The Web Platform
March 7–8, 2016: Training
March 8–10, 2016: Conference
San Francisco, CA

Repeatable processes for building secure containers

Ryan Jarvinen (Red Hat)
11:00am–12:30pm Tuesday, 03/08/2016
Average rating: ***..
(3.77, 13 ratings)

Prerequisite knowledge

Attendees should have some basic experience with Docker and web services.

Materials or downloads needed in advance

Attendees should bring a laptop to follow along.

Description

Building Docker images is easy; that’s why there are over 45,000 public images on Docker Hub today (albeit only 100 of them “official” images). Creating reproducible, secure images from source that are easily maintained and updated takes a bit more planning and automation. Ryan Jarvinen illustrates what it takes to create a successful (and secure) build strategy.

Ryan outlines several ways to automate your image build and deployment process using Docker Hub, Kubernetes, OpenShift, and other popular tools and services. You’ll learn how to use source2image, k8s templates, environment variables, k8s secrets, and k8s service accounts to improve your container security model, as well as how to take advantage of Docker’s ONBUILD feature to develop and maintain your own base and builder images.

Photo of Ryan Jarvinen

Ryan Jarvinen

Red Hat

Ryan Jarvinen is a developer advocate on Red Hat’s OpenShift team, where he focuses on improving developer experience in the Kubernetes/container community. He’s passionate about open source, open standards, open government, and digital rights. Ryan lives in Sacramento, California. You can reach him as ryanj on Twitter, GitHub, and IRC.

Comments on this page are now closed.

Comments

Nick Van den Bleeken
03/08/2016 2:58am PST

To answer my own question: You have to create a project first. E.g.: `oc new-project test`

Nick Van den Bleeken
03/08/2016 12:57am PST

Hi when I run `oc new-app openshift/nodejs~http://github.com/ryanj/pillar-base` I get the following errors:

Creating resources with label app=pillar-base …
error: User “nvdbleek” cannot create imagestreams in project “default”
error: User “nvdbleek” cannot create buildconfigs in project “default”
error: User “nvdbleek” cannot create deploymentconfigs in project “default”
error: User “nvdbleek” cannot create services in project “default”

Do I need to give my user extra rights?

Kevin Kohrt
03/07/2016 3:58pm PST

```
Requested name: theSteve0/openshift-origin
Actual name: thesteve0/openshift-origin
```
so
`vagrant init thesteve0/openshift-origin`
followed by
`vagrant up`
works better—assuming you have the bandwidth at that point

Picture of Ryan Jarvinen
Ryan Jarvinen
03/03/2016 8:13am PST

Tutorial setup notes for “Repeatable Processes for Building Secure Containers” have been posted: http://bit.ly/buildsec-fluent#/lab-setup

Bring a laptop and complete the lab setup to follow along!