LESSONS IN HUBRIS

WHAT IS DOCKER?

���2

WHAT IS DOCKER?

• That awesome-looking whale we just saw

���3

WHAT IS DOCKER?

• That awesome-looking whale we just saw

• The Linux container engine (lightweight VMs)

���4

WHAT IS DOCKER?

• That awesome-looking whale we just saw

• The Linux container engine (lightweight VMs)

• Git (and, sort of, GitHub) for deployment

���5

LIFE BEFORE DOCKER• Install the right version of Java after four tries

• Download the leiningen script, run it

• Remember that you forgot to chmod +x it

• Run the leiningen script again

• Clone the project repo

• Follow the README, apt-get some stuff, copy some things

• Run the program���6

LIFE WITH DOCKER

���7

DOCKER IMAGES

���8

DOCKER IMAGES

���9

BUILD ON EXISTING IMAGES

���10

BUT WHAT CAN IT DO?

���11

ENTER LAZUBOT

���12

SANDBOXED EXECUTION

���13

SANDBOXES ARE LAME

���14

SANDBOXES ARE LAME

���15

• Executor cannot break the Zulip bot or access our secret

• Executor cannot access the Internet

• File system changes to the executor container are fine

• If the executor gets out of control, the master kills it

I PROMISED YOU HUBRIS

���16

DOCKER IN YO DOCKER

• Host runs Ubuntu

���17

Host

DOCKER IN YO DOCKER

• Host runs Ubuntu

• Lazubot runs in a Docker container

���18

Host

Master

DOCKER IN YO DOCKER

• Host runs Ubuntu

• Lazubot runs in a Docker container

• Lazubot creates child containers that execute arbitrary Clojure code

���19

Host

Master

Exec Exec

DOCKER IN YO DOCKER

• Host runs Ubuntu

• Lazubot runs in a Docker container

• Lazubot creates child containers that execute arbitrary Clojure code

���20

Host

Master

REWARD!

���21

REWARD!

���22

REWARD!

���23

LESSONS IN HUBRIS