Slide 1
Slide 1 text
Sichere und robuste Docker Images
Für .NET
Thorsten Hans
@ThorstenHans
Consultant
Slide 2
Slide 2 text
Consultant @ Thinktecture
#Azure #Kubernetes
#CloudNative #Terraform
[email protected]
thinktecture.com
thorsten-hans.com
@ThorstenHans
Thorsten Hans
Slide 3
Slide 3 text
What we will cover today
• Docker Introduction
• Hands On
• Default .NET Docker Images
• Container OS
• .NET Restore, Build, Publish
• Runtime Dependencies
• Ensure Non-Root
• Fix vulnerabilities
• Recap
Talking Points
Slide 4
Slide 4 text
What we will cover today
• Docker Introduction
• Hands On
• Default .NET Docker Images
• Container OS
• .NET Restore, Build, Publish
• Runtime Dependencies
• Ensure Non-Root
• Fix vulnerabilities
• Recap
Talking Points
Slide 5
Slide 5 text
Quick Introduction
• Container Runtime
• Written in Go
• Available for all major operating systems
• Most parts are Open Source
• Can be leveraged at each point of software lifecycle
• Develop, Test, Deploy, Operate
Docker
Slide 6
Slide 6 text
Architecture
Docker
Docker Engine
Docker Client Docker Daemon
Slide 7
Slide 7 text
Building Blocks
• Containers are executed by Docker
• Images are read-only artefacts created with Docker
• Dockerfile is a blueprint for building Images
• Tag is a (human readable) reference to a specific Image
• Registry is a centralized public or private repository that stores Images
Docker
Slide 8
Slide 8 text
Architecture
Docker provides a container format called libcontainer which consists of three
essential building blocks:
• Namespaces provide isolation for processes, network, filesystem
• Control Groups limit resources for Containers on Linux systems
• Union File System is a layered File System, used to create Images from thin layers
Docker
Slide 9
Slide 9 text
A layered approach
Union File System
Slide 10
Slide 10 text
What we will cover today
• Docker Introduction
• Hands On
• Default .NET Docker Images
• Container OS
• .NET Restore, Build, Publish
• Runtime Dependencies
• Ensure Non-Root
• Fix vulnerabilities
• Recap
Talking Points
Slide 11
Slide 11 text
What we will cover today
• Docker Introduction
• Hands On
• Default .NET Docker Images
• Container OS
• .NET Restore, Build, Publish
• Runtime Dependencies
• Ensure Non-Root
• Fix vulnerabilities
• Recap
Talking Points
Slide 12
Slide 12 text
Important aspects to keep in mind
• Test each optimization using the following metrics
• Vulnerabilities
• Is the app working as expected
• Image sizing
• Layer sizing
• Image build performance
Recap
Slide 13
Slide 13 text
Q&A
If you have further questions:
shoot me a mail at
[email protected] / [email protected]
or tweet at
@ThorstenHans