The next container ARM evolution started

The next container ARM evolution starte
Docker Containers at Apple Silicon M1
proudly present by bee42 solutions gmbh

[email protected]
(:aldasMiskinis / Pixabay )

View Slide

Copyright bee42 solutions gmbh 2021 - [email protected] @PRossbach
2
is change
in the universe
The only constant

View Slide

The Apple Silicon M1?
3
System on Chip

CPU/GPU/Cache/DRAM/Neutral
Engine at same chip

20 hour of work!

Create next level of innovations

View Slide

The Apple Silicon M1- Feature
4

View Slide

Developer Dream Machine?
Faster then intel i9

>10 hour of work

No Noise

It’s a Mac

but…

All tools are available…

Rosetta 2

Only 16Gb of Ram

Need Container and Linux Virtualisation
5

View Slide

Smart People start smart work…
6
Linux at Apple M1
11/20
20201110: Apple Keynote - Apple Silicon M1
20201112: First tweet from Justin Cormack
20201116: Ofﬁcial Docker announcement
20201125: Matt Evans vftool
20201127: Frist blog articles
Constraint: No native brew …
Linux VM + Docker ARM64 on M1
https:/
/www.docker.com/blog/apple-silicon-m1-chips-and-docker/

https:/
/twitter.com/justincormack/status/1326932495686901760

https:/
/github.com/evansm7/vftool

https:/
/
fi
nestructure.co/blog/2020/11/27/running-docker-on-apple-silicon-m1

https:/
/github.com/JacopoMangiavacchi/M1-Linux-SSH

https:/
/www.apple.com/de/apple-events/november-2020/

View Slide

Start a LinuxVM with the new Virtualization Framework
7
vftool
qemu-img || dd
Docker remote cli
Ubuntu 20.04 os image
screen
Virtualization Framework
MACOS (Big Sur)
Linux
VM
disk
NETWORK
TTY
memory
cpu cdrom
Data disk
ssh Browser
Visual Studio
Code
Managed
https:/
/bee42.com/de/blog/tutorials/containerized-the-apple-silicon/

nsm7/vftool

View Slide

8
ubuntu-20.04-server-cloudimg-arm64-vmlinuz-generic
ubuntu-20.04-server-cloudimg-arm64-initrd-generic
ubuntu-20.04-server-cloudimg-arm64.tar.gz
https://cloud-images.ubuntu.com/releases/focal/release/unpacked
vmlinuz
initrd
ubuntu-20.04-disk.img
vm-ubuntu2004
$ vftool -k vmlinux \
-i initrd -d ubuntu-20.04-disk.img \
-m 2048 \
-a "console=hvc0"
screen /dev/ttys002
Bootstrap with initramfs
> mkdir /mnt
> mount /dev/vda /mnt
> chroot /mnt
> touch /etc/cloud/cloud-init.disabled
> echo 'root:root' | chpasswd
> echo "beebsilicon" >/etc/hostname
> ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
> ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
> ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
> cat < /etc/netplan/01-dhcp.yaml
network:
renderer: networkd
ethernets:
enp0s1:
dhcp4: true
version: 2
EOF
> exit
> resizefs /dev/vda
> umount /dev/vda
$ vftool -k vmlinux \
-i initrd -d ubuntu-20.04-disk.img \
-m 2048 \
-a "console=hvc0 root=/dev/vda"
screen /dev/ttys002
Use the VM
Get the OS
Prepare the setup
Install docker
docker context via ssh
Setup ssh
Access via ssh 192.168.64.6
Visual Studio Code
+ docker extension
docker engine
> sudo apt-get update
> sudo apt-get install \
apt-transport-https \
ca-certificates \
curl \
gnupg-agent \
software-properties-common
> curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
> sudo add-apt-repository \
"deb [arch=arm64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
> sudo apt-get update
> sudo apt-get install docker-ce docker-ce-cli containerd.io
> sudo sh -c "cat < /etc/docker/daemon.json
{
\"storage-driver\": \“overlay2\“,
\“experimental\“: \“enabled\“
}
EOF"
> sudo service docker restart
$ ibrew -v install qemu
$ qemu-img resize ubuntu-20.04-disk.img +50G
https://github.com/evansm7/vftool
> sudo adduser peter
# check group
> groups peter
> sudo usermod -aG sudo peter
$ ibrew install docker kubernetes-cli helm
$ docker context create beesilicon \
--docker "host=ssh://[email protected]"
$ docker context use beesilicon
$ docker info
$ ibrew install ssh-copy-id
$ ssh-keygen -o -a 100 -t ed25519 \
-f ~/.ssh/id_ed25519-peter -C "[email protected]"
$ ssh-copy-id -i .ssh/id_ed25519-peter.pub [email protected]
$ ssh-add -k ~/.ssh/id_ed25519-peter

View Slide

Virtualization Framework Feature
vftool need lesser the 400 lines of code!

