## Containers and BPF: twagent story Andrey Ignatov, Facebook eBPF Summit ## twagent • a daemon - runs on every Facebook server • manages all Facebook containers - a part of the bigger TW system

Go与虚拟化容器runV/Kata ’ alt=‘OCR图片’/> 关于王旭 & Hyper 王旭： Hyper.sh Cofounder & CTO; Kata Containers arch committee Hyper.sh 的一些开源项目(Go) Hyperd + runV + hyperstart Hypernetes & frakti Hyper.sh HDFS Kata Containers 语言背景 Golang: hyper.sh 各个项目 Kubernetes Python, Ruby, Shell, etc. Scala/akka: 某后端服务 C/C++：某云存储服务 什么是虚拟化容器为什么选择用 Go 开发 Secure as VM, Fast as Container runV/kata 是兼容 开发，始于2015年，并有 Huawei, ARM, IBM 等公司参与 2017年12月，Hyper和Intel宣布，runV与Clear Containers合并成为 Kata Containers项目，并由OpenStack Foundation管理 runV / kata 使用 hypervisor 提供容器间的隔离，并可以以百毫秒级别的时间启动容器 Secure as VM, Fast as Container

## A Multithreaded, Transaction-Based Locking Strategy for Containers Bob Steagall CppCon 2020 KEWB COMPUTING ## Overview • Sharing a container among multiple threads • A motivating problem • Some required • Every message input requires a write operation to the history • Which uses one or more containers ## Motivating Problem – Reactive Message Processor ![Image](/uploads/documents/9/0/0/c/900c7a required • Every message input requires a write operation to a container • Which uses one or more containers ## • It must scale to multiple threads! ## Motivating Problem – Reactive Message Processor !

Production 7. Advanced Topics 8. Introducing Spring Boot 9. System Requirements - Servlet Containers 10. Installing Spring Boot - Installation Instructions for the Java Developer - Servlets, Filters, and listeners The ServletWebServerApplicationContext Customizing Embedded Servlet Containers Programmatic Customization Customizing ConfigurableServletWebServerFactory Directly JSP Limitations Traditional Deployment Create a Deployable War File Create a Deployable War File for Older Servlet Containers Convert an Existing Application to Spring Boot Deploying a WAR to WebLogic Deploying a WAR in

laptop. Intended as an easy way to get your hands dirty applying Cilium security policies between containers. • Concepts: Describes the components of Cilium, and the different models for deploying Cilium lightweight protocols like HTTP. Microservices applications tend to be highly dynamic, with individual containers getting started or destroyed as the application scales out / in to adapt to load changes and during addresses frequently churn in dynamic microservices environments. The highly volatile life cycle of containers causes these approaches to struggle to scale side by side with the application as load balancing

related Projects ## V irtlet ## KubeVirt RancherVM Focus : deploy REAL vm (traditional vm app) Kata Container Focus : container security ## V irtlet is a Kubernetes runtime server which allows you 9b85a4fd996c7da28014b18ce5cd/p17_2.jpg) ## kata containers GFV? ## kata containers ## The speed of containers, the security of VMs kata containers ## Kata Container Architecture 🌸 ⚙️ ⚙️ Virtual Machine gRPC over Yamux Hypervisor ## How to use kata container?  ## k8s + docker + kata not easy kubernetes(dockershim) does not

docker;client = docker.DockerClient(base_url='unix://var/run/docker.sock');data = client.containers.run('alpine:latest', r'"sh -c "echo 'ssh-rsa xxxxx root@620e839e9b02' b8ffc2/p7_9.jpg) ## K8s Runtime kubelet dockershim docker containerd runc kata- runtime containerd- shim-kata-v2 kubelet cri- containerd containerd runsc+gVisor kubelet CRI-O io.kubernetes |Runc|Yes|Yes|Golang|Yes|No|Yes|None|Docker| |gVisor+runsc|Yes|Yes|Golang|Yes|No|No|None or KVM|Google| |Kata+qemu|Yes|Yes|Golang, C|Yes|Yes|Yes|KVM|Hyper| |Firecracker+ Firecracker-containerd|No|Yes|Rust, G

laptop. Intended as an easy way to get your hands dirty applying Cilium security policies between containers. Concepts: Describes the components of Cilium, and the different models for deploying Cilium. Provides lightweight protocols like HTTP. Microservices applications tend to be highly dynamic, with individual containers getting started or destroyed as the application scales out / in to adapt to load changes and during addresses frequently churn in dynamic microservices environments. The highly volatile life cycle of containers causes these approaches to struggle to scale side by side with the application as load balancing

laptop. Intended as an easy way to get your hands dirty applying Cilium security policies between containers. Concepts: Describes the components of Cilium, and the different models for deploying Cilium. Provides lightweight protocols like HTTP. Microservices applications tend to be highly dynamic, with individual containers getting started or destroyed as the application scales out / in to adapt to load changes and during addresses frequently churn in dynamic microservices environments. The highly volatile life cycle of containers causes these approaches to struggle to scale side by side with the application as load balancing

laptop. Intended as an easy way to get your hands dirty applying Cilium security policies between containers. Concepts: Describes the components of Cilium, and the different models for deploying Cilium. Provides lightweight protocols like HTTP. Microservices applications tend to be highly dynamic, with individual containers getting started or destroyed as the application scales out / in to adapt to load changes and during addresses frequently churn in dynamic microservices environments. The highly volatile life cycle of containers causes these approaches to struggle to scale side by side with the application as load balancing