Bangalore has a great meetup scene for various technology and fun activities. I have been a member of a fair few but I can rarely make it to most given the schedule. However, I do try to make it to the Docker meetup as much as possible. Apart from the technology, it is the community that interests me and the organizers who work on this meetup have shown great community spirit.

This meetup was held in Infosys in Electronic City, Bangalore. Given that Infosys is a (very) large company, there were numerous security protocols around entry for meetup participants. The volunteers made it as smooth as possible and we walked in through the beautiful Infosys campus and into the building where the meetup was held. The room was well equipped for a presentation with microphones, cameras, and enough screens. The refreshments outside were very much needed too.

The meetup started with Neependra giving an account of DockerCon 2016 held in Seattle. This was followed by an introduction to Docker 1.12 by Ajeet Singh Raina which focused on orchestration. The new Docker Swarm mode looks really simple to use and lowers the barrier into orchestration (even for developer setups) without a whole ecosystem of tools. There was also some discussion on docker services and security.

This was followed by a discussion on Docker Network by Aditya Patawari. We discussed various network drivers available in Docker and how they work. We also discussed the user defined networks (bridge and overlay) and where they could be useful. Since overlay networks required a key/value store, we also saw etcd in action. We then discussed the new network drivers in Docker 1.12 which are specially built to handle orchestration.

We then had a more in-depth look into networking by Suraj Deshmukh where he explained two drivers – macvlan and ipvlan, what they do, and how they differ. This was in contrast with the overlay networks (which typically have some overhead). The macvlan and ipvlan form what are called underlay networks which work on layer 2 and layer 3 of the OSI stack respectively.

Then, Sreenivas Makam covered aspects of Docker Security at different layers. We discussed various namespaces which are responsible for effective isolation of a container. We discussed PID, mounts, network, IPC, and user namespaces. We also discussed Linux kernel features related to security like capabilities, seccomp, and SELinux and AppArmor. We then discussed secure access to the container images and a bit on container image scanning.

This was followed by a demo of container scanning using Atomic Scan by Lalatendu Mohanthy. We also discussed different aspects of scanning, and CVEs and how the process works. We saw this in action with Atomic Scan, which is based on OpenSCAP, check a RHEL image and report vulnerabilities.

We ended the day with an overview of Docker for Developers by Raj Kiran Venkata Kanaka Gade where we discussed what are the various options of getting started with docker for developers who don’t know much about it but are looking to use it in their workflow, particularly with their IDEs.

I wanted to thank all the speakers and organizers for such a productive and fun event, and Infosys for the venue and refreshments. The meetup ended at about 1:30 PM. I am now looking forward to the next Devops meetup this Saturday organized by some of the same team and DigitalOcean.

Photos below:

Docker Meetup #21

Tagged with:
 

Comments

  1. […] by Ajeet S Raina. We started with a discussion on Swarm mode in Docker from 1.12 and a recap from the discussion in the last meetup. We discussed networks and how Swarm handles service discovery with its own key value store […]