ X (A,B) iptables A → B B

  42. 6. Linux CLI provides great visibility without per-application changes. Getting Flow Data $ kubectl describe pod $POD Name: A Namespace: staging ... A Status: Running IP: 100.101.198.137 A → X Controlled By: ReplicaSet/A (A,X) ~ X (A,B) iptables A → B B

  43. 6. Linux CLI provides great visibility without per-application changes. Getting Flow Data $ kubectl describe pod $POD Name: A Namespace: staging ... A Status: Running IP: 100.101.198.137 A → X Controlled By: ReplicaSet/A # PID=`docker inspect -f '{{.State.Pid}}' $CONTAINER` \ (A,X) nsenter -t $PID -n ss -ti ~ ESTAB 0 0 100.101.198.137:34940 100.65.61.118:8000 X (A,B) cubic wscale:9,9 rto:204 rtt:0.003/0 mss:1448 iptables cwnd:19 ssthresh:19 bytes_acked:2525112 segs_out:15664 segs_in:15578 data_segs_out:15662 send 73365.3Mbps lastsnd:384 A → B lastrcv:10265960 lastack:384 rcv_space:29200 minrtt:0.002 B

  44. 6. Linux CLI provides great visibility without per-application changes. Getting Flow Data $ kubectl describe pod $POD Name: A Namespace: staging ... A Status: Running IP: 100.101.198.137 A → X Controlled By: ReplicaSet/A # PID=`docker inspect -f '{{.State.Pid}}' $CONTAINER` \ (A,X) nsenter -t $PID -n ss -ti A X ~ ESTAB 0 0 100.101.198.137:34940 100.65.61.118:8000 X (A,B) cubic wscale:9,9 rto:204 rtt:0.003/0 mss:1448 iptables cwnd:19 ssthresh:19 bytes_acked:2525112 segs_out:15664 segs_in:15578 data_segs_out:15662 send 73365.3Mbps lastsnd:384 A → B lastrcv:10265960 lastack:384 rcv_space:29200 minrtt:0.002 B

  45. 6. Linux CLI provides great visibility without per-application changes. Getting Flow Data $ kubectl describe pod $POD Name: A Namespace: staging ... A Status: Running IP: 100.101.198.137 A → X Controlled By: ReplicaSet/A # PID=`docker inspect -f '{{.State.Pid}}' $CONTAINER` \ (A,X) nsenter -t $PID -n ss -ti A X ~ ESTAB 0 0 100.101.198.137:34940 100.65.61.118:8000 X (A,B) cubic wscale:9,9 rto:204 rtt:0.003/0 mss:1448 iptables cwnd:19 ssthresh:19 bytes_acked:2525112 segs_out:15664 segs_in:15578 data_segs_out:15662 send 73365.3Mbps lastsnd:384 A → B lastrcv:10265960 lastack:384 rcv_space:29200 minrtt:0.002 # conntrack -L tcp 6 86399 ESTABLISHED src=100.101.198.137 dst=100.65.61.118 sport=34940 dport=8000 B src=100.101.198.147 dst=100.101.198.137 sport=8000 dport=34940 [ASSURED] mark=0 use=1

  46. 6. Linux CLI provides great visibility without per-application changes. Getting Flow Data $ kubectl describe pod $POD Name: A Namespace: staging ... A Status: Running IP: 100.101.198.137 A → X Controlled By: ReplicaSet/A # PID=`docker inspect -f '{{.State.Pid}}' $CONTAINER` \ (A,X) nsenter -t $PID -n ss -ti A X ~ ESTAB 0 0 100.101.198.137:34940 100.65.61.118:8000 X (A,B) cubic wscale:9,9 rto:204 rtt:0.003/0 mss:1448 iptables cwnd:19 ssthresh:19 bytes_acked:2525112 segs_out:15664 segs_in:15578 data_segs_out:15662 send 73365.3Mbps lastsnd:384 A → B lastrcv:10265960 lastack:384 rcv_space:29200 minrtt:0.002 # conntrack -L tcp 6 86399 ESTABLISHED src=100.101.198.137 A X dst=100.65.61.118 sport=34940 dport=8000 B src=100.101.198.147 dst=100.101.198.137 sport=8000 B A dport=34940 [ASSURED] mark=0 use=1

