The next container ARM evolution starte Docker Containers at Apple Silicon M1 proudly present by bee42 solutions gmbh [email protected] (:aldasMiskinis / Pixabay ) 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach 2 is change in the universe The only constant 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach The Apple Silicon M1? 3 System on Chip CPU/GPU/Cache/DRAM/Neutral Engine at same chip 20 hour of work! Create next level of innovations 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach The Apple Silicon M1- Feature 4 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Developer Dream Machine? Faster then intel i9 >10 hour of work No Noise It’s a Mac but… All tools are available… Rosetta 2 Only 16Gb of Ram Need Container and Linux Virtualisation 5 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Smart People start smart work… 6 Linux at Apple M1 11/20 20201110: Apple Keynote - Apple Silicon M1 20201112: First tweet from Justin Cormack 20201116: Official Docker announcement 20201125: Matt Evans vftool 20201127: Frist blog articles Constraint: No native brew … Linux VM + Docker ARM64 on M1 https:/ /www.docker.com/blog/apple-silicon-m1-chips-and-docker/ https:/ /twitter.com/justincormack/status/1326932495686901760 https:/ /github.com/evansm7/vftool https:/ / fi nestructure.co/blog/2020/11/27/running-docker-on-apple-silicon-m1 https:/ /github.com/JacopoMangiavacchi/M1-Linux-SSH https:/ /www.apple.com/de/apple-events/november-2020/ 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Start a LinuxVM with the new Virtualization Framework 7 vftool qemu-img || dd Docker remote cli Ubuntu 20.04 os image screen Virtualization Framework MACOS (Big Sur) Linux VM disk NETWORK TTY memory cpu cdrom Data disk ssh Browser Visual Studio Code Managed https:/ /bee42.com/de/blog/tutorials/containerized-the-apple-silicon/ nsm7/vftool 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach 8 ubuntu-20.04-server-cloudimg-arm64-vmlinuz-generic ubuntu-20.04-server-cloudimg-arm64-initrd-generic ubuntu-20.04-server-cloudimg-arm64.tar.gz https://cloud-images.ubuntu.com/releases/focal/release/unpacked vmlinuz initrd ubuntu-20.04-disk.img vm-ubuntu2004 $ vftool -k vmlinux \ -i initrd -d ubuntu-20.04-disk.img \ -m 2048 \ -a "console=hvc0" screen /dev/ttys002 Bootstrap with initramfs > mkdir /mnt > mount /dev/vda /mnt > chroot /mnt > touch /etc/cloud/cloud-init.disabled > echo 'root:root' | chpasswd > echo "beebsilicon" >/etc/hostname > ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa > ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa > ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519 > cat < /etc/netplan/01-dhcp.yaml network: renderer: networkd ethernets: enp0s1: dhcp4: true version: 2 EOF > exit > resizefs /dev/vda > umount /dev/vda $ vftool -k vmlinux \ -i initrd -d ubuntu-20.04-disk.img \ -m 2048 \ -a "console=hvc0 root=/dev/vda" screen /dev/ttys002 Use the VM Get the OS Prepare the setup Install docker docker context via ssh Setup ssh Access via ssh 192.168.64.6 Visual Studio Code + docker extension docker engine > sudo apt-get update > sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg-agent \ software-properties-common > curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - > sudo add-apt-repository \ "deb [arch=arm64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" > sudo apt-get update > sudo apt-get install docker-ce docker-ce-cli containerd.io > sudo sh -c "cat < /etc/docker/daemon.json { \"storage-driver\": \“overlay2\“, \“experimental\“: \“enabled\“ } EOF" > sudo service docker restart $ ibrew -v install qemu $ qemu-img resize ubuntu-20.04-disk.img +50G https://github.com/evansm7/vftool > sudo adduser peter # check group > groups peter > sudo usermod -aG sudo peter $ ibrew install docker kubernetes-cli helm $ docker context create beesilicon \ --docker "host=ssh://[email protected]" $ docker context use beesilicon $ docker info $ ibrew install ssh-copy-id $ ssh-keygen -o -a 100 -t ed25519 \ -f ~/.ssh/id_ed25519-peter -C "[email protected]" $ ssh-copy-id -i .ssh/id_ed25519-peter.pub [email protected] $ ssh-add -k ~/.ssh/id_ed25519-peter 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Virtualization Framework Feature vftool need lesser the 400 lines of code! Ultra fast and thin… Start at native Linux ARM64 iso’s Ubuntu, Debian, Fedora, ArchLinux,… Multiple Disks/CDRoms Multiple VM’s Start a vm lesser then 5 secs… 9 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach State 20/11/30 Ready to start container hacking… Missing native brew, install brew with rosetta 2 Like vftool, back to the roots… Missing some native arm64 images 10 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Docker for Desktop Developer Preview 11 Docker at Apple M1 12/20 20201204: X86:64 Builds at M1 20201205: bee42 blog article explain vftool with docker 20201209: First Docker for Desktop Preview 20201211: Lens at Apple M1 20201212: Kubernetes (k3s) on Apple Silicon 20201219: Start Docker Preview