Linux containers, and their use in the enterprise, are evolving rapidly. If I didn't know this already, what I'm seeing at conferences like ContainerCon would confirm it. We've moved on from "what are containers, anyway?" to "let's hunker down and get it right."
Recently, I attended and spoke at LinuxCon/ContainerCon Europe. Like LinuxCon/ContainerCon North America, many of the keynotes touched on Linux container work going on in the community. At the European edition there was a particularly strong focus on Linux container security and networking. At least six sessions were focused on kernel security, orchestration security, and general container security. Four talks focused on container networking. Along with container security and networking, there were a lot of sessions about cloud native and containerized applications.
Containers have brought attention back to Linux which makes LinuxCon/ContainerCon a fitting place to talk about containers. One of the most interesting observations was that many, many attendees had questions about how to build, secure, and populate (i.e. build containers) a containerized infrastructure and they all required knowledge of the Linux kernel or the Linux user space. After 25 years of Linux, we are going through a quickening again. Linux Containers have brought a renewed focus on the operating system, and that’s exciting for an old curmudgeon like me!
Here are some of the talks that I attended and gave. You will notice a focus around people, processes, and tools related to containers, container infrastructure, and container security:
- Taming Container Fears
- Container Defense in Depth
- Containers for Grownups: Migrating Existing & Traditional Applications
- Dev and Ops: Collaborating on an Up-to-Date Build Chain
- Linux Kernel Security Update
After my talks we kicked up some really good conversations about how to put real life applications in containers and how to secure them. A general theme that kept coming up is that containers are just specialized processes, so think about them similarly to regular processes when thinking about how to manage DR, backup, isolation, tenancy, etc.
On the other hand, a lot of things are different with containers, but they require a fundamental understanding of how operating systems work to feel confident about making architectural decisions. An application architect needs to understand how to split up the code, configuration, and data. It’s also important to go back to Unix processes 101 and understand when to split your application into multiple containers.
If you are interested in a deeper understanding of the architectural changes necessary to migrate applications to containers or build container native, check out Containers for Grownups: Migrating Existing & Traditional Applications. If you are interested in understanding the Linux kernel and user space, check out the Architecting Containers series.
Containers are all the rage - but you knew that already. What’s of note is that community members, customers, and thought leaders are all working hard to architect and build the next generation of infrastructure based on Linux containers. I think it’s important to remember that containers are basically fancy Linux processes, so a lot of what our architect brains already know about Linux can be leveraged with containers.
The hot topics were container networking, container security, migrating applications to containers and building cloud native applications with containers.
Celebrating 25 years has been fun and here’s to 25 more with Linux Containers. As always, leave comments, questions, and shout-outs below!