+
@@ -121,12 +222,17 @@ Services for storing, managing, and sharing container images. They offer version
-Software responsible for running containers and managing their lifecycle. Examples include Docker and containerd, providing the necessary environment for containers to execute.
-There are high and low level runtimes.
+Container runtimes are the engines that run containers and manage their lifecycles, with different levels of abstraction:
+- High-Level Runtimes: Offer ease of use and extended features for developers.
+- Low-Level Runtimes: Focus on performance and fundamental container operations.
+
+
+
+
@@ -134,67 +240,92 @@ There are high and low level runtimes.
---
-# Open Container Initiative (OCI)
+# How its all Connected
-
+
-A project under the Linux Foundation aiming to create open standards for container formats and runtime. It promotes interoperability and compatibility across different tools and platforms.
+
---
-# Relationship between the Terms
+# Container Patterns Support a Self-Healing Model
-
-
-
+
---
-# Microservices Architecture
+# .NET and Containers
+
+- **Portability**
+- **Consistency**
+- **Scalability**
+- **Isolation**
+- **Security**
+- **Resource Efficiency**
---
-## Revolutionizing Software Development
+# Official .NET Container Images
-- **Microservices**: Architectural style that structures an application as a collection of loosely coupled services.
-- **Advantages**:
- - Improved modularity
- - Applications are easier to develop, test, deploy, and scale.
- - Each service can be deployed independently, enabling faster iterations.
+Microsoft provides official .NET container images for various scenarios, including:
----
+- **Development**: .NET SDK images for building and testing applications.
+ - dotnet/sdk: .NET SDK
+- **Runtime**: .NET Runtime images for running applications.
+ - dotnet/aspnet: ASP.NET Core Runtime
+ - dotnet/runtime: .NET Runtime
+ - dotnet/runtime-deps: .NET Runtime Dependencies
-# Cloud-Native Applications
-## Leveraging the Full Potential of the Cloud
+---
-- **Cloud-Native**: Applications designed to capitalize on cloud computing frameworks.
-- **Characteristics**:
- - Built and run in cloud environments.
- - Emphasize automation, scalability, and manageability.
- - Rely on containerization for deployment.
+# Dockerfiles
----
+- **Basics**: Dockerfiles define the steps to create a container image for applications.
+- **Structure**: Includes base image selection, copying application files, and setting up entry points.
+- **Customization**: Tailoring Dockerfiles for specific application requirements.
+
-# Containers and Microservices: Synergy
-## Enhancing Application Architecture
+---
-- **Role of Containers**: Provide a consistent and isolated environment for each microservice.
-- **Impact**:
- - Simplified management and scaling of microservices.
- - Streamlined continuous integration and deployment (CI/CD) processes.
+# Efficient Builds & Security
+- **.dockerignore**: Exclude non-essential files to speed up builds and enhance security.
+- **Multi-Stage Builds**: Separate build and output stages to reduce image size and include only necessary files.
+- **Image Optimization**:
+ - Use minimal base images and avoid unnecessary packages.
+ - Leverage caching for faster builds.
+ - Regularly update base images to patch vulnerabilities.
+ - Scan images for security issues.
---
-# Leveraging Containers for Cloud-Native Apps
-## Strategies and Best Practices
+# Dockerfile
+
+```dockerfile
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build-env
+WORKDIR /App
-- **Optimized Deployment**: Rapid provisioning and scaling.
-- **Developer Productivity**: Uniform development environments.
-- **Integration with Cloud Ecosystem**: Seamless compatibility with cloud services.
+# Copy everything
+COPY . ./
+# Restore as distinct layers
+RUN dotnet restore
+# Build and publish a release
+RUN dotnet publish -c Release -o out
+
+# Build runtime image
+FROM mcr.microsoft.com/dotnet/aspnet:8.0
+WORKDIR /App
+COPY --from=build-env /App/out .
+ENTRYPOINT ["dotnet", "DotNet.Docker.dll"]
+```
---
-# .NET Containers
+# .NET Containers Without Dockerfiles
+
+- **Simplicity**: The `dotnet` CLI enables building and publishing containers directly to a registry.
+- **Direct Publish**: Specify your target registry and repository in the project file or command line.
+- **Example**: Publish a .NET app as a container using the `-p:PublishContainer` option.
+- Options
---
@@ -222,77 +353,48 @@ A project under the Linux Foundation aiming to create open standards for contain
---
-# Dockerfiles in .NET
-## The Foundation of Containerization
-
-- **Basics**: Dockerfiles define the steps to create a container image for .NET applications.
-- **Structure**: Includes base image selection, copying application files, and setting up entry points.
-- **Customization**: Tailoring Dockerfiles for specific application requirements.
+# Configuration
---
-
-# Multi-Stage Docker Builds
-
-- **Concept**: Multi-stage builds separate the building and running of applications into different stages.
-- **Advantages**:
- - Reduced image size by excluding unnecessary build tools and files in the final image.
- - Enhanced security by minimizing the attack surface on runtime containers.
+# Configuring .NET Containers
+### Using Environment Variables & Azure Services
---
-# Dockerfile
-
-```dockerfile
-FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build-env
-WORKDIR /App
-
-# Copy everything
-COPY . ./
-# Restore as distinct layers
-RUN dotnet restore
-# Build and publish a release
-RUN dotnet publish -c Release -o out
-
-# Build runtime image
-FROM mcr.microsoft.com/dotnet/aspnet:8.0
-WORKDIR /App
-COPY --from=build-env /App/out .
