What's Inside that Container ?
Gareth Rushgrove - Monday, February 6, 14:00 - 14:40 - D.AUDI
Some of the power of container orchestrators comes from the ability to treat containers as a immutable black box, to abstract the orchestrator away from the messy reality of the operating system and implementation details inside. But what’s inside a container still matters for other operations tasks - like meeting audit or license requirements, troubleshooting or keeping up-to-date with patching. This talk will look at ways of adding an inventory of packages, users, groups and other resources to all of your Docker images, and using that inventory to provide greater visibility into your infrastructure. We’ll demo: * Automatically adding an inventory to existing Docker images * Querying information about a running container without knowing anything about it * Reducing the attack surface area by identifying software in your images that doesn’t need to be there * Building cluster-wide tools to use this inventory, for example a package search engine or CVE alert mechanism
Gareth Rushgrove is a senior software engineer at Puppet. He works remotely from Cambridge, UK, building interesting tools for people to better manage infrastructure. Previously he worked for the UK Government Digital Service focused on infrastructure, operations and information security. When not working he can be found writing the Devops Weekly newsletter or hacking on software in new-fangled programming languages.