This blog is a continuation of my previous blog on Container standards. In this blog, we will look inside a Container image to understand the filesystem and manifest files that describes the Container. We will cover Container images in Docker, APPC and OCI formats. As mentioned in previous blog, these Container images will converge into … Continue reading Looking inside Container Images→
In this blog, I will cover some of the standardization effort that is happening in the Containers area. I will cover some history, current status and also mention how the future looks like. In the next blog, we will look inside ACI and OCI Container images. Container Standards Lot of developments in Container area are done … Continue reading Container Standards→
This is a continuation of my previous blog on macvlan and ipvlan Linux network drivers. Docker has added support for macvlan and ipvlan drivers and its currently in experimental mode as of Docker release 1.11. Example used in this blog In this example, we will use Docker macvlan and ipvlan network plugins for Container communication … Continue reading Docker macvlan and ipvlan network plugins→
This is a continuation of my previous blog on macvlan and ipvlan Linux network drivers. In this blog, I will cover usage of macvlan and ipvlan network plugins with CoreOS Rkt Container runtime and CNI(Container network interface). Rkt and CNI Rkt is another Container runtime similar to Docker. CNI is Container networking standard proposed by … Continue reading Macvlan and ipvlan in CoreOS→
Macvlan and ipvlan are Linux network drivers that exposes underlay or host interfaces directly to VMs or Containers running in the host. In this blog, I will cover basics of macvlan and ipvlan, compare macvlan and ipvlan to Linux bridge and sub-interfaces and also show how to create these interfaces in Linux system. In the … Continue reading Macvlan and IPvlan→
Docker Experimental channel is used to release experimental Docker features so that Docker users can try the new features and provide feedback. It is nice to use the experimental Docker in a test environment rather than upgrading Docker in the main development machine. The preferred approach is to use docker-machine and create a VM with experimental Docker. … Continue reading Experimental Docker with Docker machine→
Contiv is an Open source project driven primarily by Cisco for policy based networking, storage and cluster management for containerized applications. In this blog, I will cover some of the hands-on stuff that I tried with Contiv Networking. I used the sample examples provided in Contiv documentation as starting point. For Contiv networking basics, you can refer … Continue reading Contiv Networking policy Hands-on→
Contiv is an Open source project driven primarily by Cisco for policy based networking, storage and cluster management for containerized applications. In this blog, I will focus on how Contiv does policy based Container networking. In the next blog, I will cover some hands-on stuff that I tried with Contiv. Container Policy Policies have become critical … Continue reading Contiv – Policy based networking for Containers→
I recently saw the Openstack self-healing demo from CoreOS team using Tectonic(Stackanetes project) and I kind of felt that the boundary between Containers and VMs are blurring. In this blog, I discuss the usecase of deploying Openstack using Containers. We typically think of Openstack as a VM Orchestration tool. Openstack is composed of numerous services … Continue reading Openstack Deployment using Containers→
I did a presentation on CoreOS and Service Discovery in Opensource Meetup group last week. Following are related slides and demo recording. CoreOS Overview and Current Status Slides: CoreOS Overview and Current Status from Sreenivas Makam CoreOS HA Demo recording: Scripts used are available here. Service Discovery using etcd, Consul and Kubernetes Slides: Service Discovery using … Continue reading Opensource Meetup Presentation→
In a Microservices architecture, Services are dynamic, distributed and present in large numbers. It is needed to have a good Service discovery solution to address this dynamic problem. In this blog, I will cover basics of Service discovery and using Consul to do Service discovery. What is Service discovery? Service discovery should provide the following: … Continue reading Service Discovery with Consul→
Mantl is an Open source project from Cisco and it provides an integrated solution to deploy distributed Microservices. Any company deploying Microservices has to integrate different components before the solution becomes production ready. Mantl makes it easier by integrating the different components and providing the glue software that integrates the components. In this blog, I … Continue reading Microservices Infrastructure using Mantl→
Typical Opensource demo applications comes packaged as a Vagrant application which starts a bunch of VMs and does automatic provisioning. I have a Windows machine with Virtualbox and VMWare player installed. Since Virtualbox does not support nested virtualization with 64 bit VMs(More details can be found in my previous blogs on Virtualbox and VMWare player), … Continue reading Baremetal cloud using Packet→
This is the fourth part of my Docker security series. In this blog, we will cover ways to secure Container images. Following are the other parts (1, 2, 3) Docker image signing: Docker Container images can be stored either in public or private registry. It is needed to sign Container images so that the client knows that image … Continue reading Docker Security – part 4(Container image)→
This is the third part of my Docker security series. In this blog, we will cover ways to securely access Docker engine. Following are the other parts (1, 2, 4) Docker engine access: Docker engine runs as a daemon and by default listens on the Unix socket, “unix:///var/ run/docker.sock”. Docker start options are specified in “/etc/default/docker”. To allow … Continue reading Docker Security – part 3(Engine access)→
This is the second part of my Docker security series. In this blog, we will cover security features around Docker engine. Following are the other parts(1, 3, 4) Namespaces: Docker makes use of the following Linux kernel Namespaces to achieve Container isolation: pid namespace mount namespace network namespace ipc namespace UTS namespace To illustrate the … Continue reading Docker Security – part 2(Docker Engine)→
There is a general perception that Containers, especially Docker Containers, are insecure. It is true that Containers are not as secure as VM since all Containers in a single machine share the same kernel and compromising one Container can cause host level compromise or compromise with other Containers. There are many ways to harden Containers and … Continue reading Docker Security – part 1(Overview)→
Following link captures the slides on Container monitoring with Sysdig that I presented at Docker Meetup, Bangalore on February 27, 2016. Following are the 2 demo recordings:
My book “Mastering CoreOS” finally got published on February 27, 2016. Big thanks to everyone who supported me in this effort. Motivation for writing this book as well as relevant links to purchase and get more details can be found here. I will keep my fingers crossed on the feedback… I am hoping that the … Continue reading “Mastering CoreOS” book got published!→