Developer Programm 20201224: Multi Arch + GitHub/Actions and Openfaas 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Docker drive the Apple Silicon M1 12 Full feature Docker Engin e QEMU availabl e Ready to Instal l Good Vibration with LinuxKI T More Speed to share Files Applications Hyperkit amd64 arm64 Big Sur Virtualization framework Docker for Desktop Mac Linuxkit QEMU Docker Engine Arm/v6 Arm/v7 Arm64 X86_64 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Docker For Desktop on Apple Silicon M1 13 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Status 20201224 Kubernetes distributions running Multiple VM vftool with k8s/K3s/k0s First native tools Lens Create Multi Arch Binaries with GitHub actions and locally 14 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Kubernetes goes to Apple Silicon M1 15 20210102: VSCode Rosetta at M1 20210128: Minikube for Docker for Desktop 20210130: >Docker for Desktop Preview Release 20210208: Homebrew at Apple M1 20210225: UTM Virtualisation 20210310: Offizial K3d Support 20210311: Native VSCode at M1 Kubernetes at Apple M1 Q1/21 More VM’s and Kubernetes on M1 > 45 . 000 Docker for Desktop Preview downloads… Developers like the Apple Silicon M with Containers 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach My developer experience 16 MACOS Big Sur Brew Multipass Ubuntu 20. LTS || Docker for Desktop Chrome Lens VSC IntelliJ Docker Engine Master Agent Agent Agent Load balancer Registry Kubectl Docker cli Helm ssh:/ //port Kubernetes Developer Cluster (k3d) K3D /var/run/docker.sock Kubeconfig Images & Charts Cloud Nativ e Developer Environment 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach But wait a moment… Aggressors like new toys 17 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach My Smart Computing Security Check Flow 18 A CVE is discovered New Library maintainers New Base image New Debian package New application image New chart version Fix applied to production Library maintainers patch CVE Debian maintainers release new package version Base image maintainers rebuild the image Applications maintainers rebuild and test the image Chart maintainers update pinned image version Operator deliver updated charts and configuration 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Please check before use… 19 hub-tool login IMAGE=rossbachp/multiarch-example:1.0.10 DIGEST=$(hub-tool tag inspect $IMAGE --format json |jq -r '.manifests[] | select(.platform.architecture == "arm64") | .digest') BASE_IMAGE=$(echo $IMAGE | awk 'BEGIN { FS=":" } ; { print $1 }') docker login docker scan ${BASE_IMAGE}@${DIGEST} # More checks are better... docker scan aquasec/trivy Testing aquasec/trivy... Package manager: apk Project name: docker-image|aquasec/trivy Docker image: aquasec/trivy Platform: linux/arm64 ✓ Tested 21 dependencies for known vulnerabilities, no vulnerable paths found. docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy ${BASE_IMAGE}@${DIGEST} 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach and now 2021/Q2 20 Container at M1 Q2/21 20210414: Parallels 16.5 at M1 20210415: Docker For Desktop GA Release 20210518: Kind 0.11.0 at M1 Full support Container and Tools 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach 2021/Q2: Full container support available 21 High quality Docker for Desktop More container images for arm64 Native Tooling Productive use with Apple M1 Container like arm64… 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach My personal next wishes… More awareness to reduce the power consumption of IT systems More native tooling More arm64 images Faster Docker Developer Loop 
 (In Container Dev) Stable virtualization framework support Multiple VM and docker version support… Put more RAM to the Apple silicon :) =>64GB! 22 ```shell script ➜ cli-plugins fi le * docker-app: Mach-O 64-bit executable arm64 docker-buildx: Mach-O 64-bit executable arm64 docker-compose: Mach-O 64-bit executable arm64 docker-scan: Mach-O 64-bit executable x86_64 ➜ bin fi le * com.docker.cli: Mach-O 64-bit executable arm64 com.docker.vpnkit: Mach-O 64-bit executable arm64 docker: Mach-O 64-bit executable arm64 docker-compose: directory docker-credential-desktop: Mach-O 64-bit executable arm64 docker-credential-ecr-login: Mach-O 64-bit executable x86_64 docker-credential-osxkeychain: Mach-O 64-bit executable x86_64 hub-tool: Mach-O 64-bit executable x86_64 kubectl: Mach-O 64-bit executable x86_64 notary: Mach-O 64-bit executable x86_64 ``` 

Open for more cooperation Starts with your evolutionary approach to create sustainable value Buisness Agility Consulting Cloud Native Base Camp Digital Transition Coaching Container Homelab Build your Smart Computing Hive Start with Minimal Valuable Objective Project Very Lovely Things Inside bee 42 

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Questions and solutions Let us create an sustainable 
 digital transition together… bee42 solutions gmbh https:/ /bee42.com mailto:/ /[email protected] 24