This 3hr immersive session is a crash course introduction to containers, what you should be concerned about and steps you can take to securely containerise applications. Specifically we look at:
-
Best practices in creating secure and containerised applications
-
Run, manage and deploy containers
-
Security exploits and how to address them
-
Container provenance
-
Hands on building a secure container
The hands-on workshop is for developers, operations, architects or anyone curious about what makes up a container and how to use them in a linux environment.
See workshop documentation for assets generated from this workshop
Documentation is generated by antora. The easiest way to generate the documentation is to run this repo within Visual Studio with Remote Container extensions enabled. See here for more info.
|
Tip
|
If you are running Fedora with podman
If you are running Fedora and want to use VSCode with 
Then make sure to set the following before starting up vscode (so that it uses the proper Dockerfile target) export DEVCONTAINER_TARGET_PREFIX=podman |
Once running the project within Visual Studio Code Remote Development Containers (or locally on a system with the proper npm libraries installed), you can run the following command in the terminal:
|
Note
|
npm install command is only necessary the first time you run this |
npm install gulp
This will run a javascript process that will build the documentation according to dev-site.yml, host it locally, and watch the relevant directories so that you can see changes in real time.
Documentation files can be found in the ${DEMO_HOME}/documentation directory
When you are happy with the documentation changes, you can run the following command to deploy these changes externally (based on the contents of site.yml)
${DEMO_HOME}/scripts/github-pages-publish.sh
-
Load the code in VSCode and use devcontainers which contains all neccessary tools to use.
-
Setup AWS and ./aws/credentials (may need rhpds profile rather than default)
-
Change to the
provisionerdirectory (the ansible-playbook command must be run from here) -
Optionally you can provision an OpenShift environment (needed for the Deploying to OpenShift exercise)
-
Adjust extra_vars as required
-
Run the provision_lab playbook passing in the extra_vars. For example:
ansible-playbook provision_lab.yml -e @extra_vars.yaml
-
To teardown the workshop (e.g. delete instances created for workshop) run:
ansible-playbook teardown_lab.yml -e @extra_vars.yaml
This repo used to use Git Large File Storage (git lfs) to store the binary assets therein (e.g. rpms, images, etc). This was found to be more trouble than it was worth when it came to generating sites with antora and was abandoned
If you use VSCode remote, git-lfs is already installed on the remote container and the lfs plugin to the git CLI is activated upon starting up the container (see Dockerfile and devcontainer.json)
Should you want to re-enable this, see this documentation and this tutorial