Changes between Version 11 and Version 12 of K8sFutures2019


Ignore:
Timestamp:
02/06/19 16:39:30 (6 years ago)
Author:
darkblueb
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • K8sFutures2019

    v11 v12  
    4545**Container Technology Details**
    4646
    47 A spirited and deeply technical presentation was given by senior RedHat engineer Dan Walsh [1]. The featured twitter channel was **#nobigfatdaemons**.  A tour of Github / containers [2] related material included skopeo, image, podman, storage, CRI-O, conmon, and buildah. A core concept of the presentation was that containers need not be monoliths, and that building containers should be a flexible process with a choice of toolchains. There is a preference from a security perspective of making containers that can run read-only, with any storage needs specifically built with finite (traceable) bounds. Eliminating the "base-image" concept is worthwhile. A useful idea in the presentation was that the execution of containers can be for different purposes, with different security obligations for each of:  building;  run to experiment and explore; run in production.  A demonstration of alternative runtimes for containers was shown, emphasizing the Docker container definition, but flexibly reducing the privileges required for any given container to run.
     47A spirited and deeply technical presentation was given by senior RedHat_Inc engineer Dan Walsh [1]. The featured twitter channel was **#nobigfatdaemons**.  A tour of Github / containers [2] related material included skopeo, image, podman, storage, CRI-O, conmon, and buildah. A core concept of the presentation was that containers need not be monoliths, and that building containers should be a flexible process with a choice of toolchains. There is a preference from a security perspective of making containers that can run read-only, with any storage needs specifically built with finite (traceable) bounds. Eliminating the "base-image" concept is worthwhile. A useful idea in the presentation was that the execution of containers can be for different purposes, with different security obligations for each of:  building;  run to experiment and explore; run in production.  A demonstration of alternative runtimes for containers was shown, emphasizing the Docker container definition, but flexibly reducing the privileges required for any given container to run.
    4848
    4949Many other topics and technology chains were presented during the course of the day. Without listing exhaustively, it could be said that there are numerous, relevant technology projects over the years from RedHat and others, but that evolution and market-forces are causing each to re-justify itself with respect to K8s and Docker in this presentation.  Intel Corporation was a sponsor of this event, and occasional references to Intel were uniformly positive and without critical or controversial content.