Skip to main content

Container Camp in review - Part 1

·564 words·3 mins
system-administration tech containers docker k8s kubernetes linux sysadmin technology
James Pettigrove
Author
James Pettigrove
Cloud Engineer with a focus on Microsoft Azure
Table of Contents
Container Camp - This article is part of a series.
Part 1: This Article

For those of you who follow me on other social media platforms, it will be of no surprise that I had the fortunate opportunity to attend Container Camp Australia this year.

Previously, I never the pleasure to experience a technical conference in my professional career. At most, I’ve been to meetups and user group events such as VMUG. Safe to say, I was pretty pumped.

Enough of that though, the real question is, what is Container Camp?

What is Container Camp?
#

Do you eat, breathe and sleep Docker? Are you looking to abstract away your infrastructure so your developers can just focus on their application code? Like to hear war stories from the front lines of digital transformation using technologies such as Kubernetes? Or are you absolutely bamboozled by the endless technical buzzwords and jargon in the brave new world of DevOps and SRE?

This is the 2 day technical conference for you!

Over the 2 days, the wide and varying levels of talks, discussions and demonstrations afforded me to absorb a considerable amount of information, not just about Containers but Developer and Operations workflows in use by modern workplaces (and how some archaic organisations transformed themselves into modern workplaces). I’ve tried to pick out, in no particular order, a couple of key takeaways that resonated with me during the conference.

Always use User Namespaces
#

As part of Aleksa ( @lordcyphar) from SUSE Australia’s talk that focused on securing container runtimes (and who better than a maintainer of runc and the OCI specifications).

Namespaces in the Linux world are partitions or logical fences around resources on a host. These resources range from access on the file system, time on the CPU, area of Memory etc… The are used to put barriers in place to prevent processes running away with your host and potentially taking it over.

User Namespaces focus on (you guessed it…) user partitions by mapping a user for a particular process, or in the case of this topic, a container to a user of no or less privilege on the host. This is particular important to mitigate privilege escalation attacks where by the an attacker has gained access to the root user (potentially your application within the container requires it). Once free from the container bounds, because we have mapped the user to one of less or no privilege on the host, they are dead in their tracks.

One particular humorous anecdote for me personally in this talk was when Aleksa projected this for everyone to see:

slide source: cyphar’s github

As I came to understand and become more familiar with Linux. One of the greatest pleasures of working with Linux versus my Windows daily driving is everything is represented as a file. No objects, registry etc… just plain, good ol, text file. Apparently, this is also very bad for security, specifically, how quickly an attack can spread it seems…Look at all those CVEs!

In the next three posts, we are going to dive into Service Meshes, their reason for being and which one is for you.

Container Camp - This article is part of a series.
Part 1: This Article

Related

Let's get certified!
·393 words·2 mins
system-administration tech certification cloud containers docker gcp google-cloud k8s kubernetes learning lfcs linux sysadmin technology
It’s been a long time between drinks for certifications that I have achieved personally.
Docker Daemon failing to start on Raspberry Pi 1 & Zeros
·535 words·3 mins
system-administration tech containers core-dump debian docker linux raspberry-pi raspbian segmentation-fault sysadmin technology
Have you recently attempted to install the containerization platform known as Docker on to a first generation Raspberry Pi (including A+ and B+) or a Zero and found you couldn’t start up a container?
Installing MiniKube with Powershell
·584 words·3 mins
system-administration tech containers hyper-v k8s kubernetes powershell sysadmin technology windows
I noted on Twitter the other day that I had mixed feelings on getting a breakthrough on a problem that I had faced a couple of months ago by revisiting said problem with a fresh pair of eyes and a different point of view.