Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Sichere und robuste Docker Images für .NET

Sichere und robuste Docker Images für .NET

Anwendungen in Containern zu betreiben gehört nicht nur zum guten Ton. Bereits seit Jahren befinden sich Technologien wie Kubernetes und Docker auf einem Siegeszug der seines gleichen sucht. Doch bereits beim Erstellen von Docker Images gilt es auf viele kleine Dinge zu achten um Anwendungen auf lange Sicht professionell in Containern zu betreiben.

In diesem Webinar zeigt Azure MVP Thorsten Hans, wie auch Sie sichere und robuste Docker Images erstellen. Sämtliche Demos und Beispiele werden in diesem Webinar anhand einer .NET-WebAPI erläutert.

Thorsten Hans

March 31, 2021
Tweet

More Decks by Thorsten Hans

Other Decks in Technology

Transcript

  1. What we will cover today • Docker Introduction • Hands

    On • Default .NET Docker Images • Container OS • .NET Restore, Build, Publish • Runtime Dependencies • Ensure Non-Root • Fix vulnerabilities • Recap Talking Points
  2. What we will cover today • Docker Introduction • Hands

    On • Default .NET Docker Images • Container OS • .NET Restore, Build, Publish • Runtime Dependencies • Ensure Non-Root • Fix vulnerabilities • Recap Talking Points
  3. Quick Introduction • Container Runtime • Written in Go •

    Available for all major operating systems • Most parts are Open Source • Can be leveraged at each point of software lifecycle • Develop, Test, Deploy, Operate Docker
  4. Building Blocks • Containers are executed by Docker • Images

    are read-only artefacts created with Docker • Dockerfile is a blueprint for building Images • Tag is a (human readable) reference to a specific Image • Registry is a centralized public or private repository that stores Images Docker
  5. Architecture Docker provides a container format called libcontainer which consists

    of three essential building blocks: • Namespaces provide isolation for processes, network, filesystem • Control Groups limit resources for Containers on Linux systems • Union File System is a layered File System, used to create Images from thin layers Docker
  6. What we will cover today • Docker Introduction • Hands

    On • Default .NET Docker Images • Container OS • .NET Restore, Build, Publish • Runtime Dependencies • Ensure Non-Root • Fix vulnerabilities • Recap Talking Points
  7. What we will cover today • Docker Introduction • Hands

    On • Default .NET Docker Images • Container OS • .NET Restore, Build, Publish • Runtime Dependencies • Ensure Non-Root • Fix vulnerabilities • Recap Talking Points
  8. Important aspects to keep in mind • Test each optimization

    using the following metrics • Vulnerabilities • Is the app working as expected • Image sizing • Layer sizing • Image build performance Recap