  47. 6. Linux CLI provides great visibility without per-application changes. CLI tools have disadvantages • Performance: ○ iterates over all sockets ○ built for CLI use (printfs)

  48. 6. Linux CLI provides great visibility without per-application changes. CLI tools have disadvantages • Performance: ○ iterates over all sockets ○ built for CLI use (printfs) • Coverage : Linux CLI tools are polling based

  49. 6. Linux CLI provides great visibility without per-application changes. CLI tools have disadvantages • Performance: ○ iterates over all sockets ○ built for CLI use (printfs) • Coverage : Linux CLI tools are polling based poll poll poll poll time

  50. 6. Linux CLI provides great visibility without per-application changes. CLI tools have disadvantages • Performance: ○ iterates over all sockets ○ built for CLI use (printfs) • Coverage : Linux CLI tools are polling based poll poll socket poll poll time

  51. 6. Linux CLI provides great visibility without per-application changes. CLI tools have disadvantages • Performance: ○ iterates over all sockets ○ built for CLI use (printfs) • Coverage : Linux CLI tools are polling based poll poll socket poll poll time → Misses events between polls

  52. Enter eBPF • Linux bpf() system call since 3.18 • Run code on kernel events • Only changes, more data • Safe: In-kernel verifier, read-only • Fast: JIT-compiled Unofficial BPF mascot by Deirdré Straughan

  53. Enter eBPF • Linux bpf() system call since 3.18 • Run code on kernel events • Only changes, more data • Safe: In-kernel verifier, read-only • Fast: JIT-compiled Unofficial BPF mascot by Deirdré Straughan → 100% coverage + no app changes + low overhead ftw!

  54. 7. BPF enables 1-second granularity, low-overhead, full coverage of connections. Using eBPF tcptop: ● instruments tcp_sendmsg and tcp_cleanup_rbuf

  57. 7. BPF enables 1-second granularity, low-overhead, full coverage of connections. Using eBPF tcptop: ● instruments tcp_sendmsg and tcp_cleanup_rbuf

  58. 7. BPF enables 1-second granularity, low-overhead, full coverage of connections. Using eBPF tcptop: ● instruments tcp_sendmsg and tcp_cleanup_rbuf ● need to be careful of races: # IPv4: build dict of all seen keys ipv4_throughput = defaultdict(lambda: [0, 0]) for k, v in ipv4_send_bytes.items(): key = get_ipv4_session_key(k) ipv4_throughput[key][0] = v.value ipv4_send_bytes.clear() as for loop is running, kernel continues with updates, clear() throws those out.

  59. 7. BPF enables 1-second granularity, low-overhead, full coverage of connections. Using eBPF tcptop: ● instruments tcp_sendmsg and tcp_cleanup_rbuf ● need to be careful of races: # IPv4: build dict of all seen keys ipv4_throughput = defaultdict(lambda: [0, 0]) for k, v in ipv4_send_bytes.items(): key = get_ipv4_session_key(k) ipv4_throughput[key][0] = v.value ipv4_send_bytes.clear() as for loop is running, kernel continues with updates, clear() throws those out.

  60. 7. BPF enables 1-second granularity, low-overhead, full coverage of connections. System architecture Flow Collection Kubernetes Agent ECS Docker Linux Containers 
 Processes 
 Socket 
 NAT

Recommend

Monitoring Rohit Jnagal Anushree Narasimha Outline Overview Monitoring for containers

Monitoring Rohit Jnagal Anushree Narasimha Outline Overview Monitoring for containers

Container native Monitoring Rohit Jnagal Anushree Narasimha Outline Overview Monitoring for containers Monitoring in a distributed system cAdvisor Application Metrics In cAdvisor Plumbing through a cluster Future

396 views • 27 slides
Monitoring In Motion Challenges in monitoring kubernetes, containers, and dynamic infrastructure.