-ENTRYPOINT ["dotnet", "DotNet.Docker.dll"]
-```
+## Environment Variables
+Externalize app settings for easy updates without image rebuilds.
+- Define variables in deployment manifests or service configurations.
+- Simplify configuration management.
+- Enhance application portability across environments.
---
-# Image Tagging and Management
-## Organizing and Versioning
-
-- **Tagging**: Assigns identifiable tags to Docker images, aiding in version control and organization.
-- **Best Practices**:
- - Use semantic versioning or specific build identifiers.
- - Maintain clear and consistent tagging conventions for easy tracking.
+## Azure App Configuration Integration
+- **Centralized Management**: Store all application settings and feature flags.
+- **Dynamic Updates**: Refresh settings without redeploying or restarting applications.
+- **Security**: Leverage Managed Identities for secure access without credentials in code.
---
-# Configuration
+# Securely Managing Secrets
+### CSI Secret Store & Azure KeyVault
---
-# Configuration with Environment Variables
-## Dynamic Application Settings
-
-- **Usage**: Configure .NET applications in containers using environment variables.
-- **Benefits**:
- - Externalizes configuration from the application, allowing for flexibility.
- - Facilitates easy updates and modifications without rebuilding images.
+## Azure Key Vault for Sensitive Data
+- **Secure Storage**: Keep application secrets, keys, and certificates in a secure vault.
+- **Integration**: Easily integrate with .NET applications using the Azure SDK.
+- **Access Control**: Fine-grained permissions for secure access management.
---
-# Implementing CSI Secret Store
-## Secure Secret Management
-
-- **Introduction**: CSI Secret Store provides a secure way to store and manage sensitive information.
-- **Integration with .NET**:
- - Seamlessly integrates with Kubernetes, enhancing the security of .NET containerized applications.
- - Automates the injection of secrets into containers at runtime.
+## CSI Secret Store & .NET Integration
+- Securely store and manage secrets for .NET applications in Kubernetes.
+- **Features**:
+ - Automates secret injection into .NET containers at runtime.
+ - Leverages Kubernetes' native capabilities for enhanced security.
+ - Simplifies secret management.
+ - Ensures sensitive data is securely handled and easily accessible to authorized containers only.
---
@@ -300,41 +402,39 @@ ENTRYPOINT ["dotnet", "DotNet.Docker.dll"]
---
-# Security in Containerized .NET Apps
-## Safeguarding Your Applications
-
-- **Challenges**: Identifying and addressing security risks in containerized environments.
-- **Security Measures**: Implementing best practices for securing .NET containers.
-- **Essential Tools**: Leveraging advanced tools for security enhancement.
-
----
-
# Container Scanning in .NET
## Ensuring Security and Compliance
-- **Purpose**: Identifies security vulnerabilities and compliance issues in container images.
+Identify security vulnerabilities and compliance issues in container images.
- **Tools and Practices**:
- - Utilize tools like Clair, Trivy, or Docker Scan.
+ - Utilize tools like Qualys, Synk, Trivy, or Docker Scan.
- Regularly scan images during development and before deployment.
-
+
---
-# Leveraging Tools and Technologies
-## Empowering Your Containerization Journey
-
-- **Essential Tools**: Overview of critical tools for container management and deployment.
-- **Automation**: Strategies for automating deployment and management processes.
-- **Technology Overview**: Exploring Kubernetes, Docker Compose, and other pivotal technologies.
+# Container Security: Root vs. Non-Root Users
+### Understanding User Privileges
---
-# Other Tools
+## Running Containers as Root
+- **Default Behavior**: Many containers run as root by default for ease of use.
+- **Risks**:
+ - Increased attack surface if the container is compromised.
+ - Potential for escalated privileges on the host system.
+- **Security Practices**:
+ - Minimize use of root privileges.
+ - Implement least privilege principles for container processes.
+
+---
-- https://github.com/lippertmarkus/konet
-- https://github.com/dotnet/docker-tools
-- https://github.com/tmds/build-image
-- https://github.com/dotnet/sdk-container-builds
-- https://github.com/dotnet/dotnet-docker
+## Use Non-Root Users
+- **Enhanced Security**: Running as a non-root user reduces risks of privilege escalation.
+- **Benefits**:
+ - Limits the impact of a security breach within the container.
+ - Complies with security best practices and regulatory requirements.
+- **Limitations**:
+ - May require additional configuration for certain applications.
---
diff --git a/slides/img/cluster.png b/slides/img/cluster.png
new file mode 100644
index 0000000..890eca5
Binary files /dev/null and b/slides/img/cluster.png differ
diff --git a/slides/img/container-image.png b/slides/img/container-image.png
new file mode 100644
index 0000000..e50c0a4
Binary files /dev/null and b/slides/img/container-image.png differ
diff --git a/slides/img/dockerfiles.png b/slides/img/dockerfiles.png
new file mode 100644
index 0000000..59ecca5
Binary files /dev/null and b/slides/img/dockerfiles.png differ
diff --git a/slides/img/dotnet-versions-zoom.png b/slides/img/dotnet-versions-zoom.png
new file mode 100644
index 0000000..a8a4109
Binary files /dev/null and b/slides/img/dotnet-versions-zoom.png differ
diff --git a/slides/img/dotnet-versions.png b/slides/img/dotnet-versions.png
new file mode 100644
index 0000000..f903a56
Binary files /dev/null and b/slides/img/dotnet-versions.png differ