Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Sichere und robuste Docker Images für .NET

Sichere und robuste Docker Images für .NET

Anwendungen in Containern zu betreiben gehört nicht nur zum guten Ton. Bereits seit Jahren befinden sich Technologien wie Kubernetes und Docker auf einem Siegeszug der seines gleichen sucht. Doch bereits beim Erstellen von Docker Images gilt es auf viele kleine Dinge zu achten um Anwendungen auf lange Sicht professionell in Containern zu betreiben.

In diesem Webinar zeigt Azure MVP Thorsten Hans, wie auch Sie sichere und robuste Docker Images erstellen. Sämtliche Demos und Beispiele werden in diesem Webinar anhand einer .NET-WebAPI erläutert.

6848c06ef647ab606c668cc5264c0fc9?s=128

Thorsten Hans

March 31, 2021
Tweet

Transcript

  1. Sichere und robuste Docker Images Für .NET Thorsten Hans @ThorstenHans

    Consultant
  2. Consultant @ Thinktecture #Azure #Kubernetes #CloudNative #Terraform thorsten.hans@thinktecture.com thinktecture.com thorsten-hans.com

    @ThorstenHans Thorsten Hans
  3. What we will cover today • Docker Introduction • Hands

    On • Default .NET Docker Images • Container OS • .NET Restore, Build, Publish • Runtime Dependencies • Ensure Non-Root • Fix vulnerabilities • Recap Talking Points
  4. What we will cover today • Docker Introduction • Hands

    On • Default .NET Docker Images • Container OS • .NET Restore, Build, Publish • Runtime Dependencies • Ensure Non-Root • Fix vulnerabilities • Recap Talking Points
  5. Quick Introduction • Container Runtime • Written in Go •

    Available for all major operating systems • Most parts are Open Source • Can be leveraged at each point of software lifecycle • Develop, Test, Deploy, Operate Docker
  6. Architecture Docker Docker Engine Docker Client Docker Daemon

  7. Building Blocks • Containers are executed by Docker • Images

    are read-only artefacts created with Docker • Dockerfile is a blueprint for building Images • Tag is a (human readable) reference to a specific Image • Registry is a centralized public or private repository that stores Images Docker
  8. Architecture Docker provides a container format called libcontainer which consists

    of three essential building blocks: • Namespaces provide isolation for processes, network, filesystem • Control Groups limit resources for Containers on Linux systems • Union File System is a layered File System, used to create Images from thin layers Docker
  9. A layered approach Union File System

  10. What we will cover today • Docker Introduction • Hands

    On • Default .NET Docker Images • Container OS • .NET Restore, Build, Publish • Runtime Dependencies • Ensure Non-Root • Fix vulnerabilities • Recap Talking Points
  11. What we will cover today • Docker Introduction • Hands

    On • Default .NET Docker Images • Container OS • .NET Restore, Build, Publish • Runtime Dependencies • Ensure Non-Root • Fix vulnerabilities • Recap Talking Points
  12. Important aspects to keep in mind • Test each optimization

    using the following metrics • Vulnerabilities • Is the app working as expected • Image sizing • Layer sizing • Image build performance Recap
  13. Q&A If you have further questions: shoot me a mail

    at thorsten.hans@thinktecture.com / thorsten.hans@gmail.com or tweet at @ThorstenHans