Monitoring In Motion Challenges in monitoring kubernetes, containers, and dynamic infrastructure.

Monitoring In Motion Challenges in monitoring kubernetes, containers, and dynamic infrastructure. Ilan Rabinovitch ContainerCon Toronto Director, Technical Community Aug 24, 2016 Datadog $ finger ilan@datadog [datadoghq.com] Name:

989 views • 78 slides
Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are

Unprivileged Containers Jess Frazelle, @jessfraz How do containers help security? Containers are not going to be the answer to preventing your application from being compromised, but they can limit the damage from a compromise. How do

823 views • 25 slides
Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com

Improving Trust in Containers Matthew Garrett @mjg59 | mjg59@coreos.com | coreos.com Containers are great Containers are resource efficient Containers make deployment easy Containers can be monitored easily Containers are secure But are

508 views • 38 slides
Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega

Everything you need to know about Containers Security Track Containers Jos Manuel Ortega @jmortegac Agenda Introduction to containers security Linux Containers(LXC) Docker Security Security pipeline && Container

807 views • 57 slides
SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54

SUSE Containers as a Service Platform 53 53 Why Do You Want to Invest in Containers? 54 54 What are Containers? A package/image that can be deployed anywhere (thats running a Linux Kernel) Developers create a layered image of their

996 views • 53 slides
Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at

Herd of Containers Sad DIF Database Engineer Herd of Containers: PostgreSQL in containers at BlaBlaCar pgDay Paris, Mar 15, 2018 BlaBlaCar Overview Todays agenda PostgreSQL usage at BlaBlaCar Switching to a new implementation

844 views • 40 slides
Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have

Persistent storage for Containers Anil Degwekar What are we talking about? Containers have become popular replacing many Physical / Virtual Machine use cases But: The persistent storage problem for containers is still not fully solved

1.01k views • 17 slides
Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change

Containers in the Enterprise Avoiding the Kobayashi Maru Agenda Containers Bring Change An Approach Required Software Processes Cultural Changes Additional Concerns Lessons Learned Why This Talk? Containers are

678 views • 49 slides
Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs

Exploding the Linux Container Host Presenter: Ben Corrie (@bensdoings) Containers vs VMs Google Wisdom: VMs and Containers are similar but different Try running containers in VMs for security Containers are best for scale-out

314 views • 17 slides
our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can

our container journey @beshippable shippable.com our container journey containers can make us way more efficient containers can save us money on hosting containers sound interesting company founded in 2013

848 views • 30 slides
The proposed containers are "Flat-pack" type. Disassembled and reduced as

The proposed containers are "Flat-pack" type. Disassembled and reduced as

CON-IMEX CONTAINERS 2009 AKAR Logistics 70 Beecham Court Owings Mills, MD 21117 USA Sophia Akar Tel: + 410-961-7232 / + 410-961-0327 Fax: + 410-356-8267 sophia@akarlogistics.com 1 / 20 GENERAL The proposed containers are

313 views • 20 slides
Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk

Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk

Fairport Containers Supporting the Charity Retail Sector www.fairportcontainers.co.uk Introductions David Porter Fairport Containers Director Steve Collinson Managing Director Fairport Containers Ltd Tam Unsworth Recycling Banks

552 views • 28 slides
Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt

Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt

Singularity - Containers for Scientific Computing ZID Workshop Michael Fink Universitt Innsbruck Innsbruck Nov 2018 Overview Preliminaries Why containers Understanding Containers vs. Virtual Machines Comparison of

482 views • 37 slides
Alm dos Containers na Nuvem QConSP - Containers & Devops 26 April 2017 Guilherme Rezende

Alm dos Containers na Nuvem QConSP - Containers & Devops 26 April 2017 Guilherme Rezende

Alm dos Containers na Nuvem QConSP - Containers & Devops 26 April 2017 Guilherme Rezende Globo.com About me Software Engineer at Globo.com/Tsuru @guilhermebr (GitHub) in/guilhermebr (LinkedIn) @gbrezende (Twitter) Agenda Cloud Native

