We've got another great lineup of speakers, plus food, drinks and networking. Join the Cloud Native London meetup to peek under the hood of containers and serverless.

Thanks to our sponsors who make these meetups possible: StorageOS, Skills Matter, Contino and Tecknuovo. Don't forget to register for the venue.

See you there!

Cheryl (@oicheryl)

Agenda

6:30 Food and drink

7:00 Kick off

7:15 FaaS and Furious - 0 to Serverless in 60 seconds, anywhere

7:45 Can I haz non-privileged containers?

8:15 Break

8:30 CNI, the Container Network Interface

9:00 Wrap up and pub

======================================================

FaaS and Furious - 0 to Serverless in 60 seconds, anywhere - Alex Ellis (Docker Captain, ADP) 

OpenFaaS or Functions as a Service is a Cloud Native framework for building serverless functions (as popularised by AWS Lambda) with containers. The OpenFaaS framework lets you package any process as a serverless function for either Linux or Windows - just bring your own Kubernetes or Docker cluster. Avoid vendor lock-in by running it in your own datacenter or the cloud with your existing certified clusters and ecosystem. The project focuses on ease of use through its UI which can be used to test and monitor functions in tandem with tight Prometheus integration that allows the cluster to auto-scale for demand.

You can deploy OpenFaaS in 60 seconds on Kubernetes or Swarm and thanks to concise code templates all you need to write is a handler in your favourite programming language - let your cluster do the heavy lifting. OpenFaaS was recently trending as the top Golang project on GitHub and has over 4k stars. Come and find out how and why people are leveraging an event-driven architecture along with some cool interactive demos.

Can I haz non-privileged containers? - Nic Jackson (Hashicorp), Michael Hausenblas (Redhat)

In this talk, we will look at the problems associated with running Docker containers with privileged status and some solutions to how you can harden your Docker-based security. To understand the problem, we will take a quick look at how user and group isolation works in Unix and how this translates into a container. We will also look at how user namespaces work in Docker and how simple it is to build a non-root Docker container. In addition to all of this, we will look at some simple tools which can automatically detect these problems and notify you if they occur.

Takeaways:

How users and groups work in Unix

Security problems with running container processes as root

Understanding of container namespaces and user mappings

How to build a non-Root container

Edge cases where Root containers may be required

CNI, the Container Network Interface - Bryan Boreham (Weaveworks)

CNI, the Container Network Interface, is a CNCF project that provides a standardised API to talk to container networks.

Today there are over 30 different CNI plugins available, and container runtimes which support CNI include Kubernetes, Rkt, Mesos, OpenShift and Cloud Foundry.

This talk will run through the basics of how CNI operates, catch up on recent developments such as ipv6, port mapping and plugin chaining, and look ahead at future plans.