Ultra fast and thin…

Start at native Linux ARM64 iso’s

Ubuntu, Debian, Fedora, ArchLinux,…

Multiple Disks/CDRoms

Multiple VM’s

Start a vm lesser then 5 secs…
9

View Slide

State 20/11/30
Ready to start container hacking…

Missing native brew, install brew with rosetta 2

Like vftool, back to the roots…

Missing some native arm64 images
10

View Slide

Docker for Desktop Developer Preview
11
Docker at Apple M1
12/20
20201204: X86:64 Builds at M1
20201205: bee42 blog article explain vftool with docker
20201209: First Docker for Desktop Preview
20201211: Lens at Apple M1
20201212: Kubernetes (k3s) on Apple Silicon
20201219: Start Docker Preview Developer Programm
20201224: Multi Arch + GitHub/Actions and Openfaas

View Slide

Docker drive the Apple Silicon M1
12
Full feature Docker Engin
e

QEMU availabl
e

Ready to Instal
l

Good Vibration with LinuxKI
T

More Speed to share Files
Applications
Hyperkit
amd64 arm64
Big Sur
Virtualization
framework
Docker
for
Desktop
Mac
Linuxkit
QEMU
Docker Engine
Arm/v6 Arm/v7 Arm64 X86_64

View Slide

Docker For Desktop on Apple Silicon M1
13

View Slide

Status 20201224
Kubernetes distributions running

Multiple VM

vftool with

k8s/K3s/k0s

First native tools

Lens

Create Multi Arch Binaries with GitHub actions and locally
14

View Slide

Kubernetes goes to Apple Silicon M1
15
20210102: VSCode Rosetta at M1
20210128: Minikube for Docker for Desktop
20210130: >Docker for Desktop Preview Release
20210208: Homebrew at Apple M1
20210225: UTM Virtualisation
20210310: Ofﬁzial K3d Support
20210311: Native VSCode at M1
Kubernetes at Apple M1
Q1/21
More VM’s and Kubernetes on M1
>
45
.
000
Docker for Desktop Preview downloads…
Developers like the Apple Silicon M with Containers

View Slide

My developer experience
16
MACOS Big Sur
Brew Multipass Ubuntu 20. LTS || Docker for Desktop
Chrome
Lens
VSC
IntelliJ
Docker
Engine
Master Agent Agent Agent
Load
balancer
Registry
Kubectl
Docker
cli
Helm
ssh:/
//port
Kubernetes Developer Cluster (k3d)
K3D
/var/run/docker.sock
Kubeconfig
Images & Charts
Cloud Nativ
e

Developer

Environment

View Slide

But wait a moment…
Aggressors like new toys
17

View Slide

My Smart Computing Security Check Flow
18
A CVE
is discovered
New Library
maintainers
New Base image
New Debian
package
New
application
image
New
chart version
Fix
applied to
production
Library maintainers
patch CVE
Debian maintainers
release new package
version
Base image maintainers
rebuild the image
Applications maintainers
rebuild and
test the image
Chart maintainers
update pinned image
version
Operator deliver
updated charts
and configuration

View Slide

Please check before use…
19
hub-tool login

IMAGE=rossbachp/multiarch-example:1.0.10

DIGEST=$(hub-tool tag inspect $IMAGE --format json |jq -r '.manifests[] | select(.platform.architecture == "arm64") | .digest')
BASE_IMAGE=$(echo $IMAGE | awk 'BEGIN { FS=":" } ; { print $1 }')
docker login

docker scan ${BASE_IMAGE}@${DIGEST}

# More checks are better...

docker scan aquasec/trivy

Testing aquasec/trivy...

Package manager: apk

Project name: docker-image|aquasec/trivy

Docker image: aquasec/trivy

Platform: linux/arm64

✓ Tested 21 dependencies for known vulnerabilities, no vulnerable paths found.
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock \

-v $HOME/Library/Caches:/root/.cache/ aquasec/trivy ${BASE_IMAGE}@${DIGEST}

View Slide

and now 2021/Q2
20
Container at M1
Q2/21
20210414: Parallels 16.5 at M1
20210415: Docker For Desktop GA Release
20210518: Kind 0.11.0 at M1
Full support Container and Tools

View Slide

2021/Q2: Full container support available
21
High quality Docker for Desktop

More container images for arm64

Native Tooling

Productive use with Apple M1

Container like arm64…

View Slide

My personal next wishes…
More awareness to reduce the power consumption
of IT systems

More native tooling

More arm64 images

Faster Docker Developer Loop
 
(In Container Dev)

Stable virtualization framework support

Multiple VM and docker version support…

Put more RAM to the Apple silicon :) =>64GB!
22
```shell script

➜ cli-plugins
fi
le *

docker-app: Mach-O 64-bit executable arm64

docker-buildx: Mach-O 64-bit executable arm64

docker-compose: Mach-O 64-bit executable arm64

docker-scan: Mach-O 64-bit executable x86_64

➜ bin
fi
le *

com.docker.cli: Mach-O 64-bit executable arm64

com.docker.vpnkit: Mach-O 64-bit executable arm64

docker: Mach-O 64-bit executable arm64

docker-compose: directory

docker-credential-desktop: Mach-O 64-bit executable arm64

docker-credential-ecr-login: Mach-O 64-bit executable x86_64

docker-credential-osxkeychain: Mach-O 64-bit executable x86_64

hub-tool: Mach-O 64-bit executable x86_64

kubectl: Mach-O 64-bit executable x86_64

notary: Mach-O 64-bit executable x86_64

```

View Slide

Open for more cooperation
Starts with your evolutionary approach to create sustainable value
Buisness Agility Consulting

Cloud Native Base Camp

Digital Transition Coaching

Container Homelab

Build your Smart Computing Hive

Start with Minimal Valuable Objective Project
Very
Lovely
Things
Inside
bee
42

View Slide

Questions and solutions
Let us create an sustainable
 
digital transition together…

bee42 solutions gmbh

https:/
/bee42.com

mailto:/
/[email protected]
24

View Slide

The next container ARM evolution started

The next container ARM evolution started

Peter Rossbach

More Decks by Peter Rossbach

Other Decks in Programming

Featured

Transcript