636 views • 45 slides
100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar -

100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar -

100% Containers Powered Carpooling Maxime Fouilleul Database Reliability Engineer BlaBlaCar - Facts & Figures Infrastructure Ecosystem - 100% containers powered carpooling Todays agenda Stateful Services into containers - MariaDB as

463 views • 45 slides
Containers, VMs, and Clouds: Containers & Clouds & VMs: OH My Oh My! Mike Coleman,

Containers, VMs, and Clouds: Containers & Clouds & VMs: OH My Oh My! Mike Coleman,

Containers, VMs, and Clouds: Containers & Clouds & VMs: OH My Oh My! Mike Coleman, Technology Evangelist Docker @mikegcoleman Who Am I? Technology evangelist at Docker Former: Puppet, VMware, MSFT, Intel, and HP First

390 views • 25 slides
Unprivileged GPU containers on a LXD cluster GPU-enabled system containers at scale Stphane

Unprivileged GPU containers on a LXD cluster GPU-enabled system containers at scale Stphane

Unprivileged GPU containers on a LXD cluster GPU-enabled system containers at scale Stphane Graber Christian Brauner LXD project leader LXD maintainer @stgraber @brau_ner https://stgraber.org https://brauner.io

394 views • 12 slides
Cloud Native and Container Technology Landscape Chris Aniszczyk (@cra) Rise of Containers and

Cloud Native and Container Technology Landscape Chris Aniszczyk (@cra) Rise of Containers and

Cloud Native and Container Technology Landscape Chris Aniszczyk (@cra) Rise of Containers and Cloud Native Computing! Google running 2B+ containers per week! Internet scale companies are running containers too: Facebook, Twitter,

1.8k views • 49 slides
Co Conti tinuous De Delivery y with th Co Containers: Th The Good, the Bad, and the Ug

Co Conti tinuous De Delivery y with th Co Containers: Th The Good, the Bad, and the Ug

Co Conti tinuous De Delivery y with th Co Containers: Th The Good, the Bad, and the Ug Ugly ly Daniel Bryant @danielbryantuk Containers: Expectations versus reality DevOps 21/05/2018 @danielbryantuk @danielbryantuk

1.08k views • 86 slides
SERVERLESS + CONTAINERS = MODERN CLOUD APPLICATIONS Donna Malayeri Product Manager, Pulumi

SERVERLESS + CONTAINERS = MODERN CLOUD APPLICATIONS Donna Malayeri Product Manager, Pulumi

SERVERLESS + CONTAINERS = MODERN CLOUD APPLICATIONS Donna Malayeri Product Manager, Pulumi @PulumiCorp @lindydonna SERVERLESS AND CONTAINERS Tradeoff between control and productivity Containers give you full control over your compute

720 views • 40 slides
How containers have panned out Adrian Trenaman, Raconteur & SVP Engineering, Gilt / HBC

How containers have panned out Adrian Trenaman, Raconteur & SVP Engineering, Gilt / HBC

How containers have panned out Adrian Trenaman, Raconteur & SVP Engineering, Gilt / HBC Digital Q-Con, New York, June 2016 @gilttech @adrian_trenaman @hbc_tech What competitive advantage did containers give you? Gilt: luxury designer

603 views • 41 slides
Brought to you by... What is... Server for running and managing Linux containers. What are

Brought to you by... What is... Server for running and managing Linux containers. What are

in the belly of the Brought to you by... What is... Server for running and managing Linux containers. What are Linux containers? Para-virtualized Linux instances. Why not regular virtualization? slooooooow gigantic images

788 views • 34 slides
X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native

X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native

X-Containers: Breaking Down Barriers to Improve Performance and Isolation of Cloud-Native Containers Zhiming Shen Cornell University Joint work with Zhen Sun, Gur-Eyal Sela, Eugene Bagdasaryan, Christina Delimitrou, Robbert Van Renesse, Hakim

266 views • 26 slides

More recommend