The next container ARM evolution started

Transcript

1. The next container ARM evolution starte Docker Containers at Apple

   Silicon M1 proudly present by bee42 solutions gmbh [email protected] (:aldasMiskinis / Pixabay )

2. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach 2 is

   change in the universe The only constant

3. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach The Apple

   Silicon M1? 3 System on Chip CPU/GPU/Cache/DRAM/Neutral Engine at same chip 20 hour of work! Create next level of innovations

4. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach The Apple

   Silicon M1- Feature 4

5. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Developer Dream

   Machine? Faster then intel i9 >10 hour of work No Noise It’s a Mac but… All tools are available… Rosetta 2 Only 16Gb of Ram Need Container and Linux Virtualisation 5

6. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Smart People

   start smart work… 6 Linux at Apple M1 11/20 20201110: Apple Keynote - Apple Silicon M1 20201112: First tweet from Justin Cormack 20201116: Official Docker announcement 20201125: Matt Evans vftool 20201127: Frist blog articles Constraint: No native brew … Linux VM + Docker ARM64 on M1 https:/ /www.docker.com/blog/apple-silicon-m1-chips-and-docker/ https:/ /twitter.com/justincormack/status/1326932495686901760 https:/ /github.com/evansm7/vftool https:/ / fi nestructure.co/blog/2020/11/27/running-docker-on-apple-silicon-m1 https:/ /github.com/JacopoMangiavacchi/M1-Linux-SSH https:/ /www.apple.com/de/apple-events/november-2020/

7. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Start a

   LinuxVM with the new Virtualization Framework 7 vftool qemu-img || dd Docker remote cli Ubuntu 20.04 os image screen Virtualization Framework MACOS (Big Sur) Linux VM disk NETWORK TTY memory cpu cdrom Data disk ssh Browser Visual Studio Code Managed https:/ /bee42.com/de/blog/tutorials/containerized-the-apple-silicon/ nsm7/vftool

8. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach 8 ubuntu-20.04-server-cloudimg-arm64-vmlinuz-generic

   ubuntu-20.04-server-cloudimg-arm64-initrd-generic ubuntu-20.04-server-cloudimg-arm64.tar.gz https://cloud-images.ubuntu.com/releases/focal/release/unpacked vmlinuz initrd ubuntu-20.04-disk.img vm-ubuntu2004 $ vftool -k vmlinux \ -i initrd -d ubuntu-20.04-disk.img \ -m 2048 \ -a "console=hvc0" screen /dev/ttys002 Bootstrap with initramfs > mkdir /mnt > mount /dev/vda /mnt > chroot /mnt > touch /etc/cloud/cloud-init.disabled > echo 'root:root' | chpasswd > echo "beebsilicon" >/etc/hostname > ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa > ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa > ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519 > cat <<EOF > /etc/netplan/01-dhcp.yaml network: renderer: networkd ethernets: enp0s1: dhcp4: true version: 2 EOF > exit > resizefs /dev/vda > umount /dev/vda $ vftool -k vmlinux \ -i initrd -d ubuntu-20.04-disk.img \ -m 2048 \ -a "console=hvc0 root=/dev/vda" screen /dev/ttys002 Use the VM Get the OS Prepare the setup Install docker docker context via ssh Setup ssh Access via ssh 192.168.64.6 Visual Studio Code + docker extension docker engine > sudo apt-get update > sudo apt-get install \ apt-transport-https \ ca-certificates \ curl \ gnupg-agent \ software-properties-common > curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - > sudo add-apt-repository \ "deb [arch=arm64] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) \ stable" > sudo apt-get update > sudo apt-get install docker-ce docker-ce-cli containerd.io > sudo sh -c "cat <<EOF > /etc/docker/daemon.json { \"storage-driver\": \“overlay2\“, \“experimental\“: \“enabled\“ } EOF" > sudo service docker restart $ ibrew -v install qemu $ qemu-img resize ubuntu-20.04-disk.img +50G https://github.com/evansm7/vftool > sudo adduser peter # check group > groups peter > sudo usermod -aG sudo peter $ ibrew install docker kubernetes-cli helm $ docker context create beesilicon \ --docker "host=ssh://[email protected]" $ docker context use beesilicon $ docker info $ ibrew install ssh-copy-id $ ssh-keygen -o -a 100 -t ed25519 \ -f ~/.ssh/id_ed25519-peter -C "[email protected]" $ ssh-copy-id -i .ssh/id_ed25519-peter.pub [email protected] $ ssh-add -k ~/.ssh/id_ed25519-peter

9. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Virtualization Framework

   Feature vftool need lesser the 400 lines of code! Ultra fast and thin… Start at native Linux ARM64 iso’s Ubuntu, Debian, Fedora, ArchLinux,… Multiple Disks/CDRoms Multiple VM’s Start a vm lesser then 5 secs… 9

10. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach State 20/11/30

    Ready to start container hacking… Missing native brew, install brew with rosetta 2 Like vftool, back to the roots… Missing some native arm64 images 10

11. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Docker for

    Desktop Developer Preview 11 Docker at Apple M1 12/20 20201204: X86:64 Builds at M1 20201205: bee42 blog article explain vftool with docker 20201209: First Docker for Desktop Preview 20201211: Lens at Apple M1 20201212: Kubernetes (k3s) on Apple Silicon 20201219: Start Docker Preview Developer Programm 20201224: Multi Arch + GitHub/Actions and Openfaas

12. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Docker drive

    the Apple Silicon M1 12 Full feature Docker Engin e QEMU availabl e Ready to Instal l Good Vibration with LinuxKI T More Speed to share Files Applications Hyperkit amd64 arm64 Big Sur Virtualization framework Docker for Desktop Mac Linuxkit QEMU Docker Engine Arm/v6 Arm/v7 Arm64 X86_64

13. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Docker For

    Desktop on Apple Silicon M1 13

14. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Status 20201224

    Kubernetes distributions running Multiple VM vftool with k8s/K3s/k0s First native tools Lens Create Multi Arch Binaries with GitHub actions and locally 14

15. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Kubernetes goes

    to Apple Silicon M1 15 20210102: VSCode Rosetta at M1 20210128: Minikube for Docker for Desktop 20210130: >Docker for Desktop Preview Release 20210208: Homebrew at Apple M1 20210225: UTM Virtualisation 20210310: Offizial K3d Support 20210311: Native VSCode at M1 Kubernetes at Apple M1 Q1/21 More VM’s and Kubernetes on M1 > 45 . 000 Docker for Desktop Preview downloads… Developers like the Apple Silicon M with Containers

16. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach My developer

    experience 16 MACOS Big Sur Brew Multipass Ubuntu 20. LTS || Docker for Desktop Chrome Lens VSC IntelliJ Docker Engine Master Agent Agent Agent Load balancer Registry Kubectl Docker cli Helm ssh:/ /<host>/port Kubernetes Developer Cluster (k3d) K3D /var/run/docker.sock Kubeconfig Images & Charts Cloud Nativ e Developer Environment

17. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach But wait

    a moment… Aggressors like new toys 17

18. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach My Smart

    Computing Security Check Flow 18 A CVE is discovered New Library maintainers New Base image New Debian package New application image New chart version Fix applied to production Library maintainers patch CVE Debian maintainers release new package version Base image maintainers rebuild the image Applications maintainers rebuild and test the image Chart maintainers update pinned image version Operator deliver updated charts and configuration

19. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Please check

    before use… 19 hub-tool login IMAGE=rossbachp/multiarch-example:1.0.10 DIGEST=$(hub-tool tag inspect $IMAGE --format json |jq -r '.manifests[] | select(.platform.architecture == "arm64") | .digest') BASE_IMAGE=$(echo $IMAGE | awk 'BEGIN { FS=":" } ; { print $1 }') docker login docker scan ${BASE_IMAGE}@${DIGEST} # More checks are better... docker scan aquasec/trivy Testing aquasec/trivy... Package manager: apk Project name: docker-image|aquasec/trivy Docker image: aquasec/trivy Platform: linux/arm64 ✓ Tested 21 dependencies for known vulnerabilities, no vulnerable paths found. docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \ -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy ${BASE_IMAGE}@${DIGEST}

20. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach and now

    2021/Q2 20 Container at M1 Q2/21 20210414: Parallels 16.5 at M1 20210415: Docker For Desktop GA Release 20210518: Kind 0.11.0 at M1 Full support Container and Tools

21. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach 2021/Q2: Full

    container support available 21 High quality Docker for Desktop More container images for arm64 Native Tooling Productive use with Apple M1 Container like arm64…

22. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach My personal

    next wishes… More awareness to reduce the power consumption of IT systems More native tooling More arm64 images Faster Docker Developer Loop 
 (In Container Dev) Stable virtualization framework support Multiple VM and docker version support… Put more RAM to the Apple silicon :) =>64GB! 22 ```shell script ➜ cli-plugins fi le * docker-app: Mach-O 64-bit executable arm64 docker-buildx: Mach-O 64-bit executable arm64 docker-compose: Mach-O 64-bit executable arm64 docker-scan: Mach-O 64-bit executable x86_64 ➜ bin fi le * com.docker.cli: Mach-O 64-bit executable arm64 com.docker.vpnkit: Mach-O 64-bit executable arm64 docker: Mach-O 64-bit executable arm64 docker-compose: directory docker-credential-desktop: Mach-O 64-bit executable arm64 docker-credential-ecr-login: Mach-O 64-bit executable x86_64 docker-credential-osxkeychain: Mach-O 64-bit executable x86_64 hub-tool: Mach-O 64-bit executable x86_64 kubectl: Mach-O 64-bit executable x86_64 notary: Mach-O 64-bit executable x86_64 ```

23. Open for more cooperation Starts with your evolutionary approach to

    create sustainable value Buisness Agility Consulting Cloud Native Base Camp Digital Transition Coaching Container Homelab Build your Smart Computing Hive Start with Minimal Valuable Objective Project Very Lovely Things Inside bee 42

24. Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach Questions and

    solutions Let us create an sustainable 
 digital transition together… bee42 solutions gmbh https:/ /bee42.com mailto:/ /[email